Multi User Mode
Access to the LOGINventory database is possible in parallel with several users. The access can be done via the normal installation, via the portable version, as well as via the web viewer. LOGINventory offers an authorization concept and the possibility to share individual nodes, i.e. folders or queries from the tree structure, for specific groups or users. This ensures that only authorized persons have access to the data intended for them.
In the settings different roles can be assigned. The following roles are available:
|Administrators||Unrestricted access, sharing of data nodes, management of user roles and settings|
|Power Users||Creation and editing of queries (nodes), editing of data|
This does not apply for access data management. Whoever enteres the Master Password can also edit stored user data.
Users or groups from the AD can then be added here and individual roles assigned. When using Security Principals from other domains (via Cross-Forest-Trust), nesting is not supported. This means that a Global Group or account from another domain must be entered directly in the roles; if it is a member of a Local Group, this will be ignored.
If no roles are specified, all users are automatically administrators with unrestricted access!
Always make sure that you add yourself to the role of administrators if you assign roles to other users!
Run Management Center as another user allows you to test which data other users can see. However, nodes in the tree structure must be shared for this.
If user roles are to be activated, corresponding shares must be set to nodes in the LOGINventory tree.
If no nodes are explicitly shared in the tree structure, users will not see any nodes in LOGINventory!
User roles defined in the settings specify the type of access to the database that the individual users or groups have (read-only, edit data, ...). User shares determine to which data users or groups have access! Different roles can be defined for each user or group on a share. If no additional roles are defined, the roles from the global definition in the configuration apply.
To share nodes (queries or folders), the node properties can be accessed via the ribbon menu. Then you can define in the tab Share, which group or user has which kind of access to this node and all subnodes.
With role, the inherited authorizations (from nodes above or from the settings) can be overwritten and thus redefined.
If all nodes are to be shared for a user, this can be done using the Asset Management node, since this is above all other nodes.
The option Show share in root should be selected by default. Only in cases where the permissions on a node below another shared node should be different from the permissions on the node above, remove the check mark.
If members of the AD group "Technology" should have read access to all nodes except the folder "My Queries" (there: write access), then the access right for the group Technology is set to "Guest" for the node "Asset Management" and "Power Users" for the node "My Queries". To prevent the "Own Queries" node from additionally appearing on the first level, the check mark at Show share in root is removed.
Using the Portable LOGINventory Version
In the tab Extras in the ribbon menu the Portable LMC can be published. This version allows you to use the LOGINventory user interface on other Windows computers without having to install or configure LOGINventory. For this purpose, the LOGINventory.exe of the portable version can be called from the shared folder. A distribution is not necessary.
This option is only available in the ribbon menu when you position the mouse on the Asset Management node or an underlying node.
When creating the portable version, all necessary configuration settings and data are stored in a directory in which, among other things, a LOGINventory.exe is located.
This .exe file can be started without installation and then provides all functionalities of the installed LOGINventory version with the exception of changing the configuration and acquisition methods. The Acquisition node is therefore not available. In addition, only user-specific settings can be changed.
In order to use the portable version, the created folder can be shared with the corresponding users. LOGINventory.exe can then be called directly from the shared directory. Only a connection from the client PC to the current database server must be possible so that the portable version can be used.
The network access to the LOGINventory database server must be configured correctly. For Microsoft SQL Server Express, use the SQL Server Configuration Manager to check that the "SQL Server Browser" service is started and that the "TCP/IP" protocol is available.
If an updated version of LOGINventory is installed, the portable version must also be updated manually. To do this, you can simply run through the wizard again to create the portable version.
Of course, the portable version also takes the role and authorization concept into account.
In the tab Extras in the ribbon menu the Web Viewer can be published.
The web viewer provides read-only access to the LOGINventory database and can be accessed from any device without installation via the browser.
This means that no own queries can be created with the web viewer and no Custom Properties can be stored on devices.
Of course, the web viewer also considers the role and authorization concept.
Publishing the Web Viewer
For publishing, Internet Information Services (IIS) are required on the LOGINventory machine.
To add the necessary roles / features, you can select the option to add roles on Windows Server systems e.g. via Server Manager.
On Windows Client operating systems, you can get to this dialog by going to Enable or Disable Windows Features via Control Panel via Programs, for example.
Then select the role Webserver (IIS) (depending on the operating system version also "Internet Information Services").
Add additionally the following options, or make sure they are selected:
- Common HTTP Features → Static Content
- Security → Basic Authentication (optional: allows use of browsers that do not support Windows authentication)
- Security → Windows Authentication (use Windows authentication by the web browser)
- Application Development → ASP.NET 4.X
The configuration of the web application is done via the IIS Manager which can be started by executing
If you did not select the default installation path during the installation of the web viewer, you must add a new web application to which you may assign the application pool.
If you selected Copy only the files during the web viewer installation, you will need to convert the default virtual directory into an "application".
- Right-click on the "LOGINventory9" web page and use the "Convert to application" function.
- Confirm the setting with "OK".
The published website can be configured via the Internet Information Services (IIS) Manager (found via the Start Menu -> Search for "IIS"). Especially the settings for Authentication should only be changed by experienced users who know what they are doing. By default the following settings are set here:
Only with these settings is it guaranteed that the Authorization Concept is considered and that users can only see the nodes shared for them.
Using the Web Viewer
All data views are available in the web viewer and the export of data to various formats is also supported.
By default, the web viewer is accessible via a browser under
SERVER must be replaced by the name of the computer on which LOGINventory was installed.
The URL extension
?pcuid=DEVICENAME can be used to jump directly to individual assets. This is useful if you want to call LOGINventory from other programs.
?node=NODEPATH. The following syntax is used for the node path: The
$character is used as a separator for subfolders, a space is replaced by a
+and the English node name is always used. For example, the path to the node "Software" -> "Software Packages" is
?node=root$IT+Inventory$Software$Software+Packages. To make it easier to find the right link, you can click on the text "Link to this node" and the full linkable path will be displayed in the browser address bar.