ADC™ Security Administration Tool - Imagine …„¢ Security Administration Tool v4 ... Imagine Communications reserves the ... design, specifications, components, or documentation

ADC™ Security Administration Tool v4

15-May-2015

Revision: Release

Operations

ADC™ Security Administration Tool v4 Operations

Publication Information © 2015 Imagine Communications Corp. Proprietary and Confidential.

Imagine Communications considers this document and its contents to be proprietary and confidential. Except for making a reasonable number of copies for your own internal use, you may not reproduce this publication, or any part thereof, in any form, by any method, for any purpose, or in any language other than English without the written consent of Imagine Communications. All others uses are illegal.

This publication is designed to assist in the use of the product as it exists on the date of publication of this manual, and may not reflect the product at the current time or an unknown time in the future. This publication does not in any way warrant description accuracy or guarantee the use for the product to which it refers. Imagine Communications reserves the right, without notice to make such changes in equipment, design, specifications, components, or documentation as progress may warrant to improve the performance of the product.

Trademarks Product names and other appropriate trademarks, e.g. ADC™, D-Series™, Nexio® Insight, Nexio® Motion, PowerSmart®, Versio™ are trademarks or trade names of Imagine Communications or its subsidiaries.

Microsoft® and Windows® are registered trademarks of Microsoft Corporation. All other trademarks and trade names are the property of their respective companies.

Contact Information Imagine Communications has office locations around the world. For domestic and international location and contact information, visit our Contact page (http://www.imaginecommunications.com/company/contact-us.aspx).

Support Contact Information For domestic and international support contact information see:

• Support Contacts (http://www.imaginecommunications.com/services/customer-care.aspx) • eCustomer Portal (http://support.imaginecommunications.com) • Academy Training (http://www.imaginecommunicationsacademy.com)

© 2015 Imagine Communications Corp. Proprietary and Confidential. 15-May-2015 | Page 2

http://www.imaginecommunications.com/company/contact-us.aspx

http://www.imaginecommunications.com/services/customer-care.aspx

http://support.imaginecommunications.com/

http://www.imaginecommunicationsacademy.com/

ADC™ Security Administration Tool Operations Contents

Contents Overview................................................................................................................ 4

About the Security Administration Tool ................................................................................................... 4 Permissions ............................................................................................................................................... 5

Installation ............................................................................................................. 6 Installation Files ........................................................................................................................................ 6

Security Files ......................................................................................................................................... 6 To Install ADC Security Admin Tool on a Workstation ............................................................................. 6

Using the Security Administration Tool .................................................................. 7 About Starting the Tool ............................................................................................................................ 7

(Option) Setting a Centralized Database Directory .............................................................................. 8 Logging In .................................................................................................................................................. 8 About the Main Screen ............................................................................................................................. 9

Elements of the Main Screen ............................................................................................................. 10 Menus for the main Screen ................................................................................................................ 13

Keyboard Shortcuts ................................................................................................................................ 13 Other Tool Screens ................................................................................................................................. 14

Admin Settings Dialog ........................................................................................................................ 14 Copy Settings Window ....................................................................................................................... 15 Server, Client, and User View ............................................................................................................. 16 More Info Configuration dialog .......................................................................................................... 16

Using the Security Admin Tool to Create new Accounts ........................................................................ 19 To modify ADCOPTS.INI ...................................................................................................................... 20


ADC™ Security Administration Tool Operations Overview

Overview

About the Security Administration Tool The ADC Security Administration Tool provides a facility that gives a Security Administrator the power to restrict access to the features of the ADC Windows Client on a per user basis. Each user may be assigned a number of permissions by the Security Administrator. The user is prompted to supply a name and password when he logs in to the Windows Client. He will then be given the permissions that the Security Administrator has assigned to him through the use of this tool.

This facility is intended primarily as protection against inadvertent or deliberate actions by users that may disrupt or change the programming. Since it restricts access to particular features of the windows client, it will prevent unauthorized users from modifying those items they should not have a reason to modify. The particular permissions available and the actions they cover are defined in a later section.

