Inno-Tech's Administration ToolChest: Universal Login Script
A login script is the ONE administrative tool that touches every user in your organization. It gets up close and personal in a way that no other tool does. When it works, you're brilliant, but when it doesn't, well...
Shouldn't you put your best script forward?
Inno-Tech's Universal Login Script has stood the test of time, with over 15 years of use at several hundred organizations around the world. Companies of all sizes - from a handful of users at a single office to enterprises with hundreds of locations and thousands of users - all benefit from a login script that is robust, fast, and flexible.
Proven Reliability
In-depth testing, externalized data, compiled code, logging, detailed debugging, and years of field use all combine to provide a level of reliability well beyond most expectations. A thoroughly detailed user guide with examples and a step-by-step implementation is simply the icing on the cake, so to speak.
Proven Performance
While many factors, such as server load and network link speeds can affect performance, rest assured that the login script itself won't slow things down. In small networks where a dozen resource records are defined and 5-6 resources are actually processed, the script will complete its processing in under 1 second - so fast that we had to add an optional delay so users and admins could view the status messages! In one large network - 250 sites connected by 256Kbps Frame Relay links, the configuration file has 38 resource records defined, along with two lookup tables of 4-500 records each. On the LAN, the login script completes in under 6 seconds, while remote users running the script over the WAN take 11 seconds to complete the login processing. These times include loading the Kix32 executable, parsing the configuration file, validating access, and processing the authorized resources.
Special Features
There are many features that differentiate this login script from the rest.
Internationalization provides dynamic selection of the language used to display status messages to the user. Five languages - English, German, Dutch, Spanish, and Swedish - are built in, and other languages can be added by simply creating a message file in the desired language. The language is selected based on the user's Locale setting.
Config File Caching significantly improves performance on slow WAN links. It caches the config data on the local machine. Further queries to the config file are done from the cached data, reducing the amount of network traffic necessary to process the login.
Debugging features are rich and extensive, making it easy to test complex configurations. Errors are automatically logged, and automatically enable Level-1 debugging. Debugging clearly illustrates the decision processing logic applied to every resource record, allowing the administrator to quickly zero in on the issue.
A-D Integration allows the administrator to control access to the resource through Active Directory User Group membership, User OU membership, and Computer OU membership. Multiple groups and OUs can be specified in the access controls to precisely define access to a resource. Multiple levels of access control are available, including:
- Required Membership - The user must be a member of at least one of several defined groups or OUs.
- Mandatory Membership - The user must be a member of all of the specified groups.
- Excluded Membership - The user must not be a member of excluded groups or OUs. Groups and OUs can be excluded individually, and can be specified in Required or Mandatory sets.
- Reverse Action - Access to a specified resource can be granted when a user does not meet the access criteria, or denied when they do meet the criteria. This allows very complex mapping logic to be defined.
Data Rewriting permits the path to the network resource to be dynamically modified based on certain environmental parameters. There are eleven forms of Data Rewriting.
- Replace a Rewrite tag with the user's login ID.
- Replace a Rewrite tag with lookup data based on the user's login ID.
- Replace a Rewrite tag with the A-D Site name.
- Replace a Rewrite tag with lookup data based on the A-D site name.
- Replace a Rewrite tag with the User's A-D OU name.
- Replace a Rewrite tag with lookup data based on the User's A-D OU name.
- Replace a Rewrite tag with with the Computer's A-D OU name.
- Replace a Rewrite tag with lookup data based on the Computer's A-D OU name.
- Replace a Rewrite tag with with the Computer's host name.
- Replace a Rewrite tag with lookup data based on the Computer's host name.
- Replace a Rewrite tag with lookup data based on the computer's network address.
By using these Rewriting features, you can eliminate dozens or even hundreds of lines of IF or CASE statements in your login scripts, replacing them with simple lookup records. This feature also lets you map to a shared resource based on sets of users that aren't in a common A-D group or OU! Data Rewriting can be applied to the PATH and Description values of all resources, and to the command and argument values of command resources for a high level of customization.
Customizable User Interface allows the script to run with simple status messages (default), silent (only errors are displayed), or a fully customized interface. A sample interface module is included which provides administrators with a starting point for creating a user interface with as much or as little information as they desire. This customization is above and beyond the standard language customization that is available.
Extensive and Proven Deployment
Who uses the Universal Login Script? Companies of all sizes spread across the globe, including:
- First Citizens Bank & Trust - A regional bank in the Southeastern US.
- National Management Systems - A US-based recycling management firm.
- Flight Centre USA / Liberty Travel - One of the largest travel agencies in the US.
- Christian Dior Perfumes L.L.C. - An internationally recognized cosmetics firm.
- O-A Insurance - A large insurance agency in the NY metro area.
- CyberTel IT - An IT services provider based in Australia.