In this article we’re going to show you the possible Winflector authentication modes and how to set them up.
There are two main ways to do this:
- Winflector authentication
- Windows/Active Directory authentication
To access either of them you’ll want to:
- Open the Winflector Server
- Go to Preferences
- Go to User accounts
This is the default option and unless you have a lot of users, it will be sufficient. If selected, Winflector Server will use its internal password database to manage users. This mode is selected if the Authentication via box displays Winflector.
In order to add a user follow these steps:
- Click the Add account button
- Type in the name of the user
- Type in the desired password, repeat it in the confirm box.
- If you want the user to have remote access to the Winflector administrative console, check the Winflector administrator box.
- If you want to force periodic password changes, check the password change required box.
- If you want the user to be limited to a certain number of simultaneous sessions, set the login limits as desired.
- Click the Save button.
You can edit an existing account with the same options as with creation by clicking on an account from the list and pressing the Edit account button. It is also possible to delete it by clicking the Drop account button. With the Applications button, you can restrict a user from using certain applications. By default, all applications are available to all users.
This dialog also allows you to set some general account security options. These are:
- Reusing password is prohibited within a number of days. Use this option in conjunction with password change required on the user accounts.
- Lock account after a number of invalid logins. You can unlock the account with the Unlock button on the user list. This option is recommended as hardening.
- Enforce “strong” passwords. Force passwords to be at least 8 characters long, mixed case and have at least one digit or a special character. This option is recommended as hardening.
An option worth looking at is Launch application as a Windows user. This is extremely important for hardening, as it allows you to create an account under which programs published by Winflector will run. This account should, if possible, be a non-administrative one.
There are the Export accounts to file and Import accounts from file options. These can obviously be used for backup or migration, however they also present an interesting opportunity for an administrator who knows a bit about scripting. The exported account list is a simple text file, whitespace-separated. The passwords are encrypted, but everything else can be changed or read, so batch operations can be done with a bit of Python or shell scripting. Note: Direct edits to the export files are not approved by OTC, but on Winflector Expert we show you some dirty tricks.
Remember to Save all changes made.
Now that we have the Winflector authentication broken down to base parts, let’s see the other option.
Windows/Active Directory authentication
This is the option you’ll want to take if you have a bigger installation with many users, a policy of a single account for all company software. This also allows you to use the usual Active Directory tools for account management. There’s also a very significant difference between the modes. In the Winflector authentication, your applications will run in a single, specified account. In this mode, however, the applications will run as the Windows/AD user that has logged in. This mode is selected if the Authentication via box displays Local Windows/Active Directory.
First of all, you need to type in the domain name. This will allow all AD users to access the Winflector published apps. If you put in the local server name instead of the domain name, it will use the local Windows users database.
Most often though, you’ll want a more fine-grained control. Check the Authorize only members of the groups below. Put in the group names (semicolon separated). We recommend that you make a group for all people who you want to be allowed to use Winflector. This will be enough for most uses.
If you want even more control, you can check the Assign applications to Windows/AD users box. Then click on Update users. The user list will fill. You can select a user and click the Applications button. This way you can restrict a user from using certain applications. By default, all applications are available to all users.
Save all changes made.
That’s it. We’ve gone over all the Winflector account configuration options, so you can now choose the optimal way for your needs.
Leave a Reply