Security Tracker is a powerful and flexible employee monitoring software for the control of the employees working hour’s usage in a network or on a terminal server. There are a lot of the programs to solve similar problems. Part from them - are spyware programs (key loggers) intended first of all for capturing of user’s keystrokes, passwords, emails, chat sessions and various messages.

HSLAB Security Tracker is a handy real-time employee monitor and security analysis software application for networks, which are used ubiquitously in any industry with large computer infrastructure. Basically, with employee monitoring system administrators always know about computers’ usage statistics on company network.

Security Tracker has released v 4 of HSLAB Security Tracker Family products. Network Editions: Enterprise Edition, Standard Edition, and Small Business Edition. Terminal Server Editions:Enterprise Edition, Standard Edition, Small Business Edition. Personal Editions: Personal Edition and Family Edition. Security Tracker is a Windows 2000/XP/2003/Vista/2008/7/2008R2 employee monitoring software that logs and control all users’ activity on each network computer or server.

HSLAB Security Tracker monitors the set of a user’s activity parameters and records detailed information into embedded or external (remote) SQL server database. This information lets you control your corporate security, limit use of computers by your employees, receive detailed (including graphic) information about all user’s activity.

HSLAB Security Tracker stores its data in the SQL database. This format lets you access the database records and build custom reports using any SQL clients or integrate user’s activity information into your corporate information system.

HSLAB Print Logger costs starts from 30 USD for one server or desktop computer. Orders may be completed online at security-tracker.com. Demo version is also available.

--

Free evaluation copy available. (http://security-tracker.com/downloads/hslab-security-tracker-4-ne.exe)

See also:

HSLAB Security Tracker 4 Family (http://security-tracker.com/)

Downloads: (http://security-tracker.com/)

How to Order: (http://security-tracker.com/order/)

Installing applications on a terminal server has to be done in a special way to ensure it is usable by all users of the terminal server.

There are two modes in terminal server, Execute and Install. By default all users are logged on in Execute mode and this means they can run programs etc.

When you want to install an Application for use by everyone the Administrator should change to Install mode.

The best way to install software is to use the Add/Remove programs control panel applet as this will automatically set the mode to Install during the installation and then back to Execute at the end. Alternatively you can manually change your mode to install by typing

C:\> change user /install

To change back to execute use

C:\> change user /execute

And to check you current mode use

C:\> change user /query

In this example we will use Add/Remove to install Access Control on a terminal server.

1. Start the Add/Remove programs control panel applet (Start - Settings - Control Panel - Add/Remove Programs)
2. Select the 'Install/Uninstall' tab and click 'Install'
3. You will be told to insert the setup media, click Next
4. The installation wizard will look for setup.exe on the CD or disk, it won't find it, select an alternate by clicking the 'Browse' button, and select the hslab-access-control-4-ts.exe file. Click Next
5. You will now be given the option to change your mode so all users can use the application. Select 'All users begin with common application settings.' and click Next
   
6. The install of the application will begin and you will notice your mode has been changed to Install if you typed 'change user /query'.
7. Proceed to install the application as normal
8. Once setup is complete click Next to the install dialog then Finish

Controlling Application Execution in Execute Mode

Several compatibility bits can be set for an application, registry path, or .ini file to change how a Terminal Server computer handles the merging of application initialization data when a session is in execute mode. These compatibility bits are set in the registry under the following subkey:

There are three separate keys for applications, .ini files, and registry entries under this registry path.

The default settings work for most applications, but they can be further tuned by using the following compatibility bits.

WARNING: These compatibility bits should only be changed if an application is not working properly.

The first set of compatibility bits indicates the version of the application that the settings are for. Not all combinations are useful (for example, an MS-DOS application does make registry calls). Because the path to the file is not specified and multiple applications may use the same file name (for example, Setup.exe and Install.exe are now regularly used for installation programs), specify the application type to help make sure that the compatibility settings do not affect other applications with the same file name.

To determine the String Value, add the values of the bits that you want to set. For example, to return the user name instead of the computer name for both 16-bit and 32-bit versions of Myapp.exe, create a subkey in the registry by performing the following steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

1. Start Registry Editor.
2. Locate the following registry subkey:
   HKEY_LOCAL_MACHINE \Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\Myapp
3. On the Edit menu, click Add Value, and type the following information:
   Value Name: Flags
   Type: REG_DWORD
4. In the Data box, type the hex value of 11C (add 0x00000004 for 16-bit Windows applications, add 0x00000008 for 32-bit Windows applications, add 0x00000010 to return the user name instead of the computer name, and add 0x00000100 to disable registry mapping).

Applications

The following compatibility bits affect the application when it is running. They are located in the following registry subkey (where Appname is the name of the application's executable file):

Compatibility Bits

• MS-DOS application: 0x00000001
• OS/2 application: 0x00000002
• Windows 16-bit application: 0x00000004
• Windows 32-bit application: 0x00000008
• Return user name instead of computer name: 0x00000010
• Return Terminal Server build number: 0x00000020
• Disable registry mapping for this application: 0x00000100
• Do not substitute user Windows directory: 0x00000400
• Limit the reported memory: 0x00000800

Use the "Return user name instead of computer name" bit for applications that use the computer name as a unique identifier. This returns the user's name to the application and gives a unique identifier to each user of the application.

Use the "Disable registry mapping for this application" bit to retain only one global copy of the registry variables that are used by the application.

If the "Do not substitute user Windows directory" bit is set, it retains the SystemRoot directory for GetWindowsDirectory API calls. If this bit is not set, all paths to the Windows directory are replaced with the path to the user's Windows directory.

.Ini Files

The following compatibility bits control .ini file propagation. They are located in the following registry subkey (where Inifile is the name of the .ini file):

Compatibility Bits

• Windows 16-bit application: 0x00000004
• Windows 32-bit application: 0x00000008
• Synchronize user .ini file to system version: 0x00000040
• Do not substitute user Windows directory: 0x00000080

If the "Synchronize user .ini file to system version" bit is set, it adds new entries from the system master .ini file when the application is started, but it does not delete any existing data in the user's .ini file. If this bit is not set, it overwrites the user's .ini file if it is older than the system master .ini file.

If the "Do not substitute user Windows directory" bit is set, it retains the SystemRoot directory for file paths in the .ini file when the system master version of the .ini file is copied to the user's Windows directory. If this bit is not set, it replaces all paths to the Windows directory with the path to the user's Windows directory.

Registry Paths

The following compatibility bits control registry propagation. They are located in the following registry subkey (where PathName is the registry path under the key HKEY_CURRENT_USER\Software):

Compatibility Bits

• Windows 32-bit application: 0x00000008
• Disable registry mapping for application: 0x00000100

If the "Disable registry mapping for application" bit is set, new entries from the system master registry image are not added to the user's registry. Additionally, the system does not delete any existing data in the user's registry. If this bit is not set, the system deletes and overwrites the user's registry data if the data is older than the system master registry data. If the bit is not set, the system also adds any new keys not in the user's registry.

The SQL Server client cannot connect to the server. This error could be caused by one of the following reasons:

• A specified SQL Server instance name is not valid.

• The TCP, or named pipes protocols are not enabled.

• The firewall on the server has refused the connection.

• The SQL Server Browser service (sqlbrowser) is not started.

To resolve this error, try one of the following actions:

• Check the spelling of the SQL Server instance name that is specified in the connection string.

• Use the SQL Server Surface Area Configuration tool to enable SQL Server to accept remote connections over the TCP or named pipes protocols. For more information about the SQL Server Surface Area Configuration Tool, see Surface Area Configuration for Services and Connections.

• Make sure that you have configured the firewall on the server instance of SQL Server to open ports for SQL Server and the SQL Server Browser port (UDP 1434).

• Make sure that the SQL Server Browser service is started on the server.

The SQL Server client cannot connect to the server. This error could be caused by one of the following reasons:

The firewall on the server has refused the connection.

