Filter
Top Products
Chapter 5: Configuration Entry Points
Altiris Helpdesk Solution User Guide 42
This mode allows the console to execute a login command to collect an email address and
password to identify the end-user as a contact in the Helpdesk database before permitting access
to the console. If a contact can be found and the optional password matches, the user is shown
the console and can perform operations similar to those available in a
winUser-mode
console: create new work items with the end-user as the associated contact, review work items
previously created, etc.
To speed up access to Helpdesk, administrators can set the save
UserLoginCookie attribute to
“yes“ to allow Helpdesk to place a cookie on the client browser that serves as a valid “user”
mode credential. Then that user on that machine is not show the login command again after the
first successful login.
“user” mode has five other required attributes:
userLoginCmd, saveUserLoginCookie,
allowSelfEnrollment, selfEnrollmentCmd, denyCmd.
allowSelfEnrollment=”yes”|”no”
• “yes” means that Helpdesk will permit the user to add their contact and/or worker information
to the Helpdesk database and then grant them access to the console. Helpdesk executes the
command named in the selfEnrollmentCmd command.
• “
no” means that users who cannot provide a valid credential: either an email address and
password (“user” mode) or NT ID (“worker” or “winUser” mode) will be denied access to
Helpdesk. Helpdesk will execute the command named in the denyCmd attribute.
Note This is the only attribute that most Helpdesk administrators should ever directly change
in the installed Helpdesk entry points.
By default the Worker console does not allow self-enrollment. Some administrators may want to
edit the worker\web.config file using Notepad or other text editor to change the
allowSelfEnrollment from “ no ” to “ yes ” and save the file. This will cause Helpdesk to restart
and apply the new setting. Administrators should be sure to limit access to the Admin and
Worker consoles using NTLM and NT groups before enabling worker self-enrollment. After
most the workers have been created, administrators should turn self-enrollment off again.
On the other hand, the User console allows self-enrollment by default. This permits end-users to
create their own, possibly erroneous, contact records. Administrators can turn off self-enrollment
by editing the User\web.config file, setting allowSelfEnrollment from “yes” to “no.” Then no
end-users will be granted access to Helpdesk until their contacts are imported from an NS source
or created manually. Note that the default password is the empty string, i.e., no password at all.
Passwords used by Helpdesk here are not and should not be NT or Active Directory passwords.
They are stored as clear text in the database. Workers can view and edit these passwords in the
Worker console.
selfEnrollmentCmd=” ”
The value of this attribute must match the value of an id attribute of a <command> element defined
in same web.config file.
denyCmd=” ”
The value of this attribute must match the value of an id attribute of a <command> element defined
in same web.config file.
userLoginCmd=” ”
The value of this attribute must match the value of an id attribute of a <command> element defined
in same web.config file. This attribute is valid only when workerMode=”user”. See the
User\web.config file for a sample.
saveUserLoginCookie =”yes”|”no”
This attribute is valid only when workerMode=”user.” See the User\web.config file for a sample.
• “yes” means the e-mail address entered by the worker is stored in a cookie in the user’s
computer. The cookie contains an integer. If the cookie is present then the login command is not
executed and the Helpdesk console is displayed. The same user will not be prompted for login