360admin v73 621040

Spector 360 Administrators Guide
Version 7.3
October 27, 2011
2011 SpectorSoft Corporation, All rights reserved.
Table of Contents
Getting Started ................................................................... 7
Spector 360 Administrators Guide......................................7 The Spector 360 Components ..............................................7 What's New in This Version ...................................................8 Deploying Manually on Windows ....................................... 51 Creating a Manual Setup File ............................................. 52 Canceling a Recorder Install/Uninstall ............................. 54 Managing Computers from Active Directory ................... 55 Adding Computers from Network Discovery ................... 58 Importing a List of Computers ........................................... 59 Finalizing the List of Computers ........................................ 61 Uninstalling the Recorder.................................................... 62 Management Options ............................................................... 64 Removing Computers .......................................................... 64 Restarting a Computer ........................................................ 64 Stop or Start Recording ...................................................... 64 Reserving a Client License .................................................. 65 Assigning a Recorder Version to Computers ................... 66 Assigning a Profile to Computers ...................................... 67 Service Polling Delay ........................................................... 68 Installing a Local Viewer ..................................................... 69 Exporting the Computer List .............................................. 70 Export Selected Computers ................................................ 72 Changing the Column Layout ............................................. 72 Manage Computer Groups ...................................................... 73 Managing Computers in Groups ........................................ 73 Add or Modify a Computer Group ..................................... 74 Setting the Default Group................................................... 75 Moving Computers into Groups ......................................... 75 Removing a Group ............................................................... 76
Using the Control Center .............................................. 10

Logging in ...............................................................................10 Navigating in the Control Center .......................................11 Control Center Home............................................................13 Control Center Toolbar.........................................................14 Control Center Menus...........................................................14 Tools: Options........................................................................17
Spector 360 Administration ........................................ 20

Managing Your Installation..................................................20 Checking for Updates ...........................................................22 Updating Your Installation ...................................................22 Deploying in a Windows Workgroup..................................23 Deploying on Multi-User Networks ....................................24 Managing Remote Computers ............................................26 Managing Branch Offices .....................................................28 Adding another Control Center or Dashboard .................31 Changing your Server Configuration .................................32 Managing Multiple Serial Numbers ....................................32
Computer/Recorder Administration ........................ 36

Manage the Computers List .....................................................36 Managing Computers ...........................................................37 How the Recorder Works .....................................................40 Deploying Recorders .................................................................42 Using the Add Computers Wizard to Deploy Recorders 42 Adding or Modifying One Computer ..................................45 Deploying to Computers in the List ...................................48 Deploying the Recorder to Macintosh ...............................50
Recording Profiles and Settings ................................ 77

Profiles ........................................................................................ 77 Managing Computer Profiles .............................................. 77 Defining a New Profile ......................................................... 78 Changing Recorder Profile Settings .................................. 79 Assigning a Profile to Computers ...................................... 81 Setting a Default Recorder Profile..................................... 82
ii
Table of Contents
Removing a Profile ................................................................83 Selecting the Profile's Recorder Version ...........................83 Initial Profile Settings ...........................................................84 How the Recorder Stores Data at a Computer ................86 Screen Snapshots ......................................................................87 Screen Snapshot Recording ................................................87 Screen Snapshot Settings ...................................................88 Snapshot System Settings ..................................................89 Snapshot Triggers and Timing............................................90 Chat/IM ........................................................................................92 Types of Chat Recorded .......................................................92 Chat/IM Settings ...................................................................94 Chat/IM System Settings ....................................................94 Email Activity ..............................................................................96 Email Activity Recording ......................................................96 Webmail Recorded ................................................................97 Email Activity Settings .........................................................98 Add or Edit an Email Filter ..................................................99 Email Filtering Rule .............................................................101 Email System Settings .......................................................102 Document Tracking .................................................................105 Document Tracking .............................................................105 Document Tracking Settings .............................................105 File Tracking Based on Drive Type ..................................107 File Tracking for Each Drive ..............................................108 Default Document Tracking ..............................................109 Document Tracking File Filter ...........................................111 Files Transferred ......................................................................111 Files Transferred Recording ..............................................111 Files Transferred Settings..................................................113 Files Transferred System Settings ...................................113 Keystrokes Typed ....................................................................114 Keystroke Recording ..........................................................114 Keystrokes Typed Settings................................................115 Keystroke System Settings ...............................................115 Keystrokes vs. Characters.................................................116
Network Activity ...................................................................... 117 Network Activity Recording .............................................. 117 Network Activity Settings ................................................. 118 Network System Settings ................................................. 120 Online Searches ...................................................................... 121 Online Search Recording ................................................... 121 Program Activity...................................................................... 122 Program Activity Recording .............................................. 122 Program Activity Settings ................................................. 122 Program System Settings ................................................. 123 User Activity ............................................................................. 124 User Activity Recording ..................................................... 124 User Activity Settings ........................................................ 124 Web Sites Visited .................................................................... 125 Web Site Recording............................................................ 125 Web Sites Visited Settings................................................ 126 Web Site System Settings ................................................ 126 Who/When to Record ............................................................. 128 When to Record .................................................................. 128 Who to Record .................................................................... 129 Keyword Alerts (Local)........................................................... 130 Keyword Alert Recording .................................................. 130 Defining a Keyword Watch List ........................................ 131 Setting up Alert Notification ............................................. 133 Formatting the Email ......................................................... 134 Advanced Alert Notification Settings .............................. 135 Importing Keywords .......................................................... 137 Exporting Keywords ........................................................... 138 Receiving Alerts in an MS Exchange Public Folder....... 138 Blocking (Local) ....................................................................... 141 Internet Blocking ................................................................ 141 Block Web Sites .................................................................. 142 Import or Export Domains to Block ................................ 143 Block Chat/IM Settings...................................................... 144 Block Internet Access ........................................................ 146 When to Block Internet Access ........................................ 148
iii
Table of Contents
Who to Block ........................................................................149 General Options .......................................................................150 Recorder Security Settings................................................150 Advanced Recorder Security Settings .............................151 Recorder Data Files.............................................................153 Application Settings ............................................................154 Advanced Application Options ..........................................156 Server Settings ....................................................................159 Client Options ......................................................................161 Record URLs .........................................................................163 Selective Recording of Program Captions ......................164 Importing a List of URLs or Programs .............................165 Exporting a List of URLs or Programs .............................166
Manage Computer Licenses ....................................... 167

Managing Computer Licenses ...........................................167 Reserve a SpectorSoft License .........................................168 Serial Number Registration ...............................................169 Adding Licenses to a Serial Number................................170 Manage Recorder Versions ....................................................171 Managing Recorder Versions ............................................171 Downloading a Recorder Update ......................................172 Assigning a Recorder Version to Computers .................173 Automatically Update the Recorder .................................174 Setting the Update Time....................................................174 Setting the Default Recorder Version..............................175
Managing Servers .......................................................... 176

Managing Servers ...............................................................176 Changing Server Credentials ............................................177 Entering the Database (SA) Password ............................179 Moving a Server ..................................................................179 Adding a Server ...................................................................181 Removing a Server .............................................................184 Control Center Server .............................................................184 How the Control Center Server Works ............................184
Control Center Server Properties .................................... 185 Control Center Server Administration ............................ 188 Data Vault Server ................................................................... 189 How the Data Vault Works ............................................... 189 Data Vault Properties......................................................... 191 Data Vault Base Path ......................................................... 193 Data Vault Administration Window ................................. 193 Primary Server ........................................................................ 194 How the Primary Server Works ....................................... 194 Primary Server Properties ................................................ 195 Primary Server Administration Window ......................... 197 Web Filtering Server............................................................... 198 How the Web Filter Server Works ................................... 198 Web Filter Server Properties ............................................ 199 Web Filter Server Administration Window ..................... 200 Web Filter Server Status ................................................... 201 Database Server ..................................................................... 202 Database Server Properties.............................................. 202 Changing the Database Computer .................................. 203 Auditing..................................................................................... 203 Viewing the Audit History ................................................. 203 Enable/Disable Auditing .................................................... 206 Audit Criteria ....................................................................... 207 Viewing Audit History by Date ......................................... 208 Viewing Audit History by Computer ................................ 210 Viewing Audit History by Component ............................. 210 Viewing Audit History by Source ..................................... 211 Viewing Audit History by Action ...................................... 212
Manage the Database ................................................... 213

Managing the Database .................................................... 213 Moving the Database ......................................................... 213 Moving the File Storage Location .................................... 215 Databases ................................................................................. 216 Viewing the Databases ...................................................... 216 Tracing Recorded Data ...................................................... 217
iv
Table of Contents
Viewing Database Statistics ..............................................218 Viewing Database History..................................................220 Database Backup, Archive, Restore .....................................221 Managing Database Backups ............................................221 Creating a Full Backup .......................................................223 Creating a Differential Backup..........................................223 Archiving a Database .........................................................224 Restoring a Backup .............................................................225 Browsing for a Restore Folder ..........................................226 Full Restore Steps ...............................................................227 Restoring an Archived Database ......................................228 Deleting a Backup ...............................................................229 Database Jobs ..........................................................................229 Managing Database Jobs ...................................................229 Scheduling Database Jobs .................................................232 Viewing Job History ............................................................233 Monitoring Job Status ........................................................234 Database Configuration ..........................................................234 Managing Database Configuration ...................................234 Database Space Management ..........................................237 Deleting Event Data............................................................240 File Storage Location ..........................................................242 Database Logins.......................................................................243 Managing Database Logins ...............................................243 Login Roles and Types .......................................................244 Defining a Login Account ...................................................247 Browse for Users .................................................................251 Database Authentication Methods ...................................252 Copying a Login Profile ......................................................252 Changing an SQL Server Password .................................253 Deleting a Login Account ...................................................254 Database Support ....................................................................255 Database Support ...............................................................255 Configuring Database Support .........................................256 Viewing a Database Script ................................................256
Managing Web Filtering .............................................. 256

Getting Started with Web Filtering ................................. 257 Web Filtering Summary .................................................... 260 Editing the "Blocked" Message ........................................ 261 Filtering Rules .......................................................................... 262 Managing Filtering Rules ................................................... 262 New Rule Wizard ................................................................ 264 Defining a Filtering Rule.................................................... 265 Finding a Filtering Rule...................................................... 268 Testing the Filtering Rules ................................................ 270 Adding a New User ............................................................. 271 Adding a User Group ......................................................... 272 Categories / Category Groups .............................................. 273 Web Filtering Categories ................................................... 273 System Categories ............................................................. 275 Defining a Custom Category ............................................ 276 Importing Domains to a Category .................................. 278 Web Filtering Category Groups........................................ 279 Defining a Category Group ............................................... 280
Managing Event Alerts ................................................. 281

Managing Alert Profiles...................................................... 283 Provided Alert Profiles ....................................................... 284 Defining an Alert Profile .................................................... 286 Alert "What" Conditions .................................................... 289 Managing Alert Operators ................................................. 291 Defining an Alert Operator ............................................... 292 Managing Keyword Groups ............................................... 292 Provided Alert Profiles ....................................................... 294 Defining a Keyword Group................................................ 295 Importing Keywords and Groups .................................... 296 Exporting Keyword Groups ............................................... 298 Alert Email Configuration .................................................. 299 Printing Event Alerts .......................................................... 300
Time Profiles .................................................................... 302
Table of Contents
Managing Time Profiles ......................................................302 Defining a Time Profile .......................................................303
Developer Tools .............................................................. 304

A Simple API to the Database ..........................................304 Snapshot Export Control....................................................312
Using a Test Database....................................................... 339 Checking the Progress of Recorded Data ...................... 340 Database Connection and Compatibility ........................ 341 Recovering the SA Password............................................ 341 Centralized Alerts Troubleshooting ................................. 342
Troubleshooting ............................................................. 315

Troubleshooting ...................................................................315 Contacting Technical Support ...........................................316 Viewing the Control Center Log .......................................317 Recorder Installation ...............................................................318 Troubleshooting Recorder Installation ............................318 Recorder Requirements .....................................................321 Running Diagnostics ...........................................................322 Manual Uninstall Cleanup ..................................................326 Viewing a Recorder Log File ..............................................326 Viewing the Client Bootstrap Log File .............................328 Uninstalling the Client Bootstrap Service .......................328 Enable File and Printer Sharing ........................................329 Enable Remote Registry Service ......................................329 Enable Administrative C$ Share.......................................330
SpectorSoft Information ............................................. 345

Contact Us ........................................................................... 345 Copyrights and Trademarks ............................................. 345
Index ................................................................................... 347
Troubleshooting Recording ....................................... 331

File Transfer Recording ......................................................331 Document Tracking .............................................................331 Chat/IM Recording ..............................................................332 Email Recording...................................................................333 Network Activity Recording ...............................................334 Web Site Recording ............................................................334 Program Activity Recording...............................................335 Troubleshooting Servers ........................................................336 Troubleshooting Servers ....................................................336 Viewing the Server Log File ..............................................337 Download the Setup Program ...........................................338 IP Address and Listening Port...........................................338 Troubleshooting the Database ..............................................339
vi
Getting Started
Spector 360 Administrators Guide

Spector 360 records user activity allowing you to determine where productivity, non-productivity and breaches in security, compliance, or ethics are occurring across your network. This Administrator's Guide describes configuration and management of the Spector 360 Recorders, Servers, Database, and Alert and Filtering Policies from a centralized Control Center. For help on viewing and reporting on recorded activity, refer to the Spector 360 Dashboard Guide.
The Spector 360 Components

Spector 360 relies on hidden Recorder software, a set of Server Components, a SQL Server Database instance, and the Control Center and Dashboard applications.
Spector 360 Recorder

Hidden Recorder software on each computer automatically runs whenever the computer is on, taking screen snapshots and capturing email, keystrokes, web sites visited, and nearly all other activity. The Recorder automatically uploads its recorded data files (containing "event" records) to the Data Vault Server at regular intervals. See Tracing Recorded Data.
What Kind of Help Do You Need?
How Spector 360 Works

Learn about the various components and how they work together.
Deploying Spector 360 Recorders

Begin recording network computers. See the Spector 360
Deployment Guide for step-by-step instructions.
Expanding or Updating Your Installation

Help for managing and upgrading your Spector 360 installation, such as recording remote employees and Spector 360 deployment from Active Directory.
Server Components
Server components are Windows services installed at a central location that communicate with the Recorders. Manage the Servers from the Control Center application. Primary Server - Communicates with Recorders to provide licensing and software updates. Control Center Server - Communicates with network computers to handle configuration and installation of the Recorder from the Control Center. Data Vault Server - Receives data from Recorders across the network to process and insert into the Spector 360 Database. The
Setting up Web Filtering

Define centralized rules to block or allow Internet access.
Setting up Event Alerts

Create conditions for notifying the appropriate person when inappropriate activity occurs.
Troubleshooting
Take steps to solve configuration and recording problems.
Contact Information
Contact SpectorSoft Sales or Technical Support.
What's New in This Version
Data Vault sends Email Attachment and Screen Snapshot files to the File Storage folder. Web Filter Server - OPTIONAL. Recorded computers query the Web Filter Server before accessing the Internet, and the Server applies Web Filtering rules from the Database. Database Server - The Spector 360 SQL Server instance allows the Dashboard and Control Center to access and query the database.

Version 7.3 of Spector 360 introduces:
General enhancements
Setup - Easier Setup of Spector 360 server components. For larger networks, the ability to deploy multiple Web Filtering and Data Vault Servers at one installation.
Database & File Storage

The Spector 360 Database is a SQL Server instance that stores and retrieves recorded activity, Web Filtering data and Event Alert rules, and other Spector 360 configuration information. Spector 360 uses Microsoft SQL Server 2005 Express or Standard edition as its database management system. The File Storage Location, external to the Database (by default located at C:\Spector360Data on the Data Vault computer), stores Email Attachment and Screen Snapshot files associated with event data in the Database.
Filter Across Platforms - Apply centralized Web Filtering to all computers (Windows and Mac) on the network. Alert Across Platforms - Set up centralized, server-based Event Alerts for all computers (Windows and Mac) based on conditions specified in Alert Profiles. In addition, the Mac Recorder now generates client-side email alerts based on keyword matches captured at the client computer.
Auditing - Organizations that need to audit their trusted users of the Control Center can turn on Auditing in the Control Center Servers section. Auditing captures all commands issued from a Control Center application, stores them in the Database, and allows filtering for viewing and reporting in an Audit History section of Servers.
Control Center Application

The Spector 360 Control Center manages monitored computers, servers, and the database. One Control Center is installed on the database computer for management purposes. Multiple Control Centers can be installed to allow various users to manage Spector 360 recording. All Control Centers communicate a centralized CCS.
Client Recorder enhancements
Manage Client Uploads - Manage bandwidth issues by scheduling client data delivery to the Data Vault within the Recorder profile. Watch for Program Name - Receive immediate email notification from the client computer if a specific program or file was opened. Custom Client-Side Keyword Alert Messages - Receive immediate email notification, with a customized message, from a recorded Windows or Mac computer when a keyword (client-side) is detected in computer activity.
Dashboard Application
The Spector 360 Dashboard application allows managers to view and report on computer activity. A Dashboard can query the Spector 360 Database by date, time, user, computer, and other event criteria. Multiple Dashboards can be installed. See the Spector 360 Dashboard Guide for instructions on using the Dashboard.
Enhanced Mac Support - Added support for Mac recording includes:
Support for Macintosh "Lion" operating systems. Email - Email Filtering to limit recording of email at a computer. Keystrokes - Supports password masking - Do Not Capture Passwords - to protect the security of important password. Document Tracking - Now tracks Printed Documents on all computers, showing each document printed, in addition to tracking files by drive types. Keyword Alerts - Email notification via any Direct SMTP or Relay SMTP mail server (that does not use TLS) you can access. Process Server Keyword List - Include all words from Web Filtering Categories in enabled Web Filtering rules as part of the client-side Keyword Alerts.
Server Web Filtering - Turn on centralized Web Filtering for Mac computers. Data Vault "Push" Schedule - Set a time and duration for the Recorder to attempt uploads to the Data Vault.
Dashboard enhancements
Additional data will be available in all views from recorded Macintosh computers. The ability to query the database by Web Filtering Categories now covers all computers (Windows and Mac)
Using the Control Center
Logging in
When you open the Control Center application (Start > All Programs > Spector 360 > Spector 360 Control Center), a Login prompt appears. Although some Control Center features require that you log in to the Spector 360 Database, management of Computers, Recorders, and/or Servers does NOT require database login.
To log in to the Database:

1. Select a method of Authentication: SQL - Choose SQL to log in to an SQL Server account. A Login Name and Password will be required. If no other Spector 360 accounts have been defined, you MUST log in as SA (System Administrator) user, using the SA password defined during Database installation.
Windows - Choose Windows to log in to a Dashboard account that uses the current Windows authentication. If the current Windows login has been setup as a Database login, simply click the Login button. Do not enter a Login Name or Password (see Click Cancel to cancel opening the program and close the login window. Authentication Methods for more).
To start without logging in:

Click Skip. Confirm opening without database access. Click OK at the message warning that you will not have access to the Database. Click Cancel to return to the Login panel. When you click OK, the application opens; the Home, Computers and Servers tools appear, but no others.
An error message appears if the Control Center application cannot access the Control Center Server (CCS).
2.
Next to Database, select the Spector 360 SQL Server instance. Enter the SQL Server instance, computer\SPECTOR360, where computer is the Windows name of the computer where the Database is installed. If necessary, click the down arrow to display and select from a list of SQL Server instances.
3.
Next to Login, enter your SQL Login name. SQL authentication only. SQL Server login is not case sensitive. Use SA to log in as System Administrator. Leave this field blank if you are using Windows authentication.
10
Navigating in the Control Center
4.
Next to Password, enter your SQL Password. SQL authentication only. If you are logging in as SA, this password was defined during Spector 360 Setup. Leave this blank if you are using Windows authentication.

The Control Center presents a Task Navigation pane in the left pane and information in the right. If your Spector 360 installation is new, the right pane is empty in some cases.
6.
Click the Login button.

If the login fails, a message appears: "Unable to establish database connection" with the failed login information. Make sure the Control Center has direct network access to the Database, the Database computer is up and running, and the Database you are trying to access is compatible.
To navigate in the Control Center:

Use the left Task Navigation pane to display information and perform tasks.
To change the current login:

1. 2. From the Control Center menu bar, select Tools > Change Database. The Login panel appears. Enter login information for the other user, using SQL Server authentication. For Windows authentication, you would need to log out of Windows and log in under the approved account. 3. Click Login and wait for the Control Center to reload.
To change the Database instance:

You can direct the Control Center session to connect to a different database. The database must be compatible with the currently installed Control Center. 1. 2. Open the Control Center Tools menu and select Change Database. The above Login panel appears. Select a Spector 360 SQL Server instance. Click the arrow to display a drop-down list. Each database instance has the name computer\SPECTOR 360, where computer is the name of the machine on which the database is installed. 3. Log in using either Windows or SQL authentication and click OK. 1. Select a tool. Click a large tool button tool button in the lower left pane, or open the Tools menu (Alt+T) at the top of the window and select a tool.
11
To hide tool buttons in the lower pane:

If you are not using all tools for example, you work only with Computers you can "hide" the buttons in the lower left pane and free up screen real estate. 2. Select a category (if applicable). Select a category bar from the upper left Task Navigation pane. Clicking the bar opens a set of tasks in the left pane and a view of information in the right pane. You can also select the View menu (Alt+V) to switch to one of the other Task categories in the current tool.
Click on and drag the pane divider bar just above the Home (or top) tool button. As you drag down, tool buttons are removed from the tools area and appear as icons below.
3.
Select a task and/or view information. Select a task to perform in the left pane, or view the information in the right pane. Scroll down the Task Navigation pane to see all task items. You can also use the toolbar, the menus, or right-click in the right pane and select tasks from a pop-up menu.
OR - Click the >> button below the tools and select Show Fewer
Buttons. The bottom button is removed. Select Show More Buttons

to add each tool back into the lower left pane.
12
Control Center Home
To hide the Task Navigation pane:

All functions are available from the Control Center toolbar or the menus. For more screen real estate, you can close (hide) the left Task Navigation pane altogether.
Control Center Home

The Home tool helps you stay informed and keep your Spector 360 installation up-to-date. Select the Home tool from the tool buttons in the Task Navigation pane or from the Tools menu.
Click the X button in the upper right corner of the pane - OR Select View > Navigation Pane from the menu bar to show or hide the Navigation Pane. Check the item to "show," and clear the item to "hide" the pane.
To access Home features:

Use the right pane to view or download news about SpectorSoft, product updates, and tips for using SpectorSoft products.
To rearrange the tools:

Drag and drop the tool buttons to a new position. To return to the default arrangement, open the Tools menu and select Reset Navigation Bar. A prompt asks if you wish to return to the default arrangement; click OK. All tools appear in their original order in the navigation pane.
Select Check for Spector 360 Updates from the Task Navigation pane - OR - Click Check for Updates on the toolbar - OR Select Help > Check for Updates from the menu bar. More...
Contact SpectorSoft Technical Support: Select Contact SpectorSoft from the Task Navigation pane - OR Click Contact SpectorSoft on the toolbar - OR Select Help > Contact Technical Support from the menu bar. More...
For other Control Center functions: Select other buttons in the lower left Navigation pane.
13
Control Center Toolbar
Control Center Toolbar

The toolbar at the top of the Control Center window provides basic functions offered by the tool and task category you are currently using.
Control Center Menus

A menu bar at the top of the Control Center window provides commands. Each menu differs based on the currently selected tool and task group. Keyboard control combinations are listed next to the command where applicable. Otherwise, use the Alt key plus underlined keys (or arrow keys and Enter).
Buttons common to several task categories are:
Home - Click to return to the "Home" page of the Control Center,

where you can update or read the latest information about Spector 360.
File menu:
New Add Group Open the form to add a new item appropriate to the task category. Manage Computers. Open a box where you can specify the name of a new computer group. Event Alerts. Import Keywords and Groups from a text file. Event Alerts. Exports a Keyword Group. Manage Computers. Export the entire Computers list. Manage Computers. Export selections from the Computers list. Manage Recorder Versions. Check for and download a Recorder software update. Manage Database Backup and Restore Create a Differential Backup. Create a Full Backup. Backups Restore Databases Browse for Restore Folder Databases. Archive the selected, full STORAGE database. Databases. Restore the selected, archived STORAGE database.
Back - Click the left-arrow button (enabled if you have move to a new
Control Center tool or task category) to step back through your viewing history.
Forward - Click the right-arrow button, available if you have gone

"back," to step forward through your viewing history.
Import Export Export List Export Selected Check for Updates Backup
New - Click to create a new item in this task category. Modify - Click to edit settings for the currently selected item or items. Delete - Click to delete the selected item or items after confirmation. Refresh - Click to update the display with your latest changes or the
latest data.
Refer to the section of Help for each Control Center view. For example, Manage Filtering Rules provides extensive toolbar options.
Restore
Archive Archive Restore
14
Exit (Alt+F4)
Close the Control Center window. Set Default Profile Open a form that allows changing the selected item. Delete the selected item(s) after confirmation. Manage Computers. Move the select computer(s) to a new computer group. Manage Computers. Assign a profile to selected computers or groups. Manage Computers. Assign a Recorder version to selected computers or groups. Manage Computers. Set the time to apply automatic Recorder Version updates. Manage Computers. Start recording on selected computers or groups where recording has been stopped. Manage Computers. Stop recording selected computers or groups where recording is currently on. Manage Computers. Install the Recorder on selected computers or groups. Manage Computers. Remove the Recorder from selected computers or groups. Manage Computers. Remove the scheduled install task from the selected computers or groups. Manage Computers (Groups). Makes the selected computer group the "Default" Disable / Enable
to which new computers will be added. Manage Recording Profiles. Select the Recorder Profile to be used as the default for Recorder installations. Manage Computer Licenses. Open the serial number registration page. Web Filtering. Move a rule down in the priority list. Web Filtering. Move a rule up in the priority list. Web Filtering. Change the rule to "ALLOW" rather than "BLOCK" the specified domains or vice versa. Web Filtering. Disable or enable the selected filtering rule.
Edit menu:
Modify Delete (Del) Move to Group
Register Move Down Move Up Allow / Block
Assign Profile Assign Recorder Version Set Update Time
Start Recording
View menu:
Show Recordings Go Home Go Back Go Forward Recordings. View activity for the currently selected User or Computer. Go to the Control Center Home page. Go to the previously visited Control Center tool or task category. Go to the next Control Center tool or task category in the browse history (after using "Go Back"). Show (checked) or hide (unchecked) the toolbar at the top of the window. Show (checked) or hide (unchecked) the left Navigation Pane. Go to another task category for the Computers tool.
Stop Recording
Install Recorder Uninstall Recorder
Toolbar Navigation Pane Computer views
Cancel the Recorder Install/Uninstall Set Default Group
15
Database views Web Filtering views Event Alerts views Recorder Log File Bootstrap Log File Groups
Go to another task category for the Database tool. Go to another task category for the Web Filtering tool. Go to another task category for the Event Alerts tools. Manage Computers. View the Log file for a selected computer where the Recorder is installed. Manage Computers. View the Bootstrap Log file, which is only available while the Recorder is being installed. Manage Computers. Switch to a view of Groups only and back to all Computers. TIP: Use the spacebar to "open" and "close" a view of computers within the currently selected group. Manage Computers. Arrange the Computers list columns for the Computers and Group view. Manage Database Backup and Restore. View backup history for the selected Database. Manage Database Backup and Restore. View statistics for the selected DATA VAULT or STORAGE Database. Manage Database Jobs. View a history of the selected job. Manage Database Jobs. Open a window that shows progress of current Database job. Manage Database Configuration. Enable and configure automatic Space Management for the Database.
Database Settings
Manage Database Configuration. Modify Database settings, such as data location, archive location, and copy snapshots with backup/restore. Manage Database Configuration. Define a share for Spector 360 File Storage folder to be used by all Dashboard logins Update the view with the latest information.
File Storage Location Refresh (F5)
Tools menu:
Control Center tools Change Database Options Go to another tool. Select a different Spector 360 database instance or log in as a different user. Open a dialog box of general settings.
Column Layout History Statistics
Window menu:
Switch between the main Spector 360 Control Center window and any other open Control Center window. Only the currently selected Control Center view appears if no other windows are open.
Help menu:
Online Manual Contact Technical Support Access Knowledge Base Give us your Open a web-based version of this guide. Open the SpectorSoft Technical Support Home page. Open the SpectorSoft Knowledge base web site and search or browse for answers to questions that may not be provided in this guide. Open the SpectorSoft Feedback web page on
View History Monitor Job Status Space Management
16
Tools: Options
Suggestions Technical Support Diagnostics Check for Updates
the Internet, where you can tell us what you think about Spector 360. View the Control Center log file.
Tools: Options
To change general Control Center settings, select Tools > Options.
If connected to the Internet, check the SpectorSoft downloads site for the latest version of Spector 360 available. You will be prompted to download if your installed version of Spector 360 is not the latest. Displays Spector 360 version information, including the Control Center version and version of each database.
About
Database Settings:
Database Query Time Out - Database Login Only. By default, a

database query from the Dashboard (or Control Center) will time out after 300 seconds have elapsed. A time out will occur when the database is not found or when extensive data has been requested, many users are making requests, and the query could not be completed in the given time. Raise the time-out period to accommodate a slow network or many Dashboard users querying the database at the same time. Use the up arrow to increase the time and the down arrow to decrease the time, in seconds.
17
Tools: Options
Display Serial Number - Database Login Only. SET THIS OPTION

BEFORE RECORDING DATA. Changing this option may make previously recorded data inaccessible from the Dashboard. A warning message will appear; click Yes to continue or No to cancel. Check this option to add a serial number field to Dashboard displays (Users and Computers Management, Detailed Reports, Data Explorer, and User Explorer). This option is useful for managing multiple serial numbers. Serial numbers will appear for each user or computer only when the Spector 360 Recorder is set to capture them; otherwise the field is blank. By default, this option is cleared and the field does not appear.
to change this setting. Be aware that frequent refreshing on a large network can affect performance.
Show Control Center features for - By default you will see options
for Windows OS and Mac OS platforms. If you are monitoring only one or the other platform, you can clear the one you don't need, and that OS choice won't appear for Profile and Recorder assignments.
Use Verbose Logging - Check this option to increase the detail of

information captured Control Center log file. Clear this option (default) to use normal logging level. Verbose logging can result in very large log files (tens of megabytes per day) and should only be enabled to aid in troubleshooting. Note that the log file size is affected by how often the CCS refreshes computer data and how much activity is taking place in the Manage Computer list. Using a frequent autorefresh can create a large log file. If the Recorder fails to check in with the CCS for more than 3 days (by default), the CCS will begin "polling" the network for the presence of the Client Service. The computer eventually will be become "not detected" in the Computers list. When you know that a computer (such as a laptop) will leave the network for a number of days, you can delay the time period after which the CCS begins polling for the Client Service. See Modify a Computer.
Use Codepage Conversions - Check this option to convert all

characters displayed in the Dashboard to the local codepage. This is useful for viewing activity in non-western European languages.
Enable Auditing - Check to turn on logging of Control Center activity

by Control Center users. View the audit data from Servers > Auditing.
Global Settings:
Control Center Server - Name of the computer where the Control

Center Server (CCS) is installed.
Communications Port - Port where the CCS computer listens for and
receives information.
Enable Automatic Refresh of Views - Check this option (default) to

automatically update computer information and recording status in the Manage Computers list. Clear this option to perform a refresh of the list only when opening the list, modifying the list, or by pressing
Manage Computer Settings:
Highlight past-due Client Check-Ins - Check this option to highlight computers in the Manage Computers list where the Client Recorder has failed to check in with the CCS at the scheduled time. Clear to turn off highlighting. Highlight if more than - When highlighting of past-due client check-ins is ON, this option sets the amount of time to wait after
Refresh on the toolbar (F5). Automatically Refresh every . . . minutes - When Automatic Refresh is ON, this option sets the interval of time at which to refresh. The default is 5 minutes. Use the arrows or type a number
18
Tools: Options
the check-in was due before highlighting the computer in the list. The default is 1 hour: if the client fails to check in one hour following the scheduled time (and when the CCS refreshes the list), the computer is highlighted. Use the arrows or type a value from 1 to 720 to change this setting.
Highlight past-due Recorder Installs/Uninstalls - Check this option (default) to highlight computers where a Recorder has not been installed or uninstalled at the scheduled time. Clear this option to turn off highlighting of these past-due tasks.
Highlight if more than . . . minutes - When highlighting of pastdue install/uninstall tasks is ON, this option sets the amount of time after the scheduled task before highlighting is enabled in the Computers list. The default is 15 minutes: if the task fails to complete 15 minutes following the scheduled time (and when the CCS refreshes the list), the computer is highlighted. Use the arrows or type a value from 1 to 1440 to change this setting. Click OK to save your changes in the Spector 360 Control Center Options and close the dialog box.
19
Spector 360 Administration
Managing Your Installation

When Spector 360 Servers and Recorders are fully deployed, activity on network computers is automatically recorded. Within minutes, Dashboard users will be able to view activity in summary charts and detailed reports. Spector 360 continues to run without requiring further adjustment; however, a Spector 360 Administrator will need to perform a few ongoing tasks.
Request automatic updates, or assign updated versions to selected computers or groups. Refer to:
Automatically update the Recorder. Let Spector 360 update all

Recorders for you. A Recorder Configuration setting in Add Computers and in Modify Computer allows you to select automatic Recorder Version updates. As soon as a new Recorder version is downloaded, it is assigned to and installed on computers.
To manage the Spector 360 Installation:
Use Active Directory to maintain a computer list. You can

synchronize your Manage Computers list with Active Directory so that computers are automatically added and removed from the list.
Upgrade your Spector 360 installation. When an update is

available, SpectorSoft will notify you. Simply install the update over your existing components. Be sure to reinstall all components and update the Recorders.
Use Active Directory to install the Recorder. When a new

computer is added to the list via Active Directory, you can automatically install the Recorder on it
Monitor Server and Recorder communication. All Spector 360

Servers must be running and communicating for activity recording and web filtering to continue. You may find a need to stop and start a Server, move a component to a different computer, or troubleshoot communication issues. Server "listen" port settings and account credentials are important! Refer to Managing Servers.
Manage computers in "groups." Managing Recorder settings and updates is easier when you group computers according to department, purpose, or risk level. You can install, upgrade, or reconfigure the Recorders on all computers in a group at once. Refer to Managing Computers in Groups.
Change Recorder settings from the Control Center. Each Recorder is configured with a "profile" that determines what and who is recorded, and whether or not centralized Web Filtering is enabled. Adjust profile settings from the Control Center. The change affects all computers using the profile.
To manage recording of network computers:
Install the Recorder. Use the easy Add Computers wizard to acquire a list of computers on your network from Active Directory, from Network Discovery, by importing a list, or by simply typing in computer names. The same wizard allows you to set the configuration and schedule the computers for automatic Spector 360 Recorder installation. At any time, add more computers and Recorder installations to your network.
To manage Mac computers:
Add Computers. Add Mac computers to your Control Center list just as you do Windows computers, but make sure you specify the "Mac" platform for these computers. The Recorder software version and profiles will be different, based on OS.
Update the Recorder version. Keep Spector 360 running stealthily and smoothly by downloading up-to-date Recorder versions.
20
Managing Your Installation
Use manual setup to install a Mac Recorder. For this version of Spector 360, use the Control Center to build a Manual Setup file containing the Recorder Version and Profile you want to use, and then run the setup file at Mac computers.
To manage the Databases:
Set up automatic Space Management. As data accumulates in the Spector 360 Database, it's critical to manage disk space and plan for restoring data if a problem occurs. By default, a Full Backup runs every week and a Differential Backup runs every night. Remove extra Backups to preserve disk space and maintain a Backup set on a DIFFERENT computer in case something happens to the Database computer.
Use normal procedures to manage the Mac Recorder. You can

change a Mac's recording settings, update the Recorder version and uninstall the Recorder from the Control Center. Monitor Mac activity along with Windows activity from the Dashboard.
To manage users:
Track database performance and database jobs. Performance may become an issue as your installation grows. You can adjust the frequency with which certain events are processed and control scheduling of Database jobs. Fine-tuning Database can improve performance in Dashboard queries and Web Filtering.
Set up controlled access to Spector 360. Each Dashboard and

Control Center user account can have limited access to users, event types, and/or "tools." Define roles for users who view user activity as opposed to those who set up Web Filtering or handle Database issues.
Apply a Dashboard "Profile" to user accounts. Give users the same Dashboard profile (groups, default criteria, and report formats) to facilitate training, troubleshooting, and standardized reports. Refer to Copying a Login Profile.
Manage the File Storage Location. Set up File Storage shares so

that Dashboard users can access Screen Snapshots and Email Attachments without compromising security.
To manage Web Filtering:
Set up a Web Filtering policy. A user with permission can set up

centralized Web Filtering policy from either the Dashboard or the Control Center. This involves creating rules to block or allow access to web domains, if necessary by users or by time.
To manage Event Alerts:
Set up Event Alert Profiles. Center. Specify words or groups of

words to watch for, who to watch, when to watch, what to watch, and to whom to send email notification when alert conditions are met.
21
Checking for Updates
Checking for Updates

SpectorSoft will notify the contact at your organization of software updates to Spector 360 Server components (including the Control Center) via email. If your computer is connected to the Internet, you can check for updates at any time. To check for Spector 360 Recorder updates, see Managing Recorder Versions.
Updating Your Installation

When you are ready to update your Spector 360 installation, follow these general steps. The Spector 360 Deployment Guide provides detailed instructions for updating each component.
Copy a Full Backup set of your Spector 360 Database to a separate, non-default location BEFORE you update. The update will NOT write over the data, but if something unexpected happens, the latest data will be available.
To download Spector 360 updates:

1. Select the Home tool and Check for Spector 360 Updates - or Click the Check for Updates button on the toolbar - or Select Help and select Check for Updates from the menu bar. If an update is not available, click OK at the message that appears. 2. If an update more recent than your current installation is available, a message appears displaying the new version and asking if you want to download it. Click Yes to continue. 3. At the SpectorSoft Download page, choose a method for downloading and running the Setup program. In any method, all installed components are detected and updated.
To update the Recorder:

Recorder updates are available more frequently than Server updates and provide the latest technology for capturing Webmail, Chat/IM and other activity. Refer to Recording >Manage Recorder Versions.
To update Web Filtering Categories:

Updates to Web Filtering categories occur automatically. Periodically, the Spector Job Agent contacts SpectorSoft to request and download small files and add them to the Spector 360 Database.
Online Installation Run the Setup program directly from the Internet link; use only if you have plenty of network / Internet bandwidth.
To update your Spector 360 Servers and Applications:

1. 2. 3. Copy your latest Full Backup folder to a separate location. If you have not done so, download the Spector 360 update. At the Database computer, run the Spector 360 Setup update program using the Reinstall option to upgrade all components. Direct each Server installation to the correct computer. 4. 5. 6. Run the Setup program separately (Component Install) to reinstall all Control Center and Dashboard applications. Assign the latest Recorder Version to all computers. Use the Control Center to verify Server communication and account credentials.
Download Compressed Install File Download a compressed, self-extracting .exe file. Once the Setup file is downloaded, execute it to update your installation.
Download CD Image Download a CD image file (.iso format) of the Spector 360 installation CD. Burn the CD image to media, and use the CD's Setup file to update Spector 360 components on any computer. This option is useful when you have distributed components and do not want to use Internet bandwidth.
22
Deploying in a Windows Workgroup
Deploying in a Windows Workgroup

Spector 360 was designed for domain networks, but it's possible to configure a Windows Workgroup for Spector 360 management. Because the Control Center and CCS require administrator privileges on each network computer, you may need to define THE SAME Local Administrator User at each workstation. In addition, check each computer's network and security policy settings. Follow the steps below and consult your Windows operating system Help for complete details.
Use a manual installation of the Spector 360 Recorder for computers on a workgroup.
The admin005 account is a local administrator on each computer.
To prepare computers for Spector 360 management:

At each computer, log on as local administrator (the primary) user: 1. Set up a common local administrator account. Use the Windows Control Panel > User Accounts to add a new user account. Grant this user Administrator level of access. Create an identical account (same user name and password) at each computer. This account will give Spector 360 access to each computer. 2. Make sure each computer belongs to the correct workgroup. Use Control Panel > System at each computer to view the current workgroup setting. If necessary, change settings so that this computer is a member of the same workgroup as the others. 4. 3. Change the security policy to allow user authentication. If a Guest Login prompt appears when you attempt to access a network computer, the Control Center wont be able to log on as administrator. Change the Local Security Policy at each computer to prevent this from happening. Check your operating system help; the steps may be: Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options > Network access: Sharing and security for local accounts. Enable this setting for local security: Classic local users authenticate as themselves. Restart the computer.
23
Deploying on Multi-User Networks
To make sure Servers operate under the common Administrator:

From the Spector 360 Control Center, select Servers and Modify the Properties for each installed Server to use a Network Account that is the common local administrator account ("admin005") defined at each computer. See Changing Server Credentials. It does NOT matter which user is logged in to a computer at any given time, as long as the common ("admin005") account exists in the local administrators group.

Spector 360 behaves on a multi-user network as it would on a Windows Network. Multi-user networks include Citrix, Novell, or Windows Terminal Services. The biggest potential problem is an underlying Windows Network that isnt configured properly. If all users are simply assigned a common Windows account, issues could arise in managing the Spector 360 Recorders from the Control Center and viewing data from the Dashboard. Aside from this one potential issue, the Recorder captures and delivers recordings normally on both a multi-user Server and a Domain.
SpectorSoft requires Citrix and Terminal Services customers to purchase a license for each user who will be logging in to the server.
To deploy the Recorder:

In a workgroup, use procedures to deploy all Recorders "manually," at the computer. 1. Add computers to the Control Center. Follow the instructions in Adding Computers (Wizard). Use the Workgroup in the Domain field. The Control Center may alert you that the domain does not appear on the network. Click Yes to add the computer anyway. 2. Create a Manual Setup file to deploy to workstations. Follow instructions in Installing Manually on Windows to create an installation file. You can use the same install file on all Windows computers. To create an install file for a Macintosh, follow instructions in Deploying the Recorder to Macintosh.
If computer users log on to:
A workgroup - Spector 360 behaves exactly as if it were in a

Windows Workgroup environment. This means that credentials to install Recorders are an issue. See Deploying in Windows
Workgroup. Make sure the Control Center Server (CCS) runs under an
Administrator account common to all workstations.
A domain - Spector 360 behaves as it would on a Windows Domain

Network. Make sure the CCS runs as domain administrator or equivalent before you attempt to deploy the Recorder.
A common Windows account - If all users are assigned a common

Windows account, the Control Center will have issues managing the individual computers. Spector 360 is more useful if each user has his or her own login account.
To record Published Applications:

A Recorder will capture sessions directly from a Terminal Server (Microsoft Remote Desktop) or Citrix server where either Full Desktop or "Published Applications" are used. No special procedures
24
are required to capture Full Desktop. Follow these steps to capture Published Applications. 1. 2. 3. Select General Options > Client Options. Check Enable Alternative Shell Support. Click Edit to open a box where you can specify the alternate shell that is launched when a user requests a Citrix or Terminal Server published application. NOTE: Clear this option to record applications running under the normal Windows shell.
A Recorder installed on the Citrix or Terminal server is NOT able to record applications installed and running on the local workstation.
To record local application activity workstations:

Install a Recorder on each workstation in addition to the server if you need to capture local activity. For example, web surfing from the local Internet Explorer would not be captured by a Recorder on the server. Depending on your network, use the Control Center to deploy to all computers remotely, or create a Manual Setup file to execute at each computer
To view and manage recorded data:

All recorded data is stored by user name in the Database. Use the Dashboard to view data. 4. Enter the alternative shell name: wfshell.exe - Citrix Server rdpshell.exe - Windows Terminal Server Click OK to set the alternate shell name. More... 5. List all computers in the Control Center, and assign a Recorder Profile with this setting to computers.
The Recorder records each activity under the login name of the user who performed the activity. This means the Recorder will capture email, web sites visited, keystrokes, and all other activities for DOMAIN\SALLY, DOMAIN\PETER and DOMAIN\JIM as they use the terminal services, even when activity occurs simultaneously.
The data recorded and stored is accessible for viewing by user and "by computer." other criteria in the Dashboard. Keep an eye on performance and usage. The more users who connect and are recorded, the more difficult it becomes for the Recorder to take Screen Snapshots for each user every 30 seconds. Use Recorder Profile settings to reduce frequency of (or disable) Screen Snapshots, or consider disabling other activity recording.
To record server application activity:

Install a Recorder on the server, using normal Recorder installation procedures. If the Spector 360 Server Components also reside on the server, be sure to install the Client Recorder AFTER Server Components are installed (you will need to remove this Recorder before upgrading Server Components).
25
Managing Remote Computers

To monitor computers that leave the network or operate from a remote location, you need to provide a path for the Recorder to communicate with the Servers. Once communication is established, the Recorder sends data to the central Data Vault Server, requests Internet access from the Web Filter Server, requests licensing from the Primary Server, and is managed and updated by the Control Center Server (CCS). Two methods are possible:
To set up the Recorder for a VPN connection:

1. Add the remote computer to the Control Center. It is detected when connected via VPN. Assign a profile with the same Server Settings used by local network computers. 2. Schedule the installation. When the VPN connection is active, the installation is delivered. A VPN connection allows communication with a remote computer as if it were local, providing:
The computer connects to the Servers via VPN. When the remote user connects via VPN to the network where Server Components are accessible, the computer is essentially on the same network. No different from local clients, the computer secretly delivers its recorded data and receives instructions while connected via VPN. The CCS has no trouble communicating with and managing the Recorder.
Secure access to Servers and Database at the central location. Ability to install, configure and manage the Recorder from a remote Control Center. Direct contact of the remote Recorder with the Primary Server. Direct delivery of recorded data to the central Data Vault server. Centralized Web Filtering provided by the Web Filter Server (WFS).
The computer connects to the Servers via Internet connection. When a computer connects to a static, external IP address on the network where Servers are accessible, the necessary ports must be forwarded and open to traffic. The Recorder uses its Server Settings to deliver data to the central Data Vault and receives Web Filtering from the WFS over the "raw" Internet connection. However, the CCS will NOT be able to identify or manage the remote Recorder. If that remote computer itself is configured to communicate via a static IP address, you can add the computer's IP address to your Server side DNS or host file to provide name resolution. The Control Center will then be able to fully manage the Recorder.
Opening up an external IP address leaves your network vulnerable to hackers for DoS and flood attacks. If you choose this method, it is imperative that you use industry strength, standard Firewall protection!
Port forwarding for Internet connection

The Recorder is configured to communicate with each Server component on a specific port. If the computer is connected by VPN, normally all open ports are available. If the computer is connected by Internet, you must configure the Server-side device receiving communication to forward ports requested by the Recorder to the correct port at the computer where each Server is installed. By default, communication is configured at the following ports.
Recorder to CCS: 16768 (TCP/UDP) Recorder to Data Vault: 16769 (TCP) Recorder to Primary Server: 16770 (TCP) Recorder to Web Filter Server: 16771 (TCP/UDP) CCS to Recorder: 2468 (TCP)
26
To set up communication via the Internet:

1. Use a static IP for all Server computers. In the above illustration, Servers are installed on a computer with the static IP address 192.168.1.10. 2. Set up an external static IP for the receiving device. The external IP address receives the communication from roaming Recorders intended for the Servers. In the above illustration, a NAT router device has the address 65.8.119.2. 3. Modify a Recorder Profile to use the external static IP address. The Recorder's profile must have different Server Settings from
the one used by local computers. In the Control Center's Recording >Manage Recording Profiles, double-click or copy a profile to modify it. Name the profile in General Options > Security. This profile will ONLY be used for computers connecting via the Internet. In the Servers panel, use the Edit button next to each Server IP field to enter the static external IP address (65.8.119.2 in the above illustration). Make sure the Port entry for each Server is correct, and click OK to save the profile.
Port Forwarding
27
4.
Install the Recorder manually. If the centralized CCS wont be able to resolve the remote computer name, install the Recorder manually. Follow instructions in Creating a Manual Setup File. Be sure to use the profile you created that specifies Servers at the external IP address. Follow instructions to install the Windows or Mac Recorder using the Manual Setup file.
Managing Branch Offices

It is possible to monitor branch offices at remote locations using a centralized Data Vault base folder. Use this configuration when there are too many remote computers to reasonably provide VPN or Internet access for each. Complete your centralized Spector 360 and SQL Server installation BEFORE setting up a branch office.
5.
Configure port forwarding. Use your NAT or other system configuration interface to forward the ports used by the Recorder (as they are listed in the Server Settings panel) to the appropriate Server port. If possible, forward the Recorder listening port on the client side (at the remote computer).
General configuration:
At the branch office, install ALL Servers and applications EXCEPT the Database. The Server installation requires a computer with: - At least 100 GB free hard disk space (depending on data recorded) - Static IP address - Always available - Internet connection
Manage and configure the Recorder installations using a branch office Control Center application. Branch office Recorders communicate with the local CCS, Data Vault Server, Primary Server, and Web Filter Server, and do NOT require a direct connection to the central Database. Spector 360 Recorders require direct connection to the Primary Server, and you can install only one Primary Server under one serial number. Contact SpectorSoft Sales Support to obtain a serial number for the Primary Server at each branch office.
28
Prepare to install at the branch office:

1. 2. Serial Number - Obtain a serial number for the Primary Server to be installed at the local branch office. Database Server Credentials - Give your main office Servers SQL Server Database credentials that the branch office Servers also can use (e.g., DVServer, WFSServer). 3. Database Computer Access - Define Windows network accounts that branch office Servers can log into that have permission to access the Database computer. 4. File Storage Access - Make sure the Windows network account to be used by the Data Vault Server also has full permission to the File Storage location folder. 5. 6. VPN Connection - Activate a VPN connection from the branch office Server computer to the central Server network. Acquire the Setup - From the branch office Server computer, use your branch office serial number to download and extract the Spector 360 Setup program.
Keep in mind that the Data Vault Server may be handling 10-30 MB of data per Recorder - every day.
2. 3. 4.
Agree to the terms of the License Agreement. Wait for installation files to download. Click Next at the Updates panel. Because you are NOT installing the Database, you must locate the computer where the central SQL Server instance is installed. On the Setup Options panel, select the Database component. Enter the Database computer name, and enter and confirm the SA Password. Click Next.
To install branch office Server Components:

1. At the branch office server, run the Setup program and select Component Install. Select all components except the Database. Enter the serial number you have obtained for this branch location and click Next.
5.
Configure the Control Center Server (CCS) with a service account that has access to all computers at this branch, as well as the remote Database computer. The Setup tests the CCS credentials to make sure the account is valid.
29
6.
Configure both the Web Filter Server and the Data Vault Server: Each service should run under a Windows network account with read/write privileges at the remote Database computer. Each service should use the SAME Database access account at the branch location as used by servers at the main location. In the example below, ALL Data Vault Servers would use the DVServer SQL Server account.
To install branch office Dashboards:

Use the Component Install to install Dashboards at this location. Note that:
Each Dashboard computer will require a VPN connection to access the network where the central Database is installed. Queries and data display may take longer when not on the local network, otherwise there is no difference from the main office Dashboards.
7.
At the bottom of the Data Vault panel, specify the centralized File Storage base path for Screen Snapshots and Email Attachments at the Database computer.
8.
Follow normal procedure to register the local branch office serial number and apply an unlock code.
30
Adding another Control Center or Dashboard
Adding another Control Center or Dashboard

It is possible to install additional Control Centers to assist in managing and configuring Recorders, Web Filtering, and Event Alerts. This Control Center accesses the same Servers, network computer list, and Database as the first Control Center. You can configure each Control Center user to have different privileges in order to perform different duties. If the Control Center is at a remote location it will require a direct VPN connection to the network where the central Control Center Server and Database reside. 5. Click Next to finish the installation.
All Control Centers have access to the same computers as the original Control Center. Each Control Center communicates with the Control Center Server, Data Vault and Primary Server, and provides the means for a different user to manage Recorders and centralized policies All Dashboards access the same Database.
To install a Control Center:

Run the Spector 360 Setup program. 1. 2. 3. Choose a Component Install, select only the Control Center or Dashboard for installation, and enter your serial number. Agree to the End User License Agreement. Select Database. Enter the Database computer name and SA password.
4.
Select Control Center Server. Enter the CCS computer name.
31
Changing your Server Configuration
Changing your Server Configuration

If you start with all components on one machine, it is possible to change the configuration by distributing components. Communication between Servers, the Database and the Control Center is essential. If you distribute Servers, be sure to assign them Network Account credentials with access to the appropriate computers, and check all settings when you are finished.
Installing an extra Dashboard requires no changes to configuration; just make sure the Dashboard computer has access to the Spector 360 SQL Server instance.
Managing Multiple Serial Numbers

This topic summarizes tasks for administrators managing Spector 360 at multiple sites, under multiple serial numbers. Contact SpectorSoft for sales and technical support if you have a need for multiple serial numbers. As a Spector 360 Control Center user, you must be logged into Windows under a domain administrator account with access to all computers.
To deploy Spector 360 Servers:

Install all Spector 360 components under one serial number. Follow the normal instructions in the Spector 360 Deployment Guide. You will add the other serial numbers later. Only one of each Server is required for multiple serial numbers, but these "rules" apply:
To change your configuration:

Read the appropriate topic.
Adding Another Control Center Adding Computer Licenses to a Serial Number Moving a Server Adding a Data Vault or Web Filtering Server Moving the Spector 360 Database Moving the File Storage Location
One central Database One central Primary Server One central Control Center Server (CCS) Data Vault Servers as needed (using the same network account) Web Filter Servers as needed (using the same network account) As many Control Center and Dashboard applications as needed
If on-site managers will be using Dashboards to review user activity, make sure you set up security access for logins as described below to prevent sites from viewing each others' data.
All Servers handle multiple serial numbers. There is no need to install separate servers for separate sites.
To set up management of multiple serial numbers:

1. Open the Spector 360 Control Center and log in as SA or as a Spector 360 Master user with Management and Database privileges. 2. Select Recording > Manage Computer Licenses.
32
3.
Select Add Serial Number. Enter the next serial number in the box that appears. See Adding a Serial Number. Repeat this step for each serial number.
Bank A Staff Bank B Executive Bank B Staff
4.
Select Register Serial Number to register and unlock the licenses for the site. Repeat this step for each serial number.
See Managing Recording Profiles. Define a profile as you Add Computers, or assign a profile to computers after adding them.
All serial numbers, the number of licenses, and the number of available licenses appear in the Computer Licenses list. After the Spector 360 Recorder has been scheduled for installation, you can "open" each serial number group to view the name and status of each licensed computer. See Managing Computer Licenses.
Assign each recording profile to a serial number.

With more than one serial number, when you add a new profile the Select Serial Number and Recorder Version box appears first. You must have added serial numbers, as described above, before serial numbers appear in the profile sequence. Select the appropriate serial number for the profile. For example: Bank A Executive - Select Serial Number ...333 Bank A Staff - Select Serial Number ...333 Bank B Executive - Select Serial Number ...444, and so on. A profile cannot be applied to more than one serial number at once, and you cannot "reuse" a profile for a different serial number (use Copy instead).
To record data by serial number:

In the Control Center, open Tools > Options from the menu bar. Enable Display Serial Number. This turns on tracking of user data by serial number and displays serial numbers in the Dashboard views of activity. If you are responsible for reporting on user activity for several serial numbers, make sure this option is enabled BEFORE you deploy the Recorder so that you can distinguish and sort data by serial number in the Dashboard.
To manage computers and profiles by serial number:

Acquire a list of computers from each site using the Add Computers wizard. Before you do so, read these tips for making computer management easier:
Use computer groups.

Assign all computers from one serial number to a computer group. The Groups view will facilitate viewing and selecting computers by serial number. Create the serial number groups as you Add Computers, or move computers to groups after adding them.
Create sets of profiles for different serial numbers.

Create a recording profile for each site, and for each department or section at a site. For example: Bank A Executive
33
To deploy the Recorder to computers:

After you have serial numbers and profiles organized, use standard procedures to install the Recorder on Computer Groups.
Master Login Type - BE CAREFUL. This account type has full access to Dashboard Management, Web Filtering, Event Alerts, and Profiles. Select Users - Give the Dashboard login access only to users he/she needs to monitor. For example, Bank A (Staff Section 1) User Group. Make sure users belonging to groups in other departments or at other sites cannot be accessed. Select Events - Give the Dashboard login access to ALL event types (Chat/IM, Email, Web Sites, etc.). This allows the Database login to view all activity for his/her department. Select Tools - Give the Dashboard login access ONLY to appropriate tools. Under Management Tools, clear (at minimum) Computers, Users, Computer Groups, User Groups. Under Database Tools, clear all options. Read the section in this guide on Database Logins.
To manage access security at sites:

Restrict on-site Dashboard users to viewing the appropriate data. Do this by grouping users by site and assigning permissions to groups.
Populate the Dashboard with a list of Users. There are two ways to do this: Install the Recorder on all machines (as described below) and allow the Recorder to return user name information through the normal recording process - OR Add a list of users names or import an XML or CSV list of names and domains (with user group names and descriptions, if you wish). See the Dashboard Guide..
Create User Groups by site. Once you have (at least some) user names from each site, select Management > Groups and New to create the User Groups. For example In the Dashboard, select Management > Users to view the users. Bank A (All Users) Bank A (Executives) Bank A (Staff Section 1) When new users are added to the Database, add them to the correct group. Bank B (All Users) Bank B (Executives) Bank B (Staff Section 1)
To manage Web Filtering by serial number:

If there are global Web Filtering rules that apply to ALL sites, create a BLOCK ALL INAPPROPRIATE SITES rule to be in effect all the time, for all users. If there are Web Filtering rules specific to a site, choose the specific User Group for the site in the rule definitions. For example, apply a NO SHOPPING RULE - BANK A to Bank A (All Users). Define a different NO SHOPPING RULE - BANK B for Bank B (All Users).
If you give an on-site Dashboard User access to Web Filtering Rules, ALL Web Filtering rules for all sites will be visible. A Master Login would be able to change any rule, but could only apply it to his/.her User Group.
Create Database login accounts with Restrictions.

Use Database > Manage Dashboard Logins to create a login account for each on-site Dashboard user. Be sure to read about Login Roles and Types. For each login account, select:
Standard Login Type - This account type can view but not edit Dashboard Management items or Computer Profiles.
34
To manage Event Alerts by serial number:

Keep Event Alert Profile definitions separate by serial number site:
For example, create an INAPPROPRIATE DOWNLOAD - BANK A alert and another INAPPROPRIATE DOWNLOAD - BANK B alert. For each Event Alert Profile, assign the specific User Groups from one site under the WHO conditions. Assign the appropriate manager (Alert Operator) at the site by email if an alert occurs (under GENERAL conditions).
If you give an on-site Dashboard User access to the Event Alert Tools, ALL Event Alert Profiles will be visible. A Master Login with access to Event Alerts would be able to change any profile, but could only apply it to his/.her User Group.
35
Computer/Recorder Administration
Manage the Computers List
36
Managing Computers
The Manage Computers view lists computers that have been "added" to the Control Center list for Spector 360 management. If Groups is selected in the toolbar, this view shows a list of Computer Groups. Use this view to add network computers to the list, install or uninstall Recorders, assign Recorder Versions and Profiles to computers, or check the status of computers and recording.
Group - Group the computer belongs to. Initially all computers are in
DEFAULTGROUP. See Managing Computers in Groups.
Platform - HIDDEN by default. Displays the type of computer

operating system: Windows, Mac, or Unknown.
Description - A description of the computer. You can modify this field

to make a computer more easily identifiable, such as "Smith MARKETING." See Add or Modify a Computer.
OS Version - The OS version detected by the Control Center. "Not

Detected" if the computer is disconnected or off.
State - State of the computer:

Blank: The user is not active, or the Recorder is not installed.
Pending: The Recorder is scheduled to be installed or uninstalled. Recording: The Recorder is installed and actively recording. Disabled: The Recorder is installed but has been stopped by the Stop Recording command or by an open local Viewer.
A single Computers list is maintained by the Control Center Server (CCS). Any Control Center user may access and modify this list.
No License: Error returned to CCS when the Recorder Agent cannot

verify a license with the Primary Server.
Recorder - State of the Recorder installation: Not Installed: The Recorder is not installed on the computer. Installed: The Recorder is installed on the computer. Pending: The Recorder is scheduled to be installed or uninstalled. Unknown: The Control Center is unable detect or read status from
the computer If a Recorder remains "Pending," select Run Diagnostics to see where the install failed, try re-installing, and refer to Troubleshooting Recorder Installation.
To view network computers:

Initially, the Computers list is empty. You will need to use Add Computers to create your list - adding one computer at a time, importing from Active Directory, searching the network, or importing a list from a file. Once you have a list of network computers and the CCS is communicating with the computers, the following information appears (scroll right to see all fields).
Show, hide, and rearrange columns as you wish. See Changing the Column Layout.
Recorder Version - Version of the Recorder (and signature file

update) installed on the computer. The Recorder version has the format 7.0.nnnn(yyy), where the first two numbers are the Spector 360 version, the second four nnnn are the Recorder build number, and the last three (yyy) are the Web Email and security update version. This field is blank if the Recorder is not installed. The version appears
Computer Name - Name of the computer known to the network Domain Name - Name of the Windows domain network the computer
belongs to.
37
Recording Profiles and Settings
in red if the installed version is an incompatible Recorder, prior to Spector 360 Version 7 (e.g., 6.2.1205). See Managing Computer
Add Computers / New - Add Computers to the Computers list. Add Group - Add a new computer group. Modify - Change the selected computer's description, group, profile,
version. The computer will be updated when it checks in with the CCS or at the "Client Update Time" scheduled in the CCS properties.
Recorder Versions.
Assigned Version - Version of the Recorder assigned to this

computer. The default version is assigned if another is not. See
Assigning or Updating the Version on Computers.
Last Check-In - Date and time the Recorder installed on this

computer last checked in with the CCS. Blank if the Recorder is not installed. By default, the Recorder attempts to check in with the CCS every 300 seconds. Control this setting in the Recorder Profile.
Profile Name - Name of the profile assigned to the computer. "Initial

Profile" is the default. Blank, if the Recorder has never been installed and no profile has been assigned.
Move to Group - Move the selected computers to a different group. Set Default Group - (Edit Menu) Change the default computer group. Delete - Remove the selected computers from the Computer list. Start Recording - Start recording on any selected computers where
recording is OFF.
Stop Recording - Stop recording on any selected computers where

recording is ON.
Scheduled - Date and time a Recorder is scheduled to install or

uninstall. Blank, if no Recorder install or uninstall is currently scheduled. The date/time appears in red if the scheduled install/uninstall time is in the past. Run diagnostics and attempt to reinstall, if necessary.
Run Diagnostics - Check services and the Recorder install process on

the selected computer.
Restart Computer - Restart the selected computers from the Control

Center.
Updates - Indicates whether or not the computer will receive

automatic Recorder Version updates.
Export computer list - Export the entire Computers list to a .CSV or

.XML formatted text file.
Auto: The computer will receive automatic version updates. None: The computer is not set up for automatic version updates.
The automatic version update setting is available when you Add or
Export selected computers - Select one or more computers to export

to a .CSV or .XML text file.
Modify a Computer. See Setting the Update Time.
Assign Profile - Apply a profile to all selected computers or groups. Assign Recorder Version - Apply the latest or any other version to
selected computers or groups.
Viewer - "Not Installed" if a Viewer was not installed with the

Recorder. "Installed" if a Viewer has been installed. Blank, if the Recorder is not installed.
Set Update Time - Change the time a Recorder installation or version

update will occur.
Poll Delay - HIDDEN by default. Displays the Days and Hours of the Service Polling Delay setting. The default is 3d (days) 0h (hours).
Set Service Polling Delay - Change the period of time the selected
computers may be "off" the network.
To manage computers in the list:

Use the toolbar, Task Navigation items, the menu bar, or the context (right-click) menu to execute these commands:
Install Recorder - Schedule a Recorder installation on the selected

computers.
38
Uninstall Recorder - Schedule removing the Recorder from the

selected computers.
To change the view of the Computers list:
Unschedule Recorder Install/Uninstall - Cancel any pending installs

or uninstalls on selected computers.
Re-sort or rearrange the list.

Click on any column heading to re-sort the Computers list by that field. Drag-and-drop column headings to place them in a new order. Select columns to show or hide, and arrange their left-to-right order. More...
Manual Uninstall Cleanup - (Edit menu) Remove CCS information on

a computer after manual uninstall.
Refresh the list.

Click Refresh on the toolbar or press F5.
Refresh - Click the Refresh button or press F5 to update the list with
the latest information. View Log File - View the Client Log File for the currently selected (single) computer.
View Groups.
Click the Groups button or select View > Groups from the menu bar. A view of Groups appears in place of the Computers list. Click the button again to return to the Computers list. More...
Create a new computer group.

Right-click anywhere in the right pane and select Add Group. More...
Change the default computer group.

Right-click anywhere in the right pane and select Set Default Group and the computer group you would like to be the default. More...
39
How the Recorder Works

The Spector 360 Recorder is hidden software that records activity on the device where it is installed. The Control Center Recording Manage Computers tool allows you to create a list of devices and configure, install, manage, and update the Recorder on these devices. The Recorder software for computers includes a Client Service and a Recorder Agent. These components work together in stealth to record activity on the computer. The service handles communication with the Spector 360 servers, and the agent captures and locally stores recorded data.
3.
installation, the Bootstrap Service is removed. Recorder installation is complete when the computer restarts and all traces of the installation are removed. Or, you use a setup file to install at the computer. When a pre-configured install file is downloaded and installed at the device, the Recorder will be running as soon as the device restarts (or the installation process is finished).
The Recorder communicates with the Primary Server.
As soon as it starts running, the Recorder client checks in directly with the Primary Server to establish licensing. It is critical that each client Recorder receive and activate a license from the Primary Server. See How the Primary Server Works. 4.
The Recorder communicates with the CCS.
Each client checks in with the CCS at regular intervals. The CCS receives information to refresh the computer information in the Control Center, and delivers updates to the Recorder. See How The Recorder (client service) makes direct TCP contact with the servers across the network using IP addresses and ports in its Recorder Profile Server settings. It receives licensing from the Primary Server, instructions from the Control Center through the Control Center Server (CCS), and automatically delivers specially formatted data files to the Data Vault at regular intervals. 5. the Control Center Server Works. See How the Control Center Server Works.
The Recorder begins recording immediately.
As soon as it is fully installed, the Recorder begins recording, blocking, and alerting. It saves events in 15 minute chunks to compress, encrypt, and store in a hidden folder on the computer. Data on the local computer can only be read by a local Viewer. If instructed, the Recorder checks with the Web Filter Server before allowing computer access to the Internet. 6.
The Recorder uploads recordings to the Data Vault Server.
When you install a Recorder:

1.
A computer license is reserved.
The Primary Server reserves one license when an installation is requested. You can NOT move the license to another computer. If you uninstall the Recorder, you can only reinstall the reserved license on a device with the same name and OS. 2.
The installation proceeds at the scheduled time.
Periodically, the Recorder uploads event files to the Data Vault and deletes them from the local computer. If the Recorder cannot contact the Data Vault, the data remains on the computer until a specified time period passes or a maximum data size is reached. Then, the Recorder begins to delete the oldest data.
When a client install is requested from the Control Center, the Control Center Service (CCS) deploys a Client Bootstrap Service to the computer to quietly install the Recorder. Following
40
The Recorder communicates on these ports:

These ports can be adjusted if there are conflicts. Port 2468 16768 16769 16770 16771 Protocol TCP TCP/UDP TCP TCP TCP/UDP Purpose Control Center to Recorder communication for Log File and Diagnostics. Control Center Server to Recorder for Client status and information. Recorder to Data Vault Server to upload data. Recorder to Primary Server for licensing. Recorder to Web Server Filter for filtering information.
Feature Centralized Event Alerts apply Records Screen Snapshots Records Chat/IM (see Chat/IM Recording) Records Document Activity Records Program Activity Records Web Sites Visited Records Window Caption by Program Records or excludes recording by URL Set inactivity timeout for recording
WIN
MAC
X X X X X X X X X X X X X X X X X X
X X X X3 X X
X X X X X X X X1 X X
Spector 360 provides frequent updates to Recorder capabilities and stealth. Be sure to maintain the latest software version on computers using Manage Recorder Versions.
Keyword Alerts (Client-side) Block Internet (Client-Side) Set Recorder to "visible" mode Set which servers to report to Schedule data push to server Set security at client (hotkeys/password) Install with a "Viewer"
Differences among Recorders:

Note that level of support may vary depending on device type and OS. Feature Control Center installs client Control Center builds pre-configured install file Control Center changes installed profile Control Center updates Recorder version Control Center runs client diagnostics Control Center Starts/Stops recording at client Control Center accesses client log file Centralized Web Filtering applies WIN MAC
X X X X X X X X X X X X
2
Control data size on client computer Dashboard reports data recorded 1 Does NOT support remote installation. 2 Supports "ping" test only. 3 Recording by drive letter only on Windows.
X X X
41
Deploying Recorders
3.
Select a source for computer names. On the Select Source for New Computer names panel, select how you will acquire a list of computer names to add to the Computers list. Each choice allows you to edit the resulting list before actually adding it to the Computers list. Click Next to begin.
Using the Add Computers Wizard to Deploy Recorders

The Add Computers Wizard lets you add one, a few, or all computers to the Control Center list and, at the same time, schedule them for Spector 360 Recorder installation. The list is managed by the Control Center Server (CCS) and available to all Control Centers.
To run the wizard:

1. Click New on the toolbar - OR select Add Computers from the Task Navigation pane- OR right-click in the Computers list and select New. 2. On the Welcome panel, select "using this Wizard." The wizard leads you through steps for creating a list by typing names, using Active Directory or Network Discovery, or by importing a text file. Select Use Advanced Setup to add computers one at a time, with all computer property settings on one pane (see Adding or Modifying a Computer). Click Next. Your choices are:
Type one or more computer names into this wizard. Choose this option to go straight to "Finalize the List of Computers" below and enter each computer domain and name, one at a time. More on adding to and editing the list...
Retrieve computer names from the Active Directory. Choose this option to import a list of computers from the network's Active Directory. You must be on a domain network with Active Directory Service (ADS) enabled. Wait for the import to finish and click Next to continue. More on retrieving from Active Directory...
Query the network for active computers. Choose this option to use network discovery for a comprehensive list of computers. This method is not recommended for large or slow networks. Wait for the import to finish and click Next to continue. Be sure to edit out
42
computers you do not wish to record in "Finalize the List of Computers." More on Network Discovery...
Import a list of computer names. Choose this option to import a comma-separated value (.CSV) text file. This option is useful when you have an existing computers list. Simply select a file to import. Wait for the import to finish and click Next to continue. More on importing computer names...
If you are not manually entering computers, errors in retrieving computer information are displayed. Duplicate domain\computer names and invalid specifications will not be added to the list. Incomplete information, such as a missing Platform field, is called out. Click Next to continue.
You must have a license for each Recorder installed, otherwise the Recorder will not operate. You may want to start by listing computers but NOT installing Recorders.
5.
Schedule the Recorder Installation and Updates. You can choose to schedule installation of the Spector 360 Recorder
4.
Finalize the list before adding the computers. All source choices for Add New Computers result in a list of computers. If you are entering computer names one at a time, this panel initially lists no computers. If you have acquired computer names from another source, this panel offers an opportunity to add, remove and change computer specifications. See Finalizing the list of Computers. When the list is ready, click Next to go on to the Spector 360 Recorder
A Platform designation (Windows or Mac) is required for each computer being added to the Computers list.
43
Don't install the Spector 360 Recorder - (default) Do NOT schedule installation at this time. You can set an installation schedule at any time from the Computers list. Schedule installation for a date and time - Applies to Windows Computers Only. Set a day and time now to install the Recorder. This selection activates the date setting. Click the down-arrow next to the date to open a calendar and select a day. Click on the hour or minutes and use the arrow buttons to change the time. See Scheduling a Recorder Install/Uninstall for details on setting install time.
other settings for computers. Assign one profile to all Windows computers and another to all Mac computers in the list. A Master Login can click New to create a new Windows or Mac profile now and assign it to computers. Keep in mind that it's easy to update and change a computer's profile after the Recorder is installed. See Changing Recorder Profile Settings.
Automatically update the Spector 360 Recorder - When you download a new Spector 360 Recorder, Don't automatically update the Spector 360 Recorder - You can assign a new Recorder Version to these computers rather than having the software updated automatically. See Assigning a Version to Computers. Don't assign a Recording Profile or Build to these computers. Select this item ONLY if you are not scheduling the Recorder for installation at this time. If you are scheduling an installation, Spector 360 needs to know which profile and build (Recorder Version) to use. Assign the following Recording Profile to these computers. An
If you do not want to install the Recorder on ALL computers you are "adding" with this wizard, select the "Don't install" option. You can always install later.
Initial Profile with optimized recording settings is available for selection. You can always assign a new profile later
6.
Select a Recording Profile for these computers. The Recording Profile provides recording, blocking, alerting, and
44
If you are not seeing Windows and Mac choices as expected, change the Tools > Options settings.
Adding or Modifying One Computer

When you want to add a single computer, choose the Advanced alternative to the Add Computers wizard. This opens a properties panel for a single device. You see the same panel when you choose to Modify a computer. From this panel, you can set a computer's Name, Description, Group, Profile, Recorder Version, or Installation time. These entries are displayed in the Device list. .
If you are adding a computer, click the Add button at the bottom of the box to save this computer and go on to the next one. If you are modifying, click Save at the bottom of the box.
Click Next to continue. 7. Select a Recorder Version. Select the version of the Spector 360 Recorder you would like to install on these computers. If both Windows and Mac computers are in the list, select a Version for each platform. Click Next.
To set the computer identification:

The top portion of the box identifies the computer.
Windows / Mac Recorder Version options appear as selected in Tools > Options.
8.
Finish the configuration. At the final panel, click Finish to add this list of computers to the Control Center, configured with the selected Recorder profile and build, and set to install at the time you have specified. If you "finished" earlier in the process, you can install the Recorder later at any time.
Platform - Selection active for Add Computer. The operating system of the computer: Windows or Mac. Computer Name - The computer name as known to the network. Find a Windows name in My Computer > System Properties. For Mac, look in Apple > System Preferences > File Sharing (or use the Spotlight feature to search for "computer name").
Domain Name - Selection active for Add Computer. Name of the network domain the computer logs in to. If a computer does not participate in the domain, type any name. This is a required field; if the domain is not visible on the network, a message will appear;
45
click OK to continue. As long as the computer is on the network, Spector 360 will be able to communicate with it.
The Recorder Version may affect which Profile settings are available. See Managing Computer Profiles.
Description - A descriptive name for this computer, for use in Spector 360. Type any name, or modify the name as you wish. Group Name - Name of the group the computer belongs to. Use the drop-down list to move this computer to a different group. New Group - Click this button to open the Add New Computer Group box and add a new group now.
To request a Recorder installation:

Windows Only. Install or reinstall the Recorder on a Windows computer. Note that changes to this panel generally do not require reinstallation.
To set the Recorder Configuration:

Every computer is assigned a Recorder Profile (settings) and Version.

Specify a Recorder Configuration - Check to activate the configuration fields; clear if you do not wish to configure this computer now (defaults will be used if you schedule installation).
Don't install the Spector 360 Recorder - Select to add or modify a computer without installing the Recorder. Schedule the Spector 360 Recorder installation or reinstallation for - Select to activate the date and time fields and schedule the Recorder installation or update.
Date/Time - Day and time the installation will occur. Click the down-arrow next to the date to open a calendar and select a day. Click on the hour, minutes, or AM/PM and use the arrow buttons to change the time. See Scheduling a Recorder Install/Uninstall.
Profile Name - The default profile for this platform is pre-selected (e.g., "Initial Profile"). Open the drop-down list of available profiles and select one to assign to this computer.
"Push" the Recorder - Selection active for Modify Computer. Check to force a fresh re-installation of the Recorder at the computer (when a computer remains "pending," to install/uninstall a local Viewer, or to reinstall an uninstalled Recorder).
Follow Manual Setup procedures for installing a Recorder on a Mac or on a computer in a Windows Workgroup. Keep in mind each Recorder installed requires a license to operate. You cannot "move" a license from one computer to another.
New Profile - Master Login Only. Click this button to create a new Computer Profile (based on a Recorder Version) now and assign it to the computer. Be sure to select the General tab and Client Options to give the profile a name.
Recorder Version - The default version (or version used by the profile) is pre-selected. Open the drop-down list of available versions for this platform and select one to assign to this computer.
46
To set Recorder update options:

You can direct Spector 360 to update the Recorder Version on this computer automatically when a new version is downloaded.
Read more about the Service Polling Delay setting.
Don't automatically update the Spector 360 Recorder - Select if you prefer to update the Recorder Version on this computer yourself (using this panel or Assign Recorder Version). The Recorder still checks in with the CCS to receive any Profile/Version changes.
AD has a very flexible structure, allowing a network administrator to build any type of hierarchy by domain, by geographic location, by department, by classroom, or however desired. At the top of the Active Directory structure is a forest. Under a forest are one or more trees containing domains, organization units (OUs), objects, and attributes. Typically, companies design their trees based on either geographic separation (Americas, EMEA, PacificRim) or based on organizational design (Accounting, Marketing, Technology, Sales).
Automatically update the Spector 360 Recorder as soon as possible after changes are made - Select to instruct the Recorder (once it is installed on the computer) to receive version updates automatically as soon as they are available.
Automatically update the Spector 360 Recorder at - Select to instruct the Recorder to receive version updates automatically at a specific time of the day when a new version is available. Click on the hour, minutes, or AM/PM and use the arrow buttons to change the time.
To delay polling for the Client Service:

Service Polling Delay - Use this setting to control how soon computers that leave the network are removed from the Computers list. The default polling delay is 3 Days, 0 Hours. Type or use the arrows to select a Days value: 0-99999. Type or use the arrows to select a Hours value: 0-23.
47
Deploying to Computers in the List

The Install Recorder command allows you to deploy a Recorder to selected Windows computers in your list at any time. For Mac computers, see Deploying the Recorder to Macintosh. You can request the Uninstall Recorder command for ANY computer in the list. A Schedule box appears for both Install Recorder and Uninstall Recorder requests, allowing you to set a time and other options.
To schedule an install or uninstall:

Select one or more devices (or groups) in Manage Devices and select Install the Recorder or Uninstall the Recorder from the Task Navigation pane or context (right-click) menu. The Schedule Recorder Installation box appears. If you want to install or uninstall NOW, set a time at least a few minutes in the future.
Hours:Minutes AM/PM: Select and type over the hour, minutes, or AM/PM value (the system clock may show 24-hour time) or use the up/down arrows to the right of the time to change the selected value.
Make sure you have an available license for each computer receiving an installation and have excluded Recorder files from antivirus scanning.
To "push" an installation:
Every NEW Recorder installation is a "push" install, delivering a

Weekday: The day of week (first field) automatically changes
complete software installation package. This option is useful on reinstall to make sure any previous installation is overridden with a completely new software installation. You would select this option if:
based on your entry.

Month, day, year: Select and type over the day or year number.
You can also click the down-arrow next to the date to open a calendar. Today's date is highlighted. Click the arrows at the top of the calendar to change the month. Click on any calendar day in the future to select it and close the calendar. When a future date is set, the calendar opens to the selected date.
You've had trouble previously installing on this computer. You're trying to "fix" an installation that has been compromised. You want to install a local Viewer on the client where one was not previously installed.
Leave the option cleared if this is a normal re-installation.
48
To disable rebooting on uninstall:

Normally, a computer restarts following uninstallation of the Recorder. Clear the option to "Reboot computer(s) after Recorder is Uninstalled" to proceed uninstalling at the scheduled time without interrupting the user with a computer restart. If you clear this option, when you click OK a message asks you to confirm.
versions may not be able to deliver data to this version of Spector 360.
n selected Mac Computers must be installed manually - If your selection for Install Recorder includes Mac computers, a message informs you that these computers will not receive the installation. Click OK to confirm and exit (or continue installing on any Windows computers in the selection). See Deploying the Recorder to Macintosh.
Make sure the computer is restarted at some point to complete uninstall and avoid issues when reinstalling the Recorder in the future.
Install/Uninstall confirmation messages:
Please select a Date/Time in the future - This message appears following OK when the scheduled time has already passed. Click OK and set a time in the future.
Install the Recorder to n computer(s)? - This message appears following OK to confirm installing the Recorder on the selected number of computers. Click OK to confirm and continue.
Uninstall the Recorder from n computer(s)? - This message appears following OK to confirm uninstalling the Recorder on the selected number of computers. Click OK to confirm and continue.
Upgraded Recorder - If an installed Recorder will be upgraded, a message appears asking if you want to continue. Click Yes to proceed or No to skip the installation. Note that old Recorder
49
Deploying the Recorder to Macintosh

You can use the same Manual Setup File to install the Recorder at all Macintosh computers you wish to record, but you must have a license for each computer receiving a Recorder installation. A Mac does not have to be on the same Windows domain or workgroup as the Servers, but it does need TCP/IP connection to the same network
The Control Center may not detect the Mac until after Recorder installation. However, once the Recorder is installed on a Macintosh computer, you can assign profile changes, update the software version, and uninstall it remotely from the Control Center.
2.
Enter the Mac Admin password. The Mac Admin password is required for software installation. Click OK. Wait for the Recorder to be installed.
To add a Mac to the Control Center:

In Manage Computers, select New or Add Computers to open the Add Computers wizard. Use Advanced Setup to add computers one at a time, or use the wizard to acquire computers from Active Directory, Network Discovery, or a .CSV file. Make sure you:
Select the Mac Platform. Assign the SAME profile and version used in the Manual Setup file. Do NOT schedule remote installation of the Recorder. 3. Summary of installation. When an "Install Succeeded" panel appears, the installation is complete. If you wish, click View to view a Readme file. Click Finish to end the installation and restart the computer.
To create a Manual Setup File:

Follow the instructions in Creating a Manual Setup File.
To install a Mac Recorder:

Copy the Mac Setup (.zip) file to media, attach it to an email, put it into a shared network folder, or use other means to gain access to this file from the Mac you wish to record. Follow the steps below. 1. Start the installation at the Mac. Double-click the .zip file to extract a "Spector 360 Client" .dmg file. Double-click the unzipped (.dmg) file to run the installation.
50
To clear installation history:
To add the computers to the list:

In Manage Computers, select New or Add Computers to open the Add Computers wizard. Use Advanced Setup to add computers one at a time, or use the wizard to acquire computers from Active Directory, Network Discovery, or a .CSV file.
Remove the Setup .zip and .dmg files. After the computer restarts, drag any installation files into the Trash and then choose Finder > Empty Trash from the Finder menu bar.
Delete entries in the Internet browser. If you accessed the SpectorSoft web site from this Mac, clear history in Safari or Firefox to remove any SpectorSoft entries.
Select the Windows Platform. Assign the SAME profile and version used in the Manual Setup file. Do NOT schedule remote installation of the Recorder.
Clear Recent Folders and Items from the Finder. Check Go > Recent Folders and Finder > Recent Items for evidence of activity involving Spector Client Install files. Clear these items.
To create a Manual Setup File:

Follow the instructions in Creating a Manual Setup File.
To install the Recorder at the computer:

Run the executable file on the computer needing an installation. From the computer where you want to install the Recorder, doubleclick the .exe file or execute it at a command line. When the computer restarts, it will be recording data and communicating with the CCS and Data Vault. If you need to update the Profile or Version, make changes from the Control Center. Check the computer's recorded activity from
Once the Recorder is installed on a Mac or Windows computer, you can assign a new profile or version to it from the Control Center without having to manually install again.
The default "Initial Profile" settings reboot the Mac or Windows computer automatically.
the Dashboard.
Deploying Manually on Windows

You will use a manual installation on Windows computers for:
Windows XP Home or legacy Windows computers Computers on a Windows Workgroup Delivery of software via other network tools
You can use the same Manual Setup File to install the Recorder at all Windows computers, but you must have a license for each computer receiving a Recorder installation.
51
Creating a Manual Setup File

Use this procedure to build a Recorder "Install file" for computers where you cannot deliver a remote installation from the Control Center. You will need to use this procedure to install the Recorder on:
following installation (see Client Options). Be sure to name a revised Profile on the Security panel. Click Next.
Macintosh computers Windows Workgroup computers Windows XP Home and legacy Windows computers Computers when you prefer to use another method of deployment
Following manual setup, you can change the profile and version and uninstall the Recorder from the Control Center.
To create an executable installation file:

1. Start the Create Manual Recorder Setup wizard. In the Control Center, select Recording >Manage Computers. From the top menu bar, select File > Create Manual Setup. At the Welcome wizard panel, click Next. 2. Choose Windows or Mac Computers. You will be able to use this setup file on as many computers with this OS as desired (up to the license limit). 4. Select a Recorder Version. Choose an available version for this OS and click Next.
5. 3. Select a Recording Profile. Select or create a Profile for the installation. Without changes, the Initial Profile settings automatically Restart the computer
Select a serial number. Licenses will be used from the serial number you select. Each installation of a Recorder requires its own license. Highlight the serial number and click Next.
52
A Manual Setup file for Windows is an .exe file. A Manual Setup file for Mac is a .zip file.
Click Save to select the name and location, which is then 6. Name the file and location. A panel summarizes the Recorder OS, Profile, Version, and serial number. Click the folder button next to the Setup File Name at the bottom of the panel to set a name and location for the file. The default file name includes the Recorder Version and Serial Number. You can change the name, but NOT the file extension. 7. displayed in the wizard's Setup File Name field. Finish building the file. Click Finish. The file is built at the location you specified.
8.
Use the .exe or .zip file to install manually. Deliver and execute the Setup file on a computer where you want to install the Recorder. See Deploying the Recorder to Macintosh or Deploying Manually to Windows.
53
Canceling a Recorder Install/Uninstall

If you have scheduled a Spector 360 Recorder install or uninstall from the Control Center and the task is "Pending," you can cancel the task from the Control Center.
To uninstall manually:
If a Viewer is installed with the Recorder, at the computer, use the hotkeys and password to open the Viewer. Select File and Uninstall. Otherwise, use the SPUninst program: 1. Copy the spuninst.exe program from the Spector 360 program folder (C:\Program Files\SpectorSoft\Spector 360\spuninst.exe) to a medium accessible by the client computer (network drive, CD, removable media, etc.). 2. 3. 4. From the computer, run the spuninst.exe program. An Authentication window appears. In the dialog box, enter your serial number and password (if used) and then click OK. Click OK to reboot the computer.
To delete an install/uninstall task:

1. 2. 3. Select Recording > Manage Computers. Select the computer where you want to cancel the task. Select Edit > Unschedule Recorder Install/Uninstall from the menu bar - OR Right-click and select Unschedule Recorder Install/Uninstall OR Select Cancel Recorder Install/Uninstall in the left Task Navigation pane. 4. 5. You are asked to confirm that you want to delete tasks on the computer. Click Yes to proceed. A second message confirms that the task was deleted. Click OK.
For a Windows computer, you can run spunist.exe from a command line (Start > Run > cmd ) using parameters. Use this format:
spuninst.exe /s<serial number> /p<password>

/s serial number used to install the Recorder (Required) /p password configured for the Recorder Install (Required if a password was configured) /r - computer will NOT reboot (Optional) /q - removal runs in quiet mode with no user prompts required (Optional) Example - The following command line provides the serial number and password sets the uninstall to run "quietly" with no prompts. The computer will automatically restart following the uninstall.
C:\spuninst /s1111AB001245600 /q
Following a manual uninstall, select the computer from the Control Center, open the Edit menu, and select Manual Uninstall Cleanup.
54
Managing Computers from Active Directory

If you are on a domain network with Active Directory Service Interfaces (ADSI) enabled, you can take advantage of information already in Active Directory to keep the Spector 360 Computers list and Recorder installations up-to-date. Possibilities are:
Use Active Directory to acquire a Computers list Use Active Directory to update status in the Computers list Synchronize the Computers list to Active Directory Automatically install the Spector Recorder on ASDI computer additions Organize (group) ASDI computers in your list based on information in Active Directory (such as Department Name or Domain Name)
To add computers from Active Directory:

In Manage Computers, select New or Add Computers. Choose using this wizard. Choose retrieving a list of computers from Active Directory. When you select this option and click Next, the wizard imports a list of computer names from Active Directory. On completion of the import, the above message displays the number of computers discovered and any errors or warnings that occurred. If a computer is already in the Control Center Computers list, it will not be added again.
Click Next to continue to a panel displaying the list of computers you have retrieved from Active Directory. Edit the list, if you wish, before adding these computers to the Control Center. See Finalizing the List of Computers.
If you have selected a Group option for ADSI computers in the CCS properties (see below), new computers added from Active Directory are automatically grouped according to your selection.
Select a Computer Profile, a Recorder Version, and an installation schedule for these computers to complete the Add Computer Wizard.
If you have more computers on your network than Spector 360 licenses, you may want to create the initial list without setting an installation schedule. You must have a license for each Recorder installed, otherwise the Recorder will not operate.
55
To update the Computer List using Active Directory:

Modify the Control Center Server. Open the Servers view, double-click on Control Center in the right pane, and look for the "Background Updating" section of the properties panel.
Automatically update the Computer list using Active Directory Check this option to retrieve a list of computers from active directory to populate the manage computers view. Once these computers are added to the list, the CCS will continue to check with Active Directory and add any NEW computers to the Computers list.
Be careful using the Install Spector Recorder to all ADSI computer additions option, so that you don't commit Recorder licenses to computers you do not intend to record.
Group ADSI Computers by Finally, you can request that computers added from ADSI automatically be assigned to Control Center computers groups based on information in the organizational structure of Active Directory. This is useful for automatically organizing computers added from a large network. Once in the Computers list, computers can be moved to a different group, and Active Directory
Synchronize the computer list to Active Directory Check to keep the Control Center list in synch with Active Directory. If computers are add or removed from the ADSI Database, they are also added or removed from the Computers list.
will have no impact on their grouping. More...
Install Spector 360 RecorderSpector 360 Recorder

Groupings depend on how AD is set up for your network.
56
No ADSI Grouping - Computers will be assigned to the current Spector 360 Default Group. ADSI grouping will not be used. Canonical Name - (CN) A constructed attribute for an organizational unit in AD. For example, if Chicago.Local/Workstations/Support/Support21 is the ADSI path for a given computer, selecting Canonical Name will add the computer to a SUPPORT the Computer Group. An example of groups created from Active Directory additions
Country Name - Groups are created using names of the Country or Region of users. <Use Custom Group> - Create a name under which to group ADSI computers that are added to the Control Center list. When you select this option, the field below the selection list becomes active. Type any name for the group. This becomes your default group.
Domain Name - (Default grouping) Groups are created using domain names. For example, Chicago.Local/Workstations/Support/Support21 will be added to a CHICAGO group. Department Name - Groups are created for the departments in which in a users work. Office Name - Groups are created by offices in which users work. Organization Name - Groups are created by the organizations within which user work. Organizational Unit Name - Groups are created using the AD Organizational-Unit-Name attribute. Locality Name - Groups are created using names of Locality based on addresses of users.
57
Adding Computers from Network Discovery

Spector 360 is able to "discover" all computers currently active on the network. This procedure is NOT recommended for large or slow networks, but if you do not have a domain network with Active Directory Service enabled - for example, you are using Novell, Terminal Services, or a Workgroup - you may want to start with and edit a comprehensive list of computers.
To add computers from Network Discovery:

Choose New or Add Computers "using this wizard." When prompted for a source, select "querying the network for active computers using Network Discovery." Click Next.

Wait for the discovery to finish. A message displays the number of computers discovered and the number of errors or warnings that occurred. Scroll through the provided window to see why a computer could not be added. If a computer is already in the Control Center Computers list, it will not be added again.
Click Next to continue to a panel displaying the list of computers you have retrieved from Active Directory. You can edit the list before adding these computers to the Control Center. See Finalizing the List of Computers. Continue on through the wizard by selecting a Computer Profile, a Recorder Version, and an installation schedule. See Add Computer Wizard for complete instructions.
If you have more computers on your network than Spector 360 licenses, you may want to create the initial list without setting an installation schedule. You must have a license for each Recorder installed, otherwise the Recorder will not operate.
58
Importing a List of Computers

It's possible to import a list of computers you are already maintaining into the Spector 360 Computer list. The list must be a .csv (commaseparated values) formatted text file, and include computer and domain names. The import will be added to any computers already in the list. You can import the same list of into the Dashboard to appear under Computers Management.
When you upgrade Spector 360 from an earlier version, the existing computer list (netconfig.xml) will automatically be imported into the Control Center. Its also possible to acquire computers from Active Directory, Network Discovery, or by adding them one at a time to the Control Center computer list.
GroupName - OPTIONAL. Name of the Spector 360 Computer Group the computer will belong to. If a group is not included (a blank field), the computer is assigned to the DEFAULTGROUP.
MachineType - OPTIONAL. Operating system of the computer: 1 for Windows or 2 for Mac. If the file does not have this field, you will need to specify the platform for each computer in the Finalize the List of Computers step.
For a spreadsheet list, use Save As and save as file type .CSV (comma delimited). Do NOT use commas or other punctuation within the fields.
To create a CSV file for import:

Use a spreadsheet, word processor, or other program to create a plain text file with the suffix .csv (name.csv). Each computer must be on a row, and a computer name and domain are required for each entry in the format: For a plain text document list, use commas only; do not substitute quotation marks or other symbols for the commas.
ADMIN004,CHICAGO,Administration,2 DEV005,CHICAGO,Research,1 BILLSCOMPUTER,LOCAL
ComputerName,DomainName,GroupName,MachineType
Header - If you use a header on the data, add an apostrophe at the beginning of the first line and spell the column names identically to the above: 'ComputerName,DomainName,GroupName,MachineType
To import a list of computers:

In Manage Computers, select New or Add Computers and choose using this wizard. Choose importing a comma separated values (CSV) file as your source for computer names. Click Next.
ComputerName - REQUIRED. The name of the computer as known to the network. DomainName - REQUIRED. The network domain the computer belongs to. If the computer is not on a domain, use any other name, such as WORKGROUP or LOCAL. If a domain name is not recognized, the Control Center displays a message at the end of the ADD procedure, but the field will be added.
59
On the Open CVS Computer List panel, use Browse to navigate to and select the csv file you wish to import. Click Open.
Click Next to check and edit the imported computers in Finalize the List of Computers.
When the import is complete, a message displays the number of computers imported and the number of errors or warnings that occurred. Scroll through the provided window to see why a computer could not be added. If a computer is already in the list, it is not added again. At this point, you can:
Correct a Domain or Computer Name by typing in the field. Assign a different Group to one or more computers.
60
Assign a Platform to one or more computers. Select a computer and Remove it from the list. Click Add and type in information for another computer
You MUST select a platform (Windows or Mac) for each computer that doesn't have one assigned.
Finalizing the List of Computers

This panel in the Add Computers Wizard appears if you have chosen to type computer names into the wizard OR after you have acquired a list of computers (using Active Directory, Network Discovery, or Import). Computers in this list will be added to your Control Center Computer list. You can remove computers you do not wish to record, add computers that are missing, and correct the Domain, Computer Name, Group and Platform for computers before adding them to the list. If this list is empty, you must Add at least one computer to continue.
Click Next when the list is ready and proceed through the Add Computers wizard. You will select a Computer Profile, a Recorder Version, and an installation schedule. Click Finish to add the computers to the Control Center list.
An import follows these rules:
If a required field is missing, an error message appears. Records with errors will be skipped and all valid records will be imported. If the specified computer already exists (in the same domain), the record will not be imported. A message informs you that Computer 'name' already exists.
If a computer does NOT exist in Spector 360, the computer is added (does not require actual network detection) and will be visible under Manage Computers after you refresh the view.
If a Computer Group does NOT exist in Spector 360 , it is created. If the group exists, any new computers are added to the existing group.
You MUST select a platform (Windows or Mac) for each computer. If a platform was not detected, this field will be blank. Click the Platform column heading to sort blank entries to the top, and then remove these entries or assign a platform to each.
61
To add a computer to this list:

Click the Add button to add a computer to the list, or start typing in the first field. 1. A new field appears in the list. Click in the Domain field and type the domain network name. Press the Tab key to move the Computer Name field and type the computer's network name.
An error appears if you attempt to move to another row or press Next on this panel when a computer definition is incomplete. Click Yes on the error message to complete the computer entry or No to remove the entry.
To edit the list in other ways:

Select or use Shift or Ctrl to multiple-select computers, and then use the buttons next to the list to apply changes to your selection.

2. If you wish, select a Group from the drop-down list. DEFAULTGROUP is provided, but any group you have set as the "default group" will be assigned by default.
Add Add a blank row at the end of the list for a new entry. Remove Remove the selected computers from this list. Select All Select (highlight) all computers in this list. Deselect All Clears (removes highlighting from) all selections. Assign Platform Assign the Windows or Mac platform to all currently selected computers. Be sure to assign the right platform! Assign Group Assign a Group from the drop-down list to currently selected computers. New Group Add a new computer group. Enter a Group Name and Description and click OK. You can now assign this group to computers.
Uninstalling the Recorder

You can uninstall the Spector 360 Recorder from any computer where 3. 4. 5. Select the computers OS platform: Windows or Mac. Press Enter or Add to accept this computer and go on to the next computer. Click Next at the bottom of the panel when the list is ready and continue through the wizard. it is installed from the Control Center's Computers list. Select Recording > Manage Computers. You may need to remove the Recorder manually at the client computer if:
The computer is no longer connected to the network. Network changes are preventing Control Center / computer communication.
To uninstall the Recorder from the Control Center:

1. Select the computer or computers (use Shift and Ctrl) from the Manage Computers (or Groups) list.
62
2.
Select Uninstall the Recorder in the Task Navigation pane - OR Right-click on your selection and select Uninstall Recorder.
3.
Select a Schedule for uninstallation. Check the "Reboot computer(s) after Spector Recorder is uninstalled" option to restart the computer immediately after the uninstallation. Clear this option to perform the uninstall task without restarting the computer.
4.
Click OK.
63
Management Options
Restarting a Computer
Windows Computers Only You can restart a computer from the Control Center. You may want to restart computers after applying a new Recorder profile or changing profile settings in order to close all applications and ensure capture of all activity.
Removing Computers
You can remove computers from the Manage Computers list that you no longer need to manage under Spector 360. Removing a computer from the list has no affect on the network.
To remove a computer from the computer list:

1. 2. Select the Recording > Manage Computers. Select the computer you wish to remove and click Delete on the toolbar - OR Right-click on the computer and select Delete. 3. A confirmation message appears warning that the deletion cannot be undone. Click Yes to remove the computer from the list or No to cancel the removal.
Removing a computer from the Control Center list does NOT uninstall the Recorder. You should uninstall the Recorder before removing the computer from Spector 360 management.
To restart a computer:
1. 2. Select Recording > Manage Computers. Select the computer or computers (use Shift and Control) - OR Select Groups on the toolbar and select the group of computers you want to restart. 3. Right-click and select Restart - OR Select the computer(s) and click on Restart Computer in the Task Navigation pane. The computer or computers restart within minutes.
Stop or Start Recording

As soon as the Spector 360 Recorder is installed, it begins recording. The default (set in a profile's Advanced Application Settings) is to start recording whenever the operating system starts. You can stop and restart recording at a computer remotely from the Control Center.
To stop recording:
1. 2. 3. Select Recording > Manage Computers. Select a computer where the Recorder is installed and running. In the Task Navigation pane, click Stop Recording - OR Right-click the computer and select Stop Recording.
64
To start recording:
1. 2. Select a computer where the Recorder is installed by is not recording. In the Task Navigation pane, click Start Recording - OR Right-click the computer and select Start Recording.
2.
A message asks you to confirm reserving the selected number of licenses from this serial number. Click Yes to continue or No to cancel.
3.
A second message confirms the License Reservation. It may take several minutes for the license icon to appear in the Manage Devices list, but the number of "Available" licenses in Manage Computer Licenses changes immediately. Manage Devices list shows a reserved license
Reserving a Client License

Each serial number can be "unlocked" for a certain number of licenses. One license is used to monitor (install a Recorder on) one device. Plan ahead by reserving a license for each device you intend to monitor. The Device list shows which computers and mobile devices have been assigned a license. Be careful reserving licenses! You cannot "reuse" or "move" a license from one computer to another.
If you are using viziSafe Freemium , the licenses assigned remain assigned after you convert to Spector 360 .
Manage Licenses shows licenses assigned and available
To reserve a license:
1. Select one or more computers in the Manage Devices view. Select
Reserve License from the Edit menu or from the context (right-
If you are managing more than one serial number, a message cautions you to be sure to select the correct serial number for the license(s). You cannot "undo" an incorrect license reservation. Use the drop-down list to select the correct serial number, and then click OK to reserve the licenses. If you have selected more computers than you have available licenses for, a message appears. Click OK and contact SpectorSoft about purchasing additional licenses. If the Control Center is unable to communicate with the CCS or Primary Server, or if there are no available licenses, a message appears and no licenses are reserved.
click) menu. All licenses you intend to reserve must be under the same serial number. Select the serial number, if applicable. Click OK.
65
Assigning a Recorder Version to Computers

If no Recorder Version has been assigned to the computer, Spector 360 uses the "Default Version" to deploy the Recorder. You can assign a new version to computers or groups in Manage Devices at any time before or after the Recorder is installed using the Assign Recorder Version command. The command allows you to selectively assign versions to platforms. Note that each platform has a "Default Version." Because a new Recorder version may contain new profile settings, you may want to test the version on a few, select computers before assigning it to all computers. 4. A message asks you to confirm the Recorder version and the number of selected computers (and groups). Click Yes to apply the version or No to cancel. The assigned version appears in the Devices list.
A Recorder receives its update at the "Client Update Time" scheduled in the CCS properties. The computer must restart before any new Recorder functionality goes into effect.
To assign a Recorder version to selected devices:

1. 2. 3. In Manage Devices, select one or more devices or groups. Open the Edit menu (or right-click) and select Assign Recorder Version. From the submenu or selection box, choose the version you wish to apply to the selected computers. If more than one platform is in the selection, choose a version for each platform, from each pane.
To update Recorders now by reinstalling:

Reinstalling the Recorder re-applies the version and profile you have assigned to a device. If you've updated the default version and profile, the Recorder will be updated with the new defaults. 5. 6. 7. 8. 9. Modify the Profile using a new version, OR Change the default Recorder Version. Select devices to update from the list in Manage Devices (or select Groups). Right-click and select Install Recorder. Set a schedule for installation. Click OK.
66
Assigning a Profile to Computers

4. If you request to install a Recorder but no Recording Profile has been assigned to the computer, Spector 360 uses the "Default Profile." You can assign a profile to computers or groups in Manage Computers at any time, before or after the Recorder is installed. If your Control Center shows both OS platforms, a window opens, allowing you to assign a recording profile for the correct platform to the currently selected computers. Note that each platform has a "Default Profile." If you are managing ONLY Windows or ONLY Macs, you will select a profile from a popup menu. Choosing a profile for each platform 5.
computers are in the selection, choose a version for each platform, from each pane. A message asks you to confirm the profile assignment for the number of selected computers (and groups). Click Yes to apply the profile or No to cancel. The assigned profile appears in the Computers list. When the Recorder is installed or checks in with the CCS, it receives its new profile assignment.
If the profile assignment adds or removes a Viewer installation you MUST reinstall the Recorder using the Push option.
To assign a profile:
1. 2. 3. In Manage Computers, select one or more computers or groups. Open the Edit menu (or right-click) and select Assign Profile. From the submenu or selection box, choose the profile you wish to apply to the selected computers. If both Windows and Mac
67
Service Polling Delay

The Service Polling Delay is the amount of time before the Control Center Server (CCS) begins active polling" for a client that has not "checked in." You can change this setting to fine-tune CCS behavior for computers that are occasionally connected to, or frequently leave, the network. Access this setting from the Edit or context (right-click) menu, or from Modify computers.
Computer is dropped from list. If the CCS fails to find the computer, it continues to be "Not Detected" and eventually is dropped from the list. Avoid "losing" the computer by changing the Service Polling Delay.
To change the Service Polling Delay:

1. 2. 3. Change the number of Days the CCS must wait before actively polling for the Client Service. Enter 0-9999. Change the number of Hours to 0-23. Click OK to change the setting or Cancel to close without changing the setting. Examples...
An employee takes her computer to work at home occasionally. There's no need to modify this setting. The Recorder will check in as soon as it's back on the network.
A sales person frequently leaves the network for a week. Modify that computer's properties to delay polling for 7 days. When the computer leaves the network, the CCS won't begin polling for 7 days, and the computer's status and information will be preserved. As soon as the Recorder is back on the network, it will check in.
5-minute check-in. Once a Recorder is installed on a computer, the Control Center expects it to check in with the Control Center Server (CCS) every 5 minutes (default) or as specified in the Recorder Profile. 1 hour highlight. A Recorder that fails to check in for more than an hour (default) will be highlighted in the Computers list. When a Recorder fails to check in, the network may be down, the computer is OFF, or the computer has left the network, or the Recorder installation may have been compromised. 3 days Service Polling begins. When 3 days (default) pass with no check-in, the CCS clears the information for the computer (operating system, Recorder status, etc.) and begins actively polling the network for the missing Recorder rather than waiting for it to check in.
An employee has shut down for a 3-month leave of absence. Modify this computer's properties to delay polling for 90 day to avoid losing the computer before the employee returns.
A visitor will be on the network only for a day. There's no need to modify this setting. The computer will be "dropped" automatically several days after the visitor is gone.
68
Installing a Local Viewer

Although it is not recommended for most installations, a Viewer can be installed with the Recorder. The Viewer is a program that provides access to and views of recorded events directly from a computer (before data files are uploaded to the Data Vault). The Viewer displays Screen Snapshots, Email, Chat/IM and all other activities, similar to the User Explorer in the Dashboard. You can also use the Viewer to view the Recorder log file and locally remove the Recorder. Select Recording >Manage Recording Profiles. Click New on the toolbar to Add a Profile, or select a profile from the list and Modify it.
Installing a local Viewer is recommended ONLY for troubleshooting recording. The Viewer could threaten security by allowing an unauthorized user access to Recorder settings and data files.
To install the Viewer on Windows:

1. 2. In Manage Computers, right-click on a computer and select Install Recorder. If you are reinstalling the Recorder, in the Schedule Install box, enable "Push" the recorder to existing client computer(s). This ensures that the Recorder software will be completely reinstalled and the Viewer will be included. Click OK.
To install the Viewer on Macintosh:

1. In Manage Computers, select File > Create Manual Setup from the menu bar. Follow instructions in Creating a Manual Setup File. Select the profile you have modified with "Include Viewer" enabled for the setup file. 2. Look for the appropriate .zip file in the SDSFiles folder. Deliver the .zip to the Mac, unzip the .dmg file, and execute the file to reinstall the Recorder on the computer (see Deploying the Recorder to Macintosh).
If you choose to include a Viewer in a profile that is already installed on a computer, you must reinstall the Recorder using the Push option. This ensures that the Viewer software will be installed.
To configure the profile to include a Viewer:

1. 2. 3. In Manage Recording Profiles, create or modify a Recording Profile to add the Viewer. In the profile box, select General Options and the Security panel. Check the option Include Viewer with Spector Client Installation. Set a Password to access the Viewer in the Password and Confirm Password fields (optional). For Windows computers, you can set a new Hotkey combination to open the Viewer. Click Change and making new key selections. Save changes to the profile. 4. In Manage Computers, select the computer where you want to install the Viewer. Right-click and select Assign Profile. Select the profile you have modified with "Include Viewer" enabled. 2. 3.
To open the Viewer at the recorded computer:

1. Enter the Hotkey combination you provided (the default is Ctrl+Alt+Shift+S for Windows and Ctrl+Cmd+Shift+S for Mac). Enter the password to open the Viewer, if you supplied one. The Viewer opens, providing a view of data at the local computer.
69
Only data that has NOT yet been sent to the Data Vault Server will be available at the local computer, so data could be minimal or non-existent. You can change Data File settings to retain data, or simply remove the computer from the network for a period of time to test recording of different types of activity at the local computer.
Exporting the Computer List

You can export the Computers list and all of its information to a CSV or XML formatted file. An export may be useful for reporting or for importing computers into the Dashboard.
To export the computer list:

1. 2. 3. In Manage Computers select Export Computer List in the Task Navigation pane. In the Export List box, use the Save as Type drop-down list to select CSV file (*.csv) or XML file (*.xml). Navigate to a folder and give the text file a name. You do not have to type the file extension. Click Save to create the file or Cancel to exit the procedure. 4. Double-clicking a CSV file generally opens it in MS Excel if it is available, and an XML file opens in your default web browser. You can open any exported list with a text editor.
To remove the Viewer from the computer:

If you want to continue recording without having the Viewer software on the computer: 1. Assign a Recorder Profile that does NOT include a Viewer to the computer. You can do this either by assigning a different profile to the computer (in Manage Computers) or by modifying the computer's profile (in Manage Recording Profiles). Make sure the Include Viewer setting is cleared in the profile's Security panel. 2. Use the Install Recorder option in Manage Computers to reinstall the Recorder. Select the Push option to reinstall all aspects of the software. For Mac OS and Workgroup computers, perform a manual reinstallation of the Spector 360 Recorder
To import computers to the Dashboard

By importing the exported CSV or XML file into the Dashboard, computers will be available before recording actually begins 1. 2. 3. 4. 5. Open the Dashboard. Select the Management tool and the Computers folder. In the right pane, right-click and select Import. In the box that appears select Computers and Groups. Navigate to and select your .csv or .xml file.
70
To interpret the CSV format:

When you save the export as a CSV file (*.csv), the text file takes the following format. Each row represents a computer. The first row is a "header row." The entire list of fields (columns) is provided below.
To interpret the exported fields:

The fields (columns) included in an export are listed below. Each row provides information about one computer and its Recorder installation.
ComputerName,DomainName,GroupName,Description,...
For example:
\\ENG55,MYCOMPANY.LOCAL,DEFAULTGROUP,... \\MARKETING55,CHICAGO,DEFAULTGROUP,...
Or, in an Excel spreadsheet:
ComputerName - NETBIOS computer name DomainName - Domain or workgroup name GroupName - Control Center "group" computer is assigned to Description - Computer description (optional, if added by user) OsName - Operating System on the computer (if detected) SystemRootDirectory - Path to the computer's SYSTEM directory TaskDirectory - Windows Task Scheduler directory ProfileName - Name (title) of the assigned Recorder profile ConfigurationFileName - Full path and filename of the profile (.ini) file on the CCS computer ConfigApply - Number of times a configuration was applied UpdateTime - Scheduled time for updates ScheduledInstallDateTime - Date and time the Recorder was scheduled for installation or re-installation IsIntegrated - N/A ClientStatus_IsInstall - Is the Client Recorder installed? ClientStatus_isUIInstall - Is the Client Viewer installed? ClientStatus_ComputerStatus - Status of the Recorder (0=Stopped, 1=Running, 2=Not Running, 3=Service Agents stopped) ClientStatus_CommLinkStatus - Status of communication link between CCS and client (0=Inactive, 1=Active) ClientStatus_SoftwareVersion - Recorder Version installed ClientStatus_LastClientCheckTime - Last time the Recorder checked in with the CCS License_ID - License assigned to the computer License_State - State of license License_ComputerName - Computer name license is assigned to License_SerialNumber - Serial number the license belongs to License_LastRefreshTime - Date and time the license was refreshed
To interpret the XML export format:

When you save the export as an XML file (*.xml), the resulting XML file takes the following format where each computer is described between <Computer> </Computer> tags. The complete list of fields for each computer is listed below.
<DocumentElement> <Computer> <ComputerName>ENG55</ComputerName> <DomainName>MYCOMPANY.LOCAL</DomainName> <GroupName>DEFAULTGROUP</GroupName> <Description>Computer Description</Description> . . </Computer> </DocumentElement>
71
MachineType - Platform (0=Windows pre-NT, 1=Windows NT or greater, 2=Macintosh) PollDelayInterval - Period of time to delay before CCS discards computer information and begins to poll for the Client Service
Changing the Column Layout

You can choose how much and what information is visible in the Control Center Computers list by changing the column layout. For example, you may wish to view only the Computer Name, Profile Version, State, and Recorder Version, when you select Recording >Manage Computers.
Export Selected Computers

You can export selected computers from the Control Center list. The resulting file provides all data the Control Center has about the computer and the installed Recorder (if any).
To export a list of selected computers:

1. 2. 3. 4. In Manage Computers select the computers you wish to export from the list. Choose Export Selected Computers from the Task Navigation pane. In the Export List box, use the Save as Type drop-down list to select CSV file (*.csv) or XML file (*.xml). Navigate to a folder and give the text file a name. You do not have to type the file extension. Click Save to create the file or Cancel to exit the procedure. 5. Double-clicking a CSV file generally opens it in MS Excel if it is available, and an XML file opens in your default web browser. You can open any exported list with a text editor.
You can import the computers and groups in your exported file to the Dashboard. See Exporting the Computer List.
To change the column layout:

1. 2. In Manage Computers, open the View menu and select Column Layout. In the "Visible Columns" list, select a field and Click Move Up to raise its position in the list and move it toward the left of the list. Click Move Down to lower its position and move it toward the right of the list. Click the < button to move it to the "Hidden Columns" list. Click << to move all fields to the "Hidden Columns" list.
72
3.
Select a field from the left "Hidden Columns" list. Click the > button to move it to the "Visible Columns" list. Click >> to move all fields to the "Visible Columns" list.
Manage Computer Groups
4. 5.
As you hide and show columns they are removed or returned to the Computers list. Click the Restore Defaults button to return the columns to their original layout. A message appears asking you to confirm this change. Click Yes to continue and restore the original layout. Click No to return to your custom layout.
Managing Computers in Groups

Spector 360 computer "groups" facilitate viewing, configuring, and managing Recorders. Groups allow you to organize policies and activity logging by department or job role. Initially, all computers are members of the "DEFAULTGROUP." You can set up your own groups before, during, or after adding computers to the Control Center.
For example... You might create groups for:
User job functions such as Sales, Admin, Field, Temps, etc. High-risk users who will receive intensive recording settings Low-risk users who will receive minimal recording settings Computers where detailed activity logging and automatic reporting are required
If computers are automatically added to the Computers list from Active Directory, you can request these computers be grouped according to organizational units from Active Directory. See Managing Computers from Active Directory.
73
To view the groups:

1. 2. Select Recording > Manage Computers. Click the Groups button on the toolbar at the top of the window. The Computers list is replaced by a Groups list, showing groups, number of computers in the group, and the description. 3. Open a group by clicking the magnifying glass icon - OR Highlight the group and press the spacebar on your keyboard. Each computer has the same columns as in the Computers view. 4. Return to the Computers list, by clicking Groups button again.
Assign a Profile to a group. Assign a recorder version to a group Install the Recorder on a group Uninstall the Recorder on a group Cancel Recorder Install/Uninstall on a group Stop or Start Recording on a group. Restart all computers in a group
Add or Modify a Computer Group

Create computer groups for department, risk, or other recording needs to simplify management of the Recorders. You can add a group from the Manage Computers toolbar, or while adding computers. Once a group is defined, you can make it the new "default" group.
Ways to manage groups:
Add a new group or modify its description. Set a default group to apply to new computers. Move a computer to a different group. Delete a group that contains no computers.
You can group any Windows or Mac computers from any domain as you wish. A computer, however, cannot belong to more than one group.
To define a computer group:

Select Add Group or New Group to open the above box:
Group Name - Type a group name. If you are modifying a group, you
cannot change the name.
To manage computers by group:

Click the Groups button to view computers organized by group. You can select one or more group names, or open the group and select one or more computers within it, using Shift and Ctrl to multiple-select. Apply the following commands to the selected groups or computers:
Description - Type a description for the group. Make this the default Computer Group - Check to make this group
the default group the group to which all new computers are assigned unless you specify otherwise. Clear to define the group without making it the default.
74
Click OK to add the group or save changes, or Cancel to close the box without saving change.
Moving Computers into Groups

If you have created one or more groups, you can add or move computers from one group to another. A computer can belong to only one group. Group assignment is also available from the Add Computers Wizard and the Add or Modify a computer box.
To view or modify a group:

Select Groups on the Manage Computers toolbar. If you have just added a group, click Refresh to update the view. Double-click on a group to open the Modify Computer Group box and make changes.
To move a computer to a different group:

1. 2. 3. Select Recording > Manage Computers. In the Computers list, select the computer or multiple computers (using Ctrl or Shift) you wish to move. Right-click and select Move to Group - OR Open the Edit menu and select Move to Group. From the submenu, select the group you want.
Setting the Default Group

Whenever new computers are added to the Control Center and a Computer Group is not selected, the computers are added to the "Default Group." If you have defined your own groups, you can choose which group is the default.
To change the default group:
In any Add or Modify a Computer Group box check the Make this the default Computer Group option - OR In Manage Computers open the Edit menu, select Set Default Group, and from the submenu, choose the group to be the default. A green check appears next to the current default group. You can also simply drag and drop computers from one group list to another from within the Groups view. For example, you could expand the SEVENTH GRADE group and drag computer ROOM07A into the SIXTH GRADE group. The selected computers are now members of the new group. The Group field changes for the selected computers.
75
Removing a Group
You can remove a Control Center group completely.
To remove a group:
1. 2. 3. 4. First, move all computers in the group to another group. When the computers have been moved, click Groups on the toolbar. Right-click the group and select Delete - OR Select the group and click Delete on the toolbar. A message asks if you want to remove the group. Click Yes to continue or No to cancel. The deletion cannot be undone.
76

Profiles
Managing Computer Profiles

Every Recorder installation has a version and a profile. The Recorder Profile specifies exactly who, what, when, and how recording should take place at a computer. When you change a setting in a profile, all computers assigned that profile will receive the change. As each Recorder checks in with the Control Center Server (CCS), it automatically receives the profile update.
Create a profile set to track what happens to important files. Receive immediate notification if a specific program or file was opened. Capture activity in Published Applications in a Citrix or Terminal Server environment.
A new Recorder version may introduce new profile settings. Select the latest version when modifying a profile to see what might have changed.
To view Computer Profiles:

Select Recording > Manage Recording Profiles to view a list of all available profiles in the right pane.
An "Initial Profile" is provided for each operating system. The Initial profile contains standard, optimally useful settings, such as grayscale Screen Snapshots once every 30 seconds (while the user is active).
Default - A green check appears next to the default profile. This profile is used for Recorder installation, if no other is selected. Platform - Each profile is assigned an operating system platform, either Mac or Windows. Profile Name - Name of the profile ass, as set in the profile's General Options > Security settings. The name appears next to computers in Manage Computers where the profile is assigned.
Reasons to change or add a Recording Profile:
Enable Server Web Filtering and apply a centralized web filtering policy. Turn OFF automatic computer restart following the Recorder installation. Create a "Low Surveillance" profile for trusted employees set to capture less data. Create a "High Surveillance" profile set to capture all details when the need arises.
Description - A description of the profile, as set in Security. Serial Number - The serial number to which the profile applies. Appears when you have selected "Display Serial Number" under the Control Center's Tools > Options menu.
File Name - Appears when you select Show File Names on the toolbar. This column displays the name of the configuration (.ini) file that contains Recorder settings. All Recording Profiles are stored as .ini files on the CCS computer, by default in C:\Program Files\SpectorSoft\Spector 360\SDSFiles 77
To manage profiles:
Defining a New Profile

Master Login Only. Use Recording >Computer Profiles to create, copy, and define profiles. A new profile uses the "Initial Profile" settings as a starting
Add a new profile. Modify a profile. Copy a profile. Delete a profile. Show File Names - Adds a column in the Computer Profiles list that identifies the configuration (.ini) file. See "File Name" above. Set Default Profile - The default profile is used if no other profile is assigned or selected for a Recorder installation.
Assign profiles to computers in the Manage Computers view.
point. A copied profile starts with any selected profile's settings. All Record, Alert, Block, and General settings from the original profile are maintained, but you can adjust any settings as needed for the new profile. For example:
Full Time Employees profile - You create a New profile with Web Filtering enabled, Document Tracking turned ON for files on "network drive G:" and recording turn OFF for the known URL where employees do their 401k banking. In addition, you set up a few Email Filtering rules to avoid logging unnecessary email. These settings will be standard for your entire organization.
Temp Workers profile - You Copy "Full Time Employees" to a new "Temp Workers" profile and add local Internet Blocking of FTP, chat, and instant messaging ports, since these activities are not required for the job.
Branch B - Full Time profile - For a branch office using different Data Vault and Web Filter Servers, you Copy "Full Time Employees" to a new profile and adjust the profile's Servers.
Each profile you create appears in the Computer Profiles list and is available from profile selection lists.
A Recording Profile platform is always based on the Windows or Mac platform and must be assigned to computers with the proper operating system.
78
To create a new profile:

1. 2. Select New from the toolbar or context menu. The profile settings box opens. If applicable, select the profile OS Platform from the submenu.
Changing Recorder Profile Settings

Profile changes are automatically applied to all computers where the profile is assigned when the computer checks in with the Control Center. Most changes to recording, blocking, or alerting take effect when the applications (or connections) being monitored are restarted. Note that some settings apply only to Windows or only to Mac profiles.
The General Options tab provides the profile name,
3.
Follow the instructions in Changing a Profile's Settings.
description, option to install a Viewer (Security), and the option NOT to reboot after installing the Recorder installation (Client Options).
To copy a profile:
1. Select a profile in Computer Profiles and Copy from the Edit or from the context (right-click) menu.
To modify a profile:
1. 2. Select Recording >Manage Recording Profiles. Select a profile. Click on a profile in the right pane and select Modify the selected Profile in the Task Navigation pane, or double-click the profile in the right pane. 3. Select a Recorder Version. If necessary, select the Serial Number selection in the upper pane and in the lower pane Select the Recorder Version on which to base this profile. Different Recorder versions may have different profile settings, and if you upgrade the version, computers using this profile will receive the version. Click OK. Use the Client Recorder Settings box that appears to make changes to the profile as you wish.
2. 3.
Enter a unique Profile Name and a Description. Check Open this Profile for editing to open and change settings for the new profile when you click OK. Clear this option to copy the profile without changing settings.
4.
Change Record settings. The Record tab includes: Screen Snapshots Chat/IM Activity Web Sites Visited Email Activity Files Transferred
4.
Click OK to create the profile or Cancel to discard it
79
Keystrokes Typed Program Activity Document Tracking Network Activity Windows Profiles Only When to Record Who to Record 5. Set up local Alerts. Use the Alert tab to set up scanning for keywords as activity occurs on the recorded computer. Use these settings in addition to centralized Event Alerts to increase the rate of Snapshots during suspect activity. Keyword Watch List Alert Notification 6. Set up local Blocking. Use the Block tab for Internet blocking at the computer. These settings add off-network web site, chat, and port blocking to centralized filtering.
If you plan to use centralized Web Filtering, you MUST enable Server Web Filtering on the Block Web Sites Visited panel.
7.
Change General Options. Use the General Options tab to make changes to the Recorder software installation, security, data management and overall recording. Security Data Files Application Servers Client Options Record URLs Windows Profiles Only Windows Profiles Only Windows Profiles Only
Program Caption 8.
Click OK at the bottom of the box to save changes. Changes will be automatically applied to computers using this profile.
Block Web Sites Block Chat/IM Activity Block Internet Access Who to Block
80
Assigning a Profile to Computers

If you request to install a Recorder but no Recording Profile has been assigned to the computer, Spector 360 uses the "Default Profile." You can assign a profile to computers or groups in Manage Computers at any time, before or after the Recorder is installed. If your Control Center shows both OS platforms, a window opens, allowing you to assign a recording profile for the correct platform to the currently selected computers. Note that each platform has a "Default Profile." If you are managing ONLY Windows or ONLY Macs, you will select a profile from a popup menu. Choosing a profile from a popup menu
To assign a profile:
1. 2. 3. In Manage Computers, select one or more computers or groups. Open the Edit menu (or right-click) and select Assign Profile. From the submenu or selection box, choose the profile you wish to apply to the selected computers. If both Windows and Mac computers are in the selection, choose a version for each platform, from each pane. 4. A message asks you to confirm the profile assignment for the number of selected computers (and groups). Click Yes to apply the profile or No to cancel. The assigned profile appears in the Computers list.
Choose a profile for each platform
5.
When the Recorder is installed or checks in with the CCS, it receives its new profile assignment.
If the profile assignment adds or removes a Viewer installation you MUST reinstall the Recorder using the Push option.
81
Setting a Default Recorder Profile

When you request a Recorder installation, the Default Profile is used if no other profile has been assigned to the computer. The "Initial Profile" is the default profile provided with Spector 360, allowing you to install Recorders immediately. If you define multiple profiles for various monitoring needs, you can select any profile as the default.
Multiple platforms
To change the default profile:

1. 2. Select Recording > Manage Computer Profiles. Select the Edit or context (right-click) menu and Set Default Profile. If you are monitoring one platform, a submenu displays the available profiles. If you are monitoring Windows and Mac computers, a window displays available profiles to select for each platform. 4. Click OK to save your selections and set defaults. Click Cancel to discard changes. A default profile appears in selection lists and in the Manage Computer Profiles view with a green check next to it.
3.
Select the profile to be used as the default from the submenu or select a profile for each platform from the dialog box.
82
Removing a Profile
Master Login Only. You can remove a Computer Profile if it is not being used.
Selecting the Profile's Recorder Version

If multiple Spector 360 Recorder Versions are available, select which one to use with this profile. This option does NOT install the Recorder Version; it allows you to use new or different profile settings available with the version. If only one Recorder Version is available, this panel does not appear. In addition, if more than one serial number is registered, you must select the one to use for licensing Recorders. Select a Recorder Version (one serial number)
To remove a profile:
1. First, make sure no computers are currently assigned the profile you wish to delete. If you attempt to delete a profile that is being used, a message appears "Unable to delete the computer profile."

2. 3. 4.
Select Manage Computers. Click on the "Profile Name" column heading in the Computers list to sort the list by Profile Name. If the profile you want to delete is assigned to any computers, select the computers and assign them a different profile.
Select Manage Recording Profiles. Select the profile and click Delete on the toolbar - OR Open the Edit menu (or right-right click) and choose Delete. A message asks if you want to remove the profile. Click Yes to continue or No to cancel. The deletion cannot be undone.
To update the Recorder Version (if you are not automatically updating versions), see Assigning a Version to Computers.
To select a Spector 360 Recorder Version:

Select the version of Recorder software to use (for example, 7.3.1103). If you have one serial number, you can double-click on a version to select it and continue.
Keep your Spector 360 Recorder stealthy and up-to-date. Note that recording options and capabilities change from version to version, and you may miss capturing information if you do not update your Recorders.
83
To select a serial number:

If you have one serial number, the serial number selection pane does not appear. If you are managing more than one serial number, in the upper portion of the box, highlight the serial number to use for licensing with this profile.
Initial Profile Settings

An Initial Profile is provided with optimal recording and stealth settings for each operating system platform.
Serial Number - Must be registered and unlocked to appear. Total Licenses - Total computer licenses purchased with this serial number. You can install one Recorder per license. Licenses Available - Total number of licenses still available to assign to computers. If you have 0 (zero) licenses available, you need to add computer licenses before installing another Recorder.
The original "Initial Profile" uses these settings:

Default recording... Record Chat/IM Default ON Description Records communication in supported chat room and instant messaging protocols. Activity at CD/DVD or removable media and document printing is captured. Records email sent and received. Capture of attachments is NOT enabled. Records all Peer-to-Peer, FTP, and HTTP file transactions. Records typed keystrokes, visible or not. Extended keystroke capture NOT enabled. Available when a keyword watch list has been defined. All communication with other computers on the network (intranet or internet). Searches entered and hits received from search engines. Every program opened and the duration of activity within it. Inactivity time out is 3 minutes.
Click OK to proceed.
Document Tracking Email
ON
ON
Files Transferred Keystroke
ON ON
Keyword Alert Network Activity Online Searches Programs
OFF ON
ON ON
84
Record Screen Snapshots Web Site
Default ON
Description One grayscale snapshot every 30 seconds while user is active (other triggers OFF). All domains and URLs visited.
Default Security settings Security Recorder is installed in Stealth Mode Viewer is not installed with Recorder Hotkey to open Viewer Setting ON OFF Ctrl+Alt+Shift+S randomly named folder ON NONE 30 days 500 MB 45 days 30 MB ON OFF ON (minimum)
ON
Default Server settings Server Settings Recorder queries the Primary Server for licensing validation at Recorder uploads recorded events to the Data Vault at Recorder sends information to the Control Center at Recorder listens for Server communication at Recorder queries the Primary Server for licensing validation at Recorder uploads recorded events to the Data Vault at Recorder sends information to the Control Center at Recorder requests access to the Internet from the Web Filter Server at Port 16770 16769 16768 2468 16770 16769 16768 16771
Recorder stores data in Data files are hidden Password to access data files Screen Snapshot data is deleted after Screen Snapshot maximum data size is Other data is deleted after Other data maximum size is Enable Spector Client Recorder when Windows starts Warning message at logon Enable log file
85
How the Recorder Stores Data at a Computer

The Recorder stores recorded data on the local hard drive until it can upload it to the Data Vault Server. The default settings are highly "stealthy" and work well in most cases. Storage on the local computer hard drive becomes a concern when the network goes down or when a Recorder is removed from the network for a long period of time. If the Recorder cannot upload its data and exceeds the limits for storage of recorded events, it will start deleting older data. Recorder Profile settings affect how data is managed if the Recorder cannot communicate with the Data Vault Server.
To manage data on a recorded computer:

If you are concerned about disk space on the computer, there are two approaches to consider: (a) limiting what the Recorder captures and (b) adjusting the automatic deletion limits.
Record When allows you to limit the times of recording. Application settings allow selective recording of programs. Record URLs limits recording of web activity by URL. Screen Snapshots can be taken less frequently. Email Filters can be used to omit email of no interest. Network Activity can exclude capture of activity by program. Data File settings can delete files sooner or keep them longer.
Make sure your recording settings and data storage limits are realistic. You don't want the user to run out of available disk space because of Spector 360 recording!
Default data management:

The Recorder first saves data to the local hard drive:
Stores event records in 15-minute chunks. Creates files in .sdf (SpectorSoft Data File) format. Files are hidden within a randomly named Windows system folder. Attempts to upload files every few minutes (240 seconds). Deletes the files from the local computer after a successful upload.
Screen Snapshot data:

By default, Screen Snapshot are retained for 30 days or until 500 megabytes (MB) of disk space are used. This provides ample space for normal snapshot recordings (grayscale format, once every 30 seconds) on a computer. Snapshot storage limits are separate from other data, because the data size varies so much. If you configure the Recorder to take more or color snapshots, you may need to increase the disk space allowed for snapshots on the computer. To maximize snapshot storage, you can control:
If locally stored files cannot be uploaded to the Data Vault, by default the Recorder follows these procedures:
After 45 days, or when the data files exceed 30 MB, the Recorder begins deleting the oldest data files. After 30 days, or when Screen Snapshot files exceed 500 MB, the Recorder begins deleting the oldest Snapshot files.
For computers that leave the network: Increase data storage limits to avoid losing data during the time the computer is disconnected. For low-performance computers: Decrease the maximum data size or duration, or disable some recording, to avoid problems.
The frequency with which snapshots are taken The capture format (high-resolution, color, grayscale, etc.) When snapshots are deleted at the local computer
Email data:
By default, recorded email is retained for 10 days or until 10 MB of disk space is used. The Recorder automatically starts deleting the oldest email data when it reaches one of these limits. So if a Recorder
86
captures 2 MB of email a day, it will retain only 5 days of email data before it starts automatically deleting the oldest data. You can control:
Screen Snapshots
Which types of email are recorded Whether attachments are recorded The maximum size of attachments recorded Conditions (filtering) under which to record email or attachments
Email attachments are stored separately from other email data. If you enable capture of email attachments, be aware that these files (program executables, graphics, documents) can use a great deal of disk space. You can increase the Maximum Attachment Size from the default 100KB to up to 32767 bytes (about 3 MB). The Recorder will NOT store an attachment greater than 3 MB.
Screen Snapshot Recording

The Spector 360 Recorder can take hundreds of snapshots every hour on each network computer, very much like a surveillance camera. A snapshot is a graphic representation of exactly what the user sees on the computer's monitor: all open windows, pop-up messages, everything. You can view Screen Snapshots from the Dashboard.
Chat/IM data:
By default, the Recorder retains 10 days or 3 MB of recorded Chat/IM conversations. It automatically starts deleting the oldest Chat/IM recordings when it reaches one of these limits. So, if the Recorder captures 1 MB of Chat/IM per day, then it can retain only 3 days of Chat/IM before it starts deleting the oldest data.
Keystroke data:
By default, the Recorder retains 10 days or 1 MB of recorded keystrokes. It automatically starts deleting the oldest keystroke recordings when it reaches one of these limits.
With each snapshot Spector 360 records:
Web Site data:

By default, the Recorder will hold 10 days or 1 MB of Web Sites Visited recording. The Recorder will automatically start deleting the oldest Web recordings when it runs up against one of these limits.
A graphic representation of the screen as the user saw it Date and time the snapshot was taken Name of the program that had Windows focus The user logged in when the snapshot was taken
What triggers a snapshot:

By default, the Recorder takes a "black-and-white" (gray scale) picture every 30 seconds. If activity completely stops on the computer, no snapshots are taken until the user takes action again. You can choose to take timed snapshots or trigger snapshots when an event occurs:
87
Timed snapshots provide near real-time "video" playback of the user's screen activity. Event-triggered snapshots (e.g., when a page is loaded or when a key is pressed) guarantee that you won't miss action, such as the user clicking through a series of web pages or suddenly moving a document into a new folder.
Screen Snapshot Settings

The Recorder takes full-screen snapshots of each monitored computer, very much like a surveillance camera. You can playback a detailed visual history of the user's activity from the Dashboard. To turn Screen Snapshots off or change their system settings, select the profile and Record > Screen Snapshots.
To develop a snapshot strategy

Start by creating and testing several Recorder profiles to see which results are preferable on which computers.
Be careful with snapshot triggers. Using multiple event triggers AND timed snapshots may result in a large number of snapshots taking up disk space on the local computer and in the File Storage Location.
If users frequently create documents and scroll pages as part of normal work, you may want to avoid window title and scrolling event triggers to avoid excessive snapshot recording. More...
If users submit web forms as a part of normal work, you could specifically turn ON the web form submitted trigger as a means to document work, such as orders taken. More...
You might decrease the normal timed Snapshot frequency from 30 to 60 seconds (to save disk space) and increase the snapshot frequency when a Keyword is detected. More...
To record Screen Snapshots:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This will not affect other recording. System Settings - If Screen Snapshot recording is ON, click this button to set the snapshot format, special options, triggers, and timing. When the Data Vault receives Screen Snapshots, it directs these encrypted graphic files to the File Storage location. More...
Use the default gray scale format to save disk space. A hotkey combination is available to use at the recorded computer to take a manual on-the-spot snapshot. More... Set up Database Backups, Archives, and Restores to include snapshots.
88
Snapshot System Settings

Snapshot System Settings allow you to change the format and frequency of Screen Snapshots. Selecting Record > Screen Snapshots in a profile and click the System Settings button. After making changes, click OK to save your changes or Cancel to remove them.
16 Bit Color: hi-color graphic stored in 65536 colors 24 Bit Color: true-color graphic stored in 16+ million colors 32 Bit Color: true-color with alpha channel; largest file (not recommended)
You can easily read a 4-bit grayscale snapshot of a computer display set to a much higher resolution. However, there is no point in attempting a higher level of capture (e.g., 16-bit color) than the screen resolution (e.g., 256 colors).
To configure snapshot recording:

Click the Configure Snapshot Recording button. See Snapshot Triggers and Timing.
To set snapshot options:

Check options to turn them on; clear them to turn them off:
Include Secondary Monitors Check to capture activity on multiple monitors when they are connected to the computer. Clear to capture activity only on the primary monitor.
New settings take effect when the Recorder checks in and when applications restart. You may want to restart computers from the Control Center.
Capture entire screen contents at once - Windows Profiles Only. Check this option only if snapshots are displaying screens in transition. By default, the Recorder does not capture the entire screen at once, because it is usually not necessary and may slow down some computers.
To configure snapshot format:

The Spector 360 Recorder takes color, grayscale, or black-and-white snapshots. Increasing the color depth requires more disk space, and you may have to increase the snapshot data storage limits so that snapshots are not deleted right away. Click the Snapshot Format drop-down list and select from the following formats:
Capture Layered Windows - Windows Profiles Only. Check this option if you are missing snapshots because Window transparency (or translucency) is turned on. If you are not having problems, leave this option cleared.
Check for Blank Snapshots - Check this option if you want to remove "blank" snapshots where there is no visible desktop, windows, or commands. Clear this option to keep all snapshots, regardless of what they show.
1 Bit Monochrome: black-and-white; smallest file 4 Bit Grayscale: efficient and readable; recommended 4 Bit Color: graphic is indexed and reduced to 16 colors 8 Bit Color: graphic is indexed and stored in 256 colors
89
Snapshots have built-in efficiency. When the Recorder takes a snapshot, it stores only the parts of the picture that have changed since the previous snapshot. Compression is applied to keep the file size as small as possible.
To take a snapshot when events occur:

Check an event to take a snapshot when it occurs; clear it to turn OFF the snapshot "trigger." Triggers are:
Website Page is loaded - An Internet browser is open and a page load event occurs (a user clicks a link at a web site). Website form is submitted - Windows only. An online form is submitted. This could be a user login form, a banking moneytransfer form, a registration form, an e-commerce order form, and so on.
Snapshot Triggers and Timing

To focus on meaningful snapshots or conserve disk space, you can choose the events that trigger snapshots and how often snapshots are taken. In the profile, select Record > Screen Snapshots > System Settings and click the Configure Snapshot Recording button. Click OK to save your changes on this panel.
Program is loaded - An application is opened. This is useful if you want a picture of programs a user launches in a day. Window Title changes - Windows only. The window title bar changes. A snapshot is taken when a document is opened, a "Save As" saves a document under a new name, or a web page is loaded in a browser. Note that this option has redundancy with the "Website Page is loaded" option; you may not need both options. An MS Word window title displays the document name.
If the user is inactive (not typing or using the mouse) for 3 minutes, snapshots are stopped until activity begins again.
Window Contents are scrolled - Windows only. The user scrolls the contents of any window in any application. Only one line of scrolling is needed to trigger the snapshot. This setting is useful when you need to see everything on a window the user is viewing.
90
Left mouse button is clicked - The user depresses the primary mouse button (usually the left button). A snapshot would be taken when the user clicks a hyperlink, places the cursor to begin typing, or selects a menu and menu item.
Do NOT use the Enter or Spacebar keys as triggers on a computer where a great deal of typing occurs.
Left mouse button is double-clicked - Windows only. The user clicks the primary button twice in rapid succession. A double-click starts an application from a desktop icon or takes action as programmed within an application.
To set snapshot frequency:

Turn on the frequency option and set the time interval.
Take Snapshot Every - Check this option to turn on timed snapshots. Clear to turn OFF timed snapshots. [30] Seconds - Use the arrows or type a number from 1 - 600 to set the number of seconds between snapshots. Every 30 seconds (default) provides a compromise between detail of information and use of disk space. Increasing the time (for example, raising the interval to 90 seconds) causes fewer snapshots to be taken. You may compromise the snapshot view of the user's activity. Decreasing the time (for example, lowering the interval to 4 seconds) causes more snapshots to be taken. More snapshots provide greater detail, but use up disk space and slow the computer.
Note that Keyword Watch Settings provide an option to trigger and increase snapshot frequency if a keyword is detected.
Right mouse button is clicked - The user clicks the secondary mouse button, which usually displays a menu of shortcut actions or "what's this" help.
Enter key is pressed - The user presses Enter to submit a form, add a paragraph break in a document, or execute a selected item.
Consider carefully which triggers to use for which users. Heavy computer usage with all the triggers activated could result in large amounts of recorded data.
You can configure a hotkey combination to press at the recorded computer that takes a snapshot. See Application settings.
To take a snapshot on a keypress:

Windows Only. You can cause single keystrokes to trigger a snapshot. For example, you may want to take a snapshot when the user presses the Ctrl key, as part of a Save (Ctrl+S) or Print (Ctrl+P) operation. 1. 2. Click the Add button. A message informs you that the next key you press will be used as a snapshot trigger. While the message is displayed, press a key on the keyboard. The box closes and the single key is added under "Key Name." Repeat these steps for each key you want to add. To remove a key from the list, highlight it and click Delete.
Snapshot settings affect performance! It's possible but NOT recommended to take a snapshot every second. Taking a snapshot every 15 seconds may require 2 times as much storage as taking one every 30 seconds. A snapshot every 5 seconds may require 6 times the storage space.
91
Chat/IM
Types of Chat Recorded

Chat room and Instant Messaging (IM) conversations allow users to type messages directly to one another. Spector 360 records most chat rooms and messaging on Windows and Mac. Each contribution to the conversation is recorded, whether two or 15 people are involved. A Chat/IM "event" includes all conversation up to a certain length or until a pause in activity, and then a new "event" begins. Chat/IM recording creates an ongoing log of all conversations that take place on your network.
Chat logging in as... AIM America Online Instant Messenger accounts including AIM, AIM Express, Dead AIM, and AOL Chat. BONJOUR Apple Inc.'s service discovery protocol that allows chat between users on a local network, via iChat, Adium, or other Mac programs, without an instant messaging account. ICQ "I-Seek-You" supports instant messaging in ICQ clients (Windows or Mac), with Facebook friends, and posts to Twitter. Each user has a User Identification Number (UIN). Mac.com or MobileMe These Apple accounts can be used on a Mac in iChat, Adium, and other programs. Accounts are identified as ??@mac.com or ??@me.com. MSN (Microsoft) Microsoft accounts are used in Live Messenger, MSN Messenger, MS Exchange, MSN Chat, and other chat clients.
Protocol OSCAR
Windows
Mac
BONJOUR
With each Chat/IM event Spector 360 captures:
Date and time the conversation took place Program the conversation was recorded in Chat or messaging protocol (type) used The local user involved Other users involved Which user said what Each segment of the actual conversation
The Spector 360 Recorder does NOT provide the ability to record any oral or voice conversations.
OSCAR
XMPP
The Spector 360 records the following types of Chat/IM:

The Spector 360 Recorder captures the following types of chat or instant messaging (IM) from most popular IM clients and Internet chat rooms. You will be able to view both the chat type and the chat program used.
MSN
92
Chat logging in as... YAHOO Instant messaging in Yahoo Messenger, chat rooms, and other chat clients. Accounts are identified as ??@yahoo.com. Jabber Instant messaging within a Jabber application or using the XMPP protocol. Skype Text chat conversations (not voice) across a Skype connection are recorded. Skype is a peer-to-peer Internet telephony network. GOOGLE Google Talk (Gtalk) IM uses the XMPP open protocol and allows signing in via an AIM account. Meebo In-browser IM that supports multiple services, including Yahoo, MSN, AIM, ICQ, and Jabber. MySpace and Facebook IM at the MySpace and Facebook web sites is recorded. Trillian Third-party IM software that allows communication with AIM, MSN, ICQ, Yahoo, and IRC accounts simultaneously.
Protocol YAHOO
Windows
Mac
Chat logging in as... IRC Internet Relay Chat, clients include: mIRC, Trillian, ViRC, Pirch, Morpheus, ,XiRCON
Protocol IRC
Windows
Mac
XMPP
X X
If conversations are not recorded in Chat/IM Activity, look for them in Keystrokes, Web Sites Visited, Program Activity, and/or Screen Snapshots.
Depends on login
The following types of Chat/IM are NOT recorded:

While SpectorSoft has attempted to specifically record the most popular types of Chat/IM used on the Internet, there may be some proprietary interfaces that are not supported. The following Chat/IM interfaces are NOT recorded:
XMPP
ICQ ToGo ICQ Chat (Private Chat Room) Netscape Messenger
Depends on login
XMPP
Depends on login
93
Chat/IM Settings
Spector 360 captures most conversations in online chat rooms or Instant Messaging (Yahoo, AOL, Live Messenger, MySpace, and so on). To access this panel, open the Profile and select Record > Chat/IM Activity.
Chat/IM System Settings

Windows Profiles Only. Chat/IM System Settings allow you to record a non-standard port or change the method of capture for a type of chat. Under normal circumstances, you will NEVER change these settings. Select Record > Chat/IM Activity and click the System Settings button to access this panel. Only advanced users should attempt to make changes, so that recording is not compromised.
To record Chat/IM Activity:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This will not affect capture of Chat/IM activity in Screen Snapshots, Keystrokes, and Program Activity.
System Settings - Windows Profiles Only. Click to open advanced settings. Do NOT change these settings unless you are sure you can do so without compromising the Recorder's ability to capture data. More...
Changes to these settings do not take effect until the user logs off and restarts all Chat/IM applications. You may wish to remotely restart the computer.
94
To add a port:
The Recorder monitors specific communications ports for different types of Chat/IM protocol. The Recorder can "listen" for a type of chat at multiple ports. Add a space following the default ports, and type the new port number in the appropriate field. Be sure to click OK on the Advanced Chat/IM Settings box to save your changes.
High-level - Captures content directly from the application window at "high level," resulting in a recording with greater detail (includes the Yahoo Emoticons and the HTML font being used). This approach can record conversations from encrypted communication, whereas low-level recording cannot. High-level capture is used as a backup to the low-level method, because it relies on a specific version of an application, which may change.
IRC Ports (Default) Records at ports 6660-7000. MSN Ports (Default) Records at port 1863. AOL/ICQ Ports (Default) Records at port 5190. Yahoo Ports (Default) Records at 5050, 5101, 8001, 8002. XMPP Ports (Default) Records at port 5222.
Be careful! If you remove ports, you may compromise the Recorder's ability to record.
Auto - The Recorder determines whether to use low-level or highlevel capture each time a Chat/IM event begins. Generally, the Recorder uses low-level capture unless (a) the communications protocol is encrypted or (b) it does not recognize the protocol.
Disabled - Disables capture of a Chat/IM protocol. Use this setting to turn off all recording of one chat type, such as MSN.
To change a Record Level:

First, determine which protocol to change. Then, use the drop-down list to select to another method of capture, or to disable recording.
To remove a port from monitoring:

Select the port number and press the Delete key on your keyboard, or use the Backspace key. If you change a port, the change will not take effect until the Recorder receives the settings and the user restarts the Chat/IM application.
IRC By default, the Recorder captures Internet Relay Chat at low-level. MSN By default, the Recorder captures Microsoft Network IM on Auto. AIM/ICQ By default, the Recorder captures AOL Instant Messenger and "I Seek You" (widely used in chat rooms and games) at Auto setting.
About levels of capture:

A "protocol" (IRC, AIM/ICQ, AOL, MSN, Yahoo, XMPP) is the method of communication used by chat and IM services. The Recorder uses one of two approaches to capture each protocol: High-level or Low-level. The default settings are usually optimal for each protocol:
AOL By default, the Recorder captures America Online communication at Low-Level. Yahoo By default, the Recorder captures Yahoo Instant Messenger and Chat at Auto setting. XMPP By default, the Recorder captures this XML-based protocol used by Jabber at Low-Level.
Low-level - The Recorder captures basic chat and IM conversations (text only) at "low level" when a "high level" capture is not possible. Low-level capture works well for most conversations, because it does not rely on a particular Chat/IM application version. The Recorder uses low-level capture for AOL Instant Messenger (AIM) and for third-party applications that interface with major providers (AOL, Yahoo, MSN), such as Trillian.
95
To disable or enable capture other types of messaging:

The Record Options list displays additional chat types recorded by default. You may want to disable recording for approved chat (such as MSN Exchange) and still record all others. Alternatively, you may be interested in logging ONLY one type of Chat/IM. Checked options are recorded, cleared options are not recorded.
Email Activity
Email Activity Recording

The Spector 360 Recorder captures and records almost all email. When email is sent or received, the Recorder creates a hidden duplicate of the email (and its attachments, if so configured) to store for later review. It also keeps a copy of deleted email. SpectorSoft is constantly updating the Recorder as new email technologies emerge.
Capture Web IMs - Messaging at a web site, such as Windows Live Messenger or Yahoo Messenger. Capture OSCAR80 - OSCAR is a messaging protocol used by AOL. Capture MySpace443 - Messaging that occurs on MySpace. Capture MSN Exchange - Microsoft messaging on an MS Exchange Server. Capture Skype - Text chat through the Skype program.
Captured with each email sent or received:
To enable a Time Stamp on low-level recording:

Check Enable Time Stamp if you want to add a time stamp to each line of the conversation when low-level capture is used. For example: <10:15:22> BlueSuede> How are you <10:16:30> RedPatent> Fine <10:17:00> BlueSuede> Good to hear
Date and time of email To, From, CC, and BCC addresses Subject line and message contents Type of email (SMTP, Webmail, AOL, etc.) Whether or not there is an attachment
Spector 360 records the following types of email:

SMTP/POP Email - Windows/Mac. Email sent and received from a SMTP/POP account is recorded from programs such as: Microsoft Outlook, Outlook Express, Eudora, Macintosh Mail, Thunderbird, POPmail, etc.
IMAP Email - Windows/Mac. Internet Message Access Protocol email is captured when the email is opened. Outlook, Thunderbird, or Eudora may be configured to receive email via IMAP.
Exchange/MAPI Email - Windows. Email is recorded when sent or received from Microsoft Exchange and other clients using MAPI (Messaging Application Programming Interface).
Exchange Webmail - Windows/Mac. Outlook Web Access 2007 and 2010 (also known as Outlook Web App, or OWA), a webmail service of Microsoft Exchange Server, is recorded. Earlier versions of Exchange Webmail (Internal Webmail) can be captured by adjusting Email System Settings.
96
AOL Email - Windows/Mac. Email sent and received from AOL Mail or AOL Communicator (using SMTP/POP) is recorded. AOL attachments are not recorded. Web-based AOL email is recorded as Webmail (see below).
Webmail Recorded
The Spector 360 Recorder captures email sent and received through web email sites, such as Yahoo, Gmail, and Facebook. Because Internet email web site signatures change, Spector 360 periodically updates its webmail capture ability. Be sure that you are receiving regular Recorder Version updates from SpectorSoft. Webmail capture differs from recording of other email in the following ways:
Webmail - Windows/Mac. Email sent and received in web browsers, such as Hotmail, Yahoo, Gmail, and so on, is recorded when the email message is opened to be read or composed. Unread messages are not recorded until they are opened. Webmail attachments are NOT recorded. For a list of all web email sites recorded, see Webmail Recording.
The Recorder captures webmail when a message is composed or opened. A message received by a user is only recorded if the user opens the email to read it.
Lotus Notes - Windows. Lotus is a division of IBM and Notes is their Windows enterprise messaging system, analogous to the Microsoft Exchange product. Lotus Notes mail is recorded.
AOL, Webmail, IMAP are recorded when the message is opened for reading by the user. The Recorder does NOT capture attachments to AOL or Webmail messages.
The Recorder does NOT record attachments sent or received through webmail.
The Recorder captures webmail when email is composed or opened at most U.S. web sites and at the following international email sites. Email Site AOL (Argentina) AOL (Brasil) AOL (Canada) AOL (France) AOL (Germany) AOL (Mexico) AOL (United Kingdom) Earthlink GMX Hotmail (English & Japanese) Netscape (Canada) Email Address http://www.aol.com.ar http://www.aol.com.br http://www.aol.com.ca http://www.aol.com.fr http://www.aol.com.de http://www.aol.com.mx http://www.aol.co.uk Gmx.de http://www.gmx.net http://www.earthlink.net http://www.gmx.net/de http://www.hotmail.com http://www.netscape.ca
Spector 360 does NOT record the following email:

You can always review the user's activity in Keystrokes Typed or Screen Snapshots.
Novell Groupwise - Novell's enterprise messaging system, similar to Microsoft Exchange. Yahoo - "Personals" messaging is not captured, though all other email sent or received from the Yahoo Web site is recorded. AOL Communicator - Email is captured ONLY if it is configured to be sent and received as an SMTP/POP account. Webmail Attachments - The Recorder does NOT capture email file attachments sent or received using Web email accounts (Yahoo, Google, Hotmail, etc.).
97
Email Site WebDE Yahoo (Argentina) Yahoo (Australia) Yahoo (Brazil) Yahoo (Canada) Yahoo (Denmark) Yahoo (France) Yahoo (Germany) Yahoo (India) Yahoo (Italy) Yahoo (Mexico) Yahoo (Norway Yahoo (Spain) Yahoo (Sweden) Yahoo (United Kingdom)
Email Address http://freemail.web.de http://ar.yahoo.com http://mail.yahoo.com.au http://mail.yahoo.com.br http://mail.yahoo.com.ca http://dk.yahoo.com http://fr.yahoo.com http://mail.yahoo.de http://in.yahoo.com http://mail.yahoo.it http://mx.yahoo.com http://mail.yahoo.no http://mail.yahoo.es http://mail.yahoo.se http://mail.yahoo.co.uk
Email Activity Settings

The Spector 360 Recorder automatically captures email activity, but it does not capture email attachments unless you tell it to. Change email settings to record attachments, "filter" email recorded, or fine what is recorded. To view the email types recorded, click here. Access the Email Activity panel by opening a Profile and selecting Record > Email Activity.
To record Email Activity:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This setting does not affect capture of email activity in Screen Snapshots, Keystrokes, and Program Activity.
The Spector 360 Recorder captures AOL, Webmail, and incoming IMAP email when the message is opened for reading by the user. The Recorder does NOT record attachments to AOL or Webmail messages.
98
To record email attachments:

The Recorder can capture files attached to incoming and outgoing SMTP/POP and Microsoft Exchange email. The entire attached file (if it does not exceed the maximum size) is stored with the email event record. If the file cannot be captured or if this option is OFF, the email event record still indicates the presence of an attachment. The following setting records attachments up to 10 MB
Add or Edit an Email Filter

Email filters reduce the quantity of email captured and make it easier to find and focus on important information. An email filter tells Spector 360 whether to record or ignore an email based on conditions you specify. For example, you can instruct Spector 360 to ignore email from "XYZ Store" and ignore anything sent from your own autoresponder, "ABC Organization." From a profile's Record > Email Activity settings panel, click the Configure Filter button.
Record Attachments - Check to record email attachments. Clear to skip capture of attachment files. Maximum Attachment Size - Attachments larger than 100 KB (default) are NOT captured. Set any maximum size from 0 to 32767 KB (over 32 MB). Be careful! If you increase maximum size, you may need to increase the computer's storage space for retaining all non-snapshot data (default is 10 MB).
Email attachments can be large and numerous and take up disk space both on the local computer and in the central storage. Use an email Filter to limit capture of attachments, if necessary. Email recording must be ON, and all criteria of a rule must be TRUE before a rule is applied. To ensure new settings take effect, restart computers after changing filtering rules.
To filter email or use advanced settings:
Configure Filter - Click this button to define rules that record or ignore email based on the email contents or other criteria. More... System Settings - Click this button for advanced settings. Do NOT change these settings unless you are sure you can do so without compromising the Recorder's ability to capture data. More...
To set up email filtering:

1. Add a Rule. On the Email Filter box, click Add. The Email Rule box opens. Follow instructions in Creating an Email Filtering Rule. The rule provides conditions the email must meet in order to be recorded or ignored. You may need only one or a series of rules to
99
create your filter. Each rule you Add appears at the bottom of the Rules list. Rules are applied in the order they appear in this list. 2. Set priority for the Rules. The first rule in the list is applied first and becomes an "exception" for lower rules. Use the buttons to arrange the rules and change the logic:
For example:
Your company is records too much inhouse email, but you do not want to lose valuable tracking information about legal matters. 1. Rule One. Create a rule to look for email with "legal" in the Subject or Body AND "MyCompany.com" in both the To and From addresses. Email matching this condition should be recorded. 2. Rule Two. Create a second rule that looks for inhouse email (SMTP/POP email with "MyCompany.com" in the To OR From address). Email matching this condition should be ignored. 3. Set Rule Priority. On the Email Filter box, Position the first rule as an exception at the top of the list. Select "If none of the rules apply, then the email should be recorded." The following logic will be applied: (a) Inhouse "legal" email: Record (b) Other inhouse email: Ignored (c) All other email not matching these rules: Record.

3.
Add - Add another rule. Delete - Select a rule and click Delete to remove it. Edit - Select a rule and click Edit to open the Email Rule box and change the conditions for a rule. Move Up - Select a rule and click Move Up to move it up the list of rules and change the filtering logic. Move Down - Select a rule and click Move Down to move it down the list and change the filtering logic.
If NONE of the rules apply, either record or ignore the email and/or its attachment.

4.
recorded - (Default) Record email if the rules do not apply. ignored - Ignore email if the rules do not apply.
Finally, click OK on the Email Filter box to set the rules and return to the Email Activity settings panel.
100
Email Filtering Rule

An Email Filter rule sets the conditions for recording or ignoring email. Spector 360 tests each email against the rule. Select the profile's Record > Email Activity settings, click Configure Filter and then Add or Edit.
Received by This Computer - Check to include all email received by this computer; clear to exclude. If both items are checked, all email sent OR received by this computer is included.
And the email:
Has attachments - Check to include email with attachments; clear to exclude attachments. If "Has attachments" is checked, you can specify the size of the attachment using the drop-down list and entry field. Attachment rules do not apply to webmail. of any size - All attachments are included. less than - Include only attachments smaller than the specified size. Type a number to represent the size in kilobytes. greater than - Include only attachments larger than the specified size. Type a number to represent the size in kilobytes. equals - Include only attachments of an exact size. Type a number to represent the size in kilobytes.
Does not have attachments - Check to include email with NO attachments; clear to exclude email without attachments. If both items are checked, email with OR without attachments is included.
If a rule specifies that attachments should be captured, Record Attachments also must be enabled in the Email Activity settings. Attachment rules do NOT apply to webmail.
To name the rule:

Click Add to open the Email Filter window. In the Rule Name field, enter a name for the rule you are creating. All alphanumeric characters and punctuation are permissible.
And the email's format is: To include all email formats, leave all boxes checked.
Plain Text (text only) - Check to include; clear to exclude. HTML (hypertext markup language - includes graphics and special fonts) - Check to include; clear to exclude. RTF (rich text format - includes graphics and special fonts) Check to include; clear to exclude. If all items are checked, the email can be in any format.
To set the rule criteria:

If the email was:
Sent from This Computer - Check to include email sent from this computer; clear to exclude email sent from this computer.
101
And the email comes from: The default is to include all email sources: SMTP / POP, Webmail accounts, AOL accounts, Microsoft Exchange accounts and IMAP accounts. And the email's To / From / Subject / Body: For each part of the email header, you can create conditions based on what appears in the To address, the From address, the Subject, or the entire Body of the email. The email must match these conditions in order to be recorded (or ignored). Use the drop-down list next to each field to select how to match, and type a word or characters to indicate what to match.
Email System Settings

Windows Profiles Only. Email System Settings allow you to control which types of email Spector 360 records and where it listens for email activity. You can also enable recording of Internal Webmail on private web sites. Do not change these settings unless you are sure you will not compromise recording. Select the profile's Record > Email Activity Settings and click the System Settings button.
is anything - (Default) All email is included, regardless of what is in the field; leave the field next to it blank. starts with - The beginning of the email field matches what you type in the adjacent box. For example, "Robert" matches robert@mycompany.com or robertk@yahoo.com.
ends with - The end of the email field matches what you type in the adjacent box. For example, you might look in the To field for matches to "TheirCompany.com" and capture email sent to sales@theircompany.com and jane@theircompany.com.
contains - The email field contains the characters typed in the adjacent box. For example, you might look for "weapons" anywhere in the Body of an email.
equals - The email field exactly matches what you type in the adjacent field.
Click OK to close the box and set the rule. Click Cancel to close the box without saving changes. Set the priority of this and other rules when you return to the Email Filter box.
If you do need to make changes to System Settings, ensure they take effect by restarting the computer.
102
Email Type Recording:

By default, when Record Email Activity is ON, Spector 360 captures all types of email. Clear any boxes to turn OFF recording of a type of email. Check boxes to turn ON recording.
Polling Interval - The Recorder polls the Lotus Notes Server for updated information. If you have a busy network you may want to increase the polling interval to reduce load on the system. Default is every 30 seconds, and the maximum is 3600 seconds (1 hour).
To set options:
Check for duplicate emails - By default Spector 360 checks for and ignores duplicate email messages. Clear the check box to record all email sent and received. Omitting duplicate email is useful when an antivirus or other third party program has sent email duplicates. Spector 360 keeps a list of the last 100 email messages received. If an exact duplicate is received and this option is set, the duplicate is ignored. This list restarts when you turn off the computer.
IMAP Email - Incoming IMAP email. Programs using IMAP for incoming email usually use SMTP for outgoing email (see below). AOL Email - Email composed or opened using the proprietary AOL Internet interface. AOL email is recorded when the user opens received email or composes an email. If the email is listed in AOL, but is not opened by the user, it is not recorded.
Use alternate MAPI capture - Use this option when requested by Technical Support. Enable this option only if the Recorder conflicts with add-in software to cause unexpected behavior in a MAPI email client (such as Microsoft Outlook).
Web Email - Email messages sent and received through a Web browser (Webmail) using Hotmail, Yahoo, AOL, Gmail, etc. SMTP/POP Email - Email sent using SMTP and received using POP. Many standard mail programs, Microsoft Outlook, Outlook Express, Incredimail, and Eudora, use SMTP and POP protocols.
Exchange/MAPI Email - Email from MS Exchange or another application incorporating MAPI functionality to become "mailenabled." Microsoft Office Suite is MAPI enabled. Scan ONLY Inbox for pre-existing new emails - The Exchange / MAPI Email option must be enabled. Check to capture unread Exchange/MAPI email ONLY in the user's Inbox folder. Clear to capture unread messages in ALL folders in the Exchange mailbox. If you change this option, the user must log out and log in for the change to take effect.
Lotus Notes - Email set and received through Lotus Notes.
103
To record internal webmail sites:

An internal web email site is hosted on a private web site, as opposed to external webmail offered by providers such as MSN Hotmail or Yahoo. The Recorder will NOT record internal webmail unless it is configured with the Host location and/or IP address. 1. 2. On the Email System Settings panel, click the Add button to open the Enter Host box. Under Select Internal Webmail Type, use the drop-down list to select the type of webmail host the user logs into: 4. 3.
Exchange-Web(2000) Exchange-Web(2003) OpenWebmail SqWebMail Type the host location in the first field. This is the URL of the mail server, which usually starts with "mail" instead of "www," such as "mail.school.edu." If you wish, check the "Host might be accessed by the following IP address" and enter the IP address of the webmail host. If you don't know the IP address, click the Resolve button. The IP address is optional. 5. Click OK to return to the Email System Settings, where the webmail host and is now listed and will be recorded.
To add mail server ports:

Type a space following the default port, then type the port number. The Recorder will monitor all specified ports. Click OK to set the changes.

Note that Spector 360 automatically captures Outlook Web Access 2007 and 2010 (also known as Outlook Web App, or OWA), a webmail service of Microsoft Exchange Server. Use this system setting to capture earlier versions of Exchange webmail.
SMTP Ports: Monitors port 25 to capture outgoing SMTP email, such as that sent by MS Outlook. POP Ports: Monitors ports 109 and 100 to capture incoming POP email, such as that received by MS Outlook. IMAP Ports: Monitors port 143 to capture incoming IMAP email received via a remote server.
Exchange-Web(2000) - The user logs into MS Exchange Webmail 2003.
104
Document Tracking
Document Tracking Settings

Spector 360 captures copy, print, edit, delete and rename actions on a document. If you do not change the default settings, the Recorder captures document printing and CD/DVD burning activity, but does NOT track files. Turn on File Tracking to find out who does what to documents at certain network drives or devices. Select the profile's Record > Document Tracking.
Document Tracking
Document Tracking allows you to determine who, when and what is happening to sensitive documents and how resources are being used. Initially, only printing and CD/DVD burning are tracked, but you can turn on settings to track the recorded user's document activity at any location on the local computer or on the network.
Use Document Tracking to find out:
Who copied, deleted, or modified an important network document If there has been movement of confidential documents Whether intellectual property theft is occurring How print resources are being used
With each document activity, Spector 360 records:

Date and time of the activity Computer where the activity took place User logged in Program used for the activity Action involved: Print, Write, Delete, Create, or Rename Device type: Printer, Network, Removable, Local, CDROM, Other, or Unknown Device name and path (e.g., \\SERVER10\LaserJet Printer 2nd Floor) File involved: full path of the source file, file name, file extension, and file size
To enable or disable Document Tracking:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This setting has no effect on the other recording tools.
105
To set file tracking:

Select one of the following options:
Document Tracking on a local hard drive can generate an enormous amount of data. Enable tracking on a local hard drive ONLY with file filters to limit folders and files tracked.
To set a File Name Filter:

The File Name Filter limits file tracking on all drives being recorded by including or excluding files. The following setting will track ONLY Do Not Track - (Default) Choose to turn off tracking of files and only track printed documents and/or CD/DVD burning. Use File Tracking Options based on Drive Type - Select which "types" of drives (Local, Network, Removable, etc.) to track. For example, you would choose this option to track files being copied from network drive to a removable device. See File Tracking by Drive Type. activity involving files with the "budget" in their filename. No other files will be tracked.
Configure File Tracking Options for each Drive - Windows Profiles Only. Select a lettered or known UNC drive and to track (or not track). For example, you would choose this option to watch a particular network drive, or to change the definition of Default File tracking for all drives. See File Tracking for Each Drive.
1. 2.
Select Include to include a list of files to track. Select Exclude to track all documents except for a list of files. Click the Add button to add a filter. See Document Tracking File Filter for complete rules.
Remove a filter by selecting it and clicking the Delete button. For example... To track a network drive where sensitive documents are kept, you would Configure File Tracking for the specific drive. To track downloading of Network documents, you would Use File Tracking Options based on the "Network" drive type, watch all activity, but be sure to add a File Name Filter to narrow results. To track ONLY files on a Network drive that include a "confidential" folder in the path, you add a file name filter that directs Spector 360 to INCLUDE *\confidential\* in the path.
To track printing and Windows CD/DVD burning:

These options are not affected by file tracking or filters.
Track Printed Documents - Check to record documents submitted to a printer, including the name of the print job, the job owner, number, size, and date and time submitted. Clear this option to omit tracking printed documents.
Track WinXP CD/DVD Burning (IMAPI) - Windows Profiles Only. Check to record files being written to a CD/DVD device if the application is using Windows IMAPI (Image Mastering Applications Programming Interface). Disc burning on older, proprietary interfaces may not be captured. Clear this option to omit this type of tracking.
106
File Tracking Based on Drive Type

Spector 360 recognizes four drive types that may be attached to a computer and assigns all others to the type "Other." When you select Use File Tracking Options based on Drive Type it doesn't matter if a new network drive is mapped, or if a removable storage device takes a different drive letter. Spector 360 still tracks files according to the drive types checked.
Deleting Files Records an "event" when a file is deleted someone removes a file or folder. Renaming Files Records an "event" every time a file is renamed.
Check the types of drives you wish to track. Clear the drives you do not wish to track:
CD/DVD Any drive where a CD or DVD device is detected. Note that if a CD/DVD driver does not support file actions (create/modify/delete) at the drive, activity will not be recorded. To capture CD/DVD burning on Windows, select the CD/DVD burning (IMAPI) option at the bottom of this panel.
Local - Includes the local hard drive (or drives). Be very careful choosing this setting. Windows generates a large number of file operations on local hard drives, and you probably don't want to record ALL activity. If you need to track local drives, limit the activities you track or use File Name Filtering to focus in on directories, files, or file types.
For example, the above setting tracks all activity initiated by this user, omitting only activity on Local hard drives and Other drives.
For File Tracking based on drive type, Spector 360 considers files addressed by UNC names to be on "Network" drives.
Network Any remote (non-local) drive detected by the operating system. For example, if the user opens a file on the network S: drive, eBlaster would capture the event.
Removable Any drive detected as removable device, such as a USB memory stick, external CD/DVD, MP3 player, or camera. Other If the device (camera, phone, etc.) is not detected as any of the above, use this option to capture file activity.
To set file tracking by drive type:

Check the types of actions you want to record. Clear (uncheck) the actions you do not wish to record:
Creating New Files Records an "event" when a new file is created. Creating a new file includes copying a file to a location where it did not exist before.
Writing to Existing Files Records an "event" when a file is opened for writing someone opens, edits, and saves or does not save changes.
107
File Tracking for Each Drive

Windows Profiles Only. A user can request access to a drive using the computer's drive mapping (letters A: through Z:) or a network UNC location (e.g., \\DAVESCOMPUTER\SHARE). Select Configure File Tracking Options for each Drive to capture activity at specific lettered drives or UNC locations. Scroll down to see all drives.
To set file tracking by specific drive:

Select a drive from the list of drives. Click Edit to open a box displaying the choices for file tracking at this drive.
If no "Type" is listed (Local, Network, CD/DVD, Removable), the drive is not currently active or mapped. UNC is the last choice in the list and applies to activity that occurs when the user navigates to a shared location on the network.
If a drive is added or a drive mapping changes, Default Tracking is automatically applied to the new drive. This means NO FILE TRACKING WILL TAKE PLACE.
Do NOT Track files on this drive - Turns off ALL file tracking on the drive. Use Default File Tracking - Uses Default File Tracking for this drive (the default). Use Custom File Tracking, Track if - Select specific actions to record or not record on the selected drive (see below).
Be careful when turning on file tracking for LOCAL and commonly used NETWORK drives. Use File Filtering, if necessary, to avoid getting too much data.
108
To set custom file tracking:

Default Document Tracking

Windows Profiles Only. Default Document Tracking is applied to ALL file locations for which you have NOT selected Custom Tracking. Initially, these settings capture NO FILE ACTIVITY (all options are cleared). Access these settings by selecting Configure File Tracking Options for each Drive and clicking the Default Tracking button.
Click OK on the Custom Tracking Settings box to return to Document Tracking settings, where your selections are displayed in the "Tracking" column. File tracking at Drive G: on Create + Write + Delete + Rename
Reasons to change Default Document Tracking might be:
You need to track ANY copying of files to removable drives (as shown above). You need to watch all of a user's document activity for a few days. You would select all options and assign the recording profile only to high-risk computers.
109
You need to track ALL activity that occurs to a sensitive document at any location. You would all options, but define a file filter on the Document Tracking main settings panel.
Be careful! You may end up tracking more activity than you need! Custom File Tracking by drive (below) or tracking by Drive Type is easier to control than changing the Default Tracking.
activities you track or use File Name Filtering to focus in on directories, files, or file types.
Network Any remote (non-local) drive detected by the operating system. For example, if the user opens a file on the network S: drive, eBlaster would capture the event.
Removable Any drive detected as removable device, such as a USB memory stick, external CD/DVD, MP3 player, or camera. Other If the device (camera, phone, etc.) is not detected as any of the above, use this option to capture file activity.
To change the default settings:

Click OK. Changes will be applied when the Recorder checks in with the CCS. You may want to restart the recorded computer to make sure changes apply to all applications.
Check the types of drives you wish to track. Clear those you do not wish to track:
CD/DVD Any drive where a CD or DVD device is detected. Note that if a CD/DVD driver does not support file actions (create/modify/delete) at the drive, activity will not be recorded. To capture CD/DVD burning on Windows, select the CD/DVD burning (IMAPI) option at the bottom of this panel.
Local - Includes the local hard drive (or drives). Be very careful choosing this setting. Windows generates a large number of file operations on local hard drives, and you probably don't want to record ALL activity. If you need to track local drives, limit the
110
Document Tracking File Filter

The Document Tracking Settings panel presents a File Filter button. Click this button to display the File Filter box (shown below) and enter the name of a file you want to include or exclude from recording on any drive. You can include a specific path or use a combination of wildcards with path specification and/or file type. The entry in the illustration below would track all .doc files on any UNC drive:
For example: Include or exclude all Word documents All documents in any directory with "private" in the file name All documents on the C: drive with "private" in the file name All documents (UNC) on a specific host All Word documents at any UNC location All Word documents on any lettered drive All documents with the file type "as" plus one additional letter (as in .asp) *\*.doc *\*private*.* c:\*\*private*.* \\192.168.1.20\*\*\*.* \\*\*\*\*.doc *:\*\*.doc *.as?
To track a particular file:

Enter the file name. For example, if you enter "budget.xls" to be included, the Recorder will record activity to any budget.xls file in any directory on any of the drives being recorded. If you want to track a single file stored at a particular location, you must specify the full path, for example, "\\SERVER3\2011\Budgets\budget.xls."
Click OK to add the filter to the include/exclude list or cancel to discard the filter.
Files Transferred
Files Transferred Recording

The Spector 360 Recorder captures every exchange of information between one computer and another: searching, downloading, or uploading. Files Transferred reveals:
To use wildcards:
You can use wildcards to specify a path, a filename, or a file type. The Spector 360 Recorder will include or exclude files represented as long as file tracking is ON for the drive or drive type.
Use the * (asterisk) wildcard to match zero or more characters. Use the ? (question mark) wildcard to match any one character. Use *\* to find the match on any path.
If pirated software is being downloaded Bandwidth usage due to video and music downloads Inappropriate exchanges of information Which upload/download domains you need to block from
access
111
File Transfer data recorded:

For each Peer-to-Peer, FTP or HTTP transfer the Recorder captures, Spector 360 records:
Use of computer resources to archive and exchange large files Security risks in sharing with unknown Internet users P2P Programs Recorded Kazaa Kazaa Lite Morpheus Gnucleus LimeWire Phex Swapper XoloX P2P NOT Recorded BearShare
Program used to transfer files Date and time the transfer was recorded Type of transfer: upload or download Name of the file transferred Type of the file transferred: audio, image, video, software program, compressed, or unknown file
Types of file transfer events recorded:
FTP - File Transfer Protocol (FTP), is a standard protocol used to exchange files between computers over a TCP/IP network (such as the Internet or an Intranet). FTP is commonly used to upload files to a server and to download files to a local computer.
HTTP - Hypertext Transfer Protocol (HTTP) is a set of rules for transferring files - text, graphic images, sound, video, and other multimedia files - on the World Wide Web. HTTP makes its requests and responses over a TCP/IP network.
Peer to Peer (P2P) - Peer to peer communications allows direct file exchanges between two computers over the Internet. Unlike FTP, there is no concept of a formal "server." Protocols captured include Kazaa and Gnutella, which is used by Morpheus, Gnucleus, LimeWire, Phex, Swapper, and XoloX, and rely on HTTP ports to transfer files.
Peer-to-peer programs recorded:

P2P programs allow a user to search thousands of computers for a file and download it to the local computer. In addition, files on this computer can be made available for any other person on the Internet to access. Concerns with this type of activity are:
Access to pornography Illegal copies of copyrighted music, software, and other media
112
Files Transferred Settings

By default, the Spector 360 Recorder captures any peer-to-peer, FTP, or HTTP upload/download activity on network computers. Turn off or fine-tune File Transfer recording on the Files Transferred panel.
Files Transferred System Settings

Windows Profiles Only. Files Transferred System Settings let you add monitoring at non-standard ports and turn off HTTP uploads. Change these settings ONLY if you are sure you will not compromise capture of File Transfers. Select a profile's Record > Files Transferred panel, and then click the System Settings button.
To record file transfer activity:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This setting has no effect on the other recording. Network and Document activity can still be recorded.
To change file transfer ports:

If your web server is configured to use non-standard ports, you may not be properly capturing certain types of file transfers.
Gnutella Ports - Lists the ports commonly used for Gnutella activity separated by a space. If a non-standard Gnutella port is used, type a space and add the port to this field.
System Settings - Windows Only. Click this button for advanced Files Transferred settings that allow you to add Gnutella and FTP ports, or turn off capture of HTTP uploads. More...
You will see evidence of port activity in the Dashboard's Network Activity details. Note the FTP or Gnutella port and add it to this panel. See Troubleshooting File Transfer Recording.
FTP Ports - Lists ports commonly used for FTP activity. If a nonstandard FTP port is used, type a space and add the port to the list.
113
To record HTTP uploads:

By default, Spector 360 captures files uploaded from the computer to web sites via the HTTP protocol, which may include web activity already captured by the Web Sites Visited recording tool. Clear this option to limit the recorded upload activity to FTP and other protocols. Spector 360 will still capture HTTP downloads. Keep this item checked for a complete record of all uploads and downloads.
Keystrokes Typed
Keystroke Recording
The Spector 360 Recorder logs every visible and non-visible keypress, providing clear proof of what was typed in any application or at any web site. It can capture extended keystrokes, such as keystrokes used to render non-Latin characters. Keystrokes typed in one program window (up to a certain length) are captured as one Keystroke event.
Keystroke recording allows you to find out:
To save your changes and close the Settings window:

1. 2. Click OK on the Files Transferred System Settings box to save your changes. Click OK on the profiles settings box.
If someone uses a password inappropriately Where a user has typed a "hidden" Ctrl+C and Ctrl+V What was typed in a program, whether or not you have access What was typed, even when the email or document was
subsequently changed or deleted
With each Keystroke event, Spector 360 records:
All keystrokes typed in the window Total count of keystrokes typed Date and time the keystrokes were recorded Start and end times: there may be multiple start and stop times within the window if there were typing delays of more than five minutes Name displayed in the Window's Title bar Program used and user logged in
Text entered from a tablet (written with a stylus) will NOT be captured as keystrokes. However, you will have Screen Snapshots, and a record of the document, email, or online searching activity.
114
Keystrokes Typed Settings

The Spector 360 Recorder captures all keystrokes typed in all programs; whether or not you have access to those programs. You can turn off keystroke logging from the Keystrokes Settings panel. Keystrokes include non-visible keys, such as Shift and Control.
When you enable this option, a message asks if you would prefer to completely disable capture of form data to avoid capture of passwords. Choose Yes to disable POST forms capture, ensuring no passwords will be captured. Choose No to mask keystroke passwords, but allow capture of form data, whether or not passwords are included.
System Settings - Windows Only. Click this button to access the Record Characters option, which is useful for monitoring computers being used in other languages. More...
The Recorder does not capture mouse activity.
Keystroke System Settings

Windows Profiles Only. Keystroke System Settings are important when
To record Keystrokes Typed:
you are monitoring someone using a language that requires more than one keystroke to create a character (for example, Japanese).
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. Do Not Capture Passwords - Check to "mask" password entry with asterisks (*) so they do not show up in Keystrokes Typed reports. Clear to see all password keystrokes. A user name and masked password
Enabling this option may not prevent capture of passwords with form (Post) data, which appears in the Dashboard as part of web site activity when Record POSTs is enabled. This means passwords will be visible in some cases where a web site login was used.
To turn capture of characters on or off:

Check Record Characters to enable the recording of keystrokes that combine to create characters. Clear to capture only individual keystrokes typed.
115
When this box is checked, the Dashboard displays a Characters tab and shows characters resulting from combined or extended keystrokes. Characters will also appear in Email and Chat/IM events IF the application used supports the language used. By default, character information is not captured unless you are using an operating system designed for an international character set. See Keystrokes vs. Characters.
IME Assistance
Some languages (like Japanese) have too many characters for a normal keyboard to accommodate. For these languages, an Input Method Editor (IME) helps users enter characters. For example, the Japanese IME converts the keystrokes nihongo into these three characters:
Keystrokes vs. Characters

The Spector Client Recorder supports capture of non-Western characters, such those used as Chinese, Russian, Japanese, etc. You can view both the keys actually typed by the user and the formatted single-byte or double-byte characters resulting from the keystrokes.
Client Recording Method

When the Client Recorder is set to Capture Character Information, the Client will use the local Windows OS information to capture both the keystrokes typed by the user and the characters (double-byte if necessary) that Windows created from those keystrokes. For languages like German, Hebrew, or Japanese, the ViewerDashboard provides the Keystrokes view (which doesn't make much sense) and a formatted Characters view (which shows the characters as the user meant to display them).
If the Recorder is not set to Capture Character Information, and if there is no foreign language data available, there will be no Character tab in the Keystrokes Event window of the ViewerDashboard.
Keystrokes are the physical keys you press on your keyboard. Pressing keys on the keyboard may or may not generate a character. For example, to generate capital A, you would type the SHIFT key (which does not generate a character) and the A key. The first keystroke is a dead key because it does not produce any characters by itself.
Characters are the glyphs (the pictures of characters) displayed as a result of the keystrokes. The dollar sign glyph $ on a standard western keyboard is generated by pressing the SHIFT key and the 4 key.
Multiple Keystrokes to Input Characters

Many languages (like German) require multiple keystrokes to generate common characters, and the keyboard used may be substantially different. To create the character on a German keyboard, a user presses our ~ key (which has a different picture on the German keyboard) and the A key.
116
Network Activity
Network Activity Recording

Network activity recording allows you to see which applications are connecting to the Internet, when and where the connections are made, the IP ports they use, and the amount of network bandwidth consumed by those connections. A network "event" starts when a user (or any application on the computer) connects using TCP, FTP, HTTP, HTTPS, or KAZAA to an outside address and port. The event continues until the connection is ended or until a period of inactivity at the port passes (10 minutes by default).
Network Activity recording reveals:
Number of bytes sent during the event Number of bytes received during the event Duration of the event
Spector 360 will NOT record connections:

To the local computer's network IP address. Network connections made from the local computer to itself will NEVER be recorded. These standard ports include: 0.*.*.*:* 127.*.*.*:*.
To common network IP addresses in the ranges normally used for local networks. You can change settings to include these ports, but you risk receiving a very large number of network events. The standard LAN ports include: 10.*.*.*:* 169.254.*.*:* 192.168.*.*:* 10.*.*.*:* - Represents connections made at the local computer to itself 169.254.*.*:* - Represents local area network ranges commonly used by DHCP 192.168.*.*:* - Represents local area network ranges commonly used within a network
Who is accessing streaming audio/video, online gaming, or

other resource "hogs"
The extent of a productivity or resource drain: when

connections are being made, which ports are used, and the amount of bandwidth consumed by those connections
Violations of company acceptable use policy regarding media

and downloads
Which applications make unnecessary or suspicious

connections to the Internet
Internet transactions that may not be captured by Files

Transferred, Program Activity, or Web Sites Visited recording
With each Network event, Spector 360 records:
Name of the program that established the network connection Start and end time of event Protocol used for connection Domain name where connections were made IP address of the target connection Port used for the connection Number of connections during the event
117
Network Activity Settings

Windows Profiles Only. The Spector 360 Recorder captures all network activity, such as installed applications connecting to the Internet for updates or information. Because the amount of network activity captured on a busy network can be overwhelming, you may want to limit recording. This helps you spot the unexpected, inappropriate connections. Select the profile's Record > Network Activity panel.
Turning off Network Activity recording has no effect on the recording of Files Transferred, Document Tracking, Web Sites visited, or other types of recording.
To limit Network Activity recording to programs:
Record network activity for only these programs listed Record ONLY the listed programs. Record network activity for all programs except these listed EXCLUDE the listed programs.
Click Add in the Programs section. In the Select Programs box, select the programs you wish to include or exclude. Use the Browse button to navigate to and select any executable file.
To record Network Activity:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. For example, may want to exclude programs such as Internet Explorer (Iexplore.exe) to avoid duplicating activity already captured by Web Sites Visited recording. The folder path of the file name is NOT
118
necessary. Click OK to close the add the program to the list. The listed programs will be recorded (or excluded from recording).
Start the program you want to select and then click Refresh on the Select Programs box to display it in the list.
click the Resolve button. If the name can be resolved to an IP address, it is displayed in the IP fields above. In the example above, activity at Amazon.com would be excluded (or included).
All network connections have IP:Port information. The IP is the address of the computer where connection was established, and the port locates the connection at the computer. Ports are like phone extensions to a single phone number. Some port numbers are well known, standard Internet connections. For example, port 25 is almost always used for SMTP email, and Port 80 is almost always used for web page connections.
To limit ports where Network Activity is recorded:
Capture network activity for these IP ports listed - Select to include ONLY at the listed IP ports. Be sure to REMOVE the default ports and Add the ports to include. For example, to capture ONLY web traffic, clear all ports and add 80 (*.*.*.*:80).
Capture network activity for all IP ports except those listed - By default, Spector 360 captures activity at ALL ports EXCEPT those listed, which would result in large amounts of recorded data. You can exclude additional ports. For example, port 25 is almost always used for SMTP email. You might exclude this activity if you get enough data from Email recording by adding (*.*.*.*:25).
Click OK to accept the entry, or Cancel to reject it. The window closes. If the entry was accepted, the IP and Port is added to the IP:Ports list.
To save your changes:

Click OK at the bottom of the panel to save your changes or Cancel to remove them.
Click Add to add new ports. In the IP:Port box, type the IP address and port, or use * (asterisk) to specify ANY value.
All ports at a local computer might be: 192.168.0.90:* Email at any IP address using the standard SMTP port is: *.*.*.*:25
If you don't know the IP address, under Computer and Domain Name Resolver enter the "friendly" computer name known on the network (such as OFFICE005) or a domain name (such as amazon.com) and
119
Network System Settings

Windows Profiles Only. Network Activity System Settings allow you to adjust the time-out period at which the Recorder "flushes" a network event. Change this setting only if you are sure you will not compromise the Recorder's ability to record, or if directed by SpectorSoft Technical Support. Select Record > Network Activity and click System Settings.
Notes:
Reducing the minutes in this setting generates more events. Raising the minutes in this setting generates fewer events with more connections. A connection to the same network IP address but at a different port is always recorded as a separate network event. If more than one connection is made by the same program to the same network address/port within a period of activity, the Recorder will not "start" a new event, it will add the connection to the current event.
If the inactivity time period passes without any new connections being made, the Recorder records current activity as an "event," including the count of connections made during the event.
For example: If you browse CNN in the morning for 5 minutes and again at lunch for 15 minutes two separate network events involving cnn.com are recorded (inactivity was detected between morning and lunch). If you are browsing CNN in the morning and continue to browse continuously until lunch, a single event with many connections would be recorded (no inactivity detected).
To change System Settings:
Flush after n minutes of inactivity - Enter the number of inactivity minutes that should pass before the Network event ends. "Inactivity" is the number of minutes that should transpire between network connections before recording of an event. The default inactivity time is 10 minutes.
Click OK to save the Advanced Network Settings.
120
Online Searches
Search Engines Recorded

In addition to well-known search engine sites such as Google and Yahoo, the Recorder will capture searches entered on any web site that uses standard searching techniques. For example, a search for an article at a newspaper site, a job at a job site, or a book at a bookstore site may be captured. The following search engines are just a few that are recorded:
Online Search Recording

The Spector 360 Recorder captures online searches when it detects them. When it finds standard searching techniques, it captures the search phrase entered by the user along with other information about the search site. Knowing the search phrase helps you understand why a user is at a site; for example, whether a user is searching a job site for professional growth or is looking for a new job.
Online Searches reveal:
Who is searching for jobs, items to buy, girlfriends, and so

on during work hours
How many personal searches an employee conducts Indicators of possible inappropriate or even violent behavior How a productive employee conducts research on the
Internet
alltheweb.com altavista.com ask.com gigablast.com google.com msn.com teoma.com yahoo.com

You can configure exactly how Spector 360 captures online searches from the Management tool in the Dashboard. See Online Search Rules in the Spector 360 Dashboard Guide.
With each Online Search event the Recorder captures:
When, where, and who was searching Words entered by user for the search, such as "jobs in Hawaii" Internet site where the search was entered The protocol or Uniform Resource Identifier, used at the site (HTTP, HTTPS)
Web Site Recording must be ON to capture online searches. Searches are captured along with other Web Site activity.
121
Program Activity
Program Activity Settings

By default, the Spector 360 Recorder captures all activity within programs used at the computer. You can turn OFF this type of recording or change the inactivity "time out" that determines when an event ends. Select the profile's Record > Program Activity panel.
Program Activity Recording

The Spector 360 Recorder captures information about every program and every program window opened by a user, every day. It records programs that create a visible window on the monitored computer; it will not record programs that run in the background or are indicated by an icon in the notification area unless the user opens a window to the program. Program Activity recording reveals:
Times employees are actively using productivity programs Which productivity programs users prefer How much time is wasted on games or frivolous programs If unapproved programs are being used
For each program event, the Recorder captures:
Date and time the program window was opened Title of the program window Name of the program User who executed the program Total time the program was open Time the program had focus Time keyboard and mouse activity were taking place When and how many times the program was opened during a day
To record Program Activity:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This setting has no effect on the other recording tools. Program activity will still be visible in Screen Snapshots and Keystrokes.
Record App-V Applications

If you deploy applications through Microsoft Application Virtualization (App-V), formerly SoftGrid, make sure you enable App-V Support in the profile to allow recording of these applications.
122
Program System Settings

A program is considered "inactive" once all mouse and keyboard activity has ceased for a period of time (default is 3 minutes). If 3 minutes have passed with no activity, recording stops, and the Recorder marks the program as "inactive." The Recorder subtracts the 3 minute time-out period from the active time period in the event record. As soon as mouse or keyboard activity begins, recording begins again. You can change the Inactivity Timeout period in a profile's Record > Program Activity > System Settings. This setting is effective only if Program Activity recording is ON, and applies to activity within programs and at web sites (within browser programs). Timed Screen Snapshots and general User Activity are not affected.
To change the inactivity time out duration:

Next to Inactivity Timeout click the up or down arrow or type a number to change the time out interval (0999 minutes). The default interval is 3 minutes. Zero (0) specifies "no time out." Click OK to save your change and return to Program Activity settings.
Once the inactivity time is exceeded, the time the program window remains open including the Inactivity Timeout duration (3 minutes) will be displayed as "inactive" in the Dashboard.
123
User Activity
User Activity Settings

Windows Profiles Only. The Recorder captures information about all users who log in to the monitored computer - when they log in, when they log out, and whether or not they were actively working throughout the day. You can turn User Activity recording on or off in a Computer Profile from Record > User Activity.
User Activity Recording

The Spector 360 Recorder automatically captures when the user logs in, periods of activity when the keyboard or mouse is in use, periods of inactivity when no keyboard or mouse movement occurs, and when the user logs out. Any changes to the system clock or an interruption of recording are noted as events. No settings are available for this type of recording. The Inactivity Timeout setting is provided in the Computer Profile under Program Activity. User Activity reveals:
To turn this recording off or on:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording.
Which employees are starting early and having productive

days
When this recording is ON, a chart of activity for the user appears in the User Activity view.
Who is taking long lunches or coffee breaks If anyone is logging on at night or on weekends Where and when recording has been interrupted on a
computer
To save your changes and close the window:

Click OK at the bottom of the panel to save your changes, or Cancel to remove them. The window closes.
There are no settings for User Activity Recording. As long as recording is ON for the applicable time periods, log on and log off events will be recorded.
124
Web Sites Visited
Post: The user submitted a form through the web page to a server Redirected: The requested page was redirected to another page Redirector: The requested page sent the user to another page Blocked: The requested page was blocked Blocked Redirector: The requested page redirected the user to a blocked page Blocked Redirected: The user was redirected to this page and it was blocked.
Web Site Recording

The Spector 360 Recorder captures all web sites visited by a user. Each visit to a new page at a Web Site is considered one recorded event. In addition to the web site URL, the Recorder captures the total number of visits made to a web site, length of time a page was in focus, and how long there was keyboard or mouse activity during the visit. You will be able to see that Jane Doe visited a job web site and spent a half hour actively using the site. You can even open and view the same web pages she visited. Web Site recording reveals...
Web browsers recorded:

Spector 360 records web sites (and other locations) visited using: Windows Microsoft Internet Explorer Mozilla Firefox MSN Explorer Netscape Navigator AOL and any site accessed by applications using the WebBrowser ActiveX control (as in MS Outlook and MS Access) Macintosh Safari Mozilla Firefox Opera
Which users are web surfing, how often, and when Who is visiting inappropriate web sites If a web page was opened and forgotten or actively used Total time a user spent at a non-work-related site Which web sites you should be blocking Whether it makes sense to block all Internet access for periods
during the day
Web browsers not recorded:

Spector 360 will NOT record Opera on Windows. If other browsers are not recorded, look for activity in Screen Snapshots.
At each web site, the Recorder captures:
Address ( URL) of the web site Date and time of visit How many visits occurred Total time the site was open Time the site had focus Time the user was active on the site The window title of the site Type of request sent to the web server: Web: The user navigated to this web page
125
Web Sites Visited Settings

Spector 360 automatically records every web site visited on the Internet, capturing the domain, subdomain, and types of activity. Web Sites Visited settings allow you to turn this recording on or off, or (for Windows) make adjustments to recording of web sites. Select the profile's Record > Web Sites Visited panel.
Web Site System Settings

Windows Only. Web Sites Visited System Settings specify the ports and browsers Spector 360 will record. SpectorSoft advises that only advanced users attempt to make changes so that recording is not compromised. Select the profile's Record > Web Sites Visited panel and click System Settings.
To record Web Sites Visited:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording. This setting has no effect on the other recording tools. Web Site activity will still be captured in Screen Snapshots, Keystrokes, and Program Activity.
Changes to these settings will not take effect until the user quits and restarts browser applications. You may wish to remotely restart the computer.
To change web site ports:

Spector 360 monitors the TCP/IP ports commonly used to access web sites on the Internet. You would add a port if a computer is configured to use a non-standard web server port or a proxy server.
HTTP Ports - Ports 80, 8080, and 11523 are TCP/IP ports commonly used to access the Internet. If your web server is configured to a different port, type a space and add the port number to this list.
126
HTTPS Port - Port 443 is the TCP/IP port commonly used to access the Internet with SSL security. If the web server is configured to use a different port, type a space and add the port number to this list.
Do not delete a listed port unless problems occur on the network.
To set record options:

By default, Spector 360 captures activity from most web browsers. Disable the capture of types of browsers to limit recorded data.
Record Mozilla Browsers (i.e., Firefox) - This option is checked to enable capture of activity on Firefox, Netscape, and other Mozillabased web browsers. Clear to skip recording these browsers.
To find other ports used:

Open the Dashboard and inspect Network Events in Data or User Explorer. The event details show both the application name and port making connection to the Internet, so if iexplore (or other browser) connects at a port other than 80 (or one of the listed ports), you would add that port number to the Web Sites Visited System Settings.
Record AOL Security Edition - (ON by default) Check to enable capture of AOL Security Edition. Clear to skip recording of this browser.
Record POSTs - (OFF by default) Check to enable capture of all POST form data where information is sent from the local browser to a remote Internet server. Complete information about each POST appears in Dashboard Web Site Events. Clear to skip this recording.
To find a proxy server port:

These instructions may vary, depending on the computer's operating system. 1. 2. Select Windows Start > Control Panel > Internet Options. Select the Connections tab. Click the LAN Settings button to open the Local Area Network Settings to find out of a proxy server is used. Click Advanced to open the Proxy Settings window and capture the port numbers. 3. Add these ports to the HTTP / HTTPS ports recorded in Web Sites Visited System settings. For example: A proxy server address for HTTP traffic is 192.168.1.100:2280 (with 2280 being the port number). Type a space and then 2280 in the HTTP Ports field.
An example of POST form data captured with web activity
To save changes:
Click OK on this panel and on the main Settings panel.
127
Who/When to Record
Green - Click on a half-hour spot on the grid or click and drag to mark the time to record. Green color indicates the time periods to be recorded.
When to Record
Normally, a Spector 360 Recorder records ALL activity, whenever a computer is on. You can adjust a Computer Profile so that the Recorder only captures activity at specified times. The Record > When to Record setting affects ALL types of activity recording and all users being recorded (using this profile). For example, there may be certain times of day or certain days of the week when it's not necessary to record activity.
White - Click again on any green area to clear it (the time period will not be recorded). View Scheduled Times - Click this button to see a list of times when recording will be ON. This helps you adjust your selections.
Clear Entire Schedule - Click this button to clear all green from the grid and start over.
The When to Record schedule only affects activity types set to ON in the left portion of the Record pane.
To schedule recording:
Check the "Record based on the following schedule" option to activate the weekly grid. Clear this option to record always (within other setting parameters).
128
Who to Record
Normally, the Spector 360 Recorder records ALL users who log onto a computer where it is installed. Each new user name is captured. Each user's activity is captured. It's possible to limit who you record by including or excluding users from recording. A user you are NOT recording could log in to any computer on the network, and the Recorder would not record any activity after that login.
To select who to record:

Check the "Only record the following Windows users" option to activate the rest of the panel. Clear this option to record ALL users who log in.
Record only users listed - Select to specify which users to record. Record all users except these listed - Select to specify which users NOT to record. Add - Click this button to add a user to the list of users to record (or not to record). The New User dialog box appears. Enter the name of a user to record. The name must be the local Windows or network login username. Click OK to add the user to the list.
Delete - Select a user in the list and click this button to remove the user from the list.
The Who to Record setting affects ALL activity types that are ON. If you want partial recording for certain users, turn OFF activity types in the Record left pane and select the user names here.
129
keyword is detected, an "event" is recorded, and you will be able to
Keyword Alerts (Local)
view data about the event. A Keyword Alert event captures:
Keyword Alert Recording

The Spector 360 "Alert" feature detects words and phrases, and can notify you immediately when and where a policy infraction occurred. You can set up complex Event Alert profiles that watch activity at the server, or list keywords and phrases in the Recorder Profile to watch events in progress at the local computer. By default, no local keywords are defined and email notification is not enabled. You need to provide the "red flag" word or words. Use local Recorder Keyword Alerts to:
The keyword or phrase detected (for example, "online gambling") Application being used User logged in Date and time of detection Type of activity recording in which the keyword was detected
To combine server Event Alerts and local Alerts:

Define and enable centralized Event Alerts, and, for computers where extra attention is needed, add a local Keyword Watch list. You can request that the profile use Keyword Groups from the enabled Event Alerts by checking Process Server Keyword lists.
Keyword Alert email notification leaves no trace on the recorded computer because it does not use the local email.
Watch suspect activity across all event types. Send immediate notification every time a keyword is
detected.
Increase the snapshot frequency at the computer where the

keyword was detected.
Events NOT scanned:

The Spector 360 Recorder does not detect keywords in the following activity types:
Receive reports about a user or computer in addition to

centralized Event Alert summaries.
To use server Event Alerts:

Use the Control Center or the Dashboard to define centralized Event Alert profiles. These type of "Alerts" do not depend on recording settings, and will not occur until recorded activity is uploaded and parsed in the Database. More...
Screen Snapshot events Program Activity events Email attachments Keystrokes when the keyword has been edited; for example, "sex" would not be detected if the user types s, e, t, Backspace, and x Web sites transmitted in encrypted format through the secure SSL protocol, typically addressed with "https://" Web sites transmitted compressed, such as Yahoo
To use local Keyword Alerts:

In the Recorder Profile, turn ON Record Keywords, supply a list of watch words or phrases, and specify where to watch for them. Local keywords apply only to computers receiving the Recorder Profile, increase Screen Snapshot frequency during the Alert event, and trigger notification as soon as a keyword is detected. Each time a
130
Defining a Keyword Watch List

The Spector 360 Recorder can alert you immediately when it encounters a keyword or phrase in a document, in a web page, in an email, or elsewhere and take additional snapshots to gather complete information. By default, there are no Keywords defined for a Recorder Profile. The watch list and snapshot triggering applies ONLY to computers receiving the profile.
To define a local keyword watch list:

Add keywords to the watch list one at a time, or import a list.
Add - Click to Add a word to the list. All characters, spaces, and punctuation are accepted. Select Match whole word only to match an entry exactly, such as "World of Warcraft." If you do not select this option, the Recorder will find partial matches, such as "world" or "war." Click OK to accept the entry and add it to the list.
You must have recording enabled for each activity type to get the full Keyword scan.
Delete - Select a Keyword in the list and click Delete to remove it. Import - Click to browse to and import a text file list of words. See Importing Keywords. Export - Click to export the Keywords list to a text file. The export does not include Server keywords. See Exporting Keywords.
To record Keyword Alerts at the local computer:
ON - Select this option (or toggle the left column button to green) to enable recording. OFF - Select this option (or toggle the left column button to red) to disable recording.
131
To specify where to watch:

Check the activities where you want to watch for keywords. The Recorder will check activity as it is captured locally and look for matches.
Scan Window Caption - Check to scan the captions of windows opened on the computer desktop. The caption usually includes the program name and document name. Recording of Program Captions must be on.
To set keyword actions:

Enable Record Keywords and choose from these options:
Recording of the activity type must be ON before keywords can be detected in it.
Trigger Snapshot Recording - Check to take extra snapshots when a keyword is detected. Clear to skip taking extra snapshots. Snapshot recording does NOT need to be on.
Scan Chat and Instant Messages - Check to scan the content of chat and IM conversations for a keyword match. Clear to skip Chat/IM conversations. Chat/IM recording must be ON.
every [?] seconds for [?] seconds - By default the Recorder takes a snapshot when the keyword is detected and continues to take snapshots every 5 seconds for a period of 60 seconds. Select 1-999 seconds for either field. Lower numbers in the first field provide more snapshots. Higher numbers in the second field provide a longer time period for increased snapshots.
Scan Emails - Check to scan the content (body), subject, and To/From fields of sent and received email for a keyword match. Clear to skip email. Email recording must be ON.
Scan Web Site Addresses - Check to scan web site URLs and domains for keywords. Clear to skip web site addresses. Web Sites Visited recording must be on.
Process Server Keyword lists - Windows Profiles Only. Check to add words from Keyword Groups that are part of "enabled" centralized Event Alerts. These might include the predefined "Bullying" or "Drugs" group, or any defined custom group. Enable this option to increase snapshots and receive email notification immediately when these keywords are detected at a computer.
Many keywords can generate large numbers of snapshots, using up disk space on the computer and at the File Storage location. Be careful in setting up keywords and snapshots.
Scan Web Site Pages - Check to scan all content of web site pages for a keyword match. Clear to skip web page content. Scan Keystrokes - Check to scan the content of all keystrokes typed (following any edits or deletion) in any application. Clear to skip keystrokes.
Scan File Transfer Information - Check to scan the file names and locations involved in uploads and downloads. Clear to skip File Transfers.
132
Setting up Alert Notification

You can request email notification immediately when a local Keyword Watch List entry is detected. Select a profile's Alert > Alert Notification panel to turn on email notification and define how and to whom to send the email.
The recorded computer must have direct access to the Internet to generate an alert notification email.
To configure the email:

Select the frequency, method, and email address for notification.
Once Every . . . Mins - Use the up or down arrows to select the frequency for email notification. The Recorder can send an alert each time it detects a new keyword (this does not include multiple instances in a single location). However, to prevent a flood of email, set the notification interval to a greater time span. The Recorder sends an alert only once, for any given keyword, during
To turn on email notification:

Check Send Email Notification at the top of the Alert Notification panel. This activates the following options. Clear to skip the email. Alert Notification Email - "shopping" Found in Keystrokes Typed
the specified interval. It will NOT send subsequent alerts until this set number of minutes has passed. The default is 5 minutes.
Server Type - Select the type of Server from the drop-down list. Direct SMTP - The email is sent from an SMTP mail server. In the Email Address field, enter the delivery address (me@mycompany.com) and use the Advanced settings to specify the email server (mail.mycompany.com). Many mail servers do not approve Direct SMTP mail requests from computers; you may need to use Relay SMTP. Relay SMTP - Email delivery is relayed through a server. You provide the same credentials to the server that you use to log in to your email. Enter the Email Address (me@mycompany.com) and use the Advanced settings to provide the email server name, and your account name and password.
133
Exchange Folder - Windows Profiles Only. Email is delivered to a Microsoft Exchange public folder on the network. The recorded computers must be on the Exchange network, or the reports will not be delivered. If selected, the Email Address field is replaced by a Folder Path field. Type the public folder name of your Exchange server. Include the folder to which you will direct the alert email. No Advanced settings are required, although you may wish to change the email from address and subject. Default template settings for web page notification
Email Address - Enter the email address to receive alert notification. Advanced - Click to set up a Direct SMTP or Relay SMTP server and a "friendly" from address and subject for discretion. See Advanced Alert Notification Settings.
To customize the email format:

Click the Format button. You can change the wording and information shown in the email's subject and body.
To configure advanced options:

Click Advanced to set up the Direct SMTP or Relay SMTP server that will send the email (if you are not using an Exchange Folder) and a "friendly" from address and subject for discretion.
Formatting the Email

Client-side alert notification emails are formatted by "templates." The default template places the computer name in the subject line and provides a cryptic list of keyword, date, user, plus some context. Change the template to add or omit data and use your own wording for readability. Each activity type has a separate template. A web page alert (in gmail) using the default template
To change the email format:

In the Recorder Profile, select Alerts > Email Notification (a watch list of keywords must be ON). Click the Format button. The above dialog box appears. Make changes to the email template's Subject and body.
Keyword Source - Use the Keyword Source drop-down list to select
the type of activity where you want to change the message (Chat/IM, Email, Program Activity, etc.).
134
Reset Default - Click to return to the default email format for this
activity type.
Subject - Appears in the subject line of the email. A subject
Macros
USER_NAME - The Windows account name for the person logged in when the alert occurred. KEYWORD - The word or phrase from the Watch List that was detected. FIELD_NAME - The field in the activity record where the keyword was detected, such as CONTENT - Data providing a context, such as a URL for a web page or Window title for a document, for the keyword detected. DATE_TIME - The date and time the keyword was detected. COMPUTER_NAME - The recorded computer where the keyword was detected. PROGRAM_NAME - The name of the program that was running when this keyword was detected.
entered in the Email Notification Advanced settings will overwrite this subject. Select and type over wording you want to change, inserting macros as desired. The subject line can be useful for quickly sorting and filing email (by user name, computer name, and so on). Keep in mind that you can apply different templates to different Recording Profiles.
Body - The body template will comprise the email body, with
macros inserted in place of the information that changes.

Macros - Select a macro from the lower window and click Insert to
insert the macro at the cursor position in the template, either in the subject line or body. For example, you could change the Subject to: Sales Dept. - %KEYWORD% detected in %USER_NAME% chat
Subject: ABC Sales - budget.xls detected in JohnSmith chat
Advanced Alert Notification Settings

Adjust the Advanced Alert settings to configure how email notification will be sent when local Alerts are enabled in a Recorder Profile. This email, from the local computer(s), is in addition to any centralized Event Alert notifications that have been set up. To access these settings, select the Recording >Manage Recording Profiles > Alerts > Alert Notification and click the Advanced button.
If you have selected Exchange Folder or SpectorSoft Server on the Alert Notification panel, there are no additional email settings required. You can fill in the optional "Friendly" settings.
and the body to: Chat/IM in the Sales Department, as recorded by the Bank ABC Sales profile: %USER_NAME% from Bank ABC used the keyword "%KEYWORD%" in %PROGRAM_NAME% on %COMPUTER_NAME%.
Body: Chat/IM in the Sales Department, as recorded by the Bank ABC Sales Recording Profile: JohnSmith from Bank ABC used the keyword "budget.xls" in iChat on COMPUTER45.
135
To configure Direct SMTP delivery:

If you have selected Direct SMTP on the Alerts Notification panel, you have only one field to enter in the Email Information section of the Advanced Alert Notifications Settings box:
Domain - The domain of the email server. Use either the server's domain name or the server's IP address.
The Direct SMTP method of delivery can be inconsistent. You are sending this mail directly from the computer to the mail server, and many mail servers now deal with the problem of Spam by refusing to accept Direct SMTP from a computer (rather than from an ISP). Be sure to test the email delivery before settling on this choice. If it doesn't work, try Relay SMTP.
Authentication - Change the selection from None to POP or ESMTP if the mail server requires authentication a login for outgoing mail (most do). This activates the next fields.
Account Name - Enter a valid account name for the email server (same as you would enter for an email client). Password - Enter the valid password for the account name. TLS Windows Profiles Only. Select from: Do Not Use (default), Use if Available (encrypt the email if possible), or Required (TLS encryption is required). Transport Layer Security (TLS) encrypts communication to block outside parties from viewing the data during transmission. This is an extra security measure.
To configure Relay SMTP:

If you have selected Relay SMTP on the Alert Notification panel, fill in the following fields in the Email Information section of the Advanced Alert Notifications Settings box:
Mail Server - Enter the name or IP address of a remote SMTP mail server (not a webmail server). SMTP Port - Enter the port used by the SMTP server. The default port for most SMTP outgoing mail is 25. Be sure to check your actual email client setup to find out which is the preferred port for outgoing mail. The email test will fail if the wrong port is used.
Validate Server's Certificate - If you are using TLS, you can select this option for extra security. A certificate verifies the identify of a web site thereby providing a secure communications channel.
136
To configure optional email settings:

Use the settings at the bottom of the panel if you want the email message to appear as if it is coming from another source.
Importing Keywords
Instead of adding keywords and phrases one at a time in the Recorder's Keyword Alert settings, you can import a text file list. This allows you to maintain a list of keywords in a separate document. Start with an exported list or use any text file containing a list of keywords in the appropriate format. Import the list into a profile by selecting Alert > Keyword Watch List.
Friendly - Appears as a name identifying the "From" sender (in addition to the email address). From Address - Appears as the email address is sent from. The default is noreply@spectorsoft.com. Subject - Appears in the Subject line of an alert email. If you don't enter a subject line, the default subject appears as "Spector Alert on domain\computer."
You can import more than one keyword list. You can add to a keyword list and re-import it. Each import adds to the keywords already listed. Any new words are added, and any repeated words are ignored. To remove keywords from the Alert panel, select and Delete them explicitly.
To create a text file list:

You can create a text file similar to the one Spector 360 automatically creates when it exports keywords. Use any text editor, word processor or spreadsheet application that supports text (.TXT) output. Then, simply Import the list into Alert settings. Follow these guidelines:
One keyword or phrase per line (row) Use 0 (zero) following a keyword to find a partial word within other words Use 1 (one) following a keyword to Match whole word only and find the exact phrase Use # (number sign) at the beginning of the line to indicate a comment (will be ignored on import) Save the file in text format
137
To import a text file list:

1. 2. Open the profile's Alert > Keyword Watch List panel. Click the Import button next to the Keywords list box. Use the Import From box to navigate to your . txt keyword list. Select it and click Open. The list loads into the Alert settings panel.
Receiving Alerts in an MS Exchange Public Folder

A keyword alert can be sent by email to a Microsoft (MS) Exchange public folder that is monitored and reviewed by a Spector 360 administrator. The administrator can configure a public folder for each computer or a single public folder to receive alert messages from all recorded computers. The user being recorded must be logged into MS Exchange or the notification email will not be delivered. If the email is not delivered, it will be queued for delivery when the MS Exchange public folder is available.
To import an exported list:

You may want to use the same keywords in other profiles. 1. 2. First, Export the keywords you want to use. Open another profile and select Alert > Keyword Watch List. Turn ON Record Keywords and click the Import button. Navigate to the exported keywords file. Select it and click Open. The list loads into the Alert settings panel.
Security Considerations
Using an MS Exchange public folder may allow a monitored user to modify the content of the public folder receiving the alerts as they will have Create Items, Read Items, and Folder Visible permissions for the Default account. You can hide the public folder so most users would never know it exists on the MS Exchange server, but for better security the public folder should be moderated. If a public folder is moderated, all messages posted to the folder are immediately forwarded to another mail-enabled folder with restricted access. The public folder remains empty and the administrator can review the keyword alerts by viewing them in the "mail enabled folder.
Exporting Keywords
You may want to export a Keyword list to use in another profile.
To export Keywords:
1. 2. 3. Open the profile's Alert > Keyword Watch List panel. Edit the list if necessary, and when the list is ready, click the Export button. In the Export to box, navigate to a folder and type in a file name. You don't need to specify a file extension, but a text file will be created. Click Save to save the export file. The file you create can now be imported to a new profile.
Setting Up Folders
Create a MS Exchange Public Folder to Receive Alerts - Create a public folder to send the Alerts to. This folder This will allow a monitored user to see this folder in the Outlook Public Folders list and its contents.
Create a second hidden Public folder - This task creates a second hidden public mail folder that the first folder will forward Alerts to. Use MS Exchange System Manager to mail-enable the second hidden folder - Mail-enabling this second hidden folder will allow
138
the alerts to be forwarded from the to a moderated folder and removed from the second hidden folder.
make this folder a sub-folder of the first folder for organizational purposes. This folder will be hidden so that users will not be able to see it or its contents. 5. 6. 7. 8. 9. Click OK to create the folder. Select the folder that you just created in the Public Folders list. Right-click and select Properties. Click on the Permissions tab. Select the Default name. to disable. This removes permission for both Folder Visible and Read Items, making this folder invisible and inaccessible to all other users.
Configure the second hidden public folder to be moderated Prevents a user from accessing the Alerts while allowing the administrator to view the alerts from the second mail enabled folder. Note: You will need Administrator privileges perform MS
Exchange administration.
To create a MS Exchange Public Folder to receive alerts:

1. 2. Open Outlook and navigate to the Public Folders branch in the folder list. Right-click and select New Folder to create the folder. This will be the folder to be configured within the Client to receive posted alert messages. 3. Give the folder a name (i.e., SpectorPublic) and specify that it will contain mail items. Use the folder name you specified here when configuring the Client for the delivery of alerts via MS Exchange public folder. 4. 5. Click on the Browse button to navigate to the folder or sub-folder you would like this folder to reside. Click on the OK button to create the folder.
10. Select the Folder visible permission and remove the check mark
To mail enable the second folder:

1. 2. 3. 4. 5. Log on to the MS Exchange Server or another computer running the Exchange System Manager Open Administrative Groups and navigate to the Public Folders. Navigate to the second, hidden folder created above ( SpectorHidden). Right-click on the folder and select All Tasks > Mail Enable. Close and exit the Exchange System Manager.
To create a second, hidden Public Folder:

1. 2. 3. 4. Open Outlook and navigate to Public Folders in the folder list. Right-click and select New Folder to create a folder. Give the folder a name (i.e., SpectorHidden) and specify that it will contain mail items. Click on the Browse button to navigate to the folder or sub-folder in which you would like this folder to reside. You may want to
139
To moderated the second, hidden folder:

1. 2. 3. 4. 5. 6. 7. 8. 9. Open Outlook and navigate to the first public folder created to receive alerts ( SpectorPublic) Right-click and select Properties. Click Administration tab and select the Moderated Folder. Check the Set folder up as a moderated folder option. Click To .and browse to the second, hidden folder ( SpectorHidden). Click Add after the proper folder has been selected. Click OK. Move to the Moderators field and click on Add. Select the user from the list that will be reviewing the messages in the second folder (SpectorHidden). 10. Click OK to complete the Moderated Public Folder configuration. 11. Click OK to save the changes and close the Properties dialog box.
140
To enable local blocking: Blocking (Local)

The Recorder Profile "Block" settings are in effect at the computer even when the computer leaves the network. You can block:
Internet Blocking
Internet blocking (filtering) allows you to enforce an Acceptable Use Policy by preventing users from accessing all, or portions of, the Internet. Spector 360 allows centralized Web Filtering for Windows computers in addition to blocking at the local Recorder. The "Block" settings in a Recorder Profile apply only to the computers to which the profile is assigned. Use local Recorder blocking to:
Web site domains Chat/IM Contacts ("friends") Internet Access at ports Specific users who log in to computers where blocking is enabled
To combine server and local blocking:

It's possible to use Server Web Filtering when the computer is on the Spector 360 network and Revert to Local Web Filtering when Server is not accessible to activate local blocking as a backup. Any Chat/IM or Internet port blocking in the profile will always be applied, but web site blocking will depend on whether the computer is on the network.
The most restrictive policy always applies. If you BLOCK all HTTP/HTTPS ports, NO web site access will be allowed. Blocking ports is more restrictive in this case. If you ALLOW only a few web domains, you effectively block any chat communication not at these domains, even though the Chat/IM port is permitted. In this case, domain blocking is more restrictive.
Block web access for computers that leave the network . Block ALL Internet access. Block specific chat or IM contacts. Block types of communication or specific ports.
Block vs. Allow
If you block a domain the user cannot display any web page at the domain. If you block a port, no communication takes place at that port. If you block a Chat/IM contact, no messages are sent or received from the blocked contact. Alternatively, if you allow access to ONLY certain domains, ports, or Chat/IM contacts, a user can access these and no others. For example, you could limit Internet access to ONLY online references, a work-related server, a specific FTP domain, in-house MSN messaging, and that's it. No other Internet connection is allowed.
To use Server Web Filtering:

If you wish, you can enable Server Web Filtering and define centralized Filtering rules to apply across the Spector 360 network. This filtering does not apply if a computer leaves the network. More...
141
Block Web Sites

When a web site is blocked, the user sees a "Page Not Found" error or a Blocked Web Site message instead of the web page. Prevent users from accessing web sites by selecting a profile's Block > Web Sites Visited panel. You can enable centralized Server Web Filtering, local Web Filtering, or both. Web Site recording must be ON before the Recorder can BLOCK access. Keep in mind that a long list of web sites to block may result in Recorder performance issues.
filtering policy for the computer. Local filtering settings (in the lower portion of this panel) are ignored until the Recorder fails to connect to the Web Filter Server after several attempts. The Recorder then applies the Local Web Filtering settings. Clear this option to use only Server Web Filtering. If the computer is removed from the network, no web site blocking will occur.
For centralized Web Filtering to work OR to report data based on Web Filtering Categories, Server Web Filtering MUST be enabled on this panel in the computer's profile.
To set up Local Web Filtering:
Local Web Filtering Enabled - Check this option if Server Web Filtering is NOT enabled when you want to enable only local filtering. Clear this option if you want no local blocking to occur.
Block web sites in list - Select this option to BLOCK all the web sites listed. Allow access ONLY to web sites in list - Select this option to ALLOW access to only those web sites listed. Keep in mind this will set limitations to using an allowed web site if it uses content from another site. For example, if you allow cnn.com, not all of the content it provides will be allowed.
Centralized Web Filtering does not apply to Macintosh computers.
Add - Click this button to add a domain to Block or Allow. In the Web Site Access box that appears, enter a host and domain or domain name only (for example, mail.site1.com or site1.com). Click OK to add the new domain to the list.
Be sure click OK to save your Web Sites Visited block settings.
To enable Server Web Filtering:
Server Web Filtering Enabled - Check to enable centralized Web Filtering. Recorded web events will automatically be associated with Web Filtering Categories. Clear to select Local Web Filtering.
Revert to Local Web Filtering... - Available when the above option is checked. Check to set up Local Web Filtering as a backup
142
Delete - Select a web site in the Local Web Filtering list and click Delete to remove it from the list. Import - Click this button to import a list of web sites from a text file. See Import/Export Sites to Block. Export - Click this button to create a text file from the currently displayed list of web sites. See Import/Export Sites to Block.
Specifying a host limits filtering to that portion of the web site. For example, you could block gmail (mail.google.com) and still allow searching at google.com.
Import or Export Domains to Block

You can import a list of web sites to block (or allow) from the Block Web Sites panel. The imported list is appended to any domains already in the block/allow list. If an imported entry duplicates a domain in the list, it is ignored. The import file should be a plain text (.txt) file with one domain name on each line. Use the format " domain.com." For example:
# Add comments by starting a line with this symbol www.gamblingsite.com pornographysite.com badsite.org
To import a list of domains:

1. 2. 3. Create the text file listing domains to block or allow. In the profile's Block > Web Sites Visited panel, select Local Web Filtering and click the Import button. In the Import From box, to the text file and click Open. The list is loaded into the panel's Web Site Access list. If you create a long list of domains, be sure to export it or maintain a document list version somewhere as a backup.
To export a list of domains to the text file:

1. 2. Finalize your list of domains to block, then click the Export button on the Block Web Sites panel. Navigate to a location, name the file, and click Save. The list of domains to block or allow is written to the text file.
143
Block Chat/IM Settings

Limit users' access to online chat using the Block > Chat/IM Activity panel. These settings block (or allow) instant messaging with specific contacts or chat in specific chat rooms. Find out who to block by observing Chat/IM Activity in the Dashboard.
To turn on blocking of Chat/IM contacts:
ON - Select this option (or toggle the left column button to green) to enable blocking. OFF - Select this option (or toggle the left column button to red) to disable blocking.
To block a type of Chat/IM altogether, select the Chat/IM port for blocking on the Block Internet Access panel.
To block or allow Chat/IM access:

First, turn ON Chat/IM Activity blocking.
Block contact names in list - Select to prevent the user at the recorded computer from communicating with the contacts listed below. Other chat and IM will NOT be blocked.
Allow access ONLY to contact names in list - Select to block all chat except with the contacts listed below. For example, you may allow a list of clients, teachers, or business associates.
Add - Adds a contact name. Click to open a Chat/IM Blocking box where you can select the chat account type and identify the contact to block (or allow). See the section following. Click OK on the box to add the contact to your Chat/IM list.
Chat/IM recording must be ON before the Recorder can BLOCK access.
Delete - Select a contact from the list and click Delete to remove the name from the list.
To specify contacts to block:

First select the type of Chat/IM account the local user signs in to. Then, enter the contact you want to add to the list. If necessary, obtain contact names by reviewing Chat/IM recordings in the Dashboard.
For example if you notice that Bob is continually on Yahoo Messenger having inappropriate conversations with his girlfriend Sue, you can block Sue's Yahoo ID. You would know her ID by observing the previous Chat/IM recordings. Bob can still use Yahoo Messenger, but he will not send or receive any messages to or from Sue.
144
For example, if a user logs in to Windows Live Messenger and chats with a Yahoo contact, you would select MSN for the Chat/IM type,but enter the Yahoo account (friend88@yahoo.com) as the contact. Get the information you need by viewing Chat/IM activity that has already taken place.
Yahoo - Select if the person you are monitoring signs into Yahoo Messenger, Yahoo Chat 2.0, or an online Yahoo chat room. A Yahoo ID might be friend88; the ID of another contact participating in these Yahoo sessions might be a full email address, friend88@hotmail.com. To block access to a Yahoo Chat Room (available from Yahoo Messenger), enter the name of the Chat Room; for example: Gardening:6. You can get the name of Yahoo contacts and the Chat Rooms being used from the Chat/IM Activity view.
AOL/ICQ - Select this Chat/IM type if the user signs into AOL, AIM, AIM Express, Dead AIM, ICQ 2002, ICQ 2003 or ICQ Lite. Enter the Screen Name of the contact you want to block. For ICQ, enter the User Identification Number (UIN).
MySpace - Select if the person you are monitoring signs into MySpace to use Instant Messaging. Enter the Display Name and the User Profile ID you want to block. Both the Display Name and the numeric User-Profile ID appear in the Chatted with column in the Chat / IM Activity view.
MSN - Select if the person you are monitoring signs into MSN Messenger, Windows Live Messenger, or MSN Exchange Client. Next to Email Address, enter the full email address of the contact you wish to block (or allow), such as friend88@hotmail.com or friend88@yahoo.com. Blocking an internal MSN Chat/IM contact is not supported. The Recorder on a Mac will block contacts when AIM, Yahoo, MSN, Jabber, MySpace, Facebook, or Bonjour accounts are used.
145
Block Internet Access

The Computer Profile Block > Internet Access panel allows you to clock ALL Internet Access or prevent access at a particular port, such as the port used by FTP or ICQ chat. Use this type of blocking in addition to control general types of Internet activity and activity at ports.
To block Internet access at the computer:
Block Internet Access - Select ON to turn on blocking and activate settings below. Select OFF to allow Internet access. Block All Internet Access - Select to block ALL access to the Internet on the computer: ports, web sites, email, and chat/IM communication. The Blocking Schedule can be set to schedule when access is blocked, otherwise it is blocked at all times.
Block Selected Internet Access - Select to specify (on this panel) types of Internet access to block. If a Blocking Schedule is set, it applies to these selections.
Blocking Schedule - Click this button to set a schedule for the blocking specified on this panel. See When to Block.
To block specific Internet ports:

Blocking a port blocks a particular type of Internet access. For example, in a library you might block all Chat/IM types (AIM, ICQ, MSN, etc.), but allow HTTP access to web sites for research. Check an item's Block column to prevent access. Clear it to allow access.
Your settings on this panel and on Web Sites and Chat/IM Activity blocking may overlap. For example, blocking Yahoo Messenger ports blocks ALL Yahoo IM contacts. The most restrictive policy always applies.
Slide the left/right scroll bar below this list to view the Ports Blocked by your selection.
Web Sites via HTTP/HTTPS - Internet access to normal and secure Internet sites via the http and https protocols; this
146
includes most web sites, but not local network or ftp addresses. Blocks outgoing ports 80, 443, 8008, 8080, and 8088.
Kazaa - Peer-to-peer communication via Kazaa, a file-sharing application commonly used to download MP3 and video files. Blocks all outgoing and incoming ports used by the protocol.
SMTP/POP Email - Access to standard SMTP and POP email. Blocks outgoing ports: 25, 100, 109, 110, 465, and 995. File Transfer via FTP - File uploads and downloads using FTP (File Transfer Protocol). Blocks outgoing ports 20, 21, 989, and 990. AOL and HTTP/HTTPS - America Online (AOL) and other web sites that might not be covered by the first option. Blocks outgoing ports 80, 443, 8008, 8080, 4000, 5190-5193, 8088, and 11523.
Kazaa Lite - The Lite version of the Kazaa protocol. Blocks all outgoing and incoming ports used by the protocol.
To block additional Outgoing/Incoming Ports

If you notice inappropriate activity at non-standard ports, you can block the ports at the bottom of this panel. All ports in the Additional Outgoing Ports and Additional Incoming Ports lists will be blocked. Be sure to avoid blocking a port that a user may rely on for normal work. 1. At the top of the panel, you must check Block Internet Access and choose Block Selected Internet Access to activate these entry boxes. 2. 3. Click in the Outgoing or Incoming Ports list. Type the port or ports to block. Separate multiple port numbers with a space or comma.
AOL Instant Messenger (AIM) - Instant messaging using AIM. Blocks all outgoing and incoming ports used by the AIM client. ICQ - Chat communication in the standard ICQ protocol (older AOL clients). Blocks outgoing and incoming ports used by ICQ ICQ Lite - Chat communication using a simplified version of ICQ. Blocks all outgoing and incoming ports used by the protocol. MSN Messenger - MSN instant messaging. Blocks all outgoing and incoming ports used by the client application. Trillian - The Trillian protocol communicating on any chat network. Blocks all outgoing and incoming ports used by the protocol.
Windows Messenger - Windows Live instant messaging. Blocks all outgoing and incoming ports used by the protocol. XMPP (Jabber) - Messaging in the XMPP or Jabber protocol. Blocks outgoing port 5222. Yahoo Messenger - Messaging via a Yahoo account. Blocks all outgoing and incoming ports used by the protocol. Blocks all outgoing and incoming ports used by the protocol.

Other Chat/IM and HTTP/HTTPS - Chat and Instant Messaging protocols PLUS web sites. Blocks outgoing ports 80, 443, 8008, 8080, and 8088 plus 1863, 5190, 6660-6669.
147
When to Block Internet Access

Normally the Recorder applies Internet blocking all of the time. You can schedule blocking by clicking the Blocking Schedule button on a profile's Block Internet Access panel. The schedule affects selections on the Block Internet Access panel, but does not apply to Blocked Web Sites, which are blocked all the time.
Clear Entire Schedule -Click to clear all scheduled block times (red areas). When the schedule is cleared, Internet Access blocking is in place ALL of the time.
Click OK to set the schedule are return to Block Internet Access settings.

A new blocking schedule is applied when the user closes and re-opens Internet applications (browsers, email, etc.).
To schedule when Internet access is blocked/allowed:
Block based on the following schedule - Check to enable setting a blocking schedule. Clear this option to disable scheduling. Schedule Grid - Click and drag a red area to mark days and times when blocking is active. Red is blocked. White is NOT blocked. View Scheduled Times - Click this button to open a list of scheduled Internet blocking times for each day of the week.
148
Who to Block
Windows Profiles Only. When local Recorder blocking is active, the Block Internet Access, Block Website, and Block Chat/IM settings apply to ALL users who happen to log on to the recorded computer where they are applied. You can select particular users to receive blocking. The Recorder will then apply blocking locally, based on which user is logged in to the computer.
user names, all users of the computer will be denied access as specified on other panels.
Delete - Select a user from the list and click Delete to remove the user from the list of users to block.

To specify users to block or allow:
Only block the following Windows users - Check this option if you want to specify users to block. Clear this option to apply the blocking settings to all users of the computer. If you check this option but do not specify any users, Spector 360 assumes you want to block all users.
Add - Click the Add button after enabling the above option to display the New User box. Enter a user name and click OK to add the user to the list of users to block. If you don't enter specific
149
General Options
Password - If set, a password prompt appears when someone enters the hotkey combination to open a local Viewer. If no password is defined, the prompt does not appear.
Recorder Security Settings

Security Settings manage access to and stealth of the Spector 360 Recorder at the recorded computer. By default, the Recorder is set to run in Stealth Mode without a Viewer, and to use fixed filenames to facilitate preventing anti-spyware/anti-virus detection. Select a profile's General Options > Security panel.
Confirm Password - Confirm the password by typing it again. Hotkey - Windows Profiles Only. The key combination required to activate access to the Viewer. Change - Windows Profiles Only. Click to set a new hotkey combination in the Hotkey box. Select at least two modifier keys and type any keyboard character.

To set Viewer access security:
The Password and Hotkey combination on this panel apply to opening a Viewer installed with the Recorder. Ignore these settings if you are not using a Viewer. Note: We suggest using the same password for ALL Client
installations. Passwords are case-sensitive.
Set to Stealth Mode - Check to hide evidence the Recorder is running (default); clear to display a Recorder Service icon. Include Viewer with Spector Client Installation - Check to install a Viewer with the Recorder. A prompt appears warning that installing the Viewer increases possibility of detection. Click OK to go ahead with the selection. If the Recorder is already installed on a computer, you must re-install it and "Push" the installation. For a Mac, you must reinstall at the computer. Clear this option to omit the Viewer.
150
For security, include the Viewer with the Recorder installation ONLY for troubleshooting purposes.
To view or change the profile name and description:
Profile Name - Name of this profile. Type in a name for a new profile, or type over the name to change it. Profile Description - Description of the profile.

Advanced Recorder Security Settings

As a rule, you won't need to change Advanced Security Settings, but if the need arises, select General Options > Security and click the Advanced button. A message appears warning that changes to these settings can have an adverse affect on recording. Click Yes to continue.
Do not change these settings unless you are sure you know the effect on the Recorder and your system.
To enable advanced security options:
Enable User Logon Warning - Check this option to display a message warning that this computer is being monitored. The message is displayed each time someone restarts the operating system or a new user logs on to the computer. Clear this option to keep the Spector 360 Recorder "invisible."
Set Warning Text - Click this button to change the text of the warning message that appears when "Enable User Logon Warning" is enabled. The default message is a standard warning used by many government agencies. Select the existing text and type over it to make changes. Click OK to set your changes.
151
To set Service Monitoring Credentials:

Windows Profiles Only. You may need to provide the Recorder with Administrator-level login credentials to give it the access it needs to continue recording when a non-Administrator is logged in to the computer. For example, this is sometimes needed to capture AOL chat. With Administrator credentials, the Recorder has full access to the computer.
Admin Username - Enter the user name of any Windows administrator in the Admin group on the monitored computer. Admin Password - Enter the administrator's password.
Click OK to accept the changes you have made or Cancel to reject them. The Advanced Settings window closes.
Mask Program Titles - Windows Profiles Only. Default is OFF. Check this option to "hide" Windows titles (usually the program/document or web page name). All window titles are replaced by a non-recognizable string. Masking program titles does not affect aggregation of data in the Dashboard. Clear this option to read program Window titles in recorded events.
SpectorSoft recommends that all companies have an acceptable use policy that informs employees and computer users that their computer activity is subject to monitoring.
To change SpectorSoft file security:

Windows Profiles Only. Do not change this setting unless you are requested to do so by SpectorSoft.
Block - Default security for SpectorSoft files. Stealth None
152
Recorder Data Files

By default, Spector 360 stores data in randomly named, hidden files, in a randomly named folder on the recorded computer. Files in this folder are deleted when are passed to the Data Vault Server. The Data Files panel allows you to manage files and disk space at computers when data cannot be delivered to the Data Vault Server. Select a profile's General Options > Data Files panel.
Hide Files and Folders in Explorer /Finder - Check to prevent files and folders from being visible in Windows or in the Finder. Clear to make files visible within the folder (which may be hidden).
Password - By default there is no password [None] required to open data files. This password adds a layer of security at the local computer to prevent unauthorized access to the data files. It is a good strategy to apply a password BEFORE beginning to record/review data, or after changing the data files folder to a new location. Click Set to enter and verify a new password OK to set the password.
To set snapshot data file storage limits:

Storage limit settings determine when the oldest files will be deleted from the computer to keep the data under maximum limits.
To change how data files are stored:
Delete Data After...Days - Set a number of days to retain snapshots on the computer before deleting. Default is 30 days. Maximum Data Size...MegaBytes - Set a size limit in MB for all snapshots stored on the local computer. Default is 500 MB.
Do Not Modify - Keep the default, random settings. Specified Folder - Windows Profiles Only. Select to store data in a specific folder. In the following field, enter a folder name or click Browse to navigate to and choose a folder in which to store the Data Files. This option is recommended only for troubleshooting.
To set all other data file storage limits:

Other recordings take substantially less disk space than snapshots. If the Maximum Data Size or number of Days stored (as set in this box) is exceeded before an upload can occur, the Recorder starts overwriting the oldest data with new data.
Extension - Windows Profiles Only. The SpectorSoft data file extension is . SDF. We recommend you do not change it.
153
Delete Data After...Days - Set a number of days to retain ALL non-snapshot data on the computer before deleting. Default is 45 days.
Application Settings
The Application panel provides settings to control recording, the inactivity timeout (after which Spector 360 stops recording), and which programs are recorded or not recorded. Select a profile's General Options > Application panel.
Maximum Data Size...MegaBytes - Set the data storage size in megabytes that will be the limit for ALL non-snapshot data stored on the computer. When the size is exceeded, older data will be over-written. Default is 30 MB. To store data indefinitely enter a zero (0) in both the
"Delete Data After" and "Maximum Data Size" fields. Data will never be deleted using these settings if the Recorder is unable to connect to the Data Vault.
To delete ONLY after max space used set "Delete Data

After" to zero (0) days and "Maximum Data Size" to the desired size if you want to check for a maximum space value and NOT for number of days passed.
Be sure to click OK at the bottom of the panel to save changes. To ensure that new settings affect all applications and users, restart the computer after changing these settings.
To set application hotkeys:

A hotkey sequence is a series of keys pressed and held down simultaneously that provide a "stealthy," non-visible way to operate the application. Click the Change button next to the hotkey you wish to set.
154
To set the time out period:

By default, after 3 minutes of no mouse or keyboard activity, Spector 360 recording stops. It starts again immediately when a key is pressed or the mouse is used. This setting affects all types of recording, including Screen Snapshots and User Activity. Increasing the timeout period may capture more data; decreasing timeout period (stop recording sooner) may save disk space.
Type a new number in the Inactivity Timeout field, or use the arrows
Viewer Hotkey - Windows Profiles Only. Opens the Viewer, if one is installed with the Recorder. The default combination is Ctrl+Alt+Shift+S. The Viewer hotkey sequence can also be changed in Security Settings. Remember this sequence!
to increment or decrement the number from 0-999 minutes. Use 0 (zero) for no timeout period; the Recorder never stops recording.
A separate timeout setting is available for recording within each program instance.
Recording Hotkey - Windows Profiles Only. Stops and starts recording at the computer. Initially there are no recording hotkeys defined. If you define recording hotkeys, you can use them to temporarily stop and restart recording at the monitored computer.
To set programs to be recorded:

Spector 360 automatically records all applications that run on the computer. You can turn OFF recording of certain programs. Unlike turning off a particular type of recording, this setting affects ALL types of capture that can occur within the program, including Screen Snapshots. Keep in mind that the most "conservative" setting wins.
Snapshot Hotkey - Windows Profiles Only. Takes an immediate snapshot at the recorded computer. The default combination is Ctrl+Alt+Shift+P. Regardless of Screen Snapshot settings, this hotkey sequence records an immediate Screen Snapshot.
In the Hotkey box, check at least 2 modifier keys (Ctrl, Shift, Alt, Windows) to press for a valid combination. Type a regular key (such as "P") to press with the combination. Click OK to set the Hotkeys.
Be careful not to set hotkey sequences that are the same as keyboard shortcuts used by anyone at this computer!
155
Examples: To save disk space, you may choose to EXCLUDE monitoring of high usage desktop programs, such as Excel or Work. There will be no program activity or snapshots of these programs in the Dashboard data. To focus on web activity, you may choose to monitor ONLY Internet Explorer, Firefox, and other browser applications. If all other types of recording are ON, you will capture all web, program, file transfer, or chat activity that occurs within a browser. No data or snapshots will be captured from Word, Excel, or other desktop programs.
navigate to and select any executable file. Click OK. The Select Programs box closes and programs) are added to the list.
Delete - To remove a program from the list, select the program in the box and click Delete.

Only monitor, record/alert/block, the following programs (otherwise all) - Check to limit recording by program, and activate the following options.
Advanced Application Options

Advanced Application options allow you to fine-tune control of the Spector 360 recording. Do not change these settings you are an advanced user or unless instructed to do so by SpectorSoft Technical Support. Access the Advanced Application settings for a profile by selecting General Options > Application and clicking Advanced.
Monitor only programs listed - Select to provide an "Include" list of specific programs to record, block and alert on. Monitor all programs except these listed - Select to create an "Exclude" list of programs to NOT record, block or alert on. Add Opens a Select Programs to Include/Exclude box. All programs currently running appear in the list. Select one or more programs to add to your Include or Exclude Programs list.
To set Application Options
Allow Limited Users UI Access - Windows Profiles Only. When this is selected, users who do NOT have administrator privileges are able to open the Recorder Viewer and monitor recorded events. They will not, however, be able to change any settings. The default is to deny access to "limited users."
Enable Spector when Windows starts - By default, Spector 360 automatically starts recording whenever Windows is started at the computer. If you want to manually start recording, turn this feature off. You can use the Control Center to start and stop recording.
If the program you want to select is not listed, open the program now and click Refresh on the Select Programs box. This causes the program to appear in the list. If you wish, click Browse and
156
Capture Elevated Applications - Windows Profiles Only. Allows capture of processes in Vista that are running under Elevated (Administrator) privileges. This generally only applies to a small subset of applications Setup Applications, Control Panel Applets, etc. However, any application can be run with these elevated privileges by right-clicking on it and choosing Run as administrator. Change this setting only if directed to do so by Technical Support staff.
Include 32-bit Applications (64-bit OSes only) - Windows Profiles Only. Applies to computers running a Windows 64-bit operating system. Enables an extra feature of the Capture Elevated Applications option so that 32-bit Elevated Applications are also captured. Change this setting only if directed to do so by Technical Support staff.
Capture Applications Run as Another User - Windows Only. Captures occasions when a user runs an application under an account other than the one he or she logged in as.
Don't Record Admin Users (Mac) - Mac Profiles Only. Applies to computers running a Mac OS X operating system. Omits the Admin User from all types of recording.
Disable Advanced Recording (Mac) - Mac Profiles Only. Applies to computers running a Mac OS X operating system. Changes the method of recording applications such as Safari, Firefox, and iChat if problems are occurring. Check this option only if directed to do so by Technical Support staff.
To set Network options:
Capture Console Applications - Windows Profiles Only. When selected, Spector 360 captures keystroke activity in the Windows Command (Cmd) window or in DOS.
Network Initialization Delay - Windows Profiles Only. This setting increases the number of seconds to delay initialization of Spector 360 Recorder modules used to capture Internet information, and may prevent the Recorder from conflicting with programs that may be competing for the same Windows resources. The default is 0. Click the arrows to change this setting only if requested to do so by a SpectorSoft engineering staff.
Automatically turn off Work Offline - Windows Profiles Only. Enables the Recorder to work around communication problems when a computer is set to "Work Offline."
157
To set Troubleshooting options:
Enable Automatic Error Transmissions - Spector 360 traps internal program errors and stores them in a log file. When this option is turned on, program errors may be automatically transmitted to SpectorSoft so that Technical Support may find the cause of the errors. The default is not to enable automatic transmission. Turn this on only if requested to do so by a SpectorSoft engineer.
Enable Log File - The Recorder maintains a log of its own activity. The log, which you can view from Manage Computers in the Control Center, provides a date-time stamp of sessions and settings changes, but only records as much as specified in the Detail Level or under the Configure Log File settings. If you contact Technical Support, you may be asked to send us Recorder log files for troubleshooting purposes.
Log File Detail Level - The default level of logging is zero (0), which provides a minimal number of log entries. Other levels are 1 and 2. Normally there is no need to change this level. However, if you are having a problem, and a SpectorSoft Technical Support representative asks you to increase the level, this setting will provide more detailed information about internal The Recorder activities (creating a larger Log File on the computer). To raise the Log File Level, click on the arrows.
Configure Log File - Click this button to display a box of Log File options. Click the appropriate activity, as advised by Technical Support. This increases data collection only for a specific component(s), as needed.
158
Server Settings
You can verify or change Spector 360 Recorder communication with Servers from General Options > Servers in a Recorder's profile. These settings are established on installation of the Spector 360 Server Components and will only change if you move a Server, add a Server, or if there is a communication conflict. Keep these points in mind:
Recorders communicate best with a Server at a static IP address. When a computer obtains an IP address automatically (uses DHCP) the address may change every time it connects to the network. If the Recorder cannot resolve the IP address to a computer name on the network, it will not find the Server.
Communication takes place at a particular port. The Recorder attempts to contact each Server at a specific port at the Server IP address. The Recorder in turn reserves a port at the recorded computer (Client Port) for Server communication. The default ports normally work, but watch for network conflicts.
Direct Recorders to the correct server. If you add a Data Vault or Web Filtering Server, use the profile to direct Recorders to the Server you want them to use. The Server must already be installed and appear in the Servers view.
When the location of a Server changes, the Control Center configures existing Computer Profiles to use the new location. Computers running the Recorder need to be restarted before Server changes go into effect.
To change Primary Server settings:

Each recorded computer periodically queries the Primