Limit Authorized Users

In addition to the Active Directory access policies, a white-list of authorized users can be configured to grant access via the Web Application or Windows Client to perform administration or viewing operations.

Web Application

For the Web Application, by default, all users are allowed access. For more information on how to limit the number of authorized users accessing the Web Application, please see the Role Based Security for Web Application.

Windows Client

For the Windows Client, the ‘Security’ section in the Prognosis INI file (prgnini.ini) can be used to specify a white-list of user groups that have permissions to perform a Windows Client login or execute commands:

An entry titled 'AllowedGroup' can be defined which allows one or more security groups to be specified. The prgnini.ini file is located in the following folder path:

<Prognosis_Home>\Server\Configuration\prgnini.ini

When the 'AllowedGroup' statement is set up, then only users that belong to the nominated security groups will be allowed to perform a Windows Client login or execute commands. The 'AllowedGroup' statement is added as follows:

[Security]
AllowedGroup=<domain>\<group>,<domain>\<group>,...

Multiple groups can be added with each group separated by a comma (,) without any blank spaces.

Each group must be specified with a domain name and the group name separated with a back slash. For example, if the domain is IR and the allowed group is IRGui32, then the entry should be specified as:

[Security]
AllowedGroup=IR\IRGui32

If the AllowedGroup statement is not specified, then the security group check is not performed. Also, if the AllowedGroup statement is specified but does not contain a group name then the security check will not be performed. For example, the following specification will not trigger a security group check to be performed:

[Security]
AllowedGroup=

The group name is not case sensitive.

There should be no blank spaces between parameters in the 'AllowedGroup' statement.

Recommendations

In all environments, the following approach is recommended:

  • Limit the number of authorized users that are allowed access to the Web Application

  • Limit the number of authorized users that are allowed access to the Windows Client

Provide feedback on this article