Visitor Administration User Guide
Table of Contents CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Conventions Used in this Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Sign-in Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Adding a Sign-in Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Modifying a Sign-in Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Deleting a Sign-in Location . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Workaround for Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Support Two Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Creating Two Copies of the Service File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Creating a New Virtual Directory . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents 6 Visitor Administration User Guide
CHAPTER 1 Introduction Visitor Management is for managing and tracking visitors within your organization. The hosting party logs into a browser-based application to add a visitor or schedule a visit. The web application allows users to log into the visitor management system from any desktop. The front desk attendant can search for visitors, sign visitors in or out, capture information, determine status, and have e-mail notifications sent to the host and visitor.
Prerequisites The Web Application Server is installed through a custom installation of the access control software. For more information, refer to the Installation Guide. Other considerations: • Your server must be a member of a domain. Workgroups are not supported. • You should be logged into the computer as a domain user. • Use the fully qualified name of the computer for the URL. This is important when typing the computer name in the configuration file.
Visitor Administration
CHAPTER 2 Permissions B.A.S.I.S. user permissions are enforced. These permissions are configured in System Administration or ID CredentialCenter in the Users folders. These permissions should be configured for the user to access components of Visitor Management. A change in user permissions requires restarting IIS. Restarting IIS will allow the correct permissions to be applied. The Users folder allows for granular control of the permissions assigned to users within each group.
Permissions for Visitor Administration — System Permission Groups * This permission only applies in a segmented system.
Host Permissions Permissions for Visitor Administration — Cardholder Permission Groups * This permission only applies in a segmented system. Host Permissions For users who will view their visit calendar in Visitor Management Host, schedule visit events, add and invite visitors, the following permissions should be configured.
Permissions for Host — System Permission Groups Permissions for Host — Cardholder Permission Groups * This permission only applies in a segmented system.
Front Desk Attendant Permissions Permissions for Host — Field/Page Permission Groups • For fields pertaining to visitors or visits, including user-defined fields, View and/or Edit permissions should be granted if the host is expected to see the entries or modify them. Front Desk Attendant Permissions For front desk attendants who will be scheduling visit events, adding or updating visitors, signing visitors in or out, and printing badges.
Permissions for Front Desk — System Permission Groups * This permission only applies in a segmented system.
Front Desk Attendant Permissions Permissions for Front Desk — Cardholder Permission Groups * This permission only applies in a segmented system.
Permissions for Front Desk — Field/Page Permission Groups • If there are required fields, toggle the View permission to Yes to be able to print badges. • Also, if there are other user-defined fields on the badge layout, toggle the View permission to Yes to be able to print badges.
Kiosk User Permissions • For fields pertaining to visitors or visits, Edit permissions should be granted if the front desk attendant is expected to see the entries or modify them. • All user-defined fields that are drop-down lists require View permissions. • All List Builder user-defined fields must have View permissions. This includes fields that may or may not be relevant to Visitor Management. Note: List Builder items sometimes do not appear in user-defined drop-down fields.
Permissions for Kiosk — Cardholder Permission Groups 20 Visitor Administration User Guide
Kiosk User Permissions Permissions for Kiosk — Field/Page Permission Groups • For fields pertaining to visitors, including user-defined fields, Edit permissions should be granted if the Kiosk user is expected to see the entries and modify them. • All user-defined fields that are drop-down lists require View permissions. • All List Builder user-defined fields must have View permissions. This includes fields that may or may not be relevant to Visitor Management.
Visitor Administration User Guide
CHAPTER 3 Visitor Administration The browser-based Visitor Administration is for configuring Visitor Management. The web page can be accessed and used from any workstation within an organization. You must have proper credentials to log in and use this browser-based application. For proper functionality, Visitor Administration requires: • Internet Explorer 7 or later • Silverlight 2.0 or later (available from http://www.microsoft.com/silverlight/. If you are having difficulties, contact your administrator.
To enhance Visitor Administration performance, bypass the proxy server for local addresses and add the web server address to the list of proxy server exceptions. Update the URL The full name of the computer is usually configured during the installation process. However, if you want to change it, this can be done in the SilverlightApplicationConfiguration.xml file. This is located in C:\Inetpub\wwwroot\AdminApp.
Configuration 4. Select the Directory from the drop-down. 5. Click [Login]. When the correct user name and password has been typed in and there is a failure to log in, check that the user account has access to the system. This is configured in System Administration or ID CredentialCenter on the General form of the Users folder. Logging Out 1. On the web page, click on the lock icon to log out. You will be logged out of the application.
Kiosk For information pertaining to the Kiosk, refer to the Configuration of the Kiosk on page 35. Badge Type Printing badges for visitors requires configuration of a disposable visitor badge. The badge type selected will be used when printing in Visitor Management Front Desk and Kiosk. Configuration must take place prior to printing. First, the badge type should be created in System Administration. It should be a badge type of the visitor class and configured to be disposable.