Permissions are assigned based on a triad consisting of a Client name, Server name and User name. Either or both of the Client and server names may be wild carded. When a user logs in to the ADC Client the user accounts are searched first for a match on the specific client and server names and then they are searched for wild card matches. Thus, a user may be granted certain permissions on a particular client and server pair that are different from the permission he has on all other clients and servers.

User names and passwords are global to the security file, but permissions are defined for each client/server/user triad. In other words, the same user name always has the same password, but the permissions may be different depending on which client he’s using and which server he’s connected to.

Below are some of the benefits provided by this enhancement.

Simple, easy to use security that provides access control on a per list basis. Sufficient control to protect against disruption of transmission events. Extensible framework that allows implementation of finer grain security. Retain read-only access to non-editable resources. Easily disabled for users not desiring security. Minimal performance degradation.

If management decides that security is of no value within their organization it can be easily bypassed through the use of a default user account that provides all permissions. In fact, three security files are shipped with the Admin Tool. One file provides unlimited permissions to all users, and the second file provides view-only permission to all users; this second file is normally used as a base to which additional users are added. The third file will be explained in a later section.

In this document the Security Administration Tool will be refereed to as Admin Tool. Users of the Admin Tool are referred to as Security Administrators.


ADC™ Security Administration Tool Operations Overview

Permissions Six separate permissions are defined for the basic windows client product. These permissions are described briefly below.

• Display Layout/Format: If granted for a particular user this permission allows the user to modify the visual attributes of the Client. These visual attributes include the display colors, fonts, and the visual layout of the list panes. You may want to restrict this permission to provide a consistent look for the windows client throughout your organization.

• Switcher Control Panel Access: Controls access to the Choose Switcher dialog which in turn controls access to all switcher control dialogs.

• System Configuration: This permission determines whether a user can control or modify values that control basic system operation, e.g. event logging, directory path settings and list names. When not set, the user will be able to view, but not modify these settings. All options under the Client Properties menu are controlled by this attribute.

• Device Storage Edit: Controls whether the user may perform device storage window operations that can result in a loss of data or change data status, e.g. Remove, Protect, Unprotected. This flag is global to all device storage windows.

• Transmission List Edit: Provides control over event modification, list operation and the control of the lists’ devices. Event modification includes all operations that modify a list’s events, e.g. insert, delete, and revise. Event control is any operation that could modify the playing of the events, e.g. unthread or skip. Device control is enforced by prohibiting the display of the virtual control panels and disabling the hardware panel’s control buttons. This permission may be granted individually for each available transmission list. It is possible to add permissions for up to 16 lists.

Note: This may be expanded to 24 lists in ADC v12 versions.


ADC™ Security Administration Tool Operations Installation

Installation

Installation Files The following files are included with the ADC Administration Security Tool distribution, each is described briefly below.

• ADMNTOOL.EXE: The Security Administration Tool executable program. • ADMNTOOL.INI: Contains settings for ADMNTOOL.EXE.

Security Files The following three files are all security files. One of these can be used as the starting point for your security definitions. These files are described in more detail later in this document.

• ADCOPTS.INI: The default security file. • ALLPRIVS.INI: A security file that will give all permissions to all users. • NOPRIVS.INI: A security file gives view-only permissions to all users.

To Install ADC Security Admin Tool on a Workstation This section describes how to install the ADC Security Admin Tool on a client workstation using the Installation Wizard.

1. Run the Installation Wizard (AirClientInstall.exe). 2. Read the Welcome dialog. When ready to continue press Next. 3. On the License dialog Read and Accept the license, and then press Next. 4. On the Destination Location dialog specify the following: Installation Path: Accept the default or - if you like - press Browse to change the directory into

which the application program files will be installed. When ready to continue press Next.

5. On the Ready to Install Program dialog, click Next. The application is installed. 6. When the installation concludes, click Finish.


ADC™ Security Administration Tool Operations Using the Security Administration Tool

Using the Security Administration Tool

About Starting the Tool Normally, all ADC Clients on a network will read the security information from a common file located in the Database directory for the ADC products. The Admin Tool however, is able to read and write a security file from any directory. Thus a Security Administrator may modify or change a file in a local directory on his computer, and when he is satisfied that his changes are correct, he can copy this file into the above described network directory for access by all users.

