Multi User Mode
Access to the LOGINventory database is possible in parallel with several users. The access can be done via the normal installation, via the portable version, as well as via the web viewer. LOGINventory offers an authorization concept and the possibility to share individual nodes, i.e. folders or queries from the tree structure, for specific groups or users. This ensures that only authorized persons have access to the data intended for them.
In the settings different roles can be assigned. The following roles are available:
|Administrators||Unrestricted access, sharing of data nodes, management of user roles and settings|
|Power Users||Creation and editing of queries (nodes), editing of data|
This does not apply for access data management. Whoever enteres the Master Password can also edit stored user data.
Users or groups from the AD can then be added here and individual roles assigned. When using Security Principals from other domains (via Cross-Forest-Trust), nesting is not supported. This means that a Global Group or account from another domain must be entered directly in the roles; if it is a member of a Local Group, this will be ignored.
If no roles are specified, all users are automatically administrators with unrestricted access!
Always make sure that you add yourself to the role of administrators if you assign roles to other users!
Run Management Center as another user allows you to test which data other users can see. However, nodes in the tree structure must be shared for this.
If user roles are to be activated, corresponding shares must be set to nodes in the LOGINventory tree.
If no nodes are explicitly shared in the tree structure, users will not see any nodes in LOGINventory!
User roles defined in the settings specify the type of access to the database that the individual users or groups have (read-only, edit data, ...). User shares determine to which data users or groups have access! Different roles can be defined for each user or group on a share. If no additional roles are defined, the roles from the global definition in the configuration apply.
To share nodes (queries or folders), the node properties can be accessed via the ribbon menu. Then you can define in the tab Share, which group or user has which kind of access to this node and all subnodes.
With role, the inherited authorizations (from nodes above or from the settings) can be overwritten and thus redefined.
If all nodes are to be shared for a user, this can be done using the Asset Management node, since this is above all other nodes.
The option Show share in root should be selected by default. Only in cases where the permissions on a node below another shared node should be different from the permissions on the node above, remove the check mark.
If members of the AD group "Technology" should have read access to all nodes except the folder "My Queries" (there: write access), then the access right for the group Technology is set to "Guest" for the node "Asset Management" and "Power Users" for the node "My Queries". To prevent the "Own Queries" node from additionally appearing on the first level, the check mark at Show share in root is removed.
Using the Portable LOGINventory Version
In the tab Extras in the ribbon menu the Portable LMC can be published. This version allows you to use the LOGINventory user interface on other Windows computers without having to install or configure LOGINventory. For this purpose, the LOGINventory.exe of the portable version can be called from the shared folder. A distribution is not necessary.
This option is only available in the ribbon menu when you position the mouse on the Asset Management node or an underlying node.
When creating the portable version, all necessary configuration settings and data are stored in a directory in which, among other things, a LOGINventory.exe is located.
This .exe file can be started without installation and then provides all functionalities of the installed LOGINventory version with the exception of changing the configuration and acquisition methods. The Acquisition node is therefore not available. In addition, only user-specific settings can be changed.
In order to use the portable version, the created folder can be shared with the corresponding users. LOGINventory.exe can then be called directly from the shared directory. Only a connection from the client PC to the current database server must be possible so that the portable version can be used.
The network access to the LOGINventory database server must be configured correctly. For Microsoft SQL Server Express, use the SQL Server Configuration Manager to check that the "SQL Server Browser" service is started and that the "TCP/IP" protocol is available.
If an updated version of LOGINventory is installed, the portable version must also be updated manually. To do this, you can simply run through the wizard again to create the portable version.
Of course, the portable version also takes the role and authorization concept into account.
Via the Web Viewer, data from LOGINventory can be displayed in a web browser and in some cases also edited. For this purpose, different pages are available for different use cases:
- the page
default.aspxallows read access to the complete tree structure in LOGINventory and all contained queries and nodes. From here, export to different formats (e.g. PDF, XLSX) is also possible. The page is non-responsive and should therefore be accessed from a PC.
- the page
details.aspxshows only the details of a single device at a time. In addition, this page allows to document the handover of the device to a user (including signature). The page is responsive and therefore also suitable for a call via smartphone.
Both pages support parameterized calling, so you can jump directly to individual devices or queries. More information about this below.
Of course, the web viewer also considers the role and authorization concept.
For publishing, Internet Information Services (IIS) are required on the LOGINventory machine.
To add the necessary roles / features, you can select the option to add roles on Windows Server systems e.g. via Server Manager.
On Windows Client operating systems, you can get to this dialog by going to Enable or Disable Windows Features via Control Panel via Programs, for example.
Then select the role Webserver (IIS) (depending on the operating system version also "Internet Information Services").
Add additionally the following options, or make sure they are selected:
- Common HTTP Features → Static Content
- Security → Basic Authentication (optional: allows use of browsers that do not support Windows authentication)
- Security → Windows Authentication (use Windows authentication by the web browser)
- Application Development → ASP.NET 4.X
The configuration of the web application is done via the IIS Manager which can be started by executing
The published website can be configured via the Internet Information Services (IIS) Manager (found via the Start Menu -> Search for "IIS"). Especially the settings for Authentication should only be changed by experienced users who know what they are doing. By default the following settings are set here:
Only with these settings is it guaranteed that the Authorization Concept is considered and that users can only see the nodes shared for them.
In the tab Extras in the ribbon menu the Web Viewer can be published.
Various settings can then be made in the wizard that opens.
If the required features have been added on the server, a new application can be created in the IIS Manager via Publish now. We recommend using the default settings for Website, Application and Directory.
The browser icon can be used to access the website after publication and test the functionality.
If you did not select the default installation path during the installation of the web viewer, you must add a new web application to which you may assign the application pool.
If you selected *Just copy files* during the web viewer installation, you will need to convert the default virtual directory into an "application".
- Right-click on the "LOGINventory9" web page and use the "Convert to application" function.
- Confirm the setting with "OK".
The next page in the wizard provides various important settings for productive operation and permanent accessibility of the URLs used.
Alias / CNAME Setup
For productive operation, we highly recommend to use an alias or CNAME instead of the host name** in the URLs used for the web viewer (e.g. calling the web interface of third-party programs, printing labels).
If the LOGINventory installation is ever moved to another computer, all labels would otherwise have to be printed again, or all calling programs would have to be adapted. This can be easily avoided by using a CNAME or alias in the URL instead of the computer name.
For example, the web viewer is then accessible under
http://my-loginventory/LOGINventory instead of
For this purpose, a corresponding CNAME entry must be set in the DNS. Select one of the aliases currently pointing to this computer here, or enter the new CNAME here, which is still to be created by the responsible administrator.
A CNAME can be defined in the DNS for example as follows:
This entry can then be selected in the wizard:
Since the CNAME used should not be adjusted afterwards in productive operation, the option to adjust afterwards is grayed out and can only be edited again by pressing
E. However, you should only do this if you are aware of the consequences.
If you want to use
https to access the website, you have to make sure yourself that a certificate has been installed on the server and a binding has been set up in the web server configuration. If you do not do this, the web page will not be accessible via
Set up Redirection to this Version
Since different major versions of LOGINventory can be installed on a machine in parallel, a separate version-specific application is created in the IIS Manager for each version by default.
To avoid having to reprint all labels or adapt all calling programs in case of an update of the main version (e.g. change from LOGINventory9 to LOGINventory10), we strongly recommend to use a version-independent URL instead of a version-specific one.
This can easily be achieved by setting up a redirection rule so that all calls from
.../LOGINventory/... are redirected to
The setup of such a redirection rule is possible by clicking on the corresponding button.
Since the redirection rule (URL rewriting) is not a standard feature of IIS, it may be necessary to install it later. To do this, the wizard downloads the setup for this feature from the Internet and executes it. If the machine does not have an Internet connection, the address of the download is displayed. The download can then be run on another machine and the setup copied to the LOGINventory machine. In any case, the default configuration can be used when setting up the IIS Rewrite Module.
Once the module is installed, you can create the corresponding redirection rule by clicking the button:
Now it is also visible in the wizard which redirection rule is currently active.
This way, when switching to a new major version, the upgrade can first be tested and all required settings can be made before "the switch is flipped" by adjusting the rule and all calls to the URLs point to the newly installed version.
The final page displays the URL where the web viewer is now accessible.
/details.aspx to this address opens a web page with a search window. From here you can jump to the details pages of the respective devices.
Using the Web Viewer
All data views are available in the web viewer default page (see above) and the export of data to various formats is also supported.
The URL extension
?pcuid=DEVICENAME can be used to jump directly to individual assets. This is useful if you want to call LOGINventory from other programs.
?node=NODEPATH. The following syntax is used for the node path: The
$character is used as a separator for subfolders, a space is replaced by a
+and the English node name is always used. For example, the path to the node "Software" -> "Software Packages" is
?node=root$IT+Inventory$Software$Software+Packages. To make it easier to find the right link, you can click on the text "Link to this node" and the full linkable path will be displayed in the browser address bar.