IWR Computer Consultancy - Technical Support and advice on IT issues for Small Businesses.
  Site Map
 

MyLogon quick setup, using the GUI configurator.


A straightforwardget-you-started guide for first-time users. Note that the instructions here cover only the basic options; a great many more settings are available in the mylogon.ini file.

You will need:

  • A fileserver, or computer allocated to share files. This should have:
  • At least one shared folder on that server.
  • A user-account for each client who will access this share over then network.
  • Permissions on the share(s) set to allow read or read-write access to the above accounts, as required.
  • A client computer with Microsoft Windows installed.
  • A network connection between client and server.
  • A copy of the MyLogon installer.
Before starting, confirm that the network connection is correctly set-up. Open a command prompt and type: ping servername
-Where servername should be replaced by your server's name. If you see 'Request timed out' you have a network problem and need to resolve this first.

Run the installer (Accept the request for user-elevation if this is Vista or 7) and accept the default settings.

Either accept the setup program's offer to configure the settings, or start MyLogon from the desktop icons, and select Tools>Configure from the main menu.

A Multi-tab window should appear.  To progress through the screens,  either press Next, or else select any tab directly.  On the last tab the Next button will change to being a  Save button.  Changes are not saved until you press this.  To cancel the changes  press the top-right  X button, as per usual.

Tab1: Profile

The purpose of  MyLogon is to connect your computer to the fileserver. As first installed, it does not in any way affect the process of starting and choosing a 'user profile' (customized settings) on the local computer. If the computer is normally used by only one individual, then you may wish to make the choice of local profile automatic, as follows: 

Pressing the User Manager button on this screen brings up a dialog allowing you to configure one of the local-profiles as being the one to be used from now on. We suggest choosing "User" or "Owner" - in other words, a profile which does not pertain to any one individual. Note: We suggest you do not use the Administrator profile for this purpose. Create a new user-account if no other exists. To emphasise, this local account should not be personalized with an individual's name, as this will create issues if the computer changes hands. "User" or "Default" are suitable names.

Ensure that you know the local account's password.. or set one. This password will be used for screensaver unlocking.

Ensure that this new user-account has its "password Never Expires" option ticked. 

Now, ensure that the required account is selected, and  UNtick the 'Users must enter a password.. " tickbox. On pressing Accept you will be asked to enter the account's password, twice.

Tab2: Network

The Network Name is purely informative. You cannot change it from within the GUI configurator.

The Server Name is the name of the machine you would logon to. This will generally be the name of your fileserver. Enter it without any backslashes or other punctuation.

On a full-spec server the Logon Share is 'netlogon' or sometimes 'sysvol' - though if you've just set-up a single share, use that. 

The Script File is a file within the Logon Share which establishes your network connections after logon. Traditionally this is a 'batch file' with a .bat extension, although it is also possible to use a VB Script (.vbs) or a MyLogon-specific format, the .mls file type.

The above settings must be correct, or it will not be possible to logon. If in doubt ask your Admin for the values.

Tab3: Mode

When first testing, you are advised to leave the 'Require a Logon' checkbox unticked. Once you have verified your logon, you can then activate this section, and from thereon you will be required to provide a network logon each time the computer is started.

Before Saving these changes you should set a Standalone password, and memorize it. There is only one Standalone password per computer, and it is independent of network users or passwords. It is probably best to make the Standalone password the same as that which you entered on Tab 2. Version 3 intends to integrate these two passwords, to make things a little simpler.

In this mode, if at any time you cannot connect to the server you can use the previously-entered password to gain access to your computer, or you can enter the Standalone password.

Tab4: Advanced

This tab has two items, Security Options and Kiosk Mode. Both are optional, and will probably not need altering for a typical setup.

Security Options:

Advised Items lists a number of changes made to the Windows system when MyLogon is working in the 'Enforced Logon' mode. The changes are intended to foil attempts to bypass the logon process by use of special keystrokes, and also to avoid some confusing situations or known security-risks. In a production environment, we suggest you have these options ON, unless there is a reason to cancel them.

Optional Items lists a number of enhancements which some people may find an advantage, or not, as the case may be. Adjust as required.

Prevent locking of screensaver- does what it says. Not that if you do set a locked screensaver or press Windows-L, the computer has to be unlocked with the local-account password, NOT the  network one.

Disable Windows key  - The Windows key is handy for power-users, but dangerous for beginners who  don't appreciate that 'catching' a combination like Win-L will have an unexpected -and possibly disastrous- effect. This option blocks the key-combinations. (although you can still press Win to get the Start-menu)

Inhibit CD Auto-Run - Needs no introduction. Windows XP makes this even more necessary than before, with annoying popups being generated even if you insert a data-cd you've made yourself! Not only that, with the prevalence of CD-burning, there is nowadays the risk of malicious auto-running software on CDs from untrusted sources. Strongly recommended to be on.

A point worth emphasising is that these settings only take effect  if the "Require a logon" option on the Mode page is ticked before exiting the configurator. Otherwise they will have no effect.  Some people may have thought this was a bug, but it's by design. I could grey-out the page when it's not in-effect, but that would cause awkwardness.  So I haven't.

Kiosk Mode:

This mode is activated in response to a special keyword typed into the password field of MyLogon. It allows only a single application to be run, normally fullscreen. The Desktop and Start Menu are not displayed. In kiosk mode, the <user> field of the Mylogon dialog is ignored. If set to connect to the network, authentication will be with a username determined by the kiosk-mode settings, and a password equal to the kiosk-mode keyword.

The main purpose of kiosk mode is for data-entry terminals and the like, where the user should only be performing the allotted task with the computer, and no other. It may also be of value in situations where a less-trusted user needs to be allowed access to a machine for a specific purpose. Whilst the kiosk mode itself is reasonably (but not totally!) secure against attempts to access other software on the machine, it should be remembered that many programs have "File..Run" menu items or the like, and some, Word for example, have scripting languages which enable the user to perform all manner of complex operations on the computer. Thus, if security is important then great care must be taken to ensure that all ways of "jumping ship" out of the kiosk app itself have been covered.

Notes:

An add-on is available which allows a user to change their network password, if this functionality is required.

 

Stop Censorship