|Using TerminatorX Monitor to track banned program access
Included in this section:
The Monitor program is used to allow Administrators or Technicians to see which banned programs or web sites are being used and who is trying to use them. If TerminatorX has been set to do so, details are sent to a designated computer every time TerminatorX shuts down a program or web site. The Monitor can display details including the user name, computer name and the window title text that was detected.
This feature is optional and is only suitable if TerminatorX has been placed in a secure folder on a network server and is started by the users’ logon (or login) scripts rather than using the local installation - see the main menu.
A typical view of the TerminatorX 2.0 Monitor on the monitoring computer might look like:
Windows XP service pack 2 -security alert
With Windows XP SP2, the security section will give an alert when you try to run TerminatorX Monitor. This is because the monitor is listening for data sent across the network from TerminatorX. The alert will look like:
You should choose Unblock which will allow the monitor program to accept details about the user's attempts to use banned applications and web sites.
Setting up TerminatorX to send details to the Monitor
To make TerminatorX send details of banned programs to the Moniitor, a file called xnetlist.txt must be placed in the same folder that contains the TerminatorX program (TXtrial20.exe).
When TerminatorX starts, and periodically thereafter, it looks in its start-up folder for the xnetlist.txt file. The file is a plain text file that you can create using Windows Notepad and which contains two lines:
Port = 30540
Sendto = 192.168.1.20
The Port item is a number between 30000 and 65535 which is the ‘channel’ number through which the information is to be transmitted to the monitoring computer.
The Sendto item gives the IP address of the central computer that is to monitor all accesses of banned programs – the one that will run the Monitor program. The IP address of the monitoring computer can be found by running the monitoring program (see later).
Setting up the TerminatorX Monitor Program
The files for TerminatorX Monitor, which remotely monitors user's attempts to access banned programs and web sites can be download from here. Run the Monitor Setup program on the technician's or administrator's computer.
The TerminatorX Monitor program (txmon20.exe) allows you to use a computer somewhere on your network – perhaps in a staff room or technician’s room - to monitor which users are misusing their workstations and what prohibited programs they are trying to run.
The monitoring computer’s IP address must match that given in the Sendto line of the xnetlist.txt file (see the previous section). Running the Monitor program on the technician’s computer shows the monitoring computer’s IP address:
at the bottom of the window. The Port number (or channel) that the computer is set to listen on is also shown:
In order to receive the information, the port number and IP address in the xnetlist.txt file must match the monitoring computer’s IP address and listening port. You can alter the port number by typing a different number instead of the default 30540:
shown in the Monitor's window. You should only use values between 30000 and 65535. You should also ensure that the chosen port is not blocked by your firewall or else the information will not get through.
Normal operation of the Monitor Program
Having run txmon20.exe, on the technician's or system administrator's workstation the following window appears:
If it is not already correct, change the port number to match the one that TerminatorX, running on the workstations, is using to send information.
When one of your users runs a banned program, an entry should appear in the top line of the list:
Any existing lines are moved down to make way for the new details so that the most recent always appears at the top of the list.
To see more details of the latest one, click the ‘show latest’ box and you should see:
The default is to view extra details of the most recent line in the list. You can, however, view the details of other lines by selecting the ‘Selected’ option at the top of the above window and then clicking on the entry in the main list.
Extra details are:
TerminatorX Monitor is set to store a maximum of 60 lines in a scrollable list. You can re-size the main monitor window to obtain more (or fewer) lines of details.
Saving the information to a file (optional)
The Monitor program does not normally save to disk any details of user accessing banned programs or web sites. However, if you do want to save the details of the indiscretions into a file, you should edit the file xmon.txt which is located in the same folder as the Monitor program (txmon20.exe). You can edit the file in Notepad and add a Saveto entry on a separate line and re-save the file. For example, the line:
Saveto = C:\Feb21results.csv
in xmon.txt would make the monitor program save the details in a file called Feb21results.csv that is located on the C: drive of the computer running the monitor.
The file format is set to CSV (comma separated values) and can be read directly into Excel.
If your employees or students are very persistent, these files could become quite extensive.