Logon Analyzer
Active Directory based!
Deployed in minutes!

Copyright © 2015 by VisionIT  · Privacy Policy · Terms Of Service ·  E-Mail: support@vision-it.org
WEBSITE

The Logon Analyzer Website can be installed to a windows 2008 or windows 2012 server in your Active Directory, as long as it is configured as an IIS webserver.

The Logon Analyzer Server must be installed before you can install the website, because you need to point the website to a Logon Analyzer Server. The website will get it's data from that Logon Analyzer Server, and the website's configuration file will be stored on that Logon Analyzer server.

The Logon Analyzer Server and the Logon Analyzer Website can be installed to the same server. In that case, you will need to provide a so called Internal Routing Port, which will be used for communication between de website and LogonAnalyzer Server Service.

LOCAL ADMIN RIGHTS

You need Local Administrator rights on the webserver in order to install the Website. So first, make sure you have started the console with credentials that give you local administrator rights on the server to which you want to install the website. If you haven't started the console with local admin rights, restart this console via 'Run As' with credentials that grant you local admin rights on the server.

PREREQUISITES

Some specific windows components need to be installed for website creation to succeed, both on the computer from which you want to install the website (your computer), and on the webserver to which you want to install the Logon Analyzer Website.

PREREQUISITES YOUR COMPUTER

The component that needs to be installed on your computer is ‘IIS Metabase and IIS configuration compatibility'. Here’s how you install it:

1. Open 'Control Panel'.
2. Open 'Programs and Features'.
3. Open 'Turn Windows Features on and off'.
4. Open 'Internet Information Services'.
5. Open 'Web Management Tools'.
6. Open 'IIS Management Compatibility'.
7. Check 'IIS Metabase and IIS configuration compatibility'.
8. Press 'OK'.

PREREQUISITES WEBSERVER WIN2K8

If the webserver you want to install the website to is a windows 2008 server, then you need to install the components ‘IIS compatibility’ and ‘Windows Authentication’. Here’s how to install them:

Open an RDP session to the webserver and install the compatibility  component:

1. Open 'Control Panel'.
2. Open 'Programs and Features'.
3. Open 'Turn Windows Features on and off'.
4. Open 'Internet Information Services'.
5. Open 'Web Management Tools'.
6. Open 'IIS Management Compatibility'.
7. Check 'IIS Metabase and IIS configuration compatibility'.
8. Press 'OK'.

Open an RDP session to the webserver and install the Windows Authentication component:

1.On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
2.In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
3.In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
4.On the Select Role Services page of the Add Role Services Wizard, select Windows Authentication.

PREREQUISITES WEBSERVER WIN2K12

If the webserver you want to install the website to is a windows 2012 server, then you need to install the components ‘IIS compatibility’ and ‘Windows Authentication’. Here’s how to install them:

Open an RDP session to the webserver and install the compatibility  component:

1. Open 'Control Panel'.
2. Open 'Programs and Features'.
3. Open 'Turn Windows Features on and off'.
4. Click Next in 'Add Roles and Features Wizard'.
5. Select 'Role Based...’
6. Select the Webserver from the server pool.
7. Open 'Web Server (IIS) (Installed)'.
8. Open 'Management Tools (Installed)'.
9. Open 'IIS 6 Management Compatibility'.
10. Check 'IIS 6 Metabase compatibility'.
11. Press 'OK'.

Open an RDP session to the webserver and install the Windows Authentication component:

1. Open Server Manager.
2.In Server Manager, click the Manage menu, and then click Add Roles and Features.
3.In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
4.On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Windows Authentication. Click Next.

WEBSITE SECURITY

The security options presented are separate from the IIS security options, meaning, they are specific to this application. You will not find information about these settings in the website configuration options on the IIS webserver. They are stored on the Logon Analyzer server the website connects to. The webserver downloads these settings from the Logon Analyzer server on startup, and implements them. And only after those settings are downloaded and implemented, can the website be accessed.

So, no matter who you give access via IIS itself (to the Domain Users, for instance), if only group X has been granted Base Line Security access, then only group X can access the website.

WEBSITE BASE LINE SECURITY

This option allows you to determine which users and/or groups in your active directory can access the website. You can also decide from which IP addresses or IP range the website can be accessed, regardless of firewall settings.

WEBSITE FUNCTIONALITY SECURTY

This option allows you to determine per function who has access to the website. Prohibits have priority over grants. So, if Domain Users have the right to view, for instance, Function 'Live Actions', and user X is prohibited from viewing that function, than that function will not be available (nor visible) to user X.