Privacy Shield
Features
The privacy shield display is a secure desktop used for locking Kiosk Mode. It secures a user's work, and has various elements that display to indicate the system is in use. It can also display how long until the system will automatically log off the inactive session once the system has been locked. When the system is locked, the privacy shield also displays the login prompt, allowing for a user to return, or another user to log in over the current session, causing the current session to be logged off.
Display Settings
Log-in as a Local Administrator to the workstation you would like to make changes on.
The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
and choose Kiosk Mode.
In the Other section select the options to configure for font color, font name, and font size.
Click OK to save the changes.
Registry Settings
There are several registry keys associated with the display of the privacy shield and its contests. The values below describe those intended to be changed for the Auto-Logoff display. To position the overall display, change the values of: PSAutoLogoffPosX, PSAutoLogoffPosY
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\display
PSAutoLogoffVisible: reg_dword - flag indicating if the Autologoff display will be visible. (1 to enable, 0 to disable the display of auto-logoff)
LogoffDisplayTimeVisible: reg_dword - flag indicating if the time field will be displayed. (1 to enable, 0 to disable display of logoff time)
LogoffDisplayTimeImagesVisible: reg_dword - flag indicating if the progress indicator images will be displayed. (1 to enable, 0 to disable display of the images)
PSLoginNameVisible: reg_dword - flag indicating if the current session user name should be displayed for auto-logoff. (1 to enable, 0 to disable display of session name)
PSAutoLogoffPreFix: reg_sz - the text that will appear to the left of the time display
PSAutoLogoffPostFix: reg_sz - the text that will appear to the right of the time display
PSAutoLogoffPosX: reg_dword - the horizontal Pixel position of the upper left of the complete auto-logoff display as sized by the images ALDisplay_*
PSAutoLogoffPosY: reg_dword - the vertical Pixel position of the upper left of the complete auto-logoff display as sized by the images ALDisplay_*
PSLogoffTimeFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the time will be displayed in.
PSLogoffTimeFontSize: reg_dword - the size of the font in pixels for the time display.
PSLogoffTimeFontFontFace: reg_sz - the font face name of the time display.
PSLoginNameFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the login name will be displayed in.
PSLoginNameFontSize: reg_dword - the size of the font in pixels for the login name.
PSLoginNameFontFontFace: reg_sz - the font face name of the login name display.
Changing the name format of the logged in user
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the General tab to show the customization options available. (The option also appears on the Kiosk Mode tab)
Using the drop-down arrows of Display Name Format (at the bottom of the dialog), select the options that are appropriate for your environment and click OK to finish.
The new settings should now show when your XA screen saver, privacy shield, or Active User List is displayed. A reboot may be necessary in some environments. If prompted, please reboot your workstation.
Choose the appropriate Username display format by using the following server-side instructions for LDAP Privacy Shield Settings.
Tip
If you are connecting this client version to a server older than 4.8.3, the LDAP provider must be configured for the XA server instead of the WinNT provider in order to use the First Name, Last Name fields, instead of Display Name.
Note
If you are using Kiosk Mode Passthrough Authentication only, the following Username Settings are available:
3. Directory Service Name
7. In use only
8. No username display.
Registry Settings
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess
KMLockDisplayMode: reg_dword = 0
0. Full Name
1. Last Name only
2. First Name only
3. Directory Service Name
4. Initials Only
5. First Name, Last Initial
6. First Name Initial, Last Name
7. System In Use
8. No user name (can also be set on the privacy shield independently)
Graphical Customization
Replacing the Kiosk Mode Auto-logoff display images
In C:\program files\HealthCast\ExactAccess, there are two image files.
ALDisplay_FORE.png
ALDisplay_MASK.bmp
Open the ALDisplay_FORE.png and make desired changes, taking into account the positioning of the elements. The design can be placed over any open, white space around the element location sections found in the ALDsiplay_MASK.bmp.
Tip
Both images must be the same size for proper operation of the display.
The default login dialog background is a PNG image that matches the color of the privacy shield background.
Note
When editing and saving the _MASK file, be sure that pure colors are used and no anti-aliasing is performed on this image. Tools other than Microsoft Paint automatically blend borders into the background color, effectively shrinking the desired display area.
