American Dynamics Intellex Policy Manager User manual

Type
User manual

This manual is also suitable for

Intellex
®
Policy Manager
Version 1.30
Users Guide
Part Number 8200-2603-12 A0
ii
Notice
The information in this manual was current when published. The manufacturer reserves the right to revise and improve its products.
All specifications are therefore subject to change without notice.
Copyright
Under copyright laws, the contents of this manual may not be copied, photocopied, reproduced, translated or reduced to any
electronic medium or machine-readable form, in whole or in part, without prior written consent of Tyco International Ltd. © 2008 and
its Respective Companies. All Rights Reserved.
American Dynamics
6600 Congress Avenue
Boca Raton, FL 33487 U.S.A.
Customer Service
Thank you for using American Dynamics products. We support our products through an extensive worldwide network of dealers. The
dealer through whom you originally purchased this product is your point of contact if you need service or support. Our dealers are
empowered to provide the very best in customer service and support. Dealers should contact American Dynamics at (800) 507-6268
or (561) 912-6259 or on the Web at www.americandynamics.net.
Trademarks
Intellex
®
is a registered trademark of Sensormatic Electronics Corporation. Windows
®
is a registered trademark of Microsoft
Corporation. PS/2
®
is a registered trademark of International Business Machines Corporation. Sony
®
is a registered trademark of
Sony Corporation.
Trademarked names are used throughout this manual. Rather than place a symbol at each occurrence, trademarked names are
designated with initial capitalization. Inclusion or exclusion is not a judgment on the validity or legal status of the term.
iii
License Information
READ THIS LICENSE AGREEMENT BEFORE OPENING THE DISK PACKAGE, INSTALLING THE SOFTWARE, OR USING YOUR
SYSTEM.
THIS LICENSE AGREEMENT DEFINES YOUR RIGHTS AND OBLIGATIONS. BY BREAKING THE SEAL ON THIS PACKAGE,
INSTALLING THE SOFTWARE, OR USING YOUR SYSTEM, YOU AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS
AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU MAY, WITHIN
30 DAYS, RETURN THIS PACKAGE, ALL THE DOCUMENTATION, AND ALL ACCOMPANYING MATERIAL(S) TO THE POINT OF
PURCHASE FOR A REFUND.
SOFTWARE LICENSE
The Software includes the computer code, programs, and files, the associated media, hardware or software keys, any printed
material, and any electronic documentation. The Software may be provided to you pre-installed on a storage device (the media) as
part of a system. The Software is licensed, not sold.
GRANT OF LICENSE
This agreement between Sensormatic Electronics Corporation (Sensormatic) and you permits you to use the Software you
purchased. Once you have purchased the number of copies you require, you may use the Software and accompanying material
provided you install and use no more than the licensed number of copies at one time. The Software is only licensed for use with
specified Sensormatic supplied equipment. If the Software is protected by a software or hardware key or other device, the Software
may be used on any computer where the key is installed. If the key locks the Software to a particular System, the Software may only
be used on that System.
OTHER RIGHTS AND LIMITATIONS
A demonstration copy of the Software is considered purchased and is covered by this license agreement.
You may not de-compile, disassemble, reverse engineer, copy, transfer, modify, or otherwise use the Software except as stated in
this agreement.
The hardware/software key, where applicable, is your proof of license to exercise the rights granted herein and must be retained
by you. Lost or stolen keys will not be replaced.
If the Software is provided as part of a System, the Software may only be used with the System.
You may not sub-license, rent or lease the Software, but you may permanently transfer the Software to another party by
delivering the original disk and material comprising the Software package as well as this license agreement to the other party.
Initial use of the Software and accompanying material by the new user transfers the license to the new user and constitutes the
new user's acceptance of its terms and conditions.
The Software is not fault tolerant and may contain errors. You agree that the Software will not be used in an environment or
application in which a malfunction of the Software would result in foreseeable risk of injury or death to the operator of the
Software, or to others.
Sensormatic reserves the right to revoke this agreement if you fail to comply with the terms and conditions of this agreement. In
such an event, you must destroy all copies of the Software, and all of its component parts (e.g., documentation, hardware box,
software key).
