User’s Guide XyLoc Client (ver 8.x.
Table of Contents Introduction .................................................................................................................................... 4 Your XyLoc Package ............................................................................................................................... 4 Support Information ................................................................................................................................. 4 XyLoc Core Functionality.....................
XyLoc Password ..................................................................................................................................... 39 What It Does: ......................................................................................................................................... 39 Sets the XyLoc password. ......................................................................................................................
Introduction Your XyLoc Package The following is a checklist of all items included in the XyLoc User’s Package: Software Release Notes Quick Start Instructions XyLoc Solo XyLoc Key XyLoc USB Lock USB Extension Cable XyLoc Lanyard CD-ROM containing: XyLoc software installer Electronic version of XyLoc User’s Guide in Adobe Acrobat format Adobe Acrobat Reader installer Support Information We are available to answer any questions or provide any needed assistance.
XyLoc Core Functionality The XyLoc Solo is a flexible hardware/software platform with expanding capabilities. Below is an overview of the core capabilities in the XyLoc Solo and future capabilities.
XyLoc Solo Overview XyLoc Solo delivers desktop security that positively identifies authorized users and permits access to PCs and portables as appropriate. The focus of XyLoc Solo is three-fold: 1. Providing full-time access control to PCs and portables 2. Taking the burden of compliance off the end user 3. Making the computer more convenient for the user XyLoc Solo runs on Windows 2000 and Windows XP.
XyLoc Product Architecture XyLoc is a microprocessor-based turnkey solution. Its patented technology is based on wireless radio frequency (RF) technology that continuously monitors authorized users based on their proximity to the PC and grants access to the PC as appropriate.
XyLoc Secure Login and Password Overview Windows 2000/XP The Windows NT based Operating Systems (2000/XP) are designed with more inherent security. There is already a GINA in place which controls the logins, profiles and security permissions on the workstation. The XyLoc system also has a GINA, which takes over the primary windows logon and in turn “calls” the Microsoft GINA. Most of the inherent Microsoft security is still in place, and XyLoc enhances that security with a proximity based solution.
Getting Started Using the XyLoc Lock The XyLoc Lock included in this package is a low power receiver that is connected to the PC through a USB interface. Note: Windows 2000/XP users must have local Administrator privileges to complete the installation. Installing the XyLoc Lock (USB) 1. Close all open applications. 2. Please wait to attach USB XyLoc lock until prompted by XyLoc software install wizard. USB Plug 3. Insert the XyLoc CD into the CD drive. 4. Install the XyLoc System Software.
If the user will wear the Key on the right side of the belt, use the Velcro strip to secure the Lock to the underside of the user’s desk. The Lock should be at the same height as the Key will be when the user is seated. The user should keep the face of the Key pointing at the LED. Ideal Lock Placement Acceptable Lock Placement Less Desirable Lock Placement Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
The XyLoc Lock Status Light The LED indicator light on the XyLoc Lock has three possible states: 1. Green – The indicator light is green when the computer is unlocked and available for access. 2. Red – The indicator light is red when the computer is locked or disabled. 3. Off – The indicator light is off if the XyLoc system is not receiving power. LED Status Light Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
Using the XyLoc Key The XyLoc Key is a low power radio transmitter with a unique non-volatile and noncloneable user identification code. LED Status Light ON Button OFF Button The KeyCard is powered by single coin cell that last approximately twelve to twenty-four months. The KeyCard has two switches on its front panel marked “O” and “X”. The “O” turns the Key ON and “X” manually turns the Key OFF. The Status LED flashes green when the system is turned ON and red when it is turned OFF.
The Key must be in the possession of the user at all times. The XyLoc system provides tools to help ensure user compliance. XyLoc is capable of identifying a Key that has been left stationary. The XyLoc system can be configured to automatically secure the workstation, should a Key be left unattended. This action is also recorded in the Audit Logs. NOTE: To insert the battery into the KeyCard, place the KeyCard with the XyLoc logo face down, remove the two retaining screws and slide open the lid.