Visitor Kiosk
CHAPTER 4 Kiosk Setup The Visitor Kiosk allows visitors to sign in or out themselves without the assistance of a front desk attendant. After visitors are scheduled, they will receive a confirmation e-mail containing a visit key, which is a bar code allowing them to sign in. By using the Kiosk to sign in, visitors will capture their own photograph and print a temporary badge. That same temporary badge can be designed to have a bar code for signing out visitors.
Windows License Upon the first time starting up the computer, you will be required to enter a valid Windows license number and activate it. To do so, you must have a network connection. USB Ports The USB ports vary depending on the order in which the devices are connected. If a ghost image is being used, the USB ports must match the original configuration. These settings must be manually changed as follows. Changing Port Settings 1. Under Printers and Faxes, locate the printer, “Microcom 428M 300DPI.
Information Capture Registering the Touch-It Software Before using the virtual keyboard, it must be registered. 1. You may access the setup in one of the following ways: a. Click the Start button, then select All Programs > Touch-It Virtual Keyboard > Register. b. From the Touch-It menu on the virtual keyboard, select Setup. The Touch-It Setup window will appear. 2. Under Licenses, in the Name field, type the name obtained from the registration exactly as it appears. 3.
Printing A printer inside the Kiosk is used to print temporary adhesive badges for visitors. It must be installed with the proper settings. Installing the Printer 1. Install the printer driver from the disc (\usb-serial\PL-2303 Driver Installation_v20026.exe). 2. Connect the printer to the computer. 3. Run PrnInst.exe. This will place the printer in Printers & Faxes. a. From the list of printers, select Microcom 428M 300DPI. This information is located on the bottom of the printer. b.
Installation Site Installation Site IMPORTANT: All setup described before this point should be done by the Kiosk manufacturer. Configuration of the Kiosk should resume at the installation site. Proceed to the next chapter for installation instructions.
Visitor Administration User Guide
CHAPTER 5 On-site Configuration of Kiosk IMPORTANT: All setup described before this point should be done by the Kiosk manufacturer. Configuration of the Kiosk should resume at the installation site using the following instructions. Configuration of the Kiosk Kiosk configuration is primarily done with Visitor Administration. You must configure the Kiosk profile and assign it to a Kiosk before using it for the first time.
3. Click [Save Changes]. If you do not want to save the information, click [Cancel]. Deleting a Kiosk Profile 1. Select the profile by clicking on it. 2. Click [–]. 3. When prompted for a confirmation to delete the profile, click [Yes]. Configuring a Kiosk 1. In Visitor Administration, click Kiosks. 2. Click [+]. 3. Type the name of the Kiosk. 4. Select the sign-in location from the drop-down. For more information, refer to Sign-in Locations on page 25. 5.
BadgeDesigner Layout 3. Select Visit Key from the list and click [OK]. 4. The new field will be inserted on the form. You may move the field to the desired location on the form and add a label for it. For more information, refer to the FormsDesigner User Guide. 5. Save the form and exit FormsDesigner. Designing a Badge with the Visit Key The badge layout must be modified to have the visit key in BadgeDesigner prior to printing a bar code on the badge to be used for signing out. 1.
ClickOnce Setup To utilize ClickOnce, B.A.S.I.S. must first be installed on the server. Doing so will install a folder, KioskClickOnce, with the required files. In most typical installations, the folder will be C:\Inetpub\wwwroot\KioskClickOnce. The Touch-It Virtual Keyboard is not installed with Clickonce. It must be installed separately. Methods of Deployment One option for deployment is to make it available through a shared network location.
Workaround for Security Policies Installing the Application via Network 1. Obtain the location of the deployment site. 2. Navigate to the directory, KioskClickOnce for Kiosk. 3. To install Kiosk, run Lnl.OG.VM.Kiosk.View.application. 4. Click [Install]. Installing the Application via Server Note: 1. To use this method of installation, JavaScript should be enabled for the browser. If it is not, contact your administrator for assistance.
2. Name the copied directory AnonKioskClickOnce. 3. Locate the following file: Navigate to C:\inetpub\wwwroot\AnonKioskClickOnce\config and edit the serviceModelClient.config.deploy file. 4. Locate the section that states • 5. 6. Comment markers are used to indicate a portion of the code that will be ignored.
Kiosk Settings Choosing the Location and Name 1. Using the touch-screen, select [Change Kiosk]. 2. Select the sign-in location. 3. Select the name of the Kiosk. The information will be saved. The Kiosk profile configured in Visitor Administration will be downloaded. 4. You may choose another setting to change or start the Kiosk by touching [Start Kiosk]. Choosing the Default Printer 1. Using the touch-screen, select [Change Badge Printer]. 2. Select the badge printer.