When the Admin Tool is started it prompts the user with the following dialog.

Admin Tool "remembers" the name of the previous file opened in the file ADMTOOL.INI located in the same directory Admin Tool was run from. It makes this the default file name. The name of the normal security file is ADCOPTS.INI. Three sample security files are shipped with the Admin Tool:

• ADCOPTS.INI: Allows operator to log in with name: "admin" and password: "admin". • ALLPRIVS.INI includes a default user account that will provide unlimited permissions to all users. Use

this file if you don’t want security. • NOPRIVS.INI includes a default user account which provides view-only permission to all users. This

second file would normally be used as a base to which users will be added.

Modification of the files by means other than through the use of the Admin Tool is discouraged by the use of horizontal and vertical checksums within the Security file. These checksums provide protection from unauthorized modification. It should be noted however that no protection scheme is foolproof. If security is important we recommend that only one copy of the security file be made available to network users. Since the ADC clients do not write to this file it may be given read-only permission for


ADC™ Security Administration Tool Operations Using the Security Administration Tool additional protection. When the Security Admin closes the Admin Tool, the security file is completely rewritten. The previous version will be renamed with the file extension BKP. If the Security Admin modifies the network accessible security file he or she should remove the backup copy from the network.

If user records have been tampered with or the file becomes corrupted for some other reason, the users who records have been damaged will not be able to log into the ADC Client. Within the Security Admin Tool however we have provided the ability to read damaged records and repair them. If the Admin Tool detects corrupted records as it reads the Security file it displays a message box indicating which records are corrupted. If a user’s record is corrupted but still readable (a checksum is wrong) the user will be visible in the Admin Tool but he will have no permission (This is also true for the ADC client, if a user’s record is corrupted he may still log in, but he will have no permissions.)

We recommend that a copy of the current file be kept in a secure location. Recovery from corrupted records is then just a matter of restoring the current file.

(Option) Setting a Centralized Database Directory For SQL to work correctly on Air Client and Media Clients, the database directory setting must point to C:\Aclient and C:\MClient directories respectively. This requires that the adcopts.ini file be copied to each individual client, instead of having a centralized point on the Fileserver.

However, if you want to designate a single centralized point instead, use the following procedure.

1. Put the dbcall dlls into a mapped drive on the fileserver. 2. Point all Air Clients and Media Client's "Database" directory to this mapped drive. 3. Put the adcopts.ini into this same mapped directory.

Logging In No security tool is useful unless access to the tool itself can be restricted. For this reason the AdminTool requires a userName and password in response to the following prompt. Each time a Security Administrator logs in Admin Tool saves his name in a local settings file. It then remembers the previous user name and places it in the account field the next time Admin Tool is invoked.


ADC™ Security Administration Tool Operations Using the Security Administration Tool The two security files included with the Admin Tool have a single Security Admin account defined. This account has the user-name "admin" and the password "admin". As with the ADC Client the character case is significant, you must enter the user-name and password just as they were defined.

If the record for an Admin user is corrupted a message indicating this will be displayed when the security file is read, and this Admin Tool user will be unable to log in. In the case where the security file does not contain any uncorrupted Security Admin tool user accounts there are a couple of courses of action. The first course of action is to restore a previous copy of the corrupted security file. If a previous copy is not available, ADC can provide the Security Admin user with an emergency password that will permit him to log in with any user-name. This emergency password is only valid for the current day.

About the Main Screen Upon verification of the Security Admin user-name and password the main screen of the Admin Tool is displayed. The main screen includes five separate sections. It provides facilities to define or delete server, client and user names; assign passwords to users; and it allows permissions to be assigned to users. Permissions are assigned for a particular user on a particular client machine connecting to a specific server. This will be explained in more detail below.



Elements of the Main Screen As is evident from the diagram below the main screen contains several sections containing text-boxes, lists, buttons, etc.

Clients and Servers Sections

These two sections contain the names of the currently defined clients and servers. Currently there is no way to automatically determine what the names of the clients and servers on a network are. Add buttons are used to add the names of these clients and servers to the Admin Tool’s security file.

• To create a new server or client name, type the name in the pane to the left of the Add button and select the button.

• To delete an item from the list by selecting the item in the list and pressing the Delete button (you can also use the keyboard delete button).


ADC™ Security Administration Tool Operations Using the Security Administration Tool One item is already defined in both the client and server panes. This is the "**All Clients**" or "**All Servers**" entry. When these items are both selected permissions are assigned for a user on all clients connected to all servers. If "**All Servers**" and a specific client are selected the permissions are defined for the current user working the specific client connected to all servers. Likewise access may be defined for a user on all clients connected to a specific server. This will be explained in greater detail later in this document.

Users Section

With the exception of the Copy button the elements in this section function essentially the same as the buttons in the Clients and Servers sections. The Copy button brings up a dialog that permits permissions to be copied from one user to another. It facilitates the definition of new user accounts based on an existing account. This dialog is described in more detail in a later section.

When either the Add or Copy button is used to define a new user, the focus immediately shifts to the first pane in the password section. If this is a new user the whole password section then flashes until either a key is pressed or a mouse button is clicked.

• Passwords are not required for new users, but this feature reminds the Security Administrator that the new user’s account does not yet have a password assigned.

• User-names and passwords are defined globally within the security file, so if the same user name is defined for a different client and server pair the user’s password will be taken from there and the password section will not flash.

At the top of the users list is the "**Default User**" name. This line only shows up if "**All Clients**" and "**All Servers**" are selected from their respective lists. The default user name serves two purposes.

• First, it is the user upon which all other user accounts are based. Thus when a new user is added to the user list he will be given the permissions defined for the default user.

• Secondly it provides the default account information for users of the ADC client. If an ADC Client user enters a name that is not defined in the security file, that user will be given the permissions assigned to the "**Default User**" account. A password can not be defined for this account.

• By default the "**Default User**" account has Transmission List View privileges enabled.



Permissions Section

This section does the real work of the Admin Tool. In this section permissions are assigned based on a triad consisting of the currently selected Client name, Server name and User name. The "**All Clients**" and/or "**All Servers**" lines may be selected to define rights for this user on all clients connected to all servers, all clients connected to a particular server or a specific client on all servers.

When a user logs in to the windows client, the accounts are first searched for a match on the specific client and server names and then searched for wild-card matches. Thus, a user may be granted certain permissions on a particular client and server pair that are different from the permission he/she has on all other clients and servers. Below is a brief description of the various permissions, they are described in more detail in the section entitled "Permissions".

• Display Layout/Format: User with this permission may modify colors, column layout, etc.. • Switcher Control Panel Access: Controls access to the Choose Switcher dialog. • System Configuration: Determines whether a user can control or modify values that affect basic

system operation. • Device Storage Edit: Controls whether the user may perform device storage window operations that

can result in a loss of data or change data status, e.g. Remove, Protect, Unprotected. • Transmission List View: Provides control over list. This permission applies to individual

Transmission lists. It may be granted for any list on the system. • Transmission List Edit: Provides control over event modification, list operation and the control of

the lists’ devices. This permission applies to individual Transmission lists. It may be granted for any list on the system.

A check mark in a box indicates that this permission is assigned to the selected user, client and server triad. The permission may be toggled on or off either by clicking the left mouse button while the mouse pointer is over the line, or by pressing the space bar while this line has the focus.

The state of the Transmission List Edit check box applies to the Transmission List currently selected from the drop-down list below it. For instance, if list - 1 is selected in the text box and a check mark appears in the check-box, the selected user has the permission to modify Transmission List 1. Lists for which the permission has been granted will also be displayed in the list box with a "y" to the right of the list name.


ADC™ Security Administration Tool Operations Using the Security Administration Tool Two buttons are present in the permissions section. Restore restores the original settings for the current user as long as you haven’t changed to another account. If you select a different user name (or a different client or server) the permission settings for the current account are saved. (They are saved in memory, modified records are not written to the security file until the Save option is selected from the File menu). The More... button brings up a window containing additional settings. These settings are only for users that have requested additional security features, if your installation has the default security features this button only displays a message indicating there are no additional permissions.

