Multi User Mode
Access to the LOGINventory database is possible in parallel with several users. The access can be done via the normal installation, via the portable version, as well as via the web interface. LOGINventory offers an authorization concept and the possibility to share individual nodes, i.e. folders or queries from the tree structure, for specific groups or users. This ensures that only authorized persons have access to the data intended for them.
Authorization Concept
In the settings different roles can be assigned. The following roles are available:
| Role | Function |
|---|---|
| Administrators | Unrestricted access, sharing of data nodes, management of user roles and settings |
| Power Users | Sharing of data nodes, creation and editing of queries (nodes), editing of data |
| Users | Editing data |
| Guests | Viewing data |
Users or groups from the AD can then be added here and individual roles assigned. When using Security Principals from other domains (via Cross-Forest-Trust), nesting is not supported. This means that a Global Group or account from another domain must be entered directly in the roles; if it is a member of a Local Group, this will be ignored.
Info
If no roles are specified, all users are automatically administrators with unrestricted access!
Attention
Always make sure that you add yourself to the role of administrators if you assign roles to other users!
Run Management Center as another user allows you to test which data other users can see. However, nodes in the tree structure must be shared for this.
Sharing Nodes
If user roles are to be activated, corresponding shares must be set to nodes in the LOGINventory tree.
Attention
If no nodes are explicitly shared in the tree structure, users will not see any nodes in LOGINventory!
User roles defined in the settings specify the type of access to the database that the individual users or groups have (read-only, edit data, ...). User shares determine to which data users or groups have access! Different roles can be defined for each user or group on a share. If no additional roles are defined, the roles from the global definition in the configuration apply.
To share nodes (queries or folders), the node properties can be accessed via the ribbon menu. Then you can define in the tab Share, which group or user has which kind of access to this node and all subnodes.
With role, the inherited authorizations (from nodes above or from the settings) can be overwritten and thus redefined.
Info
If all nodes are to be shared for a user, this can be done using the Asset Management node, since this is above all other nodes.
Important
The option Show share in root should be selected by default. Only in cases where the permissions on a node below another shared node should be different from the permissions on the node above, remove the check mark.
example
If members of the AD group "Technology" should have read access to all nodes except the folder "My Queries" (there: write access), then the access right for the group Technology is set to "Guest" for the node "Asset Management" and "Power Users" for the node "My Queries". To prevent the "Own Queries" node from additionally appearing on the first level, the check mark at Show share in root is removed.
Using the Portable LOGINventory Version
In the tab Extras in the ribbon menu the Portable LMC can be published. This version allows you to use the LOGINventory user interface on other Windows computers without having to install or configure LOGINventory.
Warning
This option is only available in the ribbon menu when you position the mouse on the Asset Management node or an underlying node.
When creating the portable version, all necessary configuration settings and data are stored in a directory in which, among other things, a LOGINventory.exe is located.
Info
This .exe file can be started without installation and then provides all functionalities of the installed LOGINventory version with the exception of changing the configuration and acquisition methods. The Acquisition node is therefore not available. In addition, only user-specific settings can be changed.
Note
In order to use the portable version, the created folder can be shared with the corresponding users. Only a connection from the client PC to the current database server must be possible so that the portable version can be used.
The network access to the LOGINventory database server must be configured correctly. For Microsoft SQL Server Express, use the SQL Server Configuration Manager to check that the "SQL Server Browser" service is started and that the "TCP/IP" protocol is available.
Attention
If an updated version of LOGINventory is installed, the portable version must also be updated manually. To do this, you can simply run through the wizard again to create the portable version.
Of course, the portable version also takes the role and authorization concept into account.
Web Interface
In the tab Extras in the ribbon menu the Web Interface can be published.
Info
The web interface provides read-only access to the LOGINventory database and can be accessed from any device without installation via the browser.
This means that no own queries can be created with the web interface and no Custom Properties can be stored on devices.
Of course, the web interface also considers the role and authorization concept.
Publishing the Web Interface
The Internet Information Services (IIS) on the LOGINventory computer are required for publication.
If you need to activate IIS, use : launch → Control Panel → Programs → Turn Windows features on or off and activate the following additional options under "Internet Information Services":
- "Application Development Features" → ASP.NET 4.7 and ASP.NET 3.5
- "Security" → "Windows Authentication" (direct login to Internet Explorer)
- "Security" → "Basic Authentication" (optional: allows use of other browsers)
- "Common HTTP Features" → Static Content
The web application is configured via the IIS Manager. Start this via launch → Run → inetmgr If you did not select the default installation path during the installation of the web interface, you must add a new web application to which you may assign the application pool.
If you selected Copy only the files during the web interface installation, you will need to convert the default virtual directory into an "application".
- Right-click on the "LOGINventory8" web page and use the "Convert to application" function.
- Confirm the setting with "OK".
Configuration
The published website can be configured via the Internet Information Services (IIS) Manager (found via the Start Menu -> Search for "IIS"). Especially the settings for Authentication should only be changed by experienced users who know what they are doing. By default the following settings are set here:
| Name | Status |
|---|---|
| Anonymous Authentication | Disabled |
| ASP.NET Impersonation | Enabled |
| Basic Authentication | Disabled |
| Forms Authentication | Disabled |
| Windows Authentication | Enabled |
Important
Only with these settings is it guaranteed that the Authorization Concept is considered and that users can only see the nodes shared for them.
Using the Web Interface
All data views are available in the web interface and the export of data to various formats is also supported.
Info
By default, the web interface is accessible via a browser under SERVER/LOGINventory8/default.aspx, where SERVER must be replaced by the name of the computer on which LOGINventory was installed.
Tip
The URL extension ?pcuid=DEVICENAME can be used to jump directly to individual assets. This is useful if you want to call LOGINventory from other programs.
?node=NODEPATH. The following syntax is used for the node path: The $ character is used as a separator for subfolders, a space is replaced by a + and the English node name is always used. For example, the path to the node "Software" -> "Software Packages" is ?node=root$IT+Inventory$Software$Software+Packages. To make it easier to find the right link, you can click on the text "Link to this node" and the full linkable path will be displayed in the browser address bar.