HealthCast

Privacy Shield
Features

The privacy shield display is a secure desktop used for locking Kiosk Mode. It secures a user's work, and has various elements that display to indicate the system is in use. It can also display how long until the system will automatically log off the inactive session once the system has been locked. When the system is locked, the privacy shield also displays the login prompt, allowing for a user to return, or another user to log in over the current session, causing the current session to be logged off.

Display Settings
  1. Log-in as a Local Administrator to the workstation you would like to make changes on.

    The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

    and choose Kiosk Mode.

    7703496.png
  3. In the Other section select the options to configure for font color, font name, and font size.

  4. Click OK to save the changes.

Registry Settings

There are several registry keys associated with the display of the privacy shield and its contests. The values below describe those intended to be changed for the Auto-Logoff display. To position the overall display, change the values of: PSAutoLogoffPosX, PSAutoLogoffPosY

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\display
  • PSAutoLogoffVisible: reg_dword - flag indicating if the Autologoff display will be visible. (1 to enable, 0 to disable the display of auto-logoff)

  • LogoffDisplayTimeVisible: reg_dword - flag indicating if the time field will be displayed. (1 to enable, 0 to disable display of logoff time)

  • LogoffDisplayTimeImagesVisible: reg_dword - flag indicating if the progress indicator images will be displayed. (1 to enable, 0 to disable display of the images)

  • PSLoginNameVisible: reg_dword - flag indicating if the current session user name should be displayed for auto-logoff. (1 to enable, 0 to disable display of session name)

  • PSAutoLogoffPreFix: reg_sz - the text that will appear to the left of the time display

  • PSAutoLogoffPostFix: reg_sz - the text that will appear to the right of the time display

  • PSAutoLogoffPosX: reg_dword - the horizontal Pixel position of the upper left of the complete auto-logoff display as sized by the images ALDisplay_*

  • PSAutoLogoffPosY: reg_dword - the vertical Pixel position of the upper left of the complete auto-logoff display as sized by the images ALDisplay_*

  • PSLogoffTimeFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the time will be displayed in.

  • PSLogoffTimeFontSize: reg_dword - the size of the font in pixels for the time display.

  • PSLogoffTimeFontFontFace: reg_sz - the font face name of the time display.

  • PSLoginNameFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the login name will be displayed in.

  • PSLoginNameFontSize: reg_dword - the size of the font in pixels for the login name.

  • PSLoginNameFontFontFace: reg_sz - the font face name of the login name display.

Changing the name format of the logged in user
  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the General tab to show the customization options available. (The option also appears on the Kiosk Mode tab)

  4. Using the drop-down arrows of Display Name Format (at the bottom of the dialog), select the options that are appropriate for your environment and click OK to finish.

    The new settings should now show when your XA screen saver, privacy shield, or Active User List is displayed. A reboot may be necessary in some environments. If prompted, please reboot your workstation.

Choose the appropriate Username display format by using the following server-side instructions for LDAP Privacy Shield Settings.

Tip

If you are connecting this client version to a server older than 4.8.3, the LDAP provider must be configured for the XA server instead of the WinNT provider in order to use the First Name, Last Name fields, instead of Display Name.

Note

If you are using Kiosk Mode Passthrough Authentication only, the following Username Settings are available:

3. Directory Service Name

7. In use only

8. No username display.

Registry Settings

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

KMLockDisplayMode: reg_dword = 0

0. Full Name

1. Last Name only

2. First Name only

3. Directory Service Name

4. Initials Only

5. First Name, Last Initial

6. First Name Initial, Last Name

7. System In Use

8. No user name (can also be set on the privacy shield independently)

Graphical Customization

Replacing the Kiosk Mode Auto-logoff display images

In C:\program files\HealthCast\ExactAccess, there are two image files.

  1. ALDisplay_FORE.png

  2. ALDisplay_MASK.bmp

Open the ALDisplay_FORE.png and make desired changes, taking into account the positioning of the elements. The design can be placed over any open, white space around the element location sections found in the ALDsiplay_MASK.bmp.

Tip

Both images must be the same size for proper operation of the display.

The default login dialog background is a PNG image that matches the color of the privacy shield background.

7703494.png

Note

When editing and saving the _MASK file, be sure that pure colors are used and no anti-aliasing is performed on this image. Tools other than Microsoft Paint automatically blend borders into the background color, effectively shrinking the desired display area.

These sections correspond to the following user interface elements:

numbers in ( ) correspond to Red, Green, Blue (RGB) values in that order.

When editing and saving the _MASK file, be sure that pure colors are used and no anti-aliasing is performed on this image. Tools other than Microsoft Paint automatically blend borders into the background color, effectively shrinking the desired display area.

  • Black (0,0,0) - this is the display for the User Name.

  • Aqua (0,255,255) - this is the progress indicator (lockedUser[1-5].png) images will appear

  • Yellow (255,255,0) - this is the display for the Prefix + logoff time + Postfix values.

The mask determines where the elements will be displayed over the top of the background.

7703495.bmp

Warning

The mask colors should not overlap one another, as the coordinates of the top-left and bottom-right are used to calculate the location and size of the elements they represent.

Setting a full background image

The privacy shield will now load a background image to display. This background image can contain any optional information to display when the system is secured.

Generating the display

This display may be a static image, or may be created automatically by a program such as Microsoft's (SysInternals) BGInfo. Simply configure a path for the image to be saved to and follow the steps below to enable loading of this image.

Configuring the display
  1. Open regedit.exe

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Display

  3. Edit the SysInfoImage registry value and set it to the full path of the image to load.

  4. Optionally, set the StartX / StartY registry keys to the X,Y coordinates of where the upper left of the image should start.

    This is only necessary if the image to be displayed is smaller than the current screen resolution, or to only display the image on a second monitor in a multi-monitor configuration.

  5. Optionally, set the UseTransparency value to 0.

    If you want the image to not be transparent - meaning, the entire image is drawn, set the value to 0. If you have generated the image with BGInfo, it is recommended to set UseTransparency to 1, so the currently configured background color is used to display behind the text.

Tip

If the file path entered in the SysInfoImage changes, or if the file date/time of the file specified in the SysInfoImage changes, the image will be reloaded. This allows administrators to script changes to the registry to display multiple images, or dynamically update the image to provide a rotating display of information if desired.

Pinning the display
  1. Open regedit.exe

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override

  3. Edit the PSUserDisplayPositionLocked: reg_dword registry value - set the value to 1 to pin the location so that it cannot be modified by dragging it with the mouse.

Network Status
Customizing the status display

Included in the XA client install is the application hciNetStatus.exe. This application displays the current network connectivity status of the workstation, either connected or disconnected. The display can be customized in the following ways.

  • The positioning of the display can be changed by setting the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\display

    • NetStartX: reg_dword = the horizontal pixel position of the upper left of the image for network connectivity.

    • NetStartY: reg_dword = the vertical pixel position of the upper left of the image for network connectivity.

  • The network status display can be changed by replacing the images listed below. The images should be 64x64 pixels or smaller.

    • The background image for connected can be modified by replacing the image netavail.png

    • The background image for disconnected can be modified by replacing the image netdown.png

  • The network status display location can be changed by dragging and dropping the network status display on the Privacy Shield. The NetStartX and NetStartY values will be updated for easy visual positioning.

Tip

To make it easier to find the correct location for placement of the network status for a particular screen resolution, simply left-click and drag the image to the appropriate location on a workstation with the correct screen resolution settings, then export the registry key values above to set them for additional workstations. The default placement at install time is designed for a screen resolution of 1920x1080.

If this appears off the screen for low resolution displays, modify the values NetStartX = 0 and NetStartY = 0. Logoff the workstation and log back in - the display should appear in the upper left corner of the screen. Proceed to drag the display to the appropriate location.

If you wish to disable the display of the network status, remove the hciNetStatus.exe from the following registry key:

Log off the kiosk workstation and login with the generic user for this setting to take effect.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Note

If you have enabled the shell replacement, the above registry key will not exist. To enable the display on the privacy shield with shell replacement, add the value to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\startup

04: reg_sz = "c:\program files (x86)\healthCast\ExactAccess\hcinetstatus" hcikmlock

Pinning the Network Status
  1. Open regedit.exe

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override

  3. Edit the NetPositionLocked: reg_dword registry value - set the value to 1 to pin the location so that it cannot be modified by dragging it with the mouse.

Removing the close button
  1. Open regedit.exe

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override

  3. Edit the NetRemoveCloseButton: reg_dword registry value - set the value to 1 to remove the close button so the network availability display cannot be closed by the end user.