Configure custom code execution

When memoQ TMS sets up an online project from a template, it can run automated tasks on the documents when they are imported, finished, or exported. memoQ TMS can run built-in actions, but sometimes the actions must be programmed specifically - and that is when custom scripts are installed and run.

Normally, a Windows service cannot run programs like this. However, in the Deployment tool, you can create an environment for them.

Don't make changes unless you have experience operating computer networks, and everything written here is clear to you.

How to get here

When you do this, memoQ TMS will already be installed on the server computer.

  1. Log in to the memoQ TMS computer through Remote Desktop.
  2. Open the Start screen or the Start menu: Press the Windows key.
  3. Type memoQ, and wait for the results to appear.
  4. In the list, click memoQ TMS Deployment Administration.
  5. Windows may ask you to confirm to run the program. Click Yes or Run.
  6. The memoQ TMS Deployment Administration window opens. You need the topmost section (memoQ TMS):

    memoQ TMS already installed window with advanced options selection

  1. Click Advanced:

    deptool-mqs-advanced-menu

  2. From the menu, choose Configure custom code execution. The Configure custom code execution window opens:

    deptool-conf-customcode

What can you do?

Custom code execution is disabled by default, for a good reason: you must not allow a service to run scripts when you do not need those scripts. In general, running scripts always comes with a high level of risk because an intruder can then run their malicious scripts, too.

Normally, regardless of what custom programs are specified in project templates, memoQ TMS will not allow them to run.

To run such custom programs, you need to choose a user account that will represent these scripts in Windows.

Under User account for custom code execution, click Virtual service account. When memoQ TMS runs your programs, it will act like a user on the server. When you choose Virtual service account, memoQ TMS will run programs in the name of a user called the memoQ custom code execution service. Do not use a built-in account.

Do scripts need to reach out to other computers in the same Windows domain? Use This account with a custom domain account. Click This account, then enter a user name in the Account name box, and its password in the Password box.

The user account will receive permissions for the following folders:

  • ProgramData\MemoQ Server\Scripting: If custom code runs in the name of a virtual service account, it needs to have access to this folder. You do not need to set this up if the custom user account is the same as the one that hosts the memoQ TMS service.
  • The data that the custom code will need are in this folder: ProgramData\MemoQ Server\Scripting\Data. memoQ TMS will automatically save the data in this folder before running the script.
  • The script or the program itself is stored inside the project template. Before running the script, memoQ TMS will save the program itself to the ProgramData\MemoQ Server\Scripting\Code folder.

    Does your script use external files? Save them in a folder inside the ProgramData\MemoQ Server\Scripting folder, but not to Code or Data, because those will be cleaned up after the script is run. Instead, create a new folder under ProgramData\MemoQ Server\Scripting.

    You may need space: Make sure you have sufficient disk space where the Scripting folder is. You can choose a different data folder for the entire memoQ TMS but not separately for the Scripting folder.

There are two more options:

  • Custom programs must not take forever to run. Normally, memoQ TMS allows them 5 minutes (300 seconds). In the Maximum timeout box, you can enter a different timeout value, in seconds. When the timeout expires, memoQ TMS will forcibly terminate the custom program.
  • Custom programs can be scripts or binary executable (.EXE) files. Normally, memoQ TMS allows to run these. However, this creates a vulnerability that can be exploited by attackers. If you know you will not need to run .EXE files, check the Limit executable files for scripting and batch files only (no EXEs) check box. In that case, only .BAT, .CMD, and .PS1 (PowerShell) files will run.

    To confirm the new settings, click Next.

The Deployment tool will validate the settings in the next screen. If every item has a green tick mark, click Next again. On the last screen, the deployment tool applies the new settings. When this is done, you can click Finish.

When you finish

After the settings are saved and enforced, the Deployment tool returns. You can close the Deployment tool if you do not have other tasks.

Make sure you test the custom scripts by setting up a template and creating a project from it.

To learn how to set up custom scripts in a template: Read the Edit project template topics about running custom scripts and setting up the built-in Find and Replace script.