These sections correspond to the following user interface elements:
numbers in ( ) correspond to Red, Green, Blue (RGB) values in that order.
When editing and saving the _MASK file, be sure that pure colors are used and no anti-aliasing is performed on this image. Tools other than Microsoft Paint automatically blend borders into the background color, effectively shrinking the desired display area.
Black (0,0,0) - this is the display for the User Name.
Aqua (0,255,255) - this is the progress indicator (lockedUser[1-5].png) images will appear
Yellow (255,255,0) - this is the display for the Prefix + logoff time + Postfix values.
The mask determines where the elements will be displayed over the top of the background.
Warning
The mask colors should not overlap one another, as the coordinates of the top-left and bottom-right are used to calculate the location and size of the elements they represent.
Setting a full background image
The privacy shield will now load a background image to display. This background image can contain any optional information to display when the system is secured.
Generating the display
This display may be a static image, or may be created automatically by a program such as Microsoft's (SysInternals) BGInfo. Simply configure a path for the image to be saved to and follow the steps below to enable loading of this image.
Configuring the display
Open regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Display
Edit the SysInfoImage registry value and set it to the full path of the image to load.
Optionally, set the StartX / StartY registry keys to the X,Y coordinates of where the upper left of the image should start.
This is only necessary if the image to be displayed is smaller than the current screen resolution, or to only display the image on a second monitor in a multi-monitor configuration.
Optionally, set the UseTransparency value to 0.
If you want the image to not be transparent - meaning, the entire image is drawn, set the value to 0. If you have generated the image with BGInfo, it is recommended to set UseTransparency to 1, so the currently configured background color is used to display behind the text.
Tip
If the file path entered in the SysInfoImage changes, or if the file date/time of the file specified in the SysInfoImage changes, the image will be reloaded. This allows administrators to script changes to the registry to display multiple images, or dynamically update the image to provide a rotating display of information if desired.
Pinning the display
Open regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override
Edit the PSUserDisplayPositionLocked: reg_dword registry value - set the value to 1 to pin the location so that it cannot be modified by dragging it with the mouse.
Network Status
Customizing the status display
Included in the XA client install is the application hciNetStatus.exe. This application displays the current network connectivity status of the workstation, either connected or disconnected. The display can be customized in the following ways.
The positioning of the display can be changed by setting the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\display
NetStartX: reg_dword = the horizontal pixel position of the upper left of the image for network connectivity.
NetStartY: reg_dword = the vertical pixel position of the upper left of the image for network connectivity.
The network status display can be changed by replacing the images listed below. The images should be 64x64 pixels or smaller.
The background image for connected can be modified by replacing the image netavail.png
The background image for disconnected can be modified by replacing the image netdown.png
The network status display location can be changed by dragging and dropping the network status display on the Privacy Shield. The NetStartX and NetStartY values will be updated for easy visual positioning.
Tip
To make it easier to find the correct location for placement of the network status for a particular screen resolution, simply left-click and drag the image to the appropriate location on a workstation with the correct screen resolution settings, then export the registry key values above to set them for additional workstations. The default placement at install time is designed for a screen resolution of 1920x1080.
If this appears off the screen for low resolution displays, modify the values NetStartX = 0 and NetStartY = 0. Logoff the workstation and log back in - the display should appear in the upper left corner of the screen. Proceed to drag the display to the appropriate location.
If you wish to disable the display of the network status, remove the hciNetStatus.exe from the following registry key:
Log off the kiosk workstation and login with the generic user for this setting to take effect.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Note
If you have enabled the shell replacement, the above registry key will not exist. To enable the display on the privacy shield with shell replacement, add the value to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\startup
04: reg_sz = "c:\program files (x86)\healthCast\ExactAccess\hcinetstatus" hcikmlock
Open regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override
Edit the NetPositionLocked: reg_dword registry value - set the value to 1 to pin the location so that it cannot be modified by dragging it with the mouse.
Open regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override
Edit the NetRemoveCloseButton: reg_dword registry value - set the value to 1 to remove the close button so the network availability display cannot be closed by the end user.