Menus for the main Screen

• File Menu: The file menu has three items. Save: Saves the security file under the same name that was used to open it. The previous

version is renamed with the same file name and the extension BKP. SaveAs: Save the security settings under a different file name. Exit: Closes the Admin Tool. If modifications have been made to the security information and

they haven’t been saved, the Security Administrator is prompted as to whether he wants to save these modifications.

• Options Menu: Admin Accounts: Brings up the admin accounts dialog. This dialog allows you to define Security

Administrator user names and passwords. Show Tree View: Display a window containing a view of the servers, clients and users in tree

form. • Resources Menu: MoreInfo: Offers the More Info Configuration dialog option.

• Help Menu: Help options: Provides the usual help options. About: Provides information about the application version.

Keyboard Shortcuts Several keys are defined to make moving around within the Admin Tool easier. These keys make it possible to perform all operations without a mouse (although the use of a mouse makes these operations easier).

• The standard Windows accelerator keys are supported. These include F1 for help, Alt-spacebar to open the system menu, and F10 (or Alt by itself) to select the first menu on the menu bar. Specific menus are selected by pressing the Alt key in combination with the underlined letter in the menu title.

• Each section has a hot-key indicated by the underlined character in the section title. Pressing the Alt key in combination with this key will place the cursor in the first pane (or checkbox) in this section.


ADC™ Security Administration Tool Operations Using the Security Administration Tool • The Tab key may be used to move from one pane, button, checkbox, etc. to the next. Shift-Tab

moves the cursor in the opposite direction. Up and Down arrow keys move up and down in a list pane.

• In the Clients, Servers and Users list panes the Delete key functions the same as the Delete buttons on the form. If the cursor is in any of the add panes, the Insert key performs the same function as the corresponding Add button.

• When multiple windows are open (for instance if the Copy Settings window is open) the key combinations Alt-Page Up and Alt-Page Down move the input focus between windows.

• Pressing the Spacebar when the cursor is on a checkbox will toggle the state of that check box. • The up and down arrows may be used to select entries in the "Transmission List Edit" list.

Other Tool Screens Admin Tool includes three additional screens for specific tasks.

Admin Settings Dialog From the main menu select Options> Admin Accounts. The Admin Settings dialog provides the means to Add new users of the Admin Tool or change existing users passwords. Admin Tool user names are listed in the Admin Users pane. New user names are entered in the add pane and passwords are entered in the password panes. It essentially functions the same as the corresponding User and password sections on the main Admin Tool window.

Since passwords are required for Admin Tool users, the Security Administrator cannot add a new user to the Admin Users list without first entering a password in both password panes. If the Add button is pressed and the password panes are empty, a message is displayed and the cursor is placed in the first password pane.


ADC™ Security Administration Tool Operations Using the Security Administration Tool The Help button provides help for the current window and the OK button closes the window.

Copy Settings Window This window provides the means to create a new account from an existing account. This window can be used to duplicate the permissions for a specific user on other client/server pairs; or it may be used to define new accounts based on the permissions for an existing account.

Selection of the Copy button in the Users section on the main form brings up this window. When it opens, the source panes contain the text that is currently selected in the corresponding list panes on the main form.

When selections are made in the Clients, Servers or Users list panes on the main form the corresponding element in the active section on this form will change. Either the Source section or the Destination section may be the active section. The radio buttons in the Select section at the bottom of the window indicate which is the active section. When the Copy Settings window first comes up the active section is


ADC™ Security Administration Tool Operations Using the Security Administration Tool the Source section. The active section may be changed either by selecting the corresponding radio button or by moving the cursor from one section to another.

The copy operation is completed by selecting the Copy button at the bottom of the form. If a new Server, Client, and/or user name is entered in the Destination panes a new account will be created with the same privileges as the Source account. The new Server, Client, and/or User are added to the appropriate list(s). This operation may be repeated as many times as desired. Select the OK button to close the Copy Settings window.

Server, Client, and User View This view displays a view of the currently defined accounts in tree-like form. Servers are the root of each tree. Clients branch off of the server and users are listed under each client. This window is not updated when you create or delete accounts from the main window, it only displays the accounts defined when it is opened. Use the OK button to close it.