The Software may contain software from third parties that is licensed under a separate End User License Agreement (EULA).
Read and retain any license documentation that may be included with the Software. Compliance with the terms of any third party
EULA is required as a condition of this agreement.
The Software may require registration with Sensormatic prior to use. If you do not register the Software this agreement is
automatically terminated and you may not use the Software.
The Microsoft® Windows® Preinstallation Environment Version 1.2, Services Edition software, if included with this software or
system, may be used for boot, diagnostic or recovery purposes only. NOTE: THIS SOFTWARE CONTAINS A SECURITY
FEATURE THAT, IF USED AS AN OPERATING SYSTEM, WILL CAUSE YOUR DEVICE TO REBOOT WITHOUT PRIOR
NOTIFICATION AFTER 24 HOURS OF CONTINUOUS USE OF THE SOFTWARE.
UPGRADES AND UPDATES. Software Upgrades and Updates may only be used to replace all or part of the original Software.
Software Upgrades and Updates do not increase the number copies licensed to you. If the Software is an upgrade of a
component of a package of Software programs that you licensed as a single product, the Software may be used and transferred
only as part of that single product package and may not be separated for use on more than one computer. Software Upgrades
and Updates downloaded free of charge via a Sensormatic authorized World Wide Web or FTP site may be used to upgrade
multiple systems provided that you are licensed to use the original Software on those systems.
INTELLEX PLAYER. The Intellex Player Software that is exported with video clips and/or distributed via Sensormatic authorized
World Wide Web site may be copied by you for use within your organization or for distribution to external parties for law
enforcement, investigative, or adjudicative purposes and only to display video recorded by an Intellex system. The Intellex Player
Software may not be sold. All other terms and conditions of this agreement continue to apply.
TOOLS AND UTILITIES. Software distributed via Sensormatic authorized World Wide Web or FTP site as a tool or utility may be
copied and installed without limitation provided that the Software is not distributed or sold and the Software is only used for the
intended purpose of the tool or utility and in conjunction with Sensormatic products. All other terms and conditions of this
agreement continue to apply.
Failure to comply with any of these restrictions will result in automatic termination of this license and will make available to
Sensormatic other legal remedies.
COPYRIGHT
The Software is a proprietary product of Tyco International Ltd. © 2008 and its Respective Companies. All Rights Reserved.
LIMITED WARRANTY
Sensormatic warrants that the recording medium on which the Software is recorded, hardware key, and the documentation provided
with it, will be free of defects in materials and workmanship under normal use for a period of ninety (90) days from the date of delivery
to the first user. Sensormatic further warrants that for the same period, the software provided on the recording medium under this
iv
license will substantially perform as described in the user documentation provided with the product when used with the specified
hardware.
CUSTOMER REMEDIES
Sensormatic's entire liability and your exclusive remedy under this warranty will be, at Sensormatic's option, to a). attempt to correct
software errors with efforts we believe suitable to the problem, b). replace at no cost the recording medium, software or
documentation with functional equivalents as applicable, or c). refund the license fee and terminate this agreement. Any replacement
item will be warranted for the remainder of the original warranty period. No remedy is provided for failure of the Software if such
failure is the result of accident, abuse, alteration or misapplication. Warranty service or assistance is provided at the original point of
purchase.
NO OTHER WARRANTIES
The above warranty is in lieu of all other warranties, express or implied, including, but not limited to the implied warranties of
merchantability and fitness for a particular purpose. No oral or written information or advice given by Sensormatic, its representatives,
distributors or dealers shall create any other warranty, and you may not rely on such information or advice.
NO LIABILITY FOR CONSEQUENTIAL DAMAGES
In no event will Sensormatic be liable to you for damages, including any loss of profits, loss of data or other incidental or
consequential damages arising out of your use of, or inability to use, the Software or its documentation. This limitation will apply even
if Sensormatic or an authorized representative has been advised of the possibility of such damages. Further, Sensormatic does not
warrant that the operation of the Software will be uninterrupted or error free. This limited warranty gives you specific legal rights. You
may have other rights that vary from state to state. Some states do not allow the exclusion of incidental or consequential damages, or
the limitation on how long an implied warranty lasts, so some of the above limitations may not apply to you.
GENERAL
If any provision of the agreement is found to be unlawful, void, or for any reason unenforceable, then that provision shall be severed
from this agreement and shall not affect the validity and enforceability of the remaining provisions. This agreement is governed by the
laws of the State of Florida. You should retain proof of the license fee paid, including model number, serial number and date of
payment, and present such proof of payment when service or assistance covered by this warranty is requested.
U.S. GOVERNMENT RESTRICTED RIGHTS
The software and documentation are provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 or subparagraph (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, as
applicable. Manufacturer is Sensormatic Electronics Corporation, 6600 Congress Avenue, Boca Raton, FL, 33487.
v
Table of Contents
Policy Manager
Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Intellex Management Suite View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Icons
What the Icon Images Mean and Their Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Working with Policies through Global Site Policies
Managing Intellex Advanced Security through Security Settings
Securable Items of Intellex Units Running in Advanced Security Mode . . . . . . . . . . .9
Instrument Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Adding an Instrument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Deleting an Instrument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Binding an Instrument to a Different Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Editing Security Settings of an Intellex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Adding or Removing Users or User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Propagating (Copying) Security Settings from one Intellex to Another. . . . . . . . .15
Working with Zones
Security Zones Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
The Unassigned Instruments Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Creating a New Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Deleting a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
The Single Zone View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
The Single Zone Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Moving an Intellex Unit to a Security Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Replacing an Intellex. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Working with the License Manager
Network Client Corporate License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Working with the Event Viewer
Adding the Event Viewer Snap-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Table of Contents
vi Intellex® Policy Manager
Appendix A: Security Concepts for Policy Manager 29
Basic Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Who are you and, are you who you say you are? . . . . . . . . . . . . . . . . . . . . . . .29
The Windows session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Site policies and permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
What do you want to access? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
What do you intend to do with it once you have it? . . . . . . . . . . . . . . . . . . . . . .31
Security descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Users, groups and inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Three forms of access permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Implicit access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Explicit access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Explicit denial. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Appendix B: Frequently Asked Questions 35
What is propagation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
What is inheritance? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
What happens when I propagate to a single instrument or a group of
instruments? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
What are default instruments? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
What is the difference between an active and inactive instrument? . . . . . . . . . . .36
Appendix C: Securable Features List 37
1
Policy Manager
Intellex® Policy Manager (PM) v1.30 is a software product that is installed on a server computer. It
resides on the same network as the Intellex units, Network Client workstations, and/or other API-
based remote applications and provides advanced security for the video network. By implementing
the advanced security, customers can:
Experience a higher and tighter level of security regarding access to, and usage of, Intellex
resources and functions.
Take advantage of a Microsoft security level for their video information.
Centrally administer security control over multiple Intellex units.
Policy Manager for Intellex
Archive Manager
Computer Server is supplied by
end user
Network Client
Network Client
and Admin
Client
Network Client
3rd Party Software
using Intellex API
3rd Party Software
using Intellex API
3rd Party Software
using Intellex API
Primary Domain Controller
(supplied by the end user)
Primary Domain Controller
(supplied by the end user)
Corporate Network (LAN, WAN, VPN)
Intellex DV units
Intellex RMS units
NAS units
Policy Manager
2 Intellex® Policy Manager
Features
The administration client for Policy Manager integrates into the Microsoft Management Console
(MMC), so that administering Intellex security is the same as administering other network
applications.
In addition to providing more granularity in independently securing Intellex features and
functions, Policy Manager integrates into Microsoft Windows security. This facilitates customers
learning how to navigate through the GUI and administer security, as well as add Intellex groups
and users groups, because Policy Manager inherits as much of the GUI as possible.
Consequently, Policy Manager is positioned to offer advanced security for Intellex.
Using Policy Manager, IT administrators are able to integrate Intellex video systems into their
existing network, without having to compromise any network security policies that they have set
up. Policy Manager integrates into the MS Windows console and inherits the security protocols
that the organization is already using. As a result, IT managers do not need to introduce new
networking protocols just for video. Even if organizations continue to run video on a private LAN
that is separate from their corporate LAN/WAN, Policy Manager’s advanced security eliminates
the IT administrator’s concern regarding breach of security in the corporate network via the
remote traffic for video network that runs over the shared IT systems (firewalls, routers, etc.).
