Employee Monitoring User Manual

NetVizor can be installed successfully on any PC running Windows 95/98/ME/NT4/2000/XP.
3 MB Harddrive space recommended.
TCP/IP Internet Connection for viewing PC Activities

<< BACK TO TOP

2. Installation

NetVizor includes two separate installation programs that you can use:

NetVizor Monitoring Client (NVClientInstall.exe): this program performs the actual recording and monitoring
of the PC. This program must be installed on each PC you wish to monitor for monitoring and remote control.
NetVizor Viewer Software (NVViewerInstall.exe): this program allows you to view all the PC's on your local
network group. With this software you can easily point and click through different PC's to view all activities
from a central location. This software can be installed on any PC you wish to monitor your network from.

<< BACK TO TOP

2.1. Installing the NetVizor Monitoring Client

NetVizor's monitoring client can be installed on a PC in seconds. The installation is self configured so you only need
to double click the NVClientInstall.exe file. The installation takes a few seconds - nothing will appear to happen as
the client installs in stealth. The default HOTKEY to access the software is CONTROL+ALT+SHIFT+M and the default
password is 'spytech' (no quotes). Once you access the software you can change the password, specify access
privileges, change logging settings, etc. When the client is installed it will automatically start monitoring and will
be available for remote access.

Installation Path: x:\program files\nvclient\sysdiag.exe

<< BACK TO TOP

2.2. Installing the NetVizor Viewer

NetVizor's viewer is easily installed by running the NVViewerInstall.exe. Simply install the viewer and run it (NetVizorViewer.exe)
and you will be presented with a list of PC's in your local workgroup on your network.

<< BACK TO TOP

2.3. Installing NetVizor across a LAN

Since NetVizor is tailored for network usage it is very easy to deploy it across your LAN.

METHOD ONE

1. Create a .bat file with the line "NVClientInstall.exe" (no quotes)

2. Run it from a shared network drive on every PC - the client will self-install in stealth, as described above.

METHOD TWO

1. Place the NVClientInstall.exe file in your domain controller logon folder on your network

2. Add the following commands to your logon script that is contained in your domain controller folder (replace $logondir$ with your domain logon folder)

copy "$logondir$\NVClientInstall.exe" "%windir%\NVClientInstall.exe"

%windir%\NVClientInstall.exe

3. Users will automatically install NetVizor when they logon.

ADVANCED INSTALLATION GUIDELINES

With NetVizor's centralized monitoring capabilities you may find the need to customize the installation on each PC that you intend to monitor. For instance, if you want to have each PC use a website filter database you have compiled you will want to configure each client to use this list - without having to manually export it to each client (very time consuming). Here is a way to circumvent this tedious footwork.

1. Install the NetVizor client on a PC you want to monitor. Configure it as needed (including logging settings, website filters, and application filters).

2. From the SETTINGS menu click on 'Export NetVizor Settings' - specify a file to save the settings to. For instance: settings.exp

3. From the FILTERS menu click on 'Export Website Filters' and 'Export Application Filters' - specify a file for each of these settings exports as well. For instance: websites.exp and applications.exp

4. Place these .exp files in your logon folder (like we've described in method two above).

5. Add the following commands to your logon script that is contained in your domain controller folder (replace $logondir$ with your domain logon folder) These lines should be added AFTER the 'shell' command indicated above in method two. These settings will copy over your exported files and set them as the current configurations for the remote PC to use.

copy "$logondir$\settings.exp" "%windir%\nvopts.dat"

copy "$logondir$\websites.exp" "%windir%\nvfa.dat"

copy "$logondir$\applications.exp" "%windir%\nvfw.dat"

<< BACK TO TOP

2.4. Uninstall

NetVizor's client can be uninstalled locally, or remotely via a network logon script.

Local Uninstall
NetVizor's client will not appear in the 'add/remove program files' folder, so you must manually uninstall it by deleting its
program folder where it is installed (x:\program files\nvclient) - Make sure the NetVizor client is NOT running before
you try to delete this folder.

Network Uninstall
With this method you can uninstall NetVizor from all clients on your network without having to visit each workstation.

1. Copy the 'remover.exe' file from your NetVizor installation folder (default location is c:\program files\netvizor\remover.exe) into your domain controller logon folder.

2. Add the following commands to your logon script that is contained in your domain controller folder (replace $logondir$ with your domain logon folder). When these commands are executed when a network computer executes their logon script the remover.exe will be copied to the workstation, it will execute and remove the NetVizor client, and will then be deleted.

copy "$logondir$\remover.exe" "%windir%\remover.exe"

%windir%\remover.exe

del %windir%\remover.exe

Remote Uninstall
To stop the NetVizor client from monitoring the remote computer simply use the "Uninstall NetVizor Server" option in the computer's web interface.

<< BACK TO TOP

3. Using NetVizor's Monitoring Client

3.1. Starting Monitoring and Accessing the Client

To Start Monitoring in NetVizor's client, simply click the "Start Server" button - then enter your NetVizor password.

To access the client when it is in stealth mode, simply press your hotkey combination - by default the hotkey
combination is CONTROL+ALT+SHIFT+M - you will then be prompted for your password (default is 'spytech').
After entering your password you will back at NetVizor's main interface - press "Start Server" to enter back into
monitoring mode.

To stop monitoring press "Stop Server" if you are not in stealth mode.

<< BACK TO TOP

3.2. Viewing User Activities (locally and remotely)

NetVizor's logs and activities are only viewable via the NetVizor web interface (see below).

Locally

NetVizor's activities can be viewed locally or remotely. To view locally click "View User Activity" while NetVizor
is in monitoring mode. Your browser will open and prompt you for your NetVizor password - enter the password
to be presented with NetVizor's web interface. This interface is very self explanatory - just select the activity you wish
to perform from the menu system on the left side of the web interface.

Remotely

NetVizor is designed for remote and local access of user activities logged. To remotely view activities, open your
browser and point it to http://COMPUTER-NAME or http://IP - where you replace COMPUTER-NAME or IP with the
appropriate information for the remote PC. If you are behind your LAN it is recommended you use the NetVizor
viewer for easy centralized viewing of PC's. If you are outside the LAN the computer is on, you can still access it via
http://IP if there is no firewall/router blocking its connection. If it is behind a firewall/router you will need to enable
port forwarding on a custom port that NetVizor is configured to use (you can change NetVizor's port in its
GENERAL settings). From there connect to the remote PC using http://EXTERNAL-IP:PORT.

Detailed connection information is viewable by clicking on 'more connection info...' on the NetVizor interface.

<< BACK TO TOP

3.3. Configuring Logging Settings

NetVizor's logging settings can be configured by clicking on the LOGGING button on the NetVizor interface - then
select "Configure Logging Options". Simply check what logging options you want enabled.

Screenshot logging can be enabled and configured under the "ScreenShots" tab.

<< BACK TO TOP

3.4. Log Scheduling

NetVizor can be scheduled to log at specific times during the day. Click on SETTINGS -> Scheduling Setup in NetVizor
to access the scheduling options - check what hours you want NetVizor to monitor. In nonscheduled hours NetVizor
will run idle in the background.

<< BACK TO TOP

3.5. Lockdown Scheduling

NetVizor can be scheduled to lockdown your PC at scheduled times. Click on SETTINGS -> Lockdown Scheduling Setup
in NetVizor to access the lockdown scheduling options - check what hours you want NetVizor to lockdown your PC during.

<< BACK TO TOP

3.6. Content Filtering

NetVizor can be configured to block/allow specific websites for the user, block chat clients, or to prevent specified applications from being executed. Click on FILTERING to access NetVizor's filtering menu - simply select Websites Filtering, Chat Filtering, or Application Filtering to configure the appropriate content to be filtered.

Website and Applications Filters can be imported/exported for use on multiple PC's as well - just select the appropriate selection from the FILTERING menu.

<< BACK TO TOP

3.7. IP Security Configuration

NetVizor can be configured to only allow access from remote IP's that you specify. To access the IP Security Configuration window click on SECURITY -> Configure Allowed IP Addresses. Full IP addresses can be added, or trusted Class A,B,C IP's (ie: 127.127.127.) If a disallowed IP tries to access the server, they will receive a 'banned' message.

<< BACK TO TOP

3.8. General Settings

NetVizor's General Settings are accessed via the SETTINGS -> General Options button.

Startup: NetVizor can be configured to load on windows startup for all users, the current user you are logged in under, or not at all.

Active Mode: this option allows NetVizor to be started in monitoring mode when it is opened - no need for manually starting its monitoring.

Stealth Mode: this option allows NetVizor to run in total stealth. Combined with 'Active Mode' the software will load and run in monitoring mode in complete stealth.

Splash Warning: this option allows you to display a message to the user when NetVizor is started. This message can be configured in the Advanced Settings -> Splash Screen window.

Port: this is the port used to remotely access NetVizor's web interface with. The default port is 80.

<< BACK TO TOP

3.9. Advanced Settings

NetVizor's advanced settings can be accessed from the SETTINGS->Advanced Options button.

Thread Priority: this allows you to specify NetVizor's thread priority (ie: how much CPU it uses). For slower systems a lower thread priority is recommended.

Splash Screen: this allows you to specify NetVizor's startup splash screen, if enabled.

Autoclear: this allows you to have NetVizor autoclear its logs when they reach specified size limits.

Log Location: this allows you to specify where you want NetVizor to store its activity logs. For Windows NT/2000/XP systems monitoring ALL users it is recommended that the log location be set to x:\documents and settings\all users

Hotkey: this allows you to customize the hotkey combination that is used to bring NetVizor out of stealth mode.

Security Options: this allows you to enable various security settings that help 'hide/conceal' NetVizor, such as log encryption, spyware detector disabling, and more.

<< BACK TO TOP

3.10. Server Access Settings

NetVizor's remote admin capabilities (such as window management, file browsing) can be enabled/disabled by viewing the Server Access Settings options. This can be accessed by clicking on Security -> Set Server Access Rights.

<< BACK TO TOP

3.11. Roving User Tracking and Monitoring

NetVizor has the powerful capabilities of not only allowing you to monitor individual workstations, but also to monitor individual USERS on your network. This is ideal if you have users that rove around from one PC to another, where they login under the same username at each PC. To enable user monitoring for centralized viewing, you will have to specify a shared network folder in the 'log storage location' settings in the NetVizor client (LOGGING menu -> Log Storage)

Once you specify a shared network folder, all logs will be stored on this shared network folder. You must then configure the NetVizor viewer to use this same shared folder in its 'network log storage' settings. Once you do this, click "Refresh" in the NetVizor viewer and all the roving users will be shown in the Resource list in NetVizor's viewer.

We recommend using a log folder named 'logs$' for NetVizor's log storage - ie: \\your-server\logs$
The "$" in the folder name sets the folder as a hidden network folder - so other users will not be able to see this folder on the network. This folder must have full read/write access by all users.

The shared folder must also be stored on a Windows NT/2000/XP machine.

To access NetVizor while it is running, press CONTROL+ALT+SHIFT+M on your keyboard, enter in your password ('spytech' is the default). After configuring the shared folder you will be prompted to restart NetVizor - the NetVizor module is located at x:\program files\nvclient\sysdiag.exe - 'x' being your disk name.

<< BACK TO TOP

3.12. Alert Notifications

NetVizor can be configured to send an email alert notification when certain actions are detected - such as a restricted website being visited or a restricted application being executed.

Setting it up
To configure NetVizor's Alert Notifications click on GENERAL SETTINGS then goto the Alert Notifications item. Enter your mail settings and what logs alerts you want sent. When these actions are detected you will receive an email stating when the violation occurred, who performed it, what they did exactly, and when.

<< BACK TO TOP

3.13. Security Auditing

NetVizor allows you to secure your network workstations from one centralized location with its security auditing tool. NetVizor can audit remote computer's for weak password policies, misconfigured user accounts, and improper registry settings that could create exploits in your network.

To perform a security audit simply connect to a computer's web interface and select "Perform Security Audit". After the audit is completed you will be presented with the audit results. You can fix Registry Audit Alerts from your remote location by simply clicking the "Fix this Alert" link under each alert listed.

<< BACK TO TOP

4. Using NetVizor's Viewer

NetVizor's viewer is used to allow you to centrally view all monitored PC's on your network.

4.1. Viewing Monitored Computers

To view activities of a PC on your network simply select a Computer from the computer list and click "View User Activity"
The NetVizor web interface will open for the remote PC.