Visitor Administration User Guide
Appendices
APPENDIX A Security Guidelines When setting up the Kiosk, it is important to prevent unauthorized access and use of the system. Lack of security may cause threats such as installation of harmful software or unwanted access to protected data on your network. These security considerations are provided to help you reduce these risks and ensure adequate protection. Accounts Separate accounts should be set up for separate Kiosk functions.
: Windows Administrator The Windows Administrator is a Windows account that belongs to the Kiosk’s Administrator group. This can be either a local account or a domain account. Windows User The Windows User is a Windows account that belongs to the Kiosk’s Users group. This account should not belong to the Power Users or Administrator group. Secure the Kiosk These steps should be taken to secure the Kiosk. These are just recommendations.
B.A.S.I.S. Configuration B.A.S.I.S. Configuration The B.A.S.I.S. Administrator should create dedicated permission groups for B.A.S.I.S. Kiosk Users. The permissions assigned may vary for your organization. Do not expose cardholder/host information in the Kiosk. B.A.S.I.S. User Accounts The B.A.S.I.S. Administrator should create a separate, dedicated B.A.S.I.S. Kiosk User account for each Kiosk. This facilitates better auditing. Assign the permission groups created to the B.A.S.I.S. Kiosk Users.
: User Account Settings The Windows User account should have limits or restrictions configured. In an Active Directory environment... In a Windows Workgroup environment... As the Windows Administrator, create a Group Policy Object and assign it to the Kiosk users organizational unit to limit what the Windows User can do. As the Windows Administrator, download and install Windows SteadyState. Configure it to limit what the Windows User can do.
User Account Settings These settings will remove the Log Off and Shut Down options from the Start menu. However, an administrator can establish a remote desktop connection and log off or shut down the machine from the command line: Run Description cmd /k “shutdown -l” Log off the user cmd /k “shutdown -s” Shut down the computer cmd /k “shutdown -r” Shut down and restart the computer Automatic Logon The Kiosk machine can be configured for the Windows User to automatically log on.
: 50 Visitor Administration User Guide
APPENDIX B Group Policy Object Group Policy Objects (GPO) should be used by the Active Directory Administrator to define and configure settings for users. Note: This documentation is based on Windows Server 2008. If you are running another operating system, some of the options or names may differ. Group Policy Management The Active Directory Administrator should create a GPO for Kiosk users. Then link this GPO to the organizational unit for Kiosk users.
: Shared Folders Start Menu and Taskbar Lock the Taskbar Enabled Remove Balloon Tips on Start Menu items Enabled Remove Drag-and-drop context menus on the Start Menu Enabled Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands Enabled Remove common program groups from Start Menu Enabled Remove Favorites menu from Start Menu Enabled Remove Search link from Start Menu Enabled Remove frequent programs list from the Start Menu Enabled Remove Games link from Start M
Group Policy Management Don't run specified Windows applications (explorer.exe, iexplore.exe, mobsync.exe, notepad.exe, osk.exe, rcimlby.exe, tourstart.
: 54 Visitor Administration User Guide
APPENDIX C Windows SteadyState Windows SteadyState can be used to maintain Kiosk stability. It can be downloaded from: http:// www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx. Install SteadyState according to the instructions provided with the software. Configuration of Windows SteadyState In a Windows Workgroup environment, the Windows Administrator should configure computer and user restrictions to limit what the user can do. The following settings are recommended for the Kiosk.
: • 6. 56 Prevent Internet access (except Web sites below). This should be covered by the Proxy Settings in Internet Explorer if you followed the Security Guidelines. Block the following programs: • hypertrm.exe • Internet Explorer • On-Screen Keyboard (C:\Windows\system32\osk.
Index A Add sign-in location ....................................... Administrator permissions ............................ All permissions ............................................... Automatic cropping ........................................ Automatic Logon ............................................ H 25 11 11 31 49 B badge layout ..................................................... BadgeDesigner layout .................................... BIOS ...................................................
Index Non-disclosure agreement ............................. 35 O On-site configuration ..................................... 35 P Password protection ....................................... Permissions administrator ............................................ by function ............................................... front desk attendant ................................ host ............................................................ kiosk user .................................................
Index Visitor Administration User Guide 59
6161 East 75th Street Indianapolis, IN 46250 Phone: (317) 849-2250 B.A.S.I.S. ET693 Visitor Administration User Guide, product version 6.5 Item number E896, revision 2.006, January 2013 Content of this document copyright © 2009-2012. Lenel is a registered trademark used by Stanley Security Solutions with permission from Lenel Systems International, Inc. Windows, Windows Server, and Windows Vista are trademarks and Microsoft is a registered trademark of Microsoft Corporation.