ThinManager Security Groups
ThinManager limits access to the ThinManager interface to administrators for security purposes.
Users can be given access rights to specific functions by using the ThinManager Security Groups. This allows users to make authorized changes without requiring administrative membership.
ThinManager Security Groups are setup in the ThinManager Server Configuration Wizard.
Configuring ThinManager Security Groups
The ThinManager Server Configuration Wizard can be launched by:
- Selecting Edit > Modify while the ThinMan icon is highlighted in the ThinManager tree, or
- Double-clicking on the ThinManager icon in the tree, or
- by right clicking the icon and selecting Modify.
Select the Next button to navigate to the ThinManager Security Groups page.
ThinManager Security Groups
ThinManager allows different levels of access and functionality to be applied to standard Windows groups. You can add a group and apply the powers to it. Members of the Windows group will be granted the group’s access.
Standard Windows Groups can be created in the terminal server’s Computer Management console and given different privileges in ThinManager.
ThinManager comes with privileges pre-defined for six groups. These groups are not pre-created. You can create these groups and add members or use them as a template for the types of privileges to grant. The pre-created templates include:
- Administrators - The Microsoft defined Administrator group is given all privileges by default in ThinManager. This may be denied by unselecting the various allowed Windows User Group Permissions.
- ThinManager Administrators have full permission to do anything within ThinManager including the power to logoff sessions, kill processes, send messages, restart terminals, calibrate touch screens, change terminal configurations, update firmware, update the TermCap, and restore configurations. Administrators and members of ThinManager Administrators can shadow terminals and interactively control the terminal session. These privileges may not be removed and will be grayed out.
- ThinManager Interactive Shadow Users - Members of this group may shadow a terminal interactively.
- ThinManager Power Users can logoff sessions, kill processes, send messages, restart terminals, and calibrate touch screens. They cannot change terminal configurations, update firmware, update the TermCap, and restore configurations. ThinManager Power Users can shadow terminals from within ThinManager but cannot interact with the session.
- ThinManager Shadow Users - Members of this group may shadow a terminal but not interactively.
- ThinManager Users can view only. They cannot logoff sessions, kill processes, send messages, restart terminals, or calibrate touch screens. ThinManager Users cannot shadow a terminal.
Adding Windows Groups
Additional Windows User Groups can be configured by selecting the Add Group button to launch the New Windows Group window.
New Window User Group Windows
Adding a Windows Group name in the Enter Windows User Group Name field of the New Window Group window and selecting the OK button will add the Windows User Group to the drop-down list.
Note: This doesn’t create the user group on any servers. This just adds the name of an existing group to the list that ThinManager is maintaining.
New ThinManager Security Group
Select the group you want to configure from the Windows Users Group drop-down.
Choose the permissions you want to grant to the group by double clicking on the function in the Available Windows User Group Permissions list. Members of the Windows User Group will have the selected permissions the next time they login.
Microsoft Windows User Group Creation
To Create A Windows User Group Open the Computer Management Console by selecting Start > Settings > Control Panel > Administrative Tools > Computer Management.
Created ThinManager Security Groups
- Highlight Groups in the tree and select Action > New Group.
- Name the group and select the Create button.
- Add Users to the Windows User Group.
- Members of the Windows User Group will have the selected permissions the next time they login.
- If groups are not created, members of the standard Windows Administrator group have full privileges in ThinManager while members of the standard Windows User groups will be denied access.
Note: The thinserver service will need to be stopped and restarted and the users will need to re-login for the changes to take effect.