|
|
|||||||
Hi I am new to Kixtart, only 1 installation under my belt!!! We are working with an applicaiton which requires a different login per workstation. Currently when users login they cannot login with their own user names simply the machine name which then sets a number of parameters. I am trying to work out a way of using the "machine name" or "IP address" of the login workstation to then call a batch file. Ideally we will end up with each user having their own login username which can be used on any workstation but the script will identify the machine by name or IP (all machines have static addresses) which will then set the required parameters. Any suggestions would be most welcome and thanks for your help in anticipation. Potts2002 |
||||||||
|
|
|||||||
Welcome to KORG! Per workstations logins are very unsecure. A standard login script - per user - can identify the workstation via the @WKSTA macro. This can then be used in a lookup table (INI File) to load workstation-specific parameters. You might want to look at the login script available for download from my web site, either to use or to gain ideas. The full user guide is available online in PDF format. Glenn |
||||||||
|
|
|||||||
Hi Glen Thanks for the quick response. When you say that the logins are unsecure in what way are they unsecure what are the risks? Have you an example of the @WKSTA macro and how should the ini file be configured? Do these reside on the workstation or server? Have you a link to the login script I cannot see it on your site although I am sure it is there!!! Thanks once again. Potts2002 |
||||||||
|
|
|||||||
The User Manual is here - you can find it under the Products / Admin Toolchest section on the Universal Login Script page. Many companies today need to adhere to PCI or HIPAA guidelines to protect sensitive information. I'm not sure what the UK equivelent of these standards are, but they likely exist. Do you maintain confidential information about your employees on the computer network? This is often needed if you provide benefits (medical/dental, etc). These providers can require that your network meet specific security levels. If you process credit cards, you might need to meet PCI compliance. Both of these standards require that each user have a unique identity on the network. Using computer-based logins instead of user logins violates this, as it does not identify a specific user. This could result in fines of $10-25 thousand dollars in the US. Not insignificant. It isn't difficult, but does take some thought.. I have a small client - 1 physical server, 4 VMware servers, and 8 employees. They passed a fairly rigorous HIPAA audit last year that some of my large clients are struggling with. The difference? We started out by setting security standards high when we rolled out their network, rather than doing it later. It added a day or so of discussion and planning to the network deployment - not a big thing. Lets keep the concept of deploying per-computer settings simple. You can build from the concept to anything you need. For now, let's assume that every computer needs a unique ID number entered into the software. This can be in the registry or a config file, but let's go with registry. Your login script - kixtart.kix - and the kix32.exe are placed in the \\domain\netlogon share. The PCRegister.ini file is placed there as well, and it contains a simple list of computer to ID number references. It would look something like this: Code: [APPLICATION] Computer1=abc123 Computer2=123abc Computer3=789xyz In your login script, you'd have a code block that basically did a lookup of the ID number by computer name: Code: $Code = ReadProfileString('\\domain\netlogon\PCRegister.ini', 'APPLICATION', @WKSTA) $Rv = WriteValue('registry key...', 'ValueName', $Code, 'REG_SZ') That's a simple, one PC to one value relationship. If you needed to set, say, 3 values on each PC, you might do it this way. The INI file would look like this Code: [COMPUTER1] Value1=this Value2=that Value3=something else Code: $File='\\domain\netlogon\PCRegister.ini' $Value = ReadProfileString($File, @WKSTA, 'Value1') $Rv = WriteValue('registry key 1...', 'ValueName1', $Value, 'REG_SZ') $Value = ReadProfileString($File, @WKSTA, 'Value2') $Rv = WriteValue('registry key 2...', 'ValueName2', $Value, 'REG_SZ') $Value = ReadProfileString($File, @WKSTA, 'Value3') $Rv = WriteValue('registry key 3...', 'ValueName3', $Value, 'REG_SZ') These are very simple examples. It's possible to have a variable number of values, and even store the Key and Value names in the config file. If you provide more information about what needs to be set per PC, we can provide more ideas about how to deploy this. Glenn |
||||||||
|
|
|||||||
Hi Glenn The workstation scripts are to set specific folders so the security issue may not be as relevant as some scenarios but I understood and thank you for making the point. The script looks like the solution to the problem - excellent thanks for your help. I am not a scripter so is this a service you/you firm offer? Kind regards Potts2002 |
||||||||
|
|
|||||||
Sure! You have PM. Once I see the exact requirements, if it's simple enough we'll just post it here, unless you want something that can be commercially supported (ie: pick up the phone and get support NOW). The support available here on KORG represents some of the best talent I've seen anywhere, but like any public forum, you're at the mercy of someone being available right when you need them. We provide custom code and tech support for clients across North America, Australia, the UK, and Germany (so far). We offer phone or email support from 6am to 10pm EST, Mon-Sat, and provide emergency support off-hours. See our web site for more info. Glenn |