System Policy Settings
Depending on the selected policy template, you can configure the following system settings for your recording policy:
-
Enable recording: available for Windows, Mac and Unix-based server policies.
By default, as soon as the ObserveIT Agent is installed and the user logs on to the monitored machine, all user actions start to be recorded. This setting allows you to temporarily disable recording without uninstalling the Agent software. This option is enabled by default. - Continue recording after locking and then unlocking the screen: allows a recorded session that was locked and then unlocked to continue being recorded. This option is relevant only when session recording is triggered by Agent API and not by Windows login.
-
This option is displayed only when Enable recording is disabled. To turn this option on, you must uncheck the Enable recording checkbox, and then check Continue recording after locking and then unlocking the screen.
-
Enable Identity Theft Detection: available for Windows, Mac and Unix-based server policies.
When an Identity Theft Detection policy is configured in ObserveIT, users who are logged on to monitored endpoints can receive notification via email about the specific endpoints to which they have logged on, and from which client machines they logged in. You can enable users to receive these email notifications from ObserveIT by selecting this check box. -
Enable recording notification: available for Unix-based servers only.
ObserveIT enables you to notify users that their actions are being recorded during recording sessions on the server. This is especially useful on management workstations for which there are privacy issues. By default, this setting is disabled. When actions are being recorded, and this notification message feature is enabled, a yellow recording notification bar appears on the desktop on each recording session, clearly notifying the user that their actions are being recorded and monitored. The default message displays "All activity on this machine is recorded and monitored".On Windows-based servers, enabling recording notification is configured as part of a Stealth and Privacy Policy.
-
Enable API: available for Windows-based and Mac-based server policies.
The ObserveIT Agent software's Application Programming Interface (API) allows programmers to control the Agent recording status (Enabled, Disabled, Started, or Stopped), which applications or URLs are recorded, and other settings. Although this API is protected, in order to prevent the wrongful usage of this API by malicious users, the API is disabled by default. If you intend to use the API, you must enable it. -
Restrict to RDP: available for Windows-based and Mac-based server policies.
-
Enable key logging: available for Windows-based and Mac-based server policies. You must enable this option to record typed text, pressed special keys and key combinations. In addition you must enable this option to detect paste performed by Ctrl-V (Windows), Cmd-V (Mac) and Shift-Insert.
-
Enable in-app elements detection: available for Windows-based and Mac-based server policies.
In-App Elements are sensitive data elements within desktop and web-based applications that you can mark for tracking risky user behavior. By default, Agent recording of In-App elements is disabled. You can change the default configuration here by enabling Agent detection and recording of In-App Elements. -
Screen recapturing mode: available for Windows-based and Mac-based server policies.
Defines how a screen is recaptured when there is user activity in a Window that is already open and has been captured at least once. The option Recapture only the window in focus, recaptures only the window of the application in focus, without the entire screen background. Always recapture the entire screen recaptures the application in focus and the entire background. -
Disable partial screen capture optimization: available for Windows-based and Mac-based server policies.
By default, this feature is disabled to allow the optimization of screen capture recordings. In default mode, screen captures are taken only of the window that is currently in focus, combining it with the screen background during video playback. By selecting this option, optimization is disabled, and a full screenshot of the active screen is captured as opposed to only the currently active window.
Note that regardless of whether this option is enabled/disabled, when the Application Recording policy does not include/exclude any applications, a full screenshot of the active screen is captured.
When using multiple monitors, only the monitor with the active window is captured. However, if the active window intersects with the other connected monitors, screenshots of all the intersected monitors are captured. -
Optimize screen capture data size: available for Windows-based and Mac-based server policies.
To reduce the overall size of storage required for screenshot data, ObserveIT applies an advanced compression algorithm that optimizes the screen capture storage size. The compression algorithm applies to all ObserveIT screenshots, whether they are stored in the SQL Server database, or in the file system on a local hard drive of the ObserveIT Application Server, or on a file share in the network. This method of optimization can lead to a significant saving in storage size. Screen data storage optimization is enabled by default. If you want to store images as complete screenshots, you can disable this option. -
Set image format: available for Windows-based and Mac-based server policies. This setting enables you to specify the required image format (Color, Grayscale Server Compression, or Grayscale Client Compression).
By default, all ObserveIT session images are recorded in grayscale. However, it is possible to change the recording settings to full color. The recording color affects the ObserveIT Agent performance depending on the format of the collected screenshots, the database storage required, and network utilization. On the Client-side, the Agent captures the images in color and compresses them to grayscale images. On the Server-side, the Agent sends the captured colored images to the Application Server, which compresses them either to grayscale or color.Note the following:
-
By default, the images are compressed using Grayscale Server Compression. However, if more than two monitors are connected to your computer, the image format switches to Grayscale Client Conversion.
-
Note that the default image format for a Default MAC Policy is Color.
-
When the Agent is in offline mode, even if you are recording the images in color, all the images will be saved as grayscale regardless of the server policy configuration. In the Session Player however, the images might be colored and grayscale; that is, colored when the Agent is online, and grayscale when the Agent is offline.
-
The default setting "Grayscale Server Compression" requires normal CPU resources on the ObserveIT Agents and normal network bandwidth utilization.
-
"Grayscale Client Compression" requires additional CPU resources on the ObserveIT Agents for the conversion, but utilizes less network bandwidth.
-
The "Color" setting requires no additional CPU resources for compression; however, more data storage is required per screenshot on the SQL Server database, and there is a much higher network bandwidth utilization (up to 10 times greater than the default grayscale).
-
-
Set session timeout: available for Windows-based, Mac-based and Unix-based server policies.
This setting enables you to specify the required period of user inactivity after which ObserveIT will stop monitoring a session.
ObserveIT tracks session idle time, which is the period of inactivity in the session. When a session times out, ObserveIT no longer waits for user input and closes the session. As soon as a user performs an action such as clicking on a mouse key or typing on the keyboard, ObserveIT creates a new session. This might result in two or more user sessions in the Endpoint Diary or User Diary, although from a Windows perspective there was just one long user session. By default, all idle sessions time out at 15 minutes. -
Set keyboard frequency: available for Windows-based and Mac-based server policies.
ObserveIT monitors the rate at which the user types on the keyboard. The frequency of the character typing determines how often a screen capture is performed. For example, if a user types just one or two words in the command prompt window, in a leisurely manner, it will probably trigger one or two screenshots. However, if the same user types a 500 character email or Word document, many screenshots will be captured, but not every single typed character will invoke a screen capture. This setting enables you to change the settings of the keyboard stroke recording frequency. Options are: 0 (every key stroke), every 0.5 second, 1: every 1 second (default), every 5 seconds, every 10 seconds.Using a keyboard recording frequency that is higher than 1 second could potentially cause loss of data. For example, when the keyboard recording frequency is 10 seconds, if the user typed text in an application for 5 seconds and then clicked another window or stopped interacting with the application, the 5 seconds of activity might not be recorded as no event would have triggered the capture of the screenshot or metadata.
-
Set continuous recording: available for Windows-based and Mac-based server policies.
In Continuous Recording mode, ObserveIT records the user’s screen even when no user activity is detected. By default, this feature is turned OFF. To enable continuous recording, select the required interval (in seconds) during which time you want to continue recording even when no user activity occurs.Using Continuous Recording mode could cause a considerable increase in the database size. It is CPU intensive and it should not be used for Terminal Services or Citrix servers that host many concurrent sessions.
-
Enable live and lock messages from within video replay: available for Windows-based and Mac-based server policies.
By default, this feature is disabled in order to minimize the volume of redundant calls from the Agent to the Application Server, and from the Application Server to the database. When enabled, Console users can communicate with live recorded users, using on demand live and lock messages using dedicated buttons in the Session Player.