When using Softvision Explorer each user must belong to a Group. The user is assigned to a Group in his user record.
The user group defines what functions the client can access when he connects. In this way, for example, it is possible to define which programs the users in a certain group can run or which disks they are allowed, or denied, access to.
By defining several groups of users it is possible, for example, to group your clientele based on the level of trust you grant them. For example, it would be possible to create a group of "trusted" users who have no restrictions on the use of programs or system resources and a group of "risky" users who are denied access to the more delicate resources (such as hard disks), disabling the right mouse key or prohibiting the use of any other program than Internet Explorer, etc.
The following properties can be defined for each user group:
This allows authentication by Login and Password: when this item is enabled, users can access the system by typing their Logins and Passwords. In the case of Wi-Fi access, it is also possible to enable two additional items: The option "Allow only by user MAC Address" permits access to only those users whose computer’s MAC Address matches the one in their user profile. This feature is useful for ensuring that the same Login/Password cannot be used by more than one person with different computers (MAC Addresses). The other option available for Wi-Fi access is "Don’t ask for Login and Password again," which allows users to be automatically reconnected without having to retype their Login/Password, if they try to access the system within a certain number of minutes after logout (from the same computer).
Allows automatic authentication based on the user’s MAC Address: this enables users to login automatically based on the MAC Address associated to them in their profiles. In this way, when users try to access the Wi-Fi network, if the MAC Address of their computer matches that stored in their user profile, they are automatically logged-in without the need to type their Logins and Passwords.
Allow authentication by Smart Card: this allows access to fixed stations using Smart Cards.
Display the Internet Explorer address bar: enables/disables the address bar during navigation. Obviously, enabling this option allows the user to navigate to any site while disabling it restricts the user to the sites in Favourites
Display the Internet Explorer print button: displays the print button on the browser's tool bar. Disabling this option is useful if you want to prevent users from printing web pages. In this case, you must also disable IE's main menu since the could access the print function from the File Menu.
Enable the right mouse key in Internet Explorer: allows displaying the context menu. Enabling this item allows users to download images or perform other operations accessible through this menu.
Enable Internet Explorer's Main Menu: when this item is enabled, the user can display Internet Explorer's main menu and perform any operation during navigation (including configuration). We recommend not enabling this item unless absolutely necessary since the customer could alter the computer's configuration.
Display the command bar in Internet Explorer 7: it allows you to display or hide the command bar in Internet Explorer 7.
Prevent navigation to external links on the current site: if this option is active, navigation external to the current site is prevented. Suppose, for example, that you want to restrict customer navigation to sites on the Favourites list, only. In many cases, this objective can be achieved by simply disabling the Internet Explorer address bar. However, it may happen that one of the sites on the Favourites list has links to other sites of a different nature. In this case, the user could access these sites simply by following the various links (such as, for example, a link to Google). This problem is resolved by enabling this option, which prevents the user from exiting the site by clicking an external link.
Automatically close prohibited applications: if activated, this function automatically closes programs that are not enabled and that are opened by another application, bypassing the use of Explorer Client's Program Menu. This function must be enabled because Internet Explorer allows other programs, such as Messenger or the default Mail program, to be opened from its own menu.
Enabling the Desktop: when this item is enabled, access is allowed to the Desktop of the surfing stations.
Options in the Programmes menu : this group of options allows you to enable or disable the display of the “Orders”, “Messages to the Manager”, “Preferences” and “File Manager” options, from the user’s Programmes menu.
On this page, users belonging to the group are enabled to use the programs selected by the administrator. Keep in mind that this function doesn't allow defining a new application; it is only possible to select from the programs defined in Preferences.
You can set the following flags for each application displayed on this list :
Enable : by enabling this item the application in question can run on the workstation.
Auto Run : if autorun is enabled, the application is automatically launched after user login.
Ex. Logout : you can use this flag to decide to launch the application on user logout. This functionality is useful to launch particular programs, for example, those capable of cleaning cookies, deleting temporary files, restoring system settings, etc.
Dis. Menu : by enabling this item, it is possible to enable applications and not display them on the user's "Programs" menu. This choice is necessary, for example, when you want to allow the execution of particular programs that are launched by other software for which the user is enabled. The most common case is printer management programs that are automatically launched when the user sends a document to be printed.
Notice to Users
This section defines which notices, selected from those entered in the Preferences function, must be displayed to users of fixed and Wi-Fi stations. In both cases, a notice can be displayed immediately after the user's login. In the case of fixed stations, you can also specify a notice that will be displayed on the background (Desktop) of the station for the entire session.
User Files and Registry Keys
This section allows you to activate, for the group selected, the Registry Keys and User Files defined in the corresponding section of the Preferences function.
This section specifies which disks the users of this group can access. Disks can be enabled in two different ways:
Enabling by type: in this case, drives are specified by type (floppy, CD, removable disks, etc.)
Enabling by letter: this permits enabling a drive by its letter (A,C, D, etc.).
In addition to using disks physically connected to the computer, the program allows defining access to a "secure" virtual disk called the User Drive, which is called drive "Z". The files that the user saves to this disk physically reside in a shared folder in the program's archives and, specifically, in "C:\ProgramData\Softvision\Softvision Explorer\Softvision Explorer Data\User Drive".
Whenever a user connects, a subfolder is created in User Drive named for the username that is connected, followed by its internal program ID. For example, user Mario Rossi will have a file called "User Drive Rossi ID4". In this way, the administrator can easily identify the user's folder, for example, to burn a CD of the customer's downloaded files. The contents of the virtual drive can be automatically deleted when the user disconnects by enabling "Automatically delete the files..." Otherwise, the customer can decide whether or not to delete the files on his user drive.
Favourite Sites Page
In this section, you can specify the pre-defined home page that will appear after logging-in via Wi-Fi or upon opening Internet Explorer for fixed stations. For the latter, you can also specify the sites that will appear in the list of favourite sites in Internet Explorer.. This is particularly useful when workstations are configured to restrict navigation to certain sites (e.g. in betting shops). In fact in this situation, this is the only way of selecting a site, because Internet Explorer’s address bar is disabled. In this section is also possible to specific the home page that Internet Explorer displays on start up.
Firewall on Ports
On this page you
can enable the use of a firewall based on the ports. A list is shown of
pre-defined ports on which you can enable TCP and/or UDP. If you need
to enable ports not present on the list, you will have to use the “New”
button to create the required port.
Using this type of firewall is very useful, for example to oblige your customers to use particular internet services. For example, if you enable only the HTTP, DNS, POP3 and SMTP ports, users will only be able to use Web services and email.
Firewalls on URLs
A firewall on a URL allows access to be limited to Web sites, by specifying a series of URLs (or parts of them). Selecting the “Do not allow access to the following URLs” mode will make it impossible for users to access the listed addresses, while by selecting “Only allow access to the following URLs” they will only be allowed to navigate on the specified URL’s.
Firewalls on IPs
The operation of this type of firewall is very similar to the previous one. The only difference is that filtering is achieved by specifying the IP address instead of the URL of the server containing the Web site.
The firewall on keywords, which can only be used on wired workstations, allows you to limit access to web pages containing particular words. To add a new keyword, just use the "New" button. You must type the word to monitor, possibly also using the wild card "*" , and select in what environment of the Html page it must be searched (title, meta tag, body or any).
Lastly, having entered all the keywords, you must specify the minimum number of keywords found to block a web page. For example, we can enter a list of hundreds of keywords and request a page to be blocked only when it contains at least three of the keywords entered.
Using the settings in this sections you can limit both the download and upload bandwidths available to customers. This bandwidth limitation facility is particularly useful for preventing certain customers from saturating the network bandwidth available, and thus creating difficulties for the other customers.