¶ Introduction
This page explains how to add and configure ThinMan users. The users can be locally setup or be linked to an organisations Active Directory. The levels of support can also be set to provide access levels depending on their role.
Initialising user support for ThinMan is the first process for securing access to the ThinMan console. Adding users to access ThinMan prevents the root administrator account from being used by default as well as providing structured levels of access depending on a user’s requirements.
This guide will be using LDAP and LDAPS protocols to connect to Active Directory. LDAPS encrypts the plain text of LDAP so that it cannot be scanned “on the wire”.
¶ Applicable Versions
- ThinMan 7.x.x and above for LDAP support
- ThinMan 8.1.0 and above for LDAPS support
- LDAPS is available from Microsoft Server 2008 and above.
¶ Software Prerequisites
If LDAPS is to be used, this will need to be configured on the existing Microsoft infrastructure. As this is using an SSL connection a method to get the trusted certificates to be used and distributed will need to be already in place. This guide will not be covering this as the variety of CA implementations is too great.
ThinMan will require the Admin+ feature pack to allow LDAP(S) users to be added and configured.
¶ Configuration Procedure
¶ 1. Enable ThinManRoot
ThinMan’s default installation has no console user security enabled. To add users to ThinMan, or to make use of ThinMan Remote Server Access or Web Console Access requires enabling the ThinManRoot user and setting a password. Enabling ThinManRoot is advised as an initial security measure for ThinMan.
CAUTION!
THERE ARE NO RECOVERY TOOLS FOR THIS PASSWORD. IF IT IS LOST, THINMAN WILL NEED TO BE RE-INSTALLED.
To set and configureThinMan Access Control select menu Tools → ThinMan Access Control.
The ThinMan Access Control Menu will open.
Select the Enable ThinMan Root User check box and then Set Password
The Set ThinManRoot password window will open, add a password and confirm.
With the ThinManRoot account now active, the ThinMan Access Control window now has additional options active.
After enabling ThinManRoot, when ThinMan starts a logon box will open requiring the password that has been created to proceed. As no users have been created, the User: and Member of: cannot be selected at this point
¶ 2. Creating a Local User
Select menu Tools → General Options
In the General options window, select the ThinMan Local Users tab.
Select Add and the Add Local User dialogue window opens:
Enter the user credentials:
The newly created user will now appear as a local user:
¶ 3. Using Active Directory Users and Groups
ThinMan can connect to Active Directory for users and groups to provide access control. This does require enabling the connection with the ThinMan LDAP services
With a working LDAP connection made, ThinMan can use the Active Directory credentials and configuration to add and configure users or groups of users.
¶ 4. Assigning Users Access Control permissions
Once users are added, what they can do is determined by Access Control. With Access Control it will be possible to allow access to all or parts of the functionality of ThinMan, either as read-only or full control.
Select menu Tools → ThinMan Access Control selecting Add without creating a local user or having a working LDAP connection will show an error message:
Once a local user or the LDAP connection is available, selecting Add will open the following window:
Both local users and LDAP connection are available in this example. If no locally defined users, or no LDAP connection has been set the drop down will not be shown and will autofill the Domain: or ThinMan Local User option.
Select Search to list the available users to choose. This is using the Local User option:
When choosing from Active Directory, the list can be filtered to look for All, Groups or Users.
Selecting Search will then show the available choices from Active Directory
Partial search also is available, or manually enter the whole object name in the Text window:
Select Next to assign roles to the user or group
This example is for a group of first line support personnel where only specific device management will be required. Adding more Roles, and choosing User or Administrator provides greater functionality.
Select Next, and the Group Filter choice will open. The Active Filter Group choice only applies to Devices and Classifier roles.
Selecting Active will list the Groups that are available
Select Finish to display the list of users and groups and what their roles are:
Depending on what level of access control is defined will determine what functions are available to the user when they open ThinMan. With ThinManRoot, Domain Users and Local users defined, the ThinMan logon screen will require the Member of: to be selected.
In this example, a 1st Line Support user with access only to the London group will see the following in ThinMan:
A user with 2nd line responsibilities will see more, but not the entirety of ThinMan.
