Frequently asked questions
BowTieXP, BowTieXP Enterprise, and IncidentXP all use the same software framework. In this FAQ when we use the term BowTieXP, it also refers to BowTieXP Complete and IncidentXP.
BowTieXP, BowTieXP Enterprise, and IncidentXP all use the same software framework. In this FAQ when we use the term BowTieXP, it also refers to BowTieXP Complete and IncidentXP.
BowTieXP has regular updates, addressing bugs. These versions are recognizable by having the same first two numbers but a new third number. E.g. if you have 5.2.2, then version 5.2.3 will have the exact same functionality but less bugs. The same goes for versions 5.2.4, 5.2.5 etc.
Once or twice per year we also bring out a new version with new functionality. The version with new functionality will have a new file format to accommodate the new features. To indicate this, we change the first and/or second version numbers. E.g. we go from 5.0 to 5.2.
If keeping up with the new versions is a challenge, it is advisable to pick a version to stay with for a longer time. Only when users are running into bugs or if critical bugs are discovered and fixed, should a new version with fixes be deployed. To prevent this, it is advisable to wait a while when a new version with new functionality is released before deploying it, allowing more time for bugs to be fixed before that version is deployed.
BowTieXP Enterprise receives multiple major updates per year (at least two). However, our goal is to increase this to a quarterly release. Use of BowTieXP/IncidentXP and BowTieXP Enterprise always requires the use of the same major number. (e.g. BowTieXP 10.2.1 can be used with BowTieServer 10.2.4. However, it cannot be used with BowTieServer 10.4.1). Always upgrade both systems to make sure they are aligned (first two numbers of the version) and therefore compatible.
BowTieXP/IncidentXP or BowTieXP Enterprise can all be downloaded from our download page.
The BowTieXP software is built for the Microsoft Windows operating system. Unfortunately, BowTieXP is not Apple Mac (OSX) compatible. Macs nowadays do have the ability to run Windows software on them. There are two main ways to go about that:
1. Install Microsoft Windows on your Mac using Boot Camp. You can switch between Windows and OSX, but it requires rebooting.
www.apple.com/support/bootcamp
2. Emulate Microsoft Windows via a program such as Parallels.
www.parallels.com/eu/products/desktop.
Our advice is to run BowTieXP on the Microsoft Windows operating system (not emulated) as we support this option and it works best, but we have seen clients successfully use BowTieXP on their Mac by emulating Windows using products such as parallels.
If cross platform support and device support is of interest to you, you might want to make your bowties easily accessible for viewing by (all) the employees in your organization by using our web viewer – a part of BowTieServer. The web viewer (for viewing only, not editing) is independent of operating system, as it is a web solution which runs on your browser. Therefore, it runs on Microsoft Windows, Apple Mac OSX, but also your iPads.
This depends on what is meant with virtualization:
If with virtualization you mean running the software on a remote server and showing the app via the network (also known as desktop virtualization/VDI), then the answer is yes –for Microsoft Terminal Server. See the questions about Terminal Server and Citrix.
If virtualization refers to portable application generators like Spoon studio or VMware ThinApp, the answer is no, but this does not mean it will not work – just that we cannot support that scenario. Should any issues present, we will of course try to resolve those but we cannot guarantee we can – some of those applications do some very complex things to the software. We know, we used some of those tools for previous BowTieXP versions.
BowTieXP requires only regular user rights to function. BowTieXP adheres to the Microsoft standards about where to store data. In practice this means:
Configuration files are stored in the user’s application profile (in %APPDATA%\Governors\BowTieXP).
Activation data is stored in the local part of the profile (%LOCALAPPDATA%\Governors\BowTieXP).
If BowTieXP has admin rights it will store activation data in the all users profile / application data path (%ALLUSERSPROFILE%\Governors\BowTieXP).
If allowed, a registry entry will be added to HKCR for the file association and protocol handler. The association is stored in HKLM if allowed, else in HKCU.
Step 1: Open the BowTieXP software and hoover to the toolbar. Click on: Help > Manage Plugins > Downloads page…
Step 2: At the downloads page, click on the LOPA download link that is offered to you, according to your BowTieXP version. Either:
When you have installed the LOPA plugin, restart the BowTieXP software to complete the installation.
Step 3: Now, at ‘Manage plugins’ in the BowTieXP software, select: ‘Add an activation code’.
A ‘Plugin activation’ window will pop up with your current Host ID. Below is an example of this window.
Step 4: Send an email to [email protected] to request a permanent activation code your the LOPA plugin. Make sure to copy-paste the Host ID that is displayed in the ‘plugin activation’ window, into the email. Upon receipt of your Host ID, our support team will provide you with a permanent activation code.
Step 5: Insert the activation code in the field below ‘activation or trial code’ field (as shown above).
Step 6: Double-click on e.g. a consequence (red box) in the BowTieXP software. This will open the ‘Edit consequence’ window. Select the LOPA tab and click on ‘Enable LOPA on this file”.
Now that you’ve installed the software, added the LOPA activation code, and enabled LOPA, you are good to go
You can place the codes in a text file names activationcodes.dat and place that next to the exe. They will be picked up automatically. Note that all files which start with activation and end with .dat are considered (activation*.dat). The first working code which is found is used.
Activation codes for plugins can also be placed next to the exe. The files must conform to the pluginactivation*.dat search pattern.
You can copy the plugin activation codes file (“pluginactivation.dat”) from one of the below folders and copy it next to the exe:
%PROGRAMDATA%\Governors\BowTieXP\pluginactivation.dat or
%APPDATA%\Governors\BowTieXP\pluginactivation.dat
That ensures the correct format.
Yes – if your computers are domain computers you can activate the software by making the users members of a dedicated active directory group.
The group has to be a global or universal security group. A code is generated for this group. The code works for all members of that group.
The code contains a maximum number of users. If there are more users in the group than the maximum, the software will not run.
Yes – if you purchase additional licenses, you will be issued a new activation code. This code has to be deployed to each computer where BowTieXP is installed. This can be done by IT updating the scripted installation package or by mailing the users so they can enter the new code manually.
This is a result of having a licensing mechanism without a central server. Not having a central licensing server has advantages and disadvantages. Having to deploy new codes is a disadvantage as it takes more work. Not having to install a license server, adjusting firewalls, and having trouble with people going off the network is an advantage.
1. Create a user group in Active Directory to hold the licensed accounts: e.g. “BowTieXPUsers”. This can be done on a domain controller using the “Active Directory Users and Computers” MMC applet.
2. Add all the user accounts which will be licensed into the group.
3. We will need the group SID/site id (internal numerical group code) in order to calculate an activation code for this group. We will store this code into a small text file called activation.dat, which must be placed next to the BowTieXP executable so it can be found.
The next step is retrieving this SID/site id. This can be done via BowTieXP, unless the number of groups on the server is very large. Then we recommend using the command line.
A. Via BowTieXP: Start BowTieXP. The activation dialog will appear. If not, go to Help->Activation Codes. Click the blue link to show site licensing options also. Select the BowTieXPUsers group from the drop down. Send the site id to us.
B. Via the command line. Open up the command line and issue the following command for your own BowTieXP users group:
wmic group where name=’BowTieXPUsers’ get sid
and mail the SID (S-1-5-21-….) back to us.
4. After receiving the code, we will create an unlock code for you and send this back in a small text file, called activation.dat, which must be placed next to the BowTieXP executable. After this, all members in the group should be able to run BowTieXP.
Tips for testing:
Make sure the test user is actually a member of the group (this is often forgotten),
Group membership changes take effect after log-off and log-on.
We have seen this problem when during scripting, one of the directories used by BowTieXP was monitored and should have been excluded. In that case the directory which should have been excluded was:
%APPDATA%\Governors\BowTieXP\Backups
After excluding this directory, the software worked correctly.
There are several reasons why the change might not have taken effect yet:
Active directory servers need to sync before changes are applied. The default schedule is two hours. Wait at least this long and try again, or ask the AD admins to force a sync.
The group membership info for the current user is only updated when logging on. Please log off and back on again to update the user’s group memberships (the security ‘token’).
If the activated group is a distribution group BowTieXP will not see it. Ensure it is a security group. You can double check this in AD users and computers by viewing the group properties. Security groups are the default group type.
Before you entered the activation key, the hardware was changed. Perhaps a laptop docking station was attached or detached.
Solutions:
1. Restore the original hardware situation. You need to close and open BowTieXP after changing this.
a. If the docking station is connected, unplug the docking station and try again.
b. If it is disconnected, try connecting it.
2. If that does not work: Select “lock to this computer with an old host id”.
a. If the box is empty: enter the original host id sent to us in the activated host id box.
b. If it is not empty: Try clearing it.
3. If both fail: Contact us for a new key.
The msi can be with the regular command line options:
msiexec.exe /i /qb
If you want to also deploy the dat license file you might need to capture changes to create a deployment script, or manually make sure the dat file is placed next to the exe. Another option is for end-users to enter it manually. Note that BowTieXP has no dependencies other than having the .NET Framework 4.0 (Full Profile) or higher installed. Deployment is xcopy deployment; all the msi does is:
1. Copy the bowtie.exe file to C:\Program Files\BowTieXP\
2. Add a shortcut to the start menu and the desktop.
A sample script could look like this:
msiexec.exe /i “%~dp0bowtiexp-5.0.8.msi” /qb
copy “%~dp0activation.dat” “C:\Program Files\BowTieXP\activation.dat” /y
The variable %0 in a batch script is set to the name of the executing batch file. The special syntax between the % and the 0 says to expand the variable %0 to show the drive letter and path, which gives you the current directory containing the batch file.
Note: This sample does not know the difference between 32 bit and 64 bit systems so you might want to take that into account (i.e. copy file to the ”Program Files (x86)” folder instead of to the regular ”Program Files” folder).
BowTieXP (version 9.0 and higher), requires the .NET Framework 4.0 (Full Profile) or higher to be installed. Windows 8 and later come with a new enough version already installed out of the box. On Windows Vista and 7, you need to do this manually, if not yet already installed.
BowTieXP version 6.2 up to 8.4 require the .NET framework 3.5. Contact us for details.
If you want to use the import from Thesis function you will need MDAC 2.71 or higher. If you are running Vista or higher this should already be present on your system.
In Windows XP there’s a tiny chance you might have to update the component.
Microsoft MDAC FAQ:
msdn.microsoft.com/en-us/library/windows/desktop/ms692877%28v=vs.85%29.aspx
Some people, for example consultants, need to run different versions of BowTieXP side by side in order to keep files in the file format their clients use. We have made sure that you can run different versions side by side, and from version 3.6.4 and onwards, we have added some more support in the software for this scenario: you can view the version in which a file was last saved.
To view in which version a file was last saved, open it in BowTieXP and choose File->Properties.
For example, assume we see that the file was written using a 3.6 version. Since all 3.6 versions share the same file format, we can edit this file using the latest 3.6 version and send it back to the person we got it from, and they will be able to read it without having to upgrade to the latest version.
In order to run different versions of BowTieXP side by side, all we have to do is to download the different versions we want and make sure to grab the versions for manual installation (the zip files).
All BowTieXP versions needed to support every file format version ever released, are available on the download page located at www.bowtiexp.com/downloads/bowtiexp/index-all.php.
Let’s show by means of an example (the 2.3.0 file) how to install the correct version. We need BowTieXP 2.3.0 to edit this file without upgrading the file format. Go to the download page and locate 2.3.0.
Download the executable (“in a zip file, for manual installation”). This zip file contains the bowtie.exe version 2.3.0. Unzip it to a suitable location, such as your desktop. You probably want to rename it to reflect the version number.
After starting the older BowTieXP version, you might be confronted with an activation dialog. Contact us for an older key – we can put this into a small file called activation.dat which is automatically picked up by BowTieXP, so you do not need to enter the key manually. Just make sure the file is located next to the executable.
The behavior of the auto-update depends on the way in which BowTieXP was installed.
BowTieXP can be installed in two ways:
1. Via the msi
2. By placing the exe somewhere on the system
If an update is available, the following will happen if the user requests it / clicks the notification:
In the first case (msi installed), BowTieXP will download the msi and ask windows to install it, upgrading the old installation. Windows will ask for admin credentials if the current user is not an administrator.
In the second case (installed from zip file), BowTieXP will download the new exe and replace the current one. If the user has no write access to the exe no attempt will be made (i.e. the update check is notification only, auto-upgrade is not possible).
BowTieXP has regular updates, addressing bugs. These versions are recognizable by having the same first two numbers but a new third number. E.g. if you have 5.2.2, then version 5.2.3 will have the exact same functionality but less bugs. The same goes for versions 5.2.4, 5.2.5 etc.
Once or twice per year we also bring out a new versionwith new functionality. The version with new functionality will have a new file format to accommodate the new features. To indicate this, we change the first and/or second version numbers. E.g. we go from 5.0 to 5.2.
If keeping up with the new versions is a challenge, it is advisable to pick a version to stay with for a longer time. Only when users are running into bugs or if critical bugs are discovered and fixed, should a new version with fixes be deployed. To prevent this, it is advisable to wait a while when a new version with new functionality is released before deploying it, allowing more time for bugs to be fixed before that version is deployed.
BowTieXP Enterprise is a relatively lightweight solution. The basic installation and storage of bowtie diagrams doesn’t require a lot of the hardware. If we take our own demo environment as an example which has around 50 bowties in addition to a moderately used audits and incidents module the following hardware configuration is sufficient
However, if you are using the audits module and generate and collect thousands of fill-outs, or your user base is uploading a lot of attachments (which usually are large) you might need to increase the hardware specs. We suggest to keep the above configuration expandable if needed.
BowTieXP Enterprise normally uses Microsoft’s ASP.NET Core Identity cookie-based authentication and enforces HTTPS (TLS) for secure transmission. Alternatively, you can use Windows authentication (if all your users are in a domain), Azure Active Directory, or OpenID Connect.
The latter three allow for more complex authentication scenarios (such as single sign-on and two-factor authentication). How the database is secured is up to the IT department of the customer doing the deployment. We recommend using an encrypted database connection between BowTieXP Enterprise (in IIS) and SQL Server. Server configuration and hardening are also up to the IT department of the customer.
You will need to contact Microsoft about this as this is complex subject matter and dependent on many variables, such as, but not limited to:
Please contact Microsoft for advice on what you will need.
There are two default passwords in BowTieXP Enterprise which need to be adjusted during installation and are listed below, as well as some other related things to check:
In IIS Manager, open the target server and select the application pools node. Check to see if there is an application pool available which uses .NET Framework version v4.0 and has an integrated pipeline. Normally the DefaultAppPool will be fine.
In the sample below, both the DefaultAppPool and the NET 4.5 are fine to use with BowTieXP Enterprise. Typically, on a new dedicated server, we would use the default app pool.
This is unfortunately not possible. You might be able to convert a file back to an older version by means of the scrapbook – the scrapbook has somewhat better forward compatibility due to the fact that the scrapbook exchange file format is being kept as constant as possible.
Unfortunately, after the introduction of BowTieXP Enterprise, some scrapbook file format changes had to be made. Introducing a new file format always leads to the situation where “old” versions of the software will not be able to read the “new” scrap book file format. The “old” scrap book format is supported up to versions 6.2.7 of BowTieXP. The new scrapbook exchange format was introduced in version 6.2.8 of BowTieXP.
Note: be sure to use the latest version of the target version (i.e. if you need to convert to file format 10.0, be sure to use the latest 10.0 version in this case 10.0.8).
For example, here are the steps to take to down-convert a file from v5.2 to v5.0
1) Open 5.2 and 5.0 side by side and ensure you are running BowTieXP Advanced. Ensure the scrapbook is visible in both. Open 5.2 on the left, 5.0 on the right.
2) Open the file to convert in 5.2. Create a new file in 5.0 on the right. Empty ALL the lookup table entries in the destination file.
How to move items from 5.2 on the left to 5.0 on the right:
a) Drag items from the tree view onto the scrapbook in 5.2 (left) onto the scrapbook. Save the scrapbook. In 5.0 on the right, click the load scrapbook button and open the file.
b) Drag the items in 5.0 (right) to the correct location in the tree view.
Note: this mini guide is not verified for completeness / i.e. it might not be an exhaustive list!
3) Transfer the contents of all lookup tables, starting from the top and working your way down. Include activities, document links, etc.
4) Manually recreate the risk matrices. This has to be done by hand.
a) Recreate the categories.
b) Recreate the matrices themselves.
c) Use the copy matrix function where possible.
5) Terminology. Export the terminology from 5.2 to Excel. Try to import in 5.0. Errors will be given, fix each by hand and try until it succeeds. Fixing involves removing lines of terminology which 5.0 does not understand.
6) Transfer all incidents and locations using the scrapbook. This is done in the same manner as the lookups.
7) Save the spreadsheet if any. Load into 5.0. Check for moved columns and adjust accordingly until the calculations are in order again.
8) Verify completeness using the case file compare function.
9) Check the following and transfer manually if needed:
a) Null value descriptions and colors.
b) File property fields (File->Properties).
c) Treeview filter profiles.
d) Treeview tooltips.
e) Diagram display profiles.
f) Verify font settings.
g) Header and footer layout.
Now most items should be transferred.
Which browsers does BowTieXP Enterprise support?
Older versions of these are expected to work in most cases as well, but are not officially supported.
Currently, we still support Internet Explorer as well, but from June 2022, Microsoft will stop supporting Internet Explorer 11. With this in mind, we will stop supporting IE11 from BowTieXP Enterprise version 10.6 onwards. If you intend to upgrade to version 10.6 make sure to prepare your application landscape.
We have reports from Sophos users that starting the software the first time takes quite long – apparently Sophos wants to take a detailed look. This problem goes away by itself. Otherwise you can whitelist the application in Sophos.
Note: BowTieXP normally starts in a couple of seconds.
This is a known incompatibility with Office 2007 – the images generated by BowTieXP version 5.0 or earlier cannot be converted to pdf by the Office 2007 pdf add-in.
This used to work okay but stopped working due to a change in Office, by means of Windows Update, and started in April 2012. Office was changed and now no longer can make pdfs of those documents. There are several resolutions, listed in order of preference:
Upgrade to Office 2010. Office 2010 does not have this problem.
Use an external PDF printer – free ones exist such as www.bullzip.com.
Upgrade to BowTieXP v5.2 and redo the graphics.
With a valid Support & Maintenance subscription you are entitled to: