When using
Softvision Explorer each user must belong to a Group. The
user is assigned to a Group in his
user record.
The user group defines what functions the client can access
when he connects. In this way, for example, it is possible
to define which programs the users in a certain group can
run or which disks they are allowed, or denied, access to.
By defining several groups of users it is possible, for
example, to group your clientele based on the level of trust
you grant them. For example, it would be possible to create
a group of "trusted" users who have no restrictions on the
use of programs or system resources and a group of "risky"
users who are denied access to the more delicate resources (such
as hard disks), disabling the right mouse key or prohibiting
the use of any other program than Internet Explorer, etc.
The last four sections are available only in the
Professional version and allow for configuration of some
aspects of the wireless connections and
wired
workstations on LAN 2.
The following properties
can be defined for each user group:
General
Options
Display
the Internet Explorer address bar: enables/disables the
address bar during navigation. Obviously, enabling this
option allows the user to navigate to any site while
disabling it restricts the user to the sites in
Favourites
Display the Internet Explorer print button: displays
the print button on the browser's tool bar. Disabling this
option is useful if you want to prevent users from printing
web pages. In this case, you must also disable IE's main
menu since the could access the print function from the File
Menu.
Enable the right mouse key in Internet Explorer:
allows displaying the context menu. Enabling this item
allows users to download images or perform other operations
accessible through this menu.
Enable Internet Explorer's Main Menu: when this item
is enabled, the user can display Internet Explorer's main
menu and perform any operation during navigation (including
configuration). We recommend not enabling this item unless
absolutely necessary since the customer could alter the
computer's configuration.
Prevent navigation to external links on the current site:
if this option is active, navigation external to the current
site is prevented. Suppose, for example, that you want to
restrict customer navigation to sites on the Favourites
list, only. In many cases, this objective can be achieved by
simply disabling the Internet Explorer address bar. However,
it may happen that one of the sites on the Favourites list
has links to other sites of a different nature. In this
case, the user could access these sites simply by following
the various links (such as, for example, a link to Google).
This problem is resolved by enabling this option, which
prevents the user from exiting the site by clicking an
external link.
Automatically close prohibited applications: if
activated, this function automatically closes programs that
are not enabled and that are opened by another application,
bypassing the use of Explorer Client's Program Menu. This
function must be enabled because Internet Explorer allows
other programs, such as Messenger or the default Mail
program, to be opened from its own menu.
Permitted Applications
On this page,
users belonging to the group are enabled to use the programs
selected by the administrator. Keep in mind that this function
doesn't allow defining a new application; it is only possible to
select from the programs defined in
Preferences.
The permitted applications can be executed automatically, when
the user connects, by enabling the AutoRun flag. It is also
possible to enable applications and not display them on the
user's Programs Menu. This choice is necessary, for example,
when you want to allow the execution of particular programs that
are launched by other software for which the user is enabled.
The most common case is printer management programs that are
automatically launched when the user sends a document to be
printed.
Drive
This section specifies which disks the users of this group can
access. Disks can be enabled in two different ways:
-
Enabling
by type: in this case, drives are specified by type
(floppy, CD, removable disks, etc.)
In addition
to using disks physically connected to the computer, the
program allows defining access to a "secure" virtual disk
called the User Drive, which is called drive "Z". The files
that the user saves to this disk physically reside in a
shared folder in the program's archives and, specifically,
in C:\Program files\Softvision\Shard\Softvision Explorer
Data\User Drive.
Whenever a user connects, a subfolder is created in Drive
Utenti named for the username that is connected, followed by
its internal program ID. For example, user Mario Rossi will
have a file called "User Drive Mario Rossi ID4". In this
way, the administrator can easily identify the user's folder,
for example, to burn a CD of the customer's downloaded files.
The contents of the virtual drive can be automatically
deleted when the user disconnects by enabling "Automatically
delete the files..." Otherwise, the customer can decide
whether or not to delete the files on his user drive.
Firewall on Ports
On this page
you can enable the use of a firewall based on the ports. A
list is shown of pre-defined ports on which you can enable
TCP and/or UDP. If you need to enable ports not present on
the list, you will have to use the “New” button to create
the required port.
Using this type of firewall is very useful, for example to
oblige your customers to use particular internet services.
For example, if you enable only the HTTP, DNS, POP3 and SMTP
ports, users will only be able to use Web services and
email.
Firewalls on URLs
A firewall on
a URL allows access to be limited to Web sites, by
specifying a series of URLs (or parts of them). Selecting
the “Do not allow access to the following URLs” mode will
make it impossible for users to access the listed addresses,
while by selecting “Only allow access to the following URLs”
they will only be allowed to navigate on the specified
URL’s.
Firewalls on IPs
The operation
of this type of firewall is very similar to the previous
one. The only difference is that filtering is achieved by
specifying the IP address instead of the URL of the server
containing the Web site.
Bandwidth Limitations
Using the
settings in this sections you can limit both the download
and upload bandwidths available to customers. This bandwidth
limitation facility is particularly useful for preventing
certain customers from saturating the network bandwidth
available, and thus creating difficulties for the other
customers.