More Info Configuration dialog Media Client has a ‘More Info’ configurable tab. The user may input any value inside the edit boxes on this window. The majority of ADC customers use it to enter pre-defined values in their database, because retyping values often generates post-process mistakes. For this they desire to have a pull down menu with preset DB values on the ‘More Info’ window.

From the Security Admin Tool’s More Info dialog it is possible to edit database field values and access them through pull down menus on the Media Client.

Edit and configuration of ‘More-Info’ are provided with ‘Admin Tool’ application. This feature is available for any type of spots on the Media Client More Info tab.

Media Client provides the ability to configure ‘Combo Box’ instead ‘Edit Box’ with values retrieved from the Database.

New combo boxes have an ‘Editable’ property. If this property is enabled (checked), then the user may view Database values and input new values or make a choice between only DB values.

The following procedure assumes the ASDB database has been installed and properly set up.



Reference Note: For More information on the setup and use of Database and MoreInfo, reference the ADC More Info Reference document.

1. From the main menu select Resources> Moreinfo. The ‘More Info Configuration’ window is displayed. With a successful connection to the ‘ASDB’ database, it shows the information about an ASDB Table and configured fields.

Note: The administrator sets up the ‘ASDB’ database in ‘ODBC’ configuration of Windows: Start->Settings->Control Panel->Administrative Tools-> Data Sources (ODBC).

2. Use the ‘More Info’ configuration dialog to configure ASDB items. The left pane displays all fields of ‘More Info’ which can be configured. In the right pane the user

can input values for the ‘More Info’ field selected in the left pane. The ‘Editable’ check-box defines an ‘editable’ field. By default the ‘Editable’ parameter is

unchecked, meaning the user may not input a new value.



When a Database Field is highlighted in the Database Fields pane and/or an item is highlighted in the Items pane, the ‘Editable’ checkbox is activated and not checked.

3. To add items on MoreInfo pull-down menu: From the left pane choose the field you want to customize. Select the New button and fill the empty field. The Item is added to the Items pane. Continue adding items as described for all customized MoreInfo fields. (Option) To enable the item for editing by an operator, select the item and check the "Editable"

checkbox. Uncheck this option to make the item un-editable.

4. (Option) To edit an existing item In the right pane select the item you want to customize. Select the Edit button and modify the field as required. (Option) To enable the item for editing by an operator, select the item and check the "Editable"

checkbox. Uncheck this option to make the item un-editable.


ADC™ Security Administration Tool Operations Using the Security Administration Tool 5. To save changes press ‘OK’ or the ‘Apply’ button. A new table named ‘MoreInfo Configuration’ is created on ASDB database. This table contains

the configuration of MoreInfo fields. For each field where items have been added, a new table is also created with this kind of name:

‘’ASBD_ASEXT_field’’. Those tables contain items for pull-down menu.

Example Scenarios (Using the Editable checkbox)

SCENARIO 1: Editable is not checked and no values are entered for the field.

1. In the Security Admin Tool, the new field is not marked editable and no values are entered for the field.

2. Logging in to Media Client and clicking on the ‘More Info’ tab of the Single Spot prep form, the new field is displayed as a combo drop-down list with no values. In addition, no values can be typed into the field.

SCENARIO 2: Editable is not checked and values are entered for the field.

1. In the Security Admin Tool, the new field is not marked editable and 2 values are entered for the field.

2. Logging in to Media Client and clicking on the ‘More Info’ tab of the Single Spot prep form, the new field is displayed as a combo drop-down list with 2 values. In addition, no values can be typed into the field.

SCENARIO 3: Editable is checked and no values are entered for the new field.

1. In the Security Admin Tool, ‘Editable’ is enabled (checked) for a new field. No values are entered for this new field.

2. Logging in to Media Client and clicking on the ‘More Info’ tab of the Single Spot prep form, the new field is displayed as an edit field and any values can be typed into the field.

SCENARIO 4: Editable is checked and values are entered for the new field.

1. In the Security Admin Tool, ‘Editable’ is enabled (checked) for a new field. Two values exist for the new field.

2. Logging in to Media Client and clicking on the ‘More Info’ tab of the Single Spot prep form, the new field is displayed as a combo drop-down list displaying the 2 values. In addition, different values can be typed into the drop-down field.

