Managing Messages
Policy Messaging and Recording Notification
Policy information can be delivered to users as they log into a server or desktop. This policy info can include notification of auditing activity (for example, “Please note that all activity on this machine is recorded.”). Policy information can also relate to company or regulatory policies (“Please note that PCI requirements mandate that no database traces be implemented on this server.”).
Policy messages can also be set to require the user’s response. This can be used to record the user’s acknowledgment that he/she is being recorded (a legal requirement in some jurisdictions). Users can optionally be prevented from completing their logon to the computer until they provide a confirmation and/or response.
ITM On-Prem (ObserveIT) enables you to create and configure messages that will be displayed when a user logs on to one or more endpoints. These messages include information for the user(s), instructions, requests to perform specific tasks, contact information in case of software or hardware issues, and more.
By default, messages will be displayed to any user that logs on to the monitored endpoints. You can exclude specific users/groups from receiving a message and/or display a message to a limited number of users/groups.
The creation and configuration of messages is supported only on Windows Agents.
By default, the use of domain local groups is disabled. In order to use domain local groups, you must enable the "Allow LDAP local groups" option in the System Settings page of the Web Console.
Following is an example of a message that a user might receive from the administrator:
About Messages
-
Messages can be configured to be displayed on all endpoints, on some endpoints, for all users logging on to these endpoints, or for specific users. In addition, you can configure messages to be displayed constantly, for a few hours, or until a specified date or time.
-
Messages can be used to receive input from the user(s) logging on to these endpoints. After users see a message, they can provide textual feedback, such as, information about the reason for their logging on the endpoint(s), the purpose of their connection, the actions they intend to perform, contact information, ticket or support request numbers, and more. This feedback is recorded in the ITM On-Prem (ObserveIT) console and can be viewed by an ITM On-Prem (ObserveIT) Admin or View-Only Admin, depending on their role and permissions scope.
-
Unless specifically configured to lock the user's desktop, messages do not prevent users from continuing their actions and performing tasks on the endpoint(s) for which the messages apply. To prevent users from performing harmful actions, use the built-in Windows permissions and user-rights mechanism.
-
Users must acknowledge the message(s) they receive. This acknowledgment is recorded in the ITM On-Prem (ObserveIT) console, and can be used as proof that the user(s) have indeed been warned about a specific task, and that they understood and accepted the message.
-
If a reply is configured as mandatory, the user must enter a text reply in addition to acknowledging the message.
- Note: The Mandatory Reply feature is supported only on Windows Agents that are running ObserveIT version 5.6.0 and above. It is not supported on Unix or Linux Agents, or on Windows Agents that are running ObserveIT versions prior to 5.6.0.
-
During the replay of a live session, if the Administrator wants to prevent the user from continuing to record the current session, he /she can send a message to the user and lock the user’s desktop after a specified timeout period.
- Note: The Lock User's Desktop feature is supported only on Windows Agents that are running ObserveIT version 5.6.0 and above. It is not supported on Unix or Linux Agents, or on Windows Agents that are running ObserveIT versions prior to 5.6.0.
-
When messages are no longer needed, they can be disabled (and potentially re-enabled later), or deleted.
Message tasks include: