Registering users on computers
Internet Administrator offers three types of user authentication on workstations. This scheme is designed to clearly identify who is subject to rules and restrictions, internet access control, and traffic accounting. Typically, when collecting internet usage statistics, all objects are lumped together: IP addresses, workstation names, domain user names, and so on. This makes it difficult to determine who is actually generating so much unnecessary information.
In Internet Administrator, you can clearly see that all access conditions apply to a user object or group of objects, and a workstation is merely the source of activity for the user currently logged on to it.
By default, static user authentication is enabled on the computer. In this mode, the program automatically detects workstations and users and establishes a strict association between them. In this mode, a user is essentially a computer.
In Microsoft Active Directory domain authentication, a specific domain user is associated with the workstation to which they are logged on. All activity on that workstation is now attributed to that user.
The username and password registration mode is similar to the previous one. Here, the user doesn’t need to log in to the domain; instead, they must enter their username and password, which are pre-defined. It’s also possible to manually create users and their accounts—this may be necessary if you have more physical users than workstations and need additional accounts for separate internet resource use.
User registration is performed using a special service via a web browser. Internet traffic will be blocked until the user is registered. When attempting to access a website via a web browser, the Internet Administrator will redirect the request to their service and ask for credentials or to log in. When registering via Active Directory domains, the built-in NTLM network login feature is used. A user logged into the Active Directory network will be registered automatically; otherwise, the system will prompt for a network login and password. These logins and passwords are not transmitted over the network to our service; we only receive security descriptors, and the user’s computer and domain controller handle authentication in Active Directory.