Policy Manager allows the security administrator to administer both local and remote access
centrally to multiple Intellex units.
Security administrators can assign different access levels to different users of Intellex functions
and resources, beyond what the classic security scheme is capable of providing.
Policy Manager provides resource management and fault detection for networked Intellex units.
The server detects when units become available or unavailable and makes appropriate entries
into the system log.
You can monitor status and error reporting via the system event logs. Policy Manager creates
and maintains its own event log that is integrated into the existing event log mechanism provided
by the operating system. All administration access as well as instrument availability is logged. In
addition, access violations are detected and published to the event log. Use Microsoft’s Event
Viewer to view the logs either locally or remotely.
Note
The images in this manual apply to a Windows 2000 application. Your screen may look different.
Policy Manager
User’s Guide 3
Intellex Management Suite View
The directory tree consists of 4 main views:
Resources This view shows the group of all instruments of all
types and statuses.
Intellex Policy Manager This view is the tool for managing advanced
security.
Intellex Archive Manager This view is the tool for archiving and retrieving data
from network attached storage. Archive Manager is
available only if this icon is present.
License Manager
This view allows you to monitor and update current
license information.
Policy Manager
4 Intellex® Policy Manager
5
Icons
Policy Manager Icons and Views
Image View
This icon represents the Intellex Management Suite.
This icon represents Resources.
This icon represents the Policy Manager program.
This icon represents the policies that PM applies globally to every
instrument and user at your site.
This icon represents the security settings that you can selectively apply
to instruments, users, and zones at your site.
This icon represents all the secured Intellex instruments in your system.
This icon represents a single Intellex instrument that is operational
under advanced security.
This icon represents a secured Intellex instrument (in advanced security
mode) that is not operational.
This icon represents an unsecured resource (not in advanced security
mode) that is operational.
This icon represents an unsecured Intellex (not in advanced security
mode) that is not operational.
This icon represents security zones that allow you to organize Intellex
instruments into separately managed security units.
This icon represents a single security zone, which comprises a group of
instruments that share common security settings.
Icons
6 Intellex® Policy Manager
Note
Windows provides optional views of objects. The views are large icon, small icon, list, or details.
This icon represents the license of a specific module, such as Policy
Manager or Archive Manager.
This icon represents a license management group.
Image View
7
Working with Policies through Global Site
Policies
Global Site Policies
The Global Site Policies node in Policy Manager provides the policies that the security system
applies to the site on a global basis. The figure below shows how the information is displayed in
the right-hand pane when you select Global Site Policies.
1 Select Global Site Policies to display a right-hand view pane. The pane is divided into two
columns, the policies on the left and their properties on the right.
2 Edit the site policy properties directly in the right-hand column
Working with Policies through Global Site Policies
8 Intellex® Policy Manager
Action Description
Select box in column to
right of Allow multiple
concurrent administration
sessions.
Brings up a Yes /No selection box. Select Yes to authorize more than one
administrator at a time to access and control this site. Select No to
authorize only one administrative session to access and control this site.
The default is Yes.
Select box in column to
right of Maximum Logon
Attempts.
Displays a numeric value with a set minimum and maximum. Insert the
number of consecutive logon attempts before a user is locked out of the
system for an extended period of time. A prompt notifies you if values are
out of range.
The default is 3.
Select box in column to
right of Lockout Duration.
Displays a numeric value in minutes with a set minimum and maximum.
Insert the number of minutes a user must wait before trying to log onto the
system, once the maximum number of failed logons has been reached. A
prompt notifies you if values are out of range.
The system will not accept a value of less than one minute. There is no
limit to the maximum duration.
The default is fifteen minutes.
Select box in column to
right of Instrument Polling
Interval.
Displays a numeric value in minutes with a set minimum and maximum.
Instrument polling interval is the time, in minutes, between consecutive
active instrument querying. Instruments are polled on a regular basis to
ensure that they are still active and available for use. Insert the number of
minutes between sending instrument polling messages. A prompt notifies
you if values are out of range.