Using the Security Admin Tool to Create new Accounts This section contains a brief description and an example on how to use the Admin Tool to create new accounts.

When the Admin Tool is received as part of an ADC Software distribution, three security files (ADCOPTS.INI, ALLPRIVS.INI and NOPRIVS.INI) are included. If you don’t want any security at your


ADC™ Security Administration Tool Operations Using the Security Administration Tool installation, copy the file ALLPRIVS.INI into the ADC database directory and rename it to ADCOPTS.INI. When the ADC client starts it will prompt the user for a user-Name and password, the user may press the Enter key to connect with all privileges. You won’t need to go through all the steps listed below, but we recommend that you change the Security Administrators account password to prevent others from modifying the security file, (step 3, below) and keep a copy of the ALLPRIVS.INI file.

To modify ADCOPTS.INI If you want to enable security however, you should start with NOPRIVS.INI. Make a copy of this file in a local directory and re-name it to ADCOPTS.INI. Follow the list of directions below to modify this file.

1. Run Admin Tool. When prompted for the file name, select the ADCOPTS.INI file. 2. When the user-name/password dialog appears enter the name "Admin" and the password:

"admin". Enter them exactly as printed here. 3. The first things you should change are the names and passwords for the Security Administrators (A

Security Administrator is a user who can run the Admin Tool.). To do this, select the Admin Accounts item from the Options menu. This brings up the "Admin Settings" window; in this window you may define as many Security Administrator accounts as you want. It is recommended to either give the "Admin" account a new password, or delete the "Admin" account and define additional account(s). To define a new account enter a name in the create pane (to the left of the Add button) and

enter the same password in both password panes. Press the Add button to create this account. After creating all the accounts needed, press the OK button.

4. Now you should add the names of your clients and servers to the security file. Enter new names in each section’s Add pane (to the left of the Add button), and select the Add button. Each new name will be added to the list pane. If you will be restricting access only by user name and not by client and/or server, you may let

the client and server names default to "**All Clients**" and "**All Servers**". 5. You may want to modify the default user. Permissions you assign here are given to users who do not

have a valid login so normally you would leave the default user with no permissions. However to modify permissions for the default user Select "**All Clients**" from the Clients pane and "**All Servers**" from the Servers pane. "**Default User**" should be the only entry showing in the Users pane. Select "**Default User**" if it’s not selected. Modify permissions by clicking the left mouse button while the cursor is over a permission check box. If you want to restore the original permissions, press the Restore button. Permissions that are granted are indicated by a check mark in the check-box. An empty

check-box indicates that this permission is not granted. 6. Create a new account. Select the client and server pair this account should apply to. Enter a user

name in the Add pane and select the Add button, the new name will appear in the "Users" pane and the cursor will be placed in the top password pane. Enter a password for this user in both panes and press the Change button. Set the permissions for the user.

7. If you want to create other accounts with the same permissions as this account you can use the copy feature. You may use the copy feature to copy the user’s settings to various client/server pairs; or to create new user accounts on the same client/server pair. For the purpose of this example we assume you want to create other users on the same client/server pair.

8. Press the copy button to activate the "Copy Settings" window, when this window is displayed it will show the currently selected client, server and user in the source section on the left. Place the cursor



in one of the destination panes, the same client, server and user names will be copied into this pane. Move the cursor to the user pane and type in a new user name. Select the Copy button in this window to create the new account; the cursor will be placed back in the password pane of the main window. If you want this user to have a password, enter the password in both panes and then select the Change button. Repeat this process for as many accounts as you want.

9. When you’ve finished with the Admin Tool you need to save the new definitions and accounts. Select the Save option from the File menu to save the new data in the security file. You may now close the program by selecting Exit from the file menu, or clicking the [X] button located in the upper right corner of the main screen.

10. Copy the new ADCOPTS.INI file into the ADC Client application folder, which is the ‘database’ folder in the clients configurations, where it can be read by the ADC clients.


Documents

ADC™ Security Administration Tool - Imagine …„¢ Security Administration Tool v4 ... Imagine Communications reserves the ... design, specifications, components, or documentation