If you have "Check if workstations are being monitored" enabled in the viewer's settings, you will see a GREEN LIGHT next to a computer that is online and being monitored. A RED LIGHT will indicate a PC that is not being monitored by NetVizor.

<< BACK TO TOP

4.2. Viewer Settings

By clicking on "Options" in the viewer you can configure its basic settings.

Startup: allows you to load the NetVizor viewer when you turn your PC on.

Enumerate Network: allows you to have NetVizor enumerate your network for accessible workstations, or not.

Check if Workstations...: this allows you to see what remote PC's in the computers list are being monitored by NetVizor. A GREEN LIGHT indicates a monitored PC - a RED LIGHT indicates one that is not being monitored.

Port: this allows you to specify a custom port to use when viewing PC's through the viewer. This applies to all computers in the list. If you set a port that NetVizor is not using on the remote PC's then you will not be able to access the NetVizor web interface.

<< BACK TO TOP

4.3. IP List Configuration

By clicking on "Options" in the viewer you can configure NetVizor's IP Configuration. This is a list of IPs that you want NetVizor to scan when it loads - NetVizor will check if these PC's are online and being monitored by a NetVizor client. You must have the "scan these IPs" option enabled in the IP Configuration settings to have these IPs scanned. This option is useful if some PC's are not being enumerated by the viewer, or you do not want NetVizor to enumerate your entire network, but just a few workstations.

<< BACK TO TOP

4.4 Network Log Storage

By clicking on "Options" in the viewer you can configure NetVizor's Network Log Storage Locations. These folder paths are the shared network folders where you have chosen remote NetVizor clients to save their logs to. This will allow the NetVizor viewer to enumerate all logged users from these shared folders, so you can view all the logged activities easily from the NetVizor viewer.

For example: Clients may be set up to store logs in \\yourserver\logs$ - You would specify the viewer's Log Storage path to point to x:\network folder\logs$ (just an example path) - this would allow you to view all logged user activities from the remote clients.

This feature allows you to view logs created by computers on different subnets, where their logs are saved to a share accessible by the central computer you are viewing from.

<< BACK TO TOP

5. NetVizor's Web Interface

NetVizor's web interface is the heart and soul of the NetVizor software. Here you can view all user activities in realtime, of the remote user. Below is an outline of each feature in the NetVizor web interface.

GENERAL

Logout NetVizor: Logs you out of the web interface
Close NetVizor Server: closes the NetVizor software on the remote PC
System Information: displays system information about the remote PC
Uninstall NetVizor Server: uninstalls the NetVizor client from the remote PC

MANAGEMENT

Perform Security Audit: perform security audits to scan and fix security vulnerabilities on the remote PC in realtime
Shares: view and browse the list of shares open on the remote PC in realtime
Hotfixes: view the list of hotfixes installed on the remote PC in realtime
Services: view the list of services running on the remote PC in realtime
Processes: view and manage the list of applications running on the remote PC in realtime
Windows: view and manage the list of windows open on the remote PC in realtime
File System: browse and use the file system of the remote PC in realtime
Registry Startup keys: view and edit registry startup keys on the remote PC

SYSTEM MONITORING

View Remote Desktop: view the remote PC desktop in realtime
View Recent Docs: view recent documents opened by the remote user
View Browser Favorites: view browser favorites/bookmarks of the remote user
View Password Cache: view the password cache of Windows 9x remote users
View Internet Connections: view active internet connections of the remote PC in realtime
View Temporary Histories: view histories of the remote PC(ie: browser history, run history, etc)
View Open Ports: view open ports on the remote PC in realtime

SYSTEM CONTROL

System Lockdown: lockdown the remote PC in realtime
System Unlock: unlock the remote PC in realtime
Freeze Mouse: freeze the remote PC in realtime
Unfreeze Mouse: unfreeze the remote PC in realtime
Restart/Shutdown/Logoff PC: restart/shutdown/logoff the remote PC
Launch Website/Application: launch a program/website on the remote user's desktop in realtime

LOGGING

Configure Logging: this allows you to disable/enable logging settings for the remote NetVizor client in realtime and allows you to clear and save its logs also
View ... Log: view the NetVizor activity logs of the remote PC.

<< BACK TO TOP