A specified SQL Server instance name is not valid.

The SQL Server Browser service (sqlbrowser) is not started.

To resolve this error, try one of the following actions:

Make sure that you have configured the firewall on the server instance of SQL Server to open the SQL Server Browser port.

Make sure that the SQL Server Browser service is started on the server.

Check the spelling of the SQL Server instance name that is specified in the connection string.

Use the SQL Server Surface Area Configuration tool to enable SQL Server to accept remote connections. For more information about the SQL Server Surface Area Configuration Tool, see Surface Area Configuration for Services and Connections.

However, you may first try to enable the default administrator account on remote computer and later try to install or update agent? and verify if your are able to run the command successfully.

To enable the default Administrator account on the remote computer, you should login and perform the steps below:

1. Click Start and type CMD in the Start search box

2. Right click on CMD in the list and click on "Run as administrator"

3. Type the following command: net user administrator /active:yes

Restart the computer and you should see an "Administrator" account.

Access Administrator account and follow the steps 1 and 2 and try toinstall or update agent.

HSLAB Security Tracker is a powerful and flexible system for the control of the employees working hours usage in a network or on a terminal server.

There are a lot of the programs to solve a similar problem. Part from them - simply spyware programs intended first of all for capturing of user's passwords, keystrokes and various messages.

Considerably their smaller part is programs - tools for the network administrator, which allows improve use of computers and networks as a whole. HSLAB Security Tracker is the tool for the network administrators, created for corporate level networks and intended to increase economy of computer resources and financial resources, directed on wages. In fact than fewer employees distract on extraneous things, especially effectively they work. Unlike other systems for the working time usage control, in HSLAB Security Tracker it is emphasized on blocking of undesirable programs and on simplicity of the data analysis and reports creations.

The system offers rich features:

• Windows groups support, grouping of programs on types of use (system programs, office programs, multimedia, the Internet, games, etc.);
• control of removable data storage devices connections/disconnections: CD/DVD and Flash Drive disks;
• control of the other devices connections: mobile phones, players, video cameras and other similar devices;
• creating diagrams, reports, prints and export reports to popular formats, and many other features.

System HSLAB Security Tracker not only the monitoring system. It is capable to counteract actively to not authorized use of a user's computer or terminal server session.
HSLAB Security Tracker will not allow the user to start the program which is not concerning carried out work, will prohibit CD/DVD, Flash disks usage etc.

Permissions are completely operated and can be defined for:

• computer in network;
• server or domain group;
• server user or domain user.

The system is shipped in several editions ideally approaches both for corporate networks, and for the small enterprises. It can be used for a home network with several computers, even on one computer. Compare editions.

Some low-quality anti-virus programs can detect the HSLAB Security Tracker modules as spyware. It is categorically incorrect. HSLAB Security Tracker does not possess attributes spyware.HSLAB Security Tracker does not monitors key strokes, collects confidential information (passwords, credit card numbers, PIN numbers, etc.), harvests e-mail addresses or tracks browsing habits. More likely system HSLAB Security Tracker can be carried to Riskware category .

Network Editions

HSLAB Security Tracker NEE (Network Edition Enterprise) - Unlimited server installation in company building or campus, unlimited controlled computers (clients).

HSLAB Security Tracker NES (Network Edition Standard) - One server, 100 controlled computers (clients).

HSLAB Security Tracker NESB (Network Edition Small Business) - One server, 50 controlled computers (clients).

HSLAB Security Tracker NEF (Network Edition Family) - One server/computer, 5 controlled computers (clients).

Terminal Services Editions

HSLAB Security Tracker TSEE (Terminal Server Edition Enterprise) - Unlimited server installation in company building or campus, unlimited controlled computers (clients).

HSLAB Security Tracker TSES (Terminal Server Edition Standard) - One server, 100 controlled computers (clients).

HSLAB Security Tracker TSSB (Terminal Server Edition Small Business) - One server, 50 controlled computers (clients).

HSLAB Security Tracker PE (Personal Edition) - One computer, 3 controlled computers (clients).