The system will not accept a value of less than one minute. There is no
limit to the maximum interval. Experience shows that a polling interval of
five minutes (the default) is sufficient.
Note: Shorter intervals result in more network traffic, which can slow
response times.
9
Managing Intellex Advanced Security through
Security Settings
Securable Items of Intellex Units Running in Advanced Security
Mode
The figure below presents the All Secured Instruments module in Policy Manager, which shows all
the instruments currently registered with the Policy Manager site, regardless of their respective
zone assignments. The tree view on the left shows all the instruments. Selecting a specific
instrument displays the security environment for that instrument in the right-hand pane.
Appendix C has a complete list of securable features for Intellex version 4.2. The right-hand pane
is divided into two columns. The first column shows properties of the securable items for an
Intellex unit. The second column shows the users/groups who are assigned to each securable
item. The bottom section of the right-hand pane gives a more detailed explanation of the item you
select
Managing Intellex Advanced Security through Security Settings
10 Intellex® Policy Manager
At startup, each Intellex (instrument) notifies Policy Manager that it is available for use. If the
server does not recognize the instrument, it rejects the call. If so, the Intellex unit performs an
initial registration with the server. If the registration succeeds, Policy Manager adds the Intellex
unit to its internal database. In addition, the instrument is added to the All Secured Instruments
container and to the Unassigned Instruments zone. At the end of the registration process, the
security settings for the default site instrument are applied to the new instrument. If the instrument
has been successfully registered with PM, a notification message is sent to all administration
consoles currently active, and an entry is written to the PM event log.
Note
If the list of users and groups is only partially visible, position the mouse over the list for one item,
and a help window appears displaying the entire contents of that list.
Instrument Menu
Select Action from the main menu, or right-click on a specific Intellex in the tree to display the instrument
menu, as presented below.
Adding an Instrument
When the administrator installs Intellex units on the domain and configures them for advanced
security, they automatically register themselves with the Policy Manager site based on the
information the administrator provides. Intellex units cannot be added manually.
Action Description
Select an underlined item
in the property page.
Brings up the security editor to edit the specific securable object.
Click in the +/- icon Expands / collapses the list of properties.
Instrument supports the following actions
Propagate
Settings…
Applies security properties from one Intellex to one or more other Intellex units.
Selecting this item displays the Propagate Settings dialog box for assigning
Intellex units.
Set
Description…
Changes the description of an existing zone.
Selecting this item displays the Set Description dialog box for defining the
description of a zone.
Assign to
Zone…
Adds an Intellex to an Intellex Group. This option is available only for real
instruments, not for Default instruments.
Selecting this item displays the Assign Instrument dialog box.
Cut Makes the paste action accessible. This action is available only for real
Instruments.
Selecting this item grays out the instrument icon and makes it available for
pasting into an Instrument Zone.
Delete Deletes this instrument.
The Delete item is available only if an instrument is currently listed as
unavailable. Deleting an instrument removes it from Policy Manager’s list of
registered instruments.
Managing Intellex Advanced Security through Security Settings
User’s Guide 11
Deleting an Instrument
Note
You can delete only inactive instruments.
1 Open the Policy Manager administration client, and right-click on the instrument that you want
to delete.
2 Select Delete and then OK. This removes the instrument from the site, as well as the zone (if
any) it was assigned to.
Binding an Instrument to a Different Site
In certain cases, you may have to bind an instrument to another site, for example:
You have established a new site to control instruments that were assigned to a different site.
You have moved an instrument from one physical location to another and need to bind it to a
different site.
Note
You must have administrative privileges on the instrument you want to bind.
1 If the Intellex.exe application is running on the instrument, exit the application to the desktop.
2 Open the component services MMC found in Control Panel \ Administrative Tools \ Component
Services.
3 In Component Services, navigate to the PolicyManagerRemoteServices application, right-click,
and select Properties. The properties dialog for the application displays.
4 Navigate to the Activation page.
5 Select the Remote server name: field, and type in the name of the server for the new site.
6 Click OK.
7 Open the Policy Manager administration client for the old site and delete the instrument (see
Deleting an Instrument.)
8 Restart the Intellex.exe application on the instrument. This causes the instrument to re-register
with the new site. Remember that during registration, the instrument receives a copy of the
security settings for the default site instrument in the new site.
9 Open the Policy Manager administration client for the new site and make any adjustments to
the instrument (assign it to a zone, change the security environment, etc.).
Managing Intellex Advanced Security through Security Settings
12 Intellex® Policy Manager
Editing Security Settings of an Intellex
To edit the security for any of the securable items in the right-hand list, position the mouse over the
item (the cursor becomes a pointer), and click. The Windows Access Control Editor appears. If you
selected a container object (the objects in the list that have a small box before the name), like Multi
Media Data or Administration, a generic editor appears, such as the one below.
Adding users or user groups to a container is a quick way for an administrator to establish a
generic security environment for an instrument. This is because users and groups added at the
container level are inherited to all features in that container. For example, if you add a user named
JSmith to the Multi Media Data container and grant him full access, JSmith will be able to see
everything, regardless of whether he is sitting directly at the instrument (local access) or accessing
the data remotely via Network Client or the API.
When a user or user group is added to a container and then inherited to that container’s child
objects (Multi Media Data to Live Video for instance), permissions are granted on the child object
as follows:
The permissions you can grant there are
Access Locally You grant the user or group permission to access the instrument only at the unit
itself. This means that all remote access via the API or Network Client is
explicitly not allowed (see Security Concepts for Policy Manager on page 29
below for more information concerning access types).
Access
Remotely
You grant the user or group permission to access the instrument only via remote
applications (either third party applications using the API or Network Client).
Full Access You grant the user or group permission to access the instrument both remotely
and locally. In addition, choosing Full Access automatically grants all specific
permissions to all features or feature groups in that container and all containers
or objects directly below that container (see
Users, groups and inheritance on
page 32).
Managing Intellex Advanced Security through Security Settings
User’s Guide 13
If you did not select the Full Access option, specific default permissions are granted. These
differ from object to object. The table in the section Securable Features List provides an
overview of the current default settings for the various security objects.
If you selected the Full Access option, all the specific permissions for each child object are
granted.
If you selected a specific feature, such as Live Video, an editor appears that contains the
specific items valid for that feature. All users and groups added to the feature are valid only
for that feature.
The main advantage of applying settings to containers, as opposed to specific features, is that with
one entry, you can set access permissions for an entire list of items or for the whole Intellex.
Adding or Removing Users or User Groups
Once the access control editor is visible, you can start to grant or deny access to users or groups.
These users and groups are the same ones already defined for your corporate network.
1 To add a user or group, click the Add… button, and the Select Users or Groups dialog appears.
The drop-down list to the right of Look in: allows you to navigate to any domain recognized by
your corporate enterprise. You can then select a user or user group to add.
2 Select the group and click Add and then OK.
In the example below, if you want to deny access to cameras 1 and 2, you can do so in one of
two ways:
3 Uncheck the boxes to the right of cameras 1 and 2 in the Allow column, as presented below, to
indicate that you have not given the group EXPLICIT access to those cameras.
Managing Intellex Advanced Security through Security Settings
14 Intellex® Policy Manager
4 Alternately, you can check the boxes to the right of cameras 1 and 2 in the Deny column to
explicitly deny access to those cameras, as presented below.
Note
Simply unchecking the boxes in the Allow column may not actually keep an individual or group
from viewing live video on those cameras. This is because an individual (or a group) may have
inherited permission to view video from those cameras via some other group. To be completely
sure an individual or group is denied access (permission) to a feature, you must check the box in
the Deny column.
If you are removing a user or user group that you previously added, note the following:
If the user or user group you added is listed as inherited, which means that the user or user
group was added at a level higher than the current object, you will be denied.
If the user or user group you added is not listed as inherited, you can remove it.
Note
If you remove a user or group that has been inherited, it is removed not only from the current
object, but also from all child objects that are directly below it. For example, if you added a user
named JSmith to Multi Media Data and then removed him, he is also removed from Live Video,
Recorded Video, etc. all the way down to the last child item, Recorded Audio.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44

American Dynamics Intellex Policy Manager User manual

Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI