Ekran System v.6.

5
Getting Started
Table of Contents

About................................................................................................................................... 5
System Requirements ...................................................................................................... 6
Program Structure............................................................................................................. 9
Getting Started................................................................................................................. 11
Server and Database ....................................................................................................... 12
Installing the Server ................................................................................................................12
Database Types Comparison ................................................................................................16
Management Tool ............................................................................................................ 20
Management Tool Installation Prerequisites .......................................................................20
Turning on Internet Information Service (IIS) ..................................................................20
Turning on IIS for Windows 8 and Windows 7 .............................................................20
Turning on IIS for Windows Server 2008 R2 ................................................................21
Turning on IIS for Windows Server 2012 ......................................................................22
Installing .NET Framework .................................................................................................24
Configuring Internet Information Service (IIS) .................................................................24
Using Certificates .................................................................................................................29
Generating Self-Signed Certificate ................................................................................29
Exporting Self-Signed Certificate ...................................................................................30
Importing Trusted Certificate ...........................................................................................31
Adding Certificate to Trusted Root Certification Authorities .......................................32
Setting HTTPS Binding for a Default Web-Site ...............................................................37
Installing the Management Tool ............................................................................................39
Adjusting Computer for Remote Access ..............................................................................41
Multi-Tenant Ekran System Mode ................................................................................. 43
Enabling Multi-Tenant Mode ..................................................................................................43
Adding Tenants ........................................................................................................................43
Licensing .......................................................................................................................... 46
Activating Serial Keys Online ................................................................................................46
Adding Activated Serial Keys Offline ....................................................................................46
Installing Windows Clients ............................................................................................ 48
Windows Client Installation Prerequisites............................................................................48

2
 Installing Windows Clients Remotely via the Management Tool .....................................49
About ......................................................................................................................................49
Selecting Computers ...........................................................................................................49
Remote Windows Client Installation Process ..................................................................51
Remote Installation from an Existing .INI File..................................................................52
Installing Windows Clients Locally ........................................................................................53
Installing macOS Clients ................................................................................................ 54
About .........................................................................................................................................54
Downloading macOS Client Installation File .......................................................................54
Installing macOS Clients ........................................................................................................54
Installing Linux Clients ................................................................................................... 55
About .........................................................................................................................................55
Downloading Linux Client Installation File ...........................................................................55
Installing Linux Clients ............................................................................................................55
Alerts ................................................................................................................................. 58
Adding Alerts ............................................................................................................................58
Users and Permissions .................................................................................................. 61
About .........................................................................................................................................61
Adding Users ............................................................................................................................61
Permissions ..............................................................................................................................65
Management Tool Log .................................................................................................... 66
Viewing Monitoring Results ........................................................................................... 67
Playing Sessions .....................................................................................................................67
Playing Windows Sessions ....................................................................................................68
Viewing Clipboard Text Data ..............................................................................................68
Viewing USB Device Info ....................................................................................................69
Viewing URLs .......................................................................................................................69
Playing macOS Sessions .......................................................................................................70
Viewing URLs .......................................................................................................................70
Playing Linux Sessions ...........................................................................................................71
Playing Remote SSH Sessions..........................................................................................71
Playing Local X Window System Sessions ......................................................................71
Filtering EXEC Commands .................................................................................................71

3
 Dashboards ..............................................................................................................................71
More Information ............................................................................................................. 73

4
About
Welcome to Ekran System!
Ekran System is an application that allows you to record the activity of the target computers
with installed Clients and to view the screen captures from these computers in the form of
video.
This guide will help you in managing Ekran components (installing, uninstalling, updating, etc.)
and controlling their interaction.

5
System Requirements
Ekran System claims different system requirements for each of its components. Make sure your
hardware and software meet the following system requirements to avoid possible component
malfunctions.

Server requirements:
 2 GHz or higher CPU
 4 GB or more RAM
 Enterprise-level Ethernet card
 Minimum 1 Gbit/s network adapter
 Windows Server 2016, Windows Server 2012, and Windows Server 2008 R2 (x64
platform)
 Universal C Runtime and Visual C++ Runtime (starting with Ekran System 5.5). Both can
be installed via the Microsoft Visual C++ 2015 Redistributable:
[Link]
NOTE: The Universal C Runtime needs to be initially installed via update KB2999226:
[Link]
windows
 .Net Framework 4.5.2 or higher
NOTE: If the Server and the Management Tool are to be installed on the same
computer, make sure you turn on the Internet Information Service before the
installation of .Net Framework 4.5.2.
 [When using MS SQL Database]: Full edition of MS SQL Server 2008R2 SP1 or higher.
Standard license or higher is required.
 [When using PostgreSQL Database]: PostgreSQL 9.5 or higher.
NOTE: If you want to deploy the Ekran System in the High Availability mode, enabled
Message Queueing and configured NLB cluster are required. Please refer to the High
Availability Deployment Guide for more information.

Management Tool requirements:

 2 GHz or higher CPU
 4 GB or more RAM
 100 Mbit/s network adapter
 Windows 10, Windows 8.1, Windows 8, Windows 7 (any edition except Home);
[recommended] Windows Server 2016, Windows Server 2012, and Windows Server
2008 R2 (starting from SP1 version). Both x86 and x64 platforms are supported.
 .Net Framework 4.5.2 or higher

6
  IIS 7.5 or higher with enabled [Link] 3.5 and 4.5 support (4.6 for Windows Server
2016)
 [For accessing the Management Tool locally or remotely] One of the following browsers:
 Google Chrome 37 or higher
 Mozilla Firefox 32 or higher
 Internet Explorer 10 or higher
 Safari S6 and Safari S5
 Opera 15 or higher
NOTE: The Management Tool might be opened in other browsers, but its compatibility with
other browsers is not guaranteed.

Windows Client requirements:

 1 GHz or higher CPU
 512 MB or more RAM
 100 Mbit/s network adapter
 Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP
SP3; Windows Server 2016, Windows Server 2012, Windows Server 2008, and
Windows Server 2003 SP1. Both x86 and x64 platforms are supported.
NOTE: Due to the new SHA-256 code signing, on Windows 7 SP1 and Windows
Server 2008 R2 SP1, the Microsoft Security Advisory update 3033929 needs to be
installed: [Link]
updates/SecurityAdvisories/2015/3033929
 Citrix XenDesktop; Citrix XenApp; Citrix XenDesktop/XenApp with Citrix Provisioning
Services (PVS).
 It is recommended to have not less than 500MB of free space on the disk where the
Client is installed to save data during the offline session.

macOS Client requirements:

 2.26GHz Intel Core 2 Duo or higher CPU
 2GB RAM
 100 Mbit/s network adapter
 macOS 10.9 and later
 It is recommended to have not less than 500MB of free space on the disk where the
Client is installed to save data during the offline session.

Linux Client requirements:

 1 GHz or higher CPU
 512 MB or more RAM

7
  100 Mbit/s network adapter
 It is recommended to have not less than 500MB of free space on the disk where the
Client is installed to save data during the offline session.
 Linux Kernel 2.6.32 and higher

Distributor Base OS Versions Supported

Debian Debian 9.0, 8.0, 7.0

Ubuntu 18.04, 16.0, 15.0, 14.0, 12.0
Linux Mint [Link] - 13

openSUSE Suse Linux Enterprise Server 12(SP1, SP2, SP3), 11(SP2, SP3, SP4)

RedHat RedHat 7.0, 6.0

CentOS 7.x , 6.x
Oracle Linux 7.x - 5.6

Sun Solaris 10.0 (Global and Whole root zones

Microsystems only)

IBM AIX 7.2, 7.1

The monitoring of graphical interface for X Window System is supported on the following
operating systems:

OS Versions Supported
Ubuntu Ubuntu 18.04.1 LTS, Ubuntu 16.04.5 LTS, Ubuntu 16.04.2, Ubuntu
14.04.5 LTS, Ubuntu 14.04.2, Ubuntu 12.04.1, Ubuntu 14.04 LTS
Red Hat Red Hat 7.0 – 7.6, Red Hat 6.0 – 6.10
CentOS CentOS 7.1 – 7.5, CentOS 6.1 – 6.9
Suse Linux 12(SP1, SP2, SP3)
Enterprise Server

NOTE: When the Client is installed to the terminal server, hardware requirements depend on
the number of active user sessions and may increase drastically. For example, hardware
requirements for the Client deployed on the terminal server hosting 10 active user sessions
will be as follows:
 Intel Core i3 or similar AMD CPU
 2048 MB RAM

8
Program Structure
Ekran System is an application specially designed to control user activity remotely.

Ekran System includes the following components:

 Ekran System Server (further referred to as Server): It is the main part of the Ekran
System used for storing the screenshots and associated information received from the
Clients. The work of the Server can be started or stopped via Server Tray.

 Ekran System Management Tool (further referred to as Management Tool): It is a

central administrative unit that allows you to control and manage Clients, Users, USB
Monitoring Rules, Alerts, Server database, and Serial Keys. You can have access to the
Management Tool from any computer in the network without having to install it on this
computer.
Ekran System Session Viewer provides a usable interface for quick review of the
monitored data received from the Windows, macOS, and Linux Clients.

 Ekran System Windows Clients (further referred to as Windows Clients): Being hosted
on the remote computers, Windows Clients create screenshots with the defined
frequency and send them to the Server along with metadata information such as user
name, host name, activity time, active window titles, application names, URL addresses,
clipboard text data, keystrokes, etc. Managing the remote Windows Clients
configuration and settings is performed via the Management Tool.

 Ekran System macOS Clients (further referred to as macOS Clients): Being hosted on
the remote computers, macOS Clients create screenshots with the defined frequency
and send them to the Server along with metadata information such as user name, host
name, activity time, active window titles, application names, URL addresses, etc.
Managing the remote macOS Clients configuration and settings is performed via the
Management Tool.

 Ekran System Linux/Unix Clients (further referred to as Linux Clients): Being

hosted on the remote computers, Linux Clients capture input/output terminal data
(including all executed commands) and send this interactive data to the Server.

 Ekran System Tray Notifications application (further referred to as Tray

Notifications application): This application allows receiving notifications on alert
events on Clients.

9
10
Getting Started
The Ekran System installation consists of the following steps:
1. Install the Server.
2. Make sure the Management Tool installation prerequisites are met.
3. Install the Management Tool.
4. Purchase serial keys and activate them online (or add them offline).
5. Set up the network environment on the computers where the Clients will be installed.
6. Install the Windows Clients, macOS, or Linux Clients.
7. Define monitoring settings for Clients.
8. Add Alerts in case needed.
9. Add users to the system and define their permissions.
10. Start monitoring the captured data from the investigated computers.
Server and Database
Installing the Server
To install the Server, do the following:
1. Run the EkranSystem_Server.exe installation file.
2. Click Next on the Welcome page.
3. Carefully read the terms of the End-User License Agreement and click I Agree.
4. On the Choose Components page, do one of the following and click Next:
 In the drop-down list, select Ekran System Server.
 Select Ekran System Server in the box.

5. On the Choose Install Location page, enter the installation path or click Browse to
navigate to the Server installation folder. Click Next.

12
6. On the Database Type page, select the type of database you want to use for storing
data. Click Next. See the Database Types Comparison chapter, to see the difference
and choose the proper type of the database.

7. If you have selected MS SQL Server, on the MS SQL Server Database Configuration
page, define the connection parameters and then click Next.
 Define the MS SQL Server instance name, which is the instance name assigned
to the TCP/IP port. Optionally, you can define the custom MS SQL database
port by entering it after the Server instance name and separating with comma
(e.g.,<server_instance_name>,<port>).
NOTE: If the default instance of the MS SQL is used, then only name of the PC
with the MS SQL server must be defined.
 Define the Database name for the database.

13
  Define the User name and Password of a user account via which the
connection to the Server will be established.
NOTE: You have to define either the SA credentials or the credentials of the
user with the dbcreator permission.

8. If you have selected Firebird database, on the Database Location page, enter the
database path or click Browse to navigate to the database installation folder. Click
Next.

9. If you have selected PostgreSQL database, on the PostgreSQL Server Database

Configuration page, define the connection parameters and then click Next.
 Define the PostgreSQL Server instance name, which is the instance name
assigned to the TCP/IP port. Optionally, you can define the custom PostgreSQL
database port by entering it after the Server instance name and separating
with colon (e.g.,<server_instance_name>:<port>).

14
 NOTE: If the default instance of the PostgreSQL is used, enter localhost in the
Server instance field.
 Define the Database name for the database.
 Define the User name and Password of a user account via which the
connection to the Server will be established.
NOTE: By default, it is a user with the login postgres and the password
defined during the PostgreSQL installation.

10. If you already have a database created during the usage of previous program versions,
you will be offered to re-use it. If you want to use the existing database, click Yes. In
other case, click No and the new database will be created.
NOTE: If you click No, the existing database will be deleted.
11. On the Administrator password page, define the password for the administrator (the
default user of Ekran System with login admin and full permissions). Click Next.

15
12. On the Client Uninstallation Key page, enter the key that will be used during the
Client local uninstallation and click Next. By default, the Uninstallation key is allowed.
You will be able to change this key via the Management Tool any time later.

13. Click Install.

14. The installation process starts. Its progress is displayed on the Installing page.
15. After the end of the installation process, click Finish to exit the wizard.
16. If you are installing the Server for the first time, back up EkranMasterCertificate (For
more details, see the Backing up Ekran Master Certificate chapter in the Ekran System
Deployment Guide). The backed up certificate might be required for Server recovery
or during updates.
17. If you already have a backed up master certificate and re-using the database, delete
the master certificate and import the backed up one instead of it.
18. In Windows Firewall, you must allow the Server executable to accept TCP connections
via ports 9447 (for the connection between the Server and the Clients), 22712, 22713,
and 22714 (for the connection between the Server and the Management Tool). These
rules will be added to Windows Firewall automatically if Windows Firewall is enabled
during the Server installation.

Database Types Comparison

When installing the Server, you can choose between three types of databases (MS SQL
database, Firebird database, and PostgreSQL database). These databases have the following
differences:

16
Feature MS SQL Database Firebird Database PostgreSQL Database

General
Commercial/o Commercial database Open source product Open source product
pen-source from Microsoft
Free ✘ (has a limited free ✔ ✔
version)
NOTE: Using MS SQL
Express does not
guarantee the stable
work of the Server.
Requires ✔ ✘ ✔
additional
software
installation
Scalability
Remote ✔ ✘ ✔
access to
(a separate database (an embedded (a separate database
database database that runs engine that can be
engine that can be
inside of the Ekran deployed on a separate
deployed on a
System server process server)
separate server)
and cannot be moved
to another server)

Clustering ✔ ✘ ✔
support
(Primary-Standby)
Network ✔ ✘ ✔
drives (if mount as drive)
support
Performance

Processing High Low High

speed
Efficient ✔ ✘ ✔
caching
algorithms

17
Feature MS SQL Database Firebird Database PostgreSQL Database

Index Automatic Manual Manual

statistics
update
Memory/proc A separate process, Uses memory and A separate process,
ess usage more efficient CPU as a part of the more efficient memory
memory usage, Ekran System server usage, quotas can be
quotas can be applied process applied

o Maintenance o Cross-platform. It
Additional ✘
features tasks can be executed can be run on variety
by the engine of systems and
independently platforms (Windows,
o Complex Linux, macOS, BSD,
execution plans Solaris)
optimizations o A lot of third-party
solutions for
replications and
clustering

Requires ✔ ✘ ✔
additional
software
installation
Safety and security

Security High. Keystroke Low. Keystroke High. Keystroke

encryption is encryption is not encryption is
supported supported supported
Safety o Database o Database o Database
corruption is unlikely corruption is possible corruption is unlikely
o Replications o No replications o Replications
o Сan be managed o Only automatic
via Microsoft native database
tools maintenance
o Support supported
scheduled
maintenance:

18
Feature MS SQL Database Firebird Database PostgreSQL Database

reindexing, shrinking
etc.

Backup Flexible backup logic Manual backup with Flexible backup logic
(to learn more about service stopping (to learn more about
the MS SQL database (to learn more about the PostgreSQL
backup, visit the the Firebird database database backup, visit
Microsoft website at backup, visit the the PostgreSQL
[Link] Firebird website at website at
m/en-us/sql/relational- [Link] [Link]
databases/backup- g/pdfmanual/html/nback g/docs/9.1/static/backup.
restore/full-database-
[Link] ) html )
backups-sql-
server?view=sql-server-
2017 )

19
Management Tool
Management Tool Installation Prerequisites
The following prerequisites are necessary for successful installation of the Management Tool.
For Windows 7, it is important that you follow these steps in correct order.

To be able to install the Management Tool, you need to:

1. Turn on the Internet Information Service.
2. Install .NET Framework 4.5.2.
3. Configure the Internet Information Service.
4. Generate a self-signed certificate or import a purchased SSL certificate issued for the
computer, on which the Management Tool will be installed.
5. Add the certificate to the Trusted Root Certification Authorities on the computer, on which
the Management Tool will be installed. Otherwise a certificate error will be displayed in
your browser when opening the Management Tool.
6. Set HTTPS binding for a default web site (or any other IIS site).
NOTE: If you already have a certificate generated for the computer on which the
Management Tool will be installed, you can skip certificate generation step and use an
existing certificate.

Turning on Internet Information Service (IIS)

Turning on IIS for Windows 8 and Windows 7
To turn on the Internet Information Service for Windows 8 and Windows 7, do the following:
1. Select Control Panel > Programs and Features (Program uninstallation).

20
2. Click the Turn Windows features on or off navigation link.
3. The Windows Features window opens.
4. In the features tree-view, select the Internet Information Services check box.

5. Click OK.

Turning on IIS for Windows Server 2008 R2

To turn on the Internet Information Service for Windows Server 2008 R2, do the following:
1. In the Start menu, select All Programs > Administrative Tools > Server Manager.
2. In the navigation pane, select Roles, and then click Add Roles.

21
3. The Add Roles Wizard opens.
4. On the Before You Begin page, click Next.
5. On the Server Roles page, select Web Server (IIS), click Next, and then go to the Role
Services page to start configuring Web Server (IIS).

Turning on IIS for Windows Server 2012

The Internet Information Service can be turned on using the Windows PowerShell or Windows
Server 2012 Server Manager.

To turn on the Internet Information Service for Windows Server 2012 using Windows
PowerShell, do the following:
1. In the Start menu, select Windows PowerShell.
2. Enter the following command and click Enter:
Install-WindowsFeature -Name Web-Server, Web-Mgmt-Tools

To turn on the Internet Information Service for Windows Server 2012, do the following:
1. In the Start menu, select Server Manager.
2. In the navigation pane, select Dashboard, then click Manage > Add roles and features.

3. The Add Roles and Features Wizard opens.

4. On the Before You Begin page, click Next.

22
5. On the Installation type page, select Role-based or feature-based installation, and then
click Next.

6. On the Server Selection page, select Select a server from the server pool, select your server
from Server Pool list, and then click Next.

7. On the Server Roles page, select Web Server (IIS), click Next and then click Add Features to
start configuring Web Server (IIS).

23
Installing .NET Framework
Windows 10 and Windows Server 2016 usually have .NET Framework 4.6 installed.
If you are using Windows 8.1, Windows 8, Windows 7, Windows Server 2012, Windows Server
2008, or if there is no .NET Framework 4.5.2 on other Windows versions, you can download it
from the Microsoft official [Link]
and run the installation file on your computer.
Alternatively, on Windows Server 2012, you can install .NET Framework 4.5.2 using Windows
PowerShell.
To install .NET Framework 4.5.2 and configure Internet Information Service (IIS) for Windows
Server 2012 using Windows PowerShell, do the following:
1. In the Start menu, select Windows PowerShell.
2. Enter the following command and click Enter:
Install-WindowsFeature -Name NET-Framework-Core, Name NET-Framework-45-
ASPNET, Name Web-Asp-Net45, Name Web-ISAPI-Ext, Name Web-ISAPI-Filter

Configuring Internet Information Service (IIS)

Windows 10 Make sure that all the following options are selected in the
Windows Features window and then click OK:
 .NET Framework 4.6 Advanced Services;

24
  Internet Information Services > Web Management Tools >
IIS Management Console;

 Internet Information Services > World Wide Web Services >

Application Development Features > [Link] 3.5 and
[Link] 4.6;

 Internet Information Services > World Wide Web Services >

Common HTTP Features > Static Content.

Windows 8 Make sure that all the following options are selected in the
Windows Features window and then click OK:
 .NET Framework 4.5 Advanced Services;

 Internet Information Services > Web Management Tools >

IIS Management Console;

 Internet Information Services > World Wide Web Services >

Application Development Features > [Link] 3.5 and
[Link] 4.5;

25
  Internet Information Services > World Wide Web Services >
Common HTTP Features > Static Content.

Windows 7 Make sure that all the following options are selected in the
Windows Features window and then click OK:
 Internet Information Services > Web Management Tools >
IIS Management Console;

 Internet Information Services > World Wide Web Services >

Application Development Features > [Link];

 Internet Information Services > World Wide Web Services >

Common HTTP Features > Static Content.

Windows Server 1. In the Add Roles and Features Wizard window, on the
2016 Server Roles page, make sure that the Web Server (IIS) option
is selected and then click Next.
2. On the Features page, make sure that the following option
is selected:
 .NET Framework 4.6 Features > .NET Framework 4.6 and
[Link] 4.6

3. Click Next.
4. On the Web Server Role IIS page, click Next.

26
 5. On the Role Services page, select the [Link] 4.6 option
(under Application Development).

6. Click Next and then click Add Features.

7. On the Role Services page, make sure that the following
options are selected:
 Application Development >
 .NET Extensibility 4.6
 [Link] 4.6
 ISAPI Extensions
 ISAPI Filters

8. Click Next and then click Install.

9. After the end of installation, click Close.

Windows Server 2012 1. In the Add Roles and Features Wizard window, on the
Server Roles page, make sure that the Web Server (IIS) option
is selected and then click Next.

2. On the Features page, make sure that the following option

is selected:
 .NET Framework 4.5 (Installed) > [Link] 4.5.

3. Click Next.
4. On the Web Server Role IIS page, click Next.
5. On the Role Services page, select the [Link] 4.5 option
(under Application Development).

27
 6. Click Next and then click Add Features.
7. On the Role Services page, make sure that the following
options are selected:
 Application Development > .NET Extensibility 4.5 > ASP >
NET 4.5 > ISAPI Extensions > ISAPI Filters.

8. Click Next and then click Install.

9. After the end of installation, click Close.

Windows Server 1. In the Add Roles Wizard window, on the Role Services page,
2008 make sure that the following options are selected:
 Common HTTP Features > Static Content;
 Application Development > [Link].

2. Click Next and then click Add Required Role Services.

3. On the Role Services page, make sure that the following
options are selected:
 Management Tools > IIS Management Console.

4. Click Next and then click Install.

5. After the end of installation, click Close.

28
Using Certificates
Generating Self-Signed Certificate
To generate a self-signed certificate on the machine, on which you will install the
Management Tool, do the following:
1. Open the Internet Information Service Manager:
 For Windows 8 or Windows 7: Open Computer > Manage > Services and Applications >
Internet Information Services (IIS) Manager.
 For Windows Server 2012 or Windows Server 2008: Press Windows+R, enter inetmgr
in the Run window and then press Enter.
NOTE: Using the inetmgr command is a common way of opening the Internet Information
Service Manager for any version of the Windows operating system.
2. Click the main node in the Connections tree-view and then double-click the Server
Certificates item under the IIS category.

3. The Server Certificates pane opens.

4. On the Actions pane (to the right), click Create Self-Signed Certificate.

29
5. The Create Self-Signed Certificate window opens.
6. Enter the name for a certificate in the Specify a friendly name for the certificate box and
select Personal in the Select a certificate store for the new certificate drop-down list. Click
OK.
7. The certificate is created.

Exporting Self-Signed Certificate

To export self-signed certificate, do the following:
1. In the Internet Information Service Manager, on the Server Certificates pane, select the
generated certificate and click Export on the Actions pane or in the certificate right-click
menu.
2. In the Export Certificate window, define the location and password for the certificate. Click
OK.

30
3. The certificate is exported and can be added to the Trusted Root Certification Authorities.

Importing Trusted Certificate

To import a purchased certificate issued for the computer, do the following:
1. Open the Internet Information Service Manager:
 For Windows 8 or Windows 7 Open Computer > Manage > Services and Applications
> Internet Information Services (IIS) Manager.
 For Windows Server 2012 or Windows Server 2008: Press Windows+R, enter
inetmgr in the Run window and then press Enter.
NOTE: Using the inetmgr command is a common way of opening the Internet
Information Service Manager for any version of the Windows operating system.
2. Click the main node in the Connections tree-view and then double-click the Server
Certificates item under the IIS category.
3. The Server Certificates pane opens.
4. On the Actions pane (to the right), click Import.

5. In the Import Certificate window, click the dots (…) to browse for the file of the purchased
certificate and enter its password in the Password field.

31
6. Click OK.
7. The certificate is imported and displayed on the Server Certificates pane of the Internet
Information Services (IIS) Manager.

Adding Certificate to Trusted Root Certification Authorities

Before adding the self-signed certificate to the Trusted Root Certification Authorities, it should
be exported. For purchased certificates that were issued for your computer this procedure is
not needed.

To add the certificate to the Trusted Root Certification Authorities, do the following:
1. Press Windows+R, type mmc in the Run text box and press Enter.
2. In the opened User Account Control window, click Yes.
3. In the Console window, select File > Add/Remove Snap-in.

4. In the opened Add or Remove Snap-ins window, select Certificates > Add.

32
5. In the opened Certificates snap-in window, select Computer account and click Next.

6. In the opened Select Computer window, select Local computer: (the computer this console
is running on) and click Finish.

7. In the Add or Remove Snap-ins window, click OK.

33
8. In the Console window, expand the Certificates (Local computer) node.
9. In the Certificates (Local computer) tree-view, find the Trusted Root Certification
Authorities node.

10. In the right-click menu of the Trusted Root Certification Authorities node, select All Tasks >
Import.

11. The Certificate Import Wizard opens.

34
12. On the Certificate Import Wizard Welcome page, click Next.
13. On the File to Import page, click Browse to find the certificate to be imported and then click
Next.

14. On the Private key protection page, enter the certificate password and then click Next.

35
15. On the Certificate Store page, click Next.

16. On the last page of the Certificate Import Wizard, click Finish.
17. In the confirmation message, click OK.

18. The certificate is imported and is displayed in the Console window in the Certificates node.
Please note that the Issued To field contains the name of the computer, on which the
Management Tool will be installed in the format that will be used when opening the
Management Tool.

36
19. Close the Console window.

Setting HTTPS Binding for a Default Web-Site

To set HTTPS binding for a default web-site, do the following:
1. Open the Internet Information Service Manager:
 For Windows 8 or Windows 7: Open Computer > Manage > Services and
Applications > Internet Information Services (IIS) Manager.
 For Windows Server 2012 or Windows Server 2008: Press Windows+R, enter
inetmgr in the Run window and then press Enter.
NOTE: Using the inetmgr command is a common way of opening the Internet
Information Service Manager for any version of the Windows operating system.
2. Expand the node with the name of the target computer in the central pane.
3. Expand the Sites node.
4. Select the Default Web Site.
NOTE: If there is no such site in the Internet Information Services (IIS) Manager of your
computer, you can select any other site (the name of the site does not matter).

37
5. Click the Bindings navigation link on the right.
6. The Site Bindings window opens.

7. If there is no binding of HTTPS type in the Site Bindings window, click Add.
8. The Edit Site Binding window opens.
9. In the Type box, select https.

10. Next to the SSL certificate drop-down list, click Select.

11. The Select Certificate window opens, where the list of existing certificates is displayed.

38
12. In the Select Certificate window, select the certificate generated for the Management Tool
and then click OK.

13. In the Add Site Binding window, click OK.

14. In the Site Bindings window, click Close.
15. Now the Internet Information Service is fully adjusted and you can start installing the
Management Tool.

Installing the Management Tool

To install the Management Tool, do the following:
1. Run the EkranSystem_ManagementTool.exe installation file.
2. On the Welcome page, click Next.
3. Carefully read the terms of the End-User License Agreement and click I Agree.
4. On the Connection Settings page, do the following and then click Next:
 In the Server address box, enter the name or IP address of the computer on which
the Server is installed.
 In the URL address field enter the folder where the Management Tool will be
located within IIS. This URL will be used when opening the Management Tool.

39
5. On the Choose Install Location page, enter the destination folder in the corresponding
field or click Browse and in the Browse For Folder window, define the destination
folder. Click Install.

6. The installation process starts. Its progress is displayed on the Installing page.
7. After the end of the installation process, click Close to exit the wizard
8. The Management Tool is displayed as an application of a default web site or any other
site with https connection in the Internet Information Services (IIS) Manager.

9. Now you can open the Management Tool via your browser from the same computer
or a remote one.

40
Adjusting Computer for Remote Access
If you want to open the Management Tool from the computer different from the one where
the Management Tool is installed, you need to adjust Firewall settings to be able to access this
computer.
If the users access Management Tool only from computers where it is installed, there is no
need to configure Firewall.

To adjust Firewall on the computer where the Management Tool is installed, do the
following:
1. In the Control Panel, select System and Security > Windows Firewall.
2. In the Windows Firewall window, click Advanced settings.
3. In the Windows Firewall with Advanced Security window, right click Inbound Rules
and select New rule.
4. The New Inbound Rule Wizard opens.
5. On the Rule Type page, select Predefined and then select Secure World Wide Web
Services (HTTPS) in the list. Click Next.

41
6. On the Predefined Rules page, select the World Wide Web Services (HTTPS Traffic-In)
check box. Click Next.

7. On the Action page, select Allow the connection. Click Finish.

8. The new inbound rule for Firewall is created.

42
Multi-Tenant Ekran System Mode
Enabling Multi-Tenant Mode
By default, Ekran System is installed in the Single-Tenant mode, so all Clients and settings are
shared with all users according to their permissions.
If necessary, you can use the Ekran System in the Multi-Tenant mode. In this mode, all tenant
users have access to their tenant Clients, but they have no access to other tenants’ Clients,
configurations, alerts, reports, etc.
The Multi-Tenant mode is available for Windows and Linux Clients. For Linux Clients, the tenant
they belong to is defined during the Client installation.
NOTE: The Multi-Tenant mode is available only if you have an activated Enterprise serial key.

To enable the Multi-Tenant Mode:

1. Log in to the Management Tool as a user with the administrative Tenant management and
system configuration permission.
2. Click the Configuration navigation link to the left.
3. On the System settings tab, in the Ekran System Mode group, select the Enable Multi-
tenant mode option and click Save.
4. The Tenant Management navigation link appears in the navigation pane.
5. Click the Tenant Management navigation link to the left.
6. On the Tenants page, select the Built-in default tenant and then click Edit Tenant.
7. On the Licenses tab, select the amount of licenses of each type to be unassigned from the
Built-in default tenant. This amount of licenses will be available for the tenants created by
the technician.
8. Add Tenants.

NOTE: To move already installed Windows Clients to the Tenant, you need to reinstall them.

Adding Tenants
To add a new tenant, do the following:
1. Log in to the Management Tool as a user with the administrative Tenant management and
system configuration permission.
2. Click the Tenant Management navigation link to the left.
3. On the Tenants page, click Add Tenant.
4. On the Tenant Settings tab, define the tenant name and description.

43
5. To register the tenant admin, define the following information:
 To register the tenant admin via email, select the Register the tenant admin via
email option and define an email address in the Email box. The email with
credentials will be sent to the tenant admin.
 To register the domain tenant admin, select the Select the tenant admin from the
domain users option and define the domain name and the user name.

6. On the Licenses tab, enter the amount of licenses of each type to be granted to the tenant.
Please note that when the Multi-tenant mode is enabled, all licenses are assigned to the
default tenant. Before creating a new tenant, you need to unassign the necessary amount
of the licenses to be granted to a new tenant.

44
7. Click Finish.
8. The tenant is added and displayed on the Tenants page.

45
Licensing
Activating Serial Keys Online
To activate purchased serial keys online, do the following:
1. Make sure you have an active Internet connection on the computer with the installed
Server.
2. Log in to the Management as a user of the Administrators user group.
3. Click the Serial Key Management navigation link on the left.
4. On the Serial Keys tab, click Activate keys online.
5. In the Serial Key Activation window, enter serial keys to be activated separating them with
semicolons or paragraphs and click Activate.

6. The activated keys will appear on the Serial Key Management page
7. The number of available licenses and the update & support period end date change.

Adding Activated Serial Keys Offline

If you have no Internet connection on a computer on which the serial keys are to be activated,
you can activate them on the license site and then add the activated serial keys offline. For
more information, send an email to info@[Link]
NOTE: Update and Support serial keys cannot be activated offline.

To activate serial keys offline on the license site, do the following:

1. On the computer with the installed Server, start the [Link] file,
which you can download at
[Link]
xe
2. The Unique Identifier Generator window opens.
3. Click Generate to generate a unique identifier for your computer.

46
4. When a unique identifier for your computer is generated, it will appear in a text box under
the Unique Identifier group of options.
5. Copy the unique identifier from the text box to a text file on a removable drive.
6. Go to the Ekran System license site.
7. Enter the generated unique identifier in the Unique Identifier box.
8. Copy and paste the purchased serial keys to the Serial Keys box separating them with
paragraphs or spaces.
9. Enter the CAPTCHA text in a text box near the CAPTCHA image.
10. Click Activate.
11. The [Link] file will be generated. Save the file on a removable drive.
12. Copy the file to the computer on which you will open the Management Tool.
NOTE: Please do not edit the generated file [Link].

To add activated serial keys in offline mode, do the following:

1. Log in to the Management Tool as a user with the administrative Serial keys management
permission.
2. Click the Serial Key Management navigation link on the left.
3. On the Serial Key Management page, click Add activated keys.
4. On the Activated Serial Key Adding page, click Choose File and navigate to the
[Link] file with activated serial keys.
5. Click Add.
6. The newly added serial keys appear on the Serial Key Management page.
7. The number of available licenses and the update & support period end date change.
8. If there are both licensed and unlicensed Clients in your network and you want to license
the rest of Clients with a purchased key, you will have to assign the license to the remaining
unlicensed Clients manually.

47
Installing Windows Clients
Windows Client Installation Prerequisites
The majority of Windows Client installation/uninstallation issues are caused by incorrect
system or network settings.

The following conditions have to be met for successful Client installation:

 The remote computer has to be online and accessible via network.
 Shared folders have to be accessible on the remote computer. Simple file sharing
(Sharing Wizard) has to be disabled if the computer is in a workgroup (for domain
computers this requirement can be skipped).
 You need to know the domain administrator or local administrator account credentials
for the remote computer.
 The Server and the Remote Procedure Call (RPC) system services have to be running on
the remote computer.
 Windows Vista and Windows XP Firewall has to be properly set up on the remote
computer during the Clients remote installation.
 In Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008 Firewall,
inbound connections have to be allowed in the Remote Service Management (RPC) rule
for the remote computers and the File and Printer Sharing option has to be enabled (in
this case it is not necessary to disable Windows Firewall).
 Due to the new SHA-256 code signing, on Windows 7 SP1 and Windows Server 2008 R2
SP1, the Microsoft Security Advisory update 3033929 needs to be installed:
[Link]

In Windows Firewall on the Server side, allow the Server executable to accept TCP connections
via port 9447 (for the connection between the Server and the Clients).
NOTE: These rules will be added to Windows Firewall automatically, if Windows Firewall is
enabled during the Server installation.

Make sure the conditions mentioned above are met to avoid possible problems with Client
remote installation.

48
Installing Windows Clients Remotely via the
Management Tool
About
You can install the Windows Clients remotely via the Management Tool. This way of installation
is very convenient if all computers in your network have the same domain administrator
credentials.
Remote Client Installation is performed by a user who has the Client installation and
management permission in two steps:
1. Selecting computers on which Clients will be installed.
2. Installation parameters definition and installation process.

Selecting Computers
To select the computers for Client installation, do the following:
1. Log in to the Management Tool as a user with the Client installation and management
permission.
2. Click the Client Management navigation link on the left.
3. On the Clients page, click Install Clients.

4. The Computers without Clients page opens. On this page, you can see the computers, for
which the previous installations failed.

5. Select how you would like to search for computers where the Windows Clients will be
installed:
 To select computers from the list of all computers in your network, Deploy via
network scan.
 To select computers by IP range (IPv4 or IPv6 addresses), click Deploy via IP range.
 To select computers by their names, click Deploy on specific computers.

49
6. In the Choose search results window:
 Click Start new search to look for computers with defined parameters.
 Click Previous search results to choose the computers found in the previous search.
If you haven’t performed any searches yet, this button will be absent.

7. If you have selected the Deploy via IP range option, the Computers Scan page opens. In the
From Address and To Address boxes, enter the IP range (either IPv4 or IPv6), for which the
network should be scanned. To find only one computer, enter the same IP address in both
boxes. Click Scan.

8. If you have selected the Deploy on specific computers option, the Adding Computers page
opens. Enter the names of computers on which Windows Clients must be installed in the
box Name and click Scan. Use semicolon to separate computer names.
Please note that you should enter the full name of the computer.

9. The scanning process starts. The list of found computers will be updated automatically. If it
is not updated, click Refresh. To stop the scanning process, click Stop.
10. When the scanning process finishes, select check boxes next to the computers that you
want to install the Clients on. Click Next.

50
11. The selected computers are added to the list on the Computers without Clients page.

12. If you want to delete some computers from this list, click Remove from list next to the
selected computer.

Remote Windows Client Installation Process

When all computers for Windows Client installation are selected, you are ready to start
installation. Please make sure that all selected computers are correctly adjusted.

To install the Windows Clients remotely, do the following:

1. On the Computers without Clients page, click Install.
2. On the Client Configuration page, define the name/IP of the Server, to which the Windows
Clients will be connecting, and define the Client configuration for the Clients you are
installing. Click Next.
NOTE: The Server IP address has to be static for Clients to connect to it successfully.
Unique external IP addresses should be used for cloud-based Servers. You can add several
names and IP addresses separated with comma or semicolon.
3. On the Installation credentials page, enter the credentials of a user with administrator
permissions on the target computers for Client installation and then click Next.
 If the computers are in a domain, enter the domain name and domain administrator
account credentials.

51
  If the computers are in workgroup, enter the credentials of a local administrator for
target computers.
If you leave the Domain box empty, the entered credentials will be used as the credentials
of a local user of a target computer and the Client will be installed under the <target PC
name>\<user name> account.
NOTE: All workgroup computers must have the same administrator account credentials.
Otherwise use installation via installation package method to deploy Ekran System
Clients.

4. The installation process starts. The progress of installation will be updated automatically on
the Client installation page. If it is not updated, click Refresh.

5. After the end of the installation, the installed Clients will appear on the Clients page in All
Clients group. If the installation of some Clients fails, these computers will remain in the
Computers without Clients list and you can click Retry to start the installation again.

Remote Installation from an Existing .INI File

If you already have an .ini file with defined settings generated in the Management Tool and
saved to your computer, you can use it for installing the Clients.
To install the Windows Clients remotely, using an existing .ini file do the following:
1. On the Computers without Clients page, click Install using existing .ini file.
2. On the INI file selection page, click Choose file to select the .ini file that will be used for
configuration of new Clients.

52
 Please note, if any parameter except RemoteHost is absent or not valid, its value will be set
to default. The RemoteHost parameter is ignored, in this type of installation. The Client will
connect to the Server to which the Management Tool is connected.

3. Once the .ini file is chosen, click Next and continue the installation the same way as when
installing the Clients remotely in a common way.

Installing Windows Clients Locally

You can install the Windows Clients locally using the Client installation file generated in the
Management Tool. You have two options for downloading the Client installation file from the
Management Tool:
 Generate the installation package and set the Windows Client configuration during
generation.
 Use Client Installation file (.exe) to install the Client with default parameters.
Optionally, you can protect the installation package file from modification.
NOTE: Due to the new SHA-256 code signing, on Windows 7 SP1 and Windows Server 2008 R2
SP1, the Microsoft Security Advisory update 3033929 needs to be installed:
[Link]

53
Installing macOS Clients
About
You can install the macOS Clients locally using the Client installation file generated in the
Management Tool.

Downloading macOS Client Installation File

To download the file for macOS Client installation, do the following:
1. Log in to the Management Tool as a user with the Client installation and
management permission.
2. Click the Client Management navigation link to the left.
3. On the Clients page, click Install Clients.
4. On the Computers without Clients page, click Download installation file.
5. On the Installation File Download page, select the MacOS option in the drop-down
list, and then click MacOS x64 Client Installation (.[Link]).
6. File downloading starts. The download settings depend upon the settings of your
browser.

Installing macOS Clients

This type of installation allows you to install the macOS Clients locally using the downloaded
[Link] package.

To install the macOS Client on the target computer with a macOS operating system from the
command line:
1. Make sure that you log out of all active users except the current one.
2. Copy the installation package to any folder.
3. Run the Terminal.
4. Navigate to the folder with the installation package by entering the following command:
cd path/to/folder
5. Unpack the installation package using the following command:
tar xvfz <installation package name>
6. Navigate to the unpacked EkranClient folder using the following command:
cd EkranClient
The EkranClient folder contains the [Link] script used to install the Client.

54
7. Run the macOS Client installation script specifying the Server name or Server IP address
and the port used for connection to the Server (9447 is recommended):
./[Link] <server_name/IP> <server_port>.
8. After the end of the installation, macOS Client will appear in the list on the Clients page in
the Management Tool.

Installing Linux Clients

About
You can install the Linux Clients locally from the command line using the
[Link] package, respectively:
 [Link] for the 64-bit system
 [Link] for the 32-bit system

Downloading Linux Client Installation File

To download the file for Linux Client installation, do the following:
1. Log in to the Management Tool as a user with the Client installation and management
permission.
2. Click the Client Management navigation link on the left.
3. On the Clients page, click Install Clients.
4. On the Computers without Clients page, click Download installation file.
5. On the Installation File Download page, select the Linux option in the drop-down list,
and then click Linux x86 Client Installation (.[Link]) or Linux x64 Client Installation
(.[Link]).
6. On the Generate Installation Package page, optionally, protect the installation
package file from modification, and then define the name/IP of the Server to which
the Clients will connect, and click Download.
7. File downloading starts. The download settings depend upon the settings of your
browser.

Installing Linux Clients

On the operating systems with enabled Security-Enhanced Linux (for example, CentOS and
RedHat), before installing the Client to the custom directory, you need to pre-configure the
SELinux Policy first.
On the Solaris operating system, before installing the Client, you need to update bash first.

55
NOTE: For Linux, AIX, and Solaris distributions, GNU bash 3.2.25(1) or higher must be
installed.
To install the Linux Client on the target computer with the Linux operating system from the
command line:
1. Copy the installation package to any folder. Make sure you use the correct installation
package (x64 or x86).
2. Run the command-line terminal.
3. Using the terminal, go to the folder with the installation package by entering the
following command:
$ cd path/to/folder
4. Unpack the installation package using the following command:
$ tar xvfz <installation package name>

5. Go to the unpacked EkranClient folder using the following command:

$ cd EkranClient.
6. The EkranClient folder contains the [Link] script used to install the Client.
7. Run the Linux Client installation script specifying the Server name or Server IP address
and the port used for connection to the Server (9447 is recommended).
If the Multi-Tenant mode is enabled, specify the Tenant Key parameter and the Tenant
Key value of the required tenant.
Optionally, to enable the monitoring of graphical interface for X Window System,
specify the X11 parameter.

56
 $ sudo ./[Link] <server_name/IP> <server_port> -withX11 –tenantKey <tenant key
value>

8. After the Client is installed, it starts monitoring a new session with the next user login.
9. The installed Linux Client appears in the list on the Client Management page in the
Management Tool.

57
Alerts
Adding Alerts
To add an alert, do the following:
1. Log in to the Management Tool as a user with the administrative Client installation
and management permission.
2. Click the Alert Management navigation link to the left and click Add Alert.

3. On the Add Alert page, on the Alert Properties tab, define the following alert
properties and then click Next:
 Enter a unique name for an alert.
 Optionally, enter the alert description.
 Select the Enabled option to enable an alert.
 Select the alert risk level. It can be Critical, Normal, or High.
4. On the Alert Rules tab, define the rules to be applied and then click Next:
 Select the Parameter of the rule.
 Select the Comparison operator.
 Enter the Value to which Parameter will be compared.
 Click Add Rule to create one more rule.
 To delete a rule, clear its Value box or click Delete.

58
5. On the Assigned Clients tab, select the Clients/Client Groups to which the alert will be
assigned and click Next. To find specific Clients/Client Groups, enter their names in the
search box.

6. On the Actions tab, select how you would like to receive the alert notifications:
 Select the Send emails to option and then enter the email address to which the
notifications will be sent. You can enter several email addresses separating them with
semicolon.
NOTE: To receive email notifications correctly, make sure that Email Sending
Settings contain correct parameters for email sending.
 Select the Show warnings in Tray Notifications application option to activate the tray
notifications. The alert notifications will then pop up from the tray.
 Select the Show warning message to user option if you want a warning message to be
displayed to the user when the alert is triggered. You can use the default message or
enter your own text in the box below.
 In the Additional actions box, select the Block user on all computers option if you want
to automatically block the user performing forbidden actions, or select the Kill
application option if you want to forcibly stop the detected application.

59
7. Click Finish to save the created alert.
8. The alert is added

60
Users and Permissions
About
By default, there is one administrator in the system, whose login is admin and whose password
is defined during the Server installation. The administrator has all the rights for work in the
system. If the Multi-tenant mode is enabled, the administrator is the technician and is able to
create tenants.
In order to grant others access to the system, you can add users and define their permissions.
There are two types of users:
 Internal users
 Active Directory Users (Windows domain users and Windows domain user groups)

Adding Users
To add a new user, do the following:
1. Log in to the Management Tool as a user with the administrative User management
permission.
2. Click the User Management navigation link to the left.
3. On the Users page, click Add User.

4. On the User Type tab, select the type of user you want to add:
 Click Add an Internal user to create an internal application user.
 Click Add an Active Directory user/user group to add an existing Windows user/user
group.

61
5. On the User Details tab, do one of the following and click Next:
 For an internal user, define user credentials and additional information about the
user.
NOTE: Login and password are required. The login must be unique. In the Multi-tenant
mode, users of different tenants cannot have the same login. The password must be at
least 6 characters long. The maximum length of the first name, last name and
description is 200 characters.

 For an Active Directory user/user group, select the domain in the Domain list and then
enter at least two characters into the User/User group box to search for the required
user/user group.

62
NOTE: The Active Directory user/user group cannot be added if there is no LDAP target added
for the required domain on the Configuration page or if the connection with the domain is
lost (the domain is unavailable).
6. On the User Groups tab, select the user groups to which the user will belong. To find a
specific group, enter its name in the Contains box and click Apply Filters. Click Next.
NOTE: The user is automatically added to the default All Users group and can’t be
removed from it.

7. On the Administrative Permissions tab, select administrative permissions that will be given
to the user. Click Next.
NOTE: If the user has inherited some permissions from user groups, you can only add new
permissions. To remove permissions inherited from user groups, you need to remove the
user from these groups.

63
8. On the Client Permissions tab, do the following:
 Select the necessary Client/Client Group. To find a specific Client/Client Group, enter
its name in the Contains box and click Apply Filters.
 Click Edit Permissions and then, in the Client Permissions/Client Group Permissions
window, define the Client permissions which will be given to a user for the
corresponding Client/Client Group.
 When the permissions are defined, click Save to close the Client Permissions/Client
Group Permissions window.

9. Click Finish.
10. The user is added and displayed on the Users page.

64
 NOTE: For an Active Directory user, the first name and last name properties will be
automatically filled after the user’s first login to the system.

Permissions
The permissions allow you to define which functions a user will be able to perform with the
system and Clients. There are two types of permissions: administrative permissions and Client
permissions.
Administrative permissions define actions that a user can perform with the whole system.
Client permissions define actions that a user can perform with selected Clients.
The permissions can be defined during user and user group adding/editing.
If you define permissions for the group, any user belonging to this group inherits these
permissions. To remove permissions inherited by the user from a group, you need to remove
the user from a group. Apart from permissions inherited from the group, you can assign a user
his/her own permissions.

65
Management Tool Log
The Management Tool Log is an Ekran System component that contains information on all the
user actions performed in the Management Tool. Such information might be useful for the
administrator to manage and monitor the actions of all users in the system.
To view the log, log into the Management Tool as a user with the administrative User
management permission and click the Management Tool Log navigation link to the left.

66
Viewing Monitoring Results
Monitored data received from Windows, macOS and Linux Clients is organized in the
session.
The Windows Client session includes recorded user activity (screenshots, application names,
activity titles, captured keystrokes, clipboard text data, and URLs). The macOS Client session
includes recorded user activity (screenshots, application name, Activity title, URL, etc.).
Windows and macOS Clients start recording user activity in a new session every time the
computer is restarted. The maximum duration of one session can be 24 hours. At 00:00 all live
sessions are terminated. After their termination (their status changes from live to finished),
new live sessions automatically start.
The remote Linux Client session contains the list of executed commands, their parameters, and
functions. Linux Clients start recording a new monitoring session each time the remote SSH
terminal is opened. There is no time limitation for a remote Linux Client session.
The local Linux Client session for X Window System includes recorded user activity
(screenshots, application name, activity title, activity time). The maximum duration of one local
session can be 24 hours. At 00:00 all live sessions are terminated. After their termination (their
status changes from live to finished), new live sessions automatically start.
NOTE: Monitoring of graphical interface for X Window System is a Beta version.
To view monitored sessions, click the Monitoring Results navigation link to the left and then
open the Client Sessions tab.

Playing Sessions
The Session Viewer is a part of the Management Tool that provides the possibility to view
monitored data within one selected session.
To open the Session Viewer, select one of the sessions in the Sessions grid on the Monitoring
Results page and click on it.

67
Playing Windows Sessions
A user starts playing Windows Session by clicking the required in the Client Sessions list. The
session is opened in the new tab or new window depending on your browser settings. While
playing Windows sessions, you can view screenshots in the Player pane and associated
metadata (Application name, Activity title, URL and keystrokes) in the Metadata grid.

Viewing Clipboard Text Data

The captured clipboard text data includes the text, which has been copied or cut and then
pasted into documents, files, applications, browser address line, etc. on the Client computer.
The Ekran Client monitors the Copy, Cut, and Paste operations performed by using either the
context menu commands or such key combinations as Ctrl+C, Ctrl+Ins, Ctrl+X, Shift+Del, etc.
The captured clipboard text data is displayed in the Text data column in the Metadata grid. It
has a label specific to the performed action:
 [Clipboard (Copy)]
 [Clipboard (Paste)]
When you select a row in the Metadata grid, the clipboard text data associated with it is
displayed in the Details pane below the Player pane.
Metadata grid

Text copied to the clipboard

68
Text pasted from the clipboard

Viewing USB Device Info

During the monitoring process, a screen capture is created every time the mass storage USB
device is plugged in. Along with the screen capture, the information on the plugged in device is
displayed in the Metadata grid as follows:
 Activity title: USBStorage - <device details>
 Application name: [Monitoring event]

If you are using rules for kernel-level USB monitoring according to which the devices are
detected or blocked, each time the alert event occurs, a screen capture is created. In the
Metadata grid, this is indicated by highlighting the activity in the grid.
NOTE: If the screenshot creation is not enabled on the Windows Client, sessions of this Client
will contain no screenshots.
When you select a USB-device-related screen capture or a row in the Metadata grid, the USB
device info associated with it is displayed in the Details pane below the Player pane.
If the device was blocked, it is marked as BLOCKED in the parentheses.

Viewing URLs
If the URL monitoring option is enabled for the Windows Client, then each time the user activity
is captured while the user is working in the browser, the URL address is saved and displayed in
the URL column in the Metadata grid. If there are several records made while the user is
viewing one page on a certain website, then all of them contain the same URL information.

69
NOTE: If the screenshot creation is not enabled on the Windows Client, sessions of this Client
will contain no screenshots.
The URL column contains only top and second-level domain names even if the parameter is not
selected in the URL monitoring settings for the Windows Client. The full URL address is
displayed in the Details pane.

NOTE: As getting a URL address to be monitored may take about 600 milliseconds, there is a
possibility that the screen capture and its activity title along with URL address may be not
properly synchronized in the Session Viewer (e.g., the user may see a screen capture with a
URL address that belongs to the previous one).

Playing macOS Sessions

A user starts playing macOS Session by clicking the required Session in the Client Sessions list.
The session is opened in the new tab or new window depending on the browser settings. While
playing macOS sessions, you can view screenshots in the Player pane and associated metadata
(Application name, Activity title, URL, etc.) in the Metadata grid.

Viewing URLs
If the URL monitoring option is enabled for the macOS Client, then each time the user activity is
captured while the user is working in the browser, the URL address is saved and displayed in
the URL column in the Metadata grid. If there are several records made while the user is
viewing one page on a certain website, then all of them contain the same URL information.
The URL column contains only top and second-level domain names even if the parameter is not
selected in the URL monitoring settings for the Windows Client. The full URL address is
displayed in the Details pane.
NOTE: As getting a URL address to be monitored may take about 600 milliseconds, there
is a possibility that the screenshot and its activity title along with URL address may be
not properly synchronized in the Session Viewer (e.g., the user may see a screenshot
with a URL address that belongs to the previous one).

70
Playing Linux Sessions
Playing Remote SSH Sessions
A user starts playing Linux Session by clicking on the required session in the Client Sessions list.
The session is opened in the new tab or new window depending on your browser settings.
While playing remote Linux sessions, you can view all visually recreated interactive data in a
form of a video in the Player pane and function and system calls, as well as the executed
commands with parameters in the metadata grid.

Playing Local X Window System Sessions

NOTE: Monitoring of graphical interface for X Window System is a Beta version.
A user starts playing Linux Session by clicking on the required session in the Client Sessions list.
The session is opened in the new tab or new window depending on your browser settings.
While playing local Linux sessions, you can view screenshots in the Player pane and associated
metadata (Application name, Activity title, Activity time) in the Metadata grid.

Filtering EXEC Commands

By default, the commands are filtered by ‘exec’ function to display only the command executed
after user input.
To display the list of all commands, including system ones, discard the filtering by clearing the
Show only execution commands option.

Dashboards
Ekran System allows viewing certain types of information using dashboards displayed on the
Home page. Some dashboards are duplicated on the Health Monitoring page. Dashboards
provide you with convenient real-time view of the most important data. The following
dashboards are available:
 Licenses
 Clients
 Database Storage Usage
 Recent Alerts
 Latest Live Sessions
 Sessions out of Work Hours
 Rarely Used Computers
 Rarely Used Logins
 CPU Usage

71
 Memory Usage
 Database State
You can choose which dashboards to display, rearrange the dashboards on the screen, add
several dashboards of the same type to see the same data in different variations, and more.

72
More Information
For more detailed information, please see the Ekran System Help.

73