on - edited on by
sophie
This page provides instructions for restricting access to the Lansweeper web console and configuring user roles and permissions.
When you install Lansweeper Classic and access the web console for the first time, you are presented with a First Run Wizard, which allows you to set up scanning and configure some basic options. Any subsequent times you access the console, you are presented with a login screen.
By default, everyone in your network can access all of Lansweeper's features and menus simply by browsing to the web console URL and selecting Built-in Admin. However, you can restrict access to the console and configure what users can see or do once they've been granted access.
You can assign a built-in or custom user role, a set of permissions, to user groups or individual user accounts. A user's role determines what the user can see or do within the console.
To restrict access to the web console:
- Browse to the Configuration > Website Settings section of the web console.
- Select Edit in the Website access section of the page.
- In the resulting pop-up, submit one or more Active Directory user groups. The pop-up will automatically try to compile a list of groups in your domain to choose from, but you can also manually submit a group with the format NetBIOS domain name\group name. Access to the Lansweeper web console will be restricted to the users in the groups you've specified. These users will also have the basic ability to access the help desk portion of Lansweeper to submit their own tickets.
- Browse to the Configuration > User Access & Roles section of the web console.
- Select Add Role in the User Roles section of the page to create your own user role, i.e. set of permissions. You can assign this role to user groups or individual user accounts afterwards.
Instead of creating your own role, you can also make use of the built-in roles, which are listed below. This article explains what each of the available permissions in a role gives the user access to.- Administrator : full access to asset management
- Administrator + Agent : full access to asset management and nearly full access to help desk tickets in own teams, except for the ability to edit other agents' notes, delete tickets or delete ticket attachments
- Agent 1st line: limited access to help desk tickets in own teams
- Agent 2nd line: limited access to help desk tickets in own teams, less limited than the 1st line role
- Asset manager: nearly full access to asset management, except for the ability to view help desk reports or run database scripts
- Asset manager + Agent: nearly full access to asset management and nearly full access to help desk tickets in own teams, except for the ability to edit other agents' notes, delete tickets or delete ticket attachments
- View assets: read-only access to assets
- View assets + agent 1st line: read-only access to assets and limited access to help desk tickets in own teams
- View assets + agent 2nd line: read-only access to assets and limited access to help desk tickets in own teams
- If necessary, select Add Local User or Add AD User in the Users section of the page to add a Windows user account to the page, so you can give the user a role. By default, the page lists all users that have logged into the web console, but you can manually add additional users as well.
- Assign a built-in or the custom user role you created earlier to one or more user accounts in the Users section of the page.
Alternatively, assign the role to one or more Active Directory user groups in the User Roles section of the page. The group pop-up will automatically try to compile a list of groups in your domain to choose from, but you can also manually submit a group with the format NetBIOS domain name\group name. It is recommended that you give at least one user or group full access to Lansweeper by assigning the Administrator + Agent role or a custom role that includes all permissions.
- If the user needs to be able to respond to help desk tickets, select Make Agent next to the user in the Users section of the page. You will be asked to add the user to one or more agent teams and, optionally, make the user team leader of those teams. Users can only be made agents if they have an associated Windows account, i.e. if there is an account listed in the Username column.
- Log out of the web console and then back in with your Windows user account by restarting your web browser. Verify that you have access to all Lansweeper features and menus that you need access to.
- Uncheck Allow built-in admin in the Configuration > Website Settings section of the web console to disable the Built-in Admin button in the login screen. Users will now only be able to log into the web console with their Windows user account and will only have access to the Lansweeper features and menus included in their user role.
- You've now restricted access to the web console. Optionally, disable the login screen and have your browser automatically log you in with your current Windows user account.
To do this, you first need to enable authentication in your web server settings. We have configuration instructions for IIS Express and IIS. If you're unsure which web server is hosting your console, have a look at the WebServer section of the Configuration > Website Settings section of the console.
Once you've enabled authentication in your web server settings, your browser will either prompt you for credentials or automatically log you in with your current Windows user account. This depends on your browser configuration. We have instructions for enabling or disabling login prompts in specific browsers.
Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.