Installing the XyLoc Software The XyLoc software controls the operation of the Lock/Key and their interaction with the PC’s operating system. The software offers flexible configuration options and selectable desktop preferences to meet the users varying needs. Installation is accomplished via a simple-to-use wizard. Except where noted, the following instructions apply to all supported Microsoft Windows systems.
5. Click Next on the welcome screen to continue with installation. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
6. Please review the terms of the Software License Agreement. If you accept all of the terms of the Software License Agreement, click Yes, and the installation will continue. If you do not accept all of the terms of the Software License Agreement, click No to cancel the installation process. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
7. Once the program is ready to install the files, the “Ready to Install” window will display. Click “Install” on this screen when you are ready to install (NOTE: This screen does not come up in 8.2.3 and earlier) 8. For NT4 users, the Question window will be presented. Select Yes when using the USB lock. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
9. Login Account Selection: Select the desired user name from the list. This list is created by examining the Users database on the PC. If XyLoc is to be configured for a network logon account, type the account name here, being careful to enter the name exactly as it appears for your normal logon. Please create a user via the Users control panel in Windows. 10. Lock Identification: XyLoc will attempt to find the port to which the Lock is attached. Click OK to continue.
11. If you are using the USB version, connect the lock to the computer at this time. NOTE: On Windows XP, the Found New Hardware Wizard will appear. Leave the default for “Install the software automatically (Recommended)” and click Next. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
12. Let the system find the drivers and install automatically. 13. If for some reason Windows XP does not find the driver it will likely prompt the user to “Insert the disk labeled XyLocUSB Installation Diskette.” If this occurs, click OK, and then click Browse. Point to “C:\WINDOWS\System32\Drivers\” directory, which should contain the XyLocUSB.sys file necessary to install the USB device. Click OK. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
14. Click “Finish” to complete the new device installation. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
15. Once Windows has finished installing the device, click “Continue.” 16. Confirm XyLoc Key ID: XyLoc will attempt to identify the closest Key and insert that Key ID into this field. Refer to the label on your XyLoc Key and verify that it matches the Key ID shown. If no Key ID is shown, or if it is not the correct Key ID, please enter it manually. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
17. Personal Name Identification: Enter the user’s full name to further identify the Key owner. NOTE: This field is an optional field. If the name is left blank, the actual Account Name will be used instead. 18. XSS IP Configuration. This screen has a field to enter the address of the XSS (XyLoc Security Server), if there is one. If there is no XSS, this field can be left blank. NOTE: XyLoc 8.2.4 also added the ability to use the server’s DNS name for the address instead of the IP address.
19. XyLoc Configuration Summary. This screen provides a summary of the features you just selected. Choose Finish to complete the Installation Wizard. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
20. Click “Finish” once the installation is complete. 21. Restart your computer when prompted. 22. If your installation was successful, upon restart you will see the XyLoc logon window. Logon by clicking on the personal name associated with the XyLoc key. 23. Your network provider logon screen (Microsoft or Novell) will then appear. Enter your system account password.
message appear at all times, then right-click on the XyLoc icon and click on “Show XyLoc State.” This will cause the XyLoc Status window to stay resident on the desktop. 25. The XyLoc icon should also be displayed in your system tray. XyLoc Icon in System Tray 26. Test your XyLoc system by stepping away from your PC and watch to see if it secures.
Understanding Core Settings Although a detailed description of the many XyLoc configuration options is discussed in the Configuring the XyLoc Software section, an overview of the differences among the core settings is useful. Administrative Levels All authorized XyLoc Keys will grant a person access to a particular PC. However, there are three different Administrative Levels that affect that person’s ability to make changes to the way XyLoc operates.
User A person with User privileges has limited access to the features of the XyLoc Configuration Manager. This level is best suited for most users. These users need regular access to a particular PC and would benefit from the ability to modify the way XyLoc works in their specific environment. A person with User privileges will only see their name in the User Name field – no other people’s names will be visible or accessible.
• Must Enter Password: This setting requires that a user enter his/her password before that user is logged in. The system will display all the authorized keys in the area and once the user selects their name from the list, they will be prompted for their password. If only one user is found, the system will display the password prompt automatically. Unlock Authentication • Hands-Free Unlock: This setting provides the most convenience.
Configuring the XyLoc Software Security Configuration and User Preferences XyLoc’s operating parameters are set through the XyLoc Configuration Manager. To launch the XyLoc Configuration Manager, select XyLoc Configuration from the Start menu (Start/Programs/XyLoc/XyLoc Configuration). You may also double click on the ET (XyLoc icon) in the System Tray.
Select a log-on account from the User Name list to modify that user’s settings User Setup Select Allow Password Override (No Key) to enable override access to the desktop from a locked state. Select Login Authentication method Click Add User… to use the Configuration Wizard to add a new log-on account Select Allow Password Override (No Key) to allow override access at the initial login.
Add User… What It Does: Enables you to add a network account for XyLoc to login with. Recommended Use: (See Adding New Users) This does NOT create a local Windows account on the machine. Local accounts must be created through Windows and will automatically show up in the XyLoc User Name window. Delete User… What It Does: Enables you to delete a network account or remove all keys from a local account.
Select Username What It Does: Finds all the keys in the area and then prompts the user to select their name. Recommended Use: This setting is useful for environments where many users are in a small area such as cubicles, labs, or the nurses’ station at a hospital. Must Enter Password What It Does: User must enter a password to login. The system finds the strongest key in the area and then prompts the user for a password. Recommended Use: For use in environments with a need for greater security.
Unlock Authentication Hands-Free Unlock What It Does: When an authorized user enters the Active Zone, the PC’s desktop is automatically unlocked without requiring that any other action be taken. Recommended Use: This is the default setting and provides the most convenience. Select User Name What It Does: Finds all the keys in the area and then prompts the user to select his key.
Range What It Does: Defines the Active Zone by setting the range at which XyLoc will lock/unlock the PC. Note: The numbers that are referenced for unlock and lock are not a reference to feet or meters. The numbers are a reference to strength of the signal between lock and key. Recommended Use: Choose Short, Medium or Long distance for XyLoc operation based on user preference and office size/environment.
Advanced User Settings Select the Administrative Level for the selected user and key Select the Auto Logoff Time to close an account after a period of inactivity after screen is locked Allows this user account to logoff another user account that is in a locked state Select Disable Key to disable specific key from log-on account Allows the Key ID to be changed to a new ID while maintaining existing settings Select to enable the Pass Key option for Administrators Select to play the “Default” system soun
visible in the User Name field. Guest What It Does: Allows a person to use a PC without the ability to view or change any configuration settings Recommended Use: The most limiting level; no access to XyLoc Configuration Manager Auto Logoff Time What It Does: After the authorized user leaves the active zone and the desktop locks, XyLoc starts an inactivity timer. If the logged-in user does not return before this time expires, the account is logged off.
Pass Key What It Does: Lets administrators access the current user’s desktop without logging that person out. Recommended Use: This is useful in situations where the administrator needs to troubleshoot a problem that may be specific to a particular user’s account. To use a XyLoc Key as a Pass Key, the Pass Key holder must approach the secured computer and press Ctrl-Alt-Del (under Windows 2000/XP).
XyLoc Password What It Does: Sets the XyLoc password. Note: This box will only appear if this key is part of a Kiosk Account. Recommended Use: It is used by the Kiosk Account feature to provide multiple factor authentication in a shared log-on account. Lock in Password Override What It Does: Locks the PC after a period of inactivity in password override mode. Recommended Use: Enable this for when the users key has been forgotten and you wish the PC to lock after a period of inactivity.
Setting the Active Zone Set the Active Zone by selecting the appropriate Range for your environment. You can further refine this range with Range Refinement. The top bar labeled “Active Zone” shows the approximate range where the computer will remain unlocked. Below this is an adjustable range scale. This permits the setting of “Initial Unlock” and the “Lock.” The Initial Unlock setting (shown in Green) sets the Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.
approximate distance where the XyLoc will unlock the computer when the user returns. The Lock setting (shown in Red) is the approximate location where the computer will secure as the user steps away. NOTE: Given the nature of RF communications and the differing environmental characteristics of each user’s office or cubicle environment, the precise Active Zone setting will vary for each user’s environment.
Adding New Users The first user is created during Installation (see Getting Started – Installing the XyLoc software). All local accounts on a machine will appear in the User Name window of the Configuration Manager for an administrator to create XyLoc accounts from. You can also add existing network accounts to XyLoc by using the XyLoc Configuration Manager’s Add User button. NOTE: This will only add existing Microsoft or Novell network accounts to XyLoc. This does not actually create a new network account.
2. To create a new network user, enter a valid user name in the field and then click Next to proceed. 3. Select the Administrative Level for the new user. Click Next to proceed. 4. Enter the identification number for the XyLoc Key assigned to the new user. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
5. Select the Range setting for this Key 6. Select the Authentication Methods for this Key. 7. Finally, enter a personal name to be used to more identify the owner of this Key. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
Kiosk Accounts Workstation and network logins and logouts are often times several minutes in duration. In a multi-user environment, this delay can be frustrating. Ensure Technologies has developed a secure multi-user shared account feature that provides both security and fast multi-user access. In many settings, you may want to set up a single system account (Microsoft or Novell) for an entire class of users (for example, a “Nurses” account in a hospital or a “Sixth Grade Math” account in a school).
Adding New Keys 1. To create or add users to a Kiosk Account, simply select the user name in the User Name list and then press the Add Key… button. This will launch the Key Wizard. Enter the new Key number (found on the label on the back of the Key) and click Next to proceed. 2. Select the Range for the new Key and click Next to continue. 3.
4. Finally, enter a personal name to be used to more fully identify the owner of this Key. Locking the Desktop Manually It is possible to manually lock the desktop. Right-click on the XyLoc icon and select Lock Screen. This is useful when a user forgets his/her key and wants to manually secure the desktop before stepping away from the PC. It is also possible to have a button available on the desktop to manually lock the desktop without having to right-click the icon. By default, this button is disabled.
PC Setup Select the port to which XyLoc is attached Specify the number of log records to be uploaded to the XSS Works with Application Integration. Sets one of the function keys to be used to launch a “Hot Trigger” Script. Setting for use with the XyLoc Security Server. Enter the IP address or DNS name of the XSS server.
Log Records To Upload What It Does: Specifies the number of log records to upload to the XSS at a time. Recommended Use: Provides an Administrator the ability to manage traffic on the network between the XyLoc client and the XSS Advanced Settings What It Does: Opens the Advanced PC Settings window. Recommended Use: Click the Advanced Settings… button to modify XSS and Password settings. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
Advanced PC Settings Settings for XyLoc Security Server port (not active for XyLoc Solo) Settings for client port use (not active for XyLoc Solo) Provides two modes of operation: normal use (Security) or third party software development (SDK) Sets the minimum length of the XyLoc Password XSS Client Port What It Does: Allows XyLoc installation to be centrally managed through a XyLoc Security Server (XSS).
Logging XyLoc will collect data to track User Activity. This encrypted log may be accessed under the Tools menu of the XyLoc Configuration Manager. User Activity Log What It Does: Displays a history of each user that has logged on and logged off of the machine Recommended Use: Track user activity, including dates and times. NOTE: This option will only be available to a XyLoc Administrator. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
Testing XyLoc Keys Selecting Display Key Info… from the Tools menu provides administrators with a diagnostic tool for identifying and testing XyLoc Keys. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
The Key Information tool offers two modes: Find Specific Key and Find Strongest Key. NOTE: The Key ID is located on the label on the back of the XyLoc Key Find Specific Key Mode What It Does: Recommended Use: Allows you to test a specified XyLoc Key Select Specific Key mode and enter the Key ID in the Key ID field; click Start Search to test the Key. NOTE: Only a XyLoc Administrator can view other keys and therefore change this setting from the active key.
Range What It Does: Recommended Use: Displays the current range of the Key from the Lock Use this value to help determine the optimal Range for your environment Key Voltage What It Does: Recommended Use: Displays the current voltage of keys that support this function. While the system is searching for the key, press the “O” button on the key and the voltage will be displayed. Key Revision What It Does: Recommended Use: Displays the current revision of the key.
Overriding the XyLoc System There will be times when it is necessary to override the XyLoc system. At login, there are two basic methods of overriding the XyLoc system. One is for a XyLoc user that has a badge that is authorized on the PC, but has forgotten it or lost it. The other is for a user that does not have a XyLoc badge assigned, yet still needs to gain access to the PC.
User Does Not Have a XyLoc Key… If a user does not have a XyLoc key assigned to them, or has a XyLoc key but this key has not been configured as an authorized key on a particular PC, the user can still gain access to the PC using the standard Ctrl+Alt+Del keystroke combination. This user will be bypassing the XyLoc security and will login with their account. They will have whatever permissions assigned to them network or PC.
Replacing the XyLoc Battery The KeyCard is powered by a single coin cell (CR3032) that lasts approximately 8-12 months. A user may check the battery by depressing the switch marked “O” on the key. If the battery is good, a Green LED will momentarily flash. The user is able to check the battery life through the XyLoc configuration software. Replacement batteries may be purchased at a local electronics distributor, directly through Ensure Technologies or your local reseller.
Troubleshooting Please refer to the solutions to common setup problems below. If you still cannot resolve the problem, please call Ensure Technologies Technical Support at (734) 547-1600, or send an email to support@ensuretech.com. Helpful Hints: 1. Use the default settings until you become familiar with XyLoc’s operation. 2. The XyLoc application requires that at least one network protocol be loaded on the PC to properly load and operate.
11. Windows XP Embedded Thin Clients: The XPe version of the XyLoc client does not support languages other than English at this time. Earlier versions did erroneously allow the user to select other languages. However, English is the only option that will install successfully. Ensure Technologies – User’s Guide for XyLoc Client ver 8.x.x Drawing#: 510-0100-003 Drawing Rev: 0.
System Functionality Normal Operational Mode The majority of users will use XyLoc in “Normal Operational Mode.” In normal operation, the XyLoc Lock and Key are in constant, encoded wireless communication with each other, with the Lock searching for the presence or absence of authorized Keys. As an authorized user approaches the PC, XyLoc responds and the Key and the Lock engage in an over-the-air authorization.
Spectral Reuse Like a cellular phone system, a large XyLoc installation can effectively reuse spectrum across a facility by intentionally limiting the range of individual XyLocs. This allows Keys in different parts of a building to operate using the same frequencies at exactly the same time. Time Division Multiple Access (TDMA) Keys that are within range of each other can also reuse the same channel allocation by the use of time-division multiple access.
Revision History Revision Date Description Author 0.01 04-15-2004 Created RS 0.02 09-14-2004 Removed support for Windows ME RS 0.03 01-26-2005 Updated RS 0.04 02-21-2005 Added removal instructions RS 0.05 05-09-2005 Removed XyCrypt RS 0.06 07-18-2005 Added changes to installer and Kiosk account that were done in XyLoc version 8.2.4 RS 0.07 04-25-2006 Added support for PINs in a Unique account and added more detail on XPe support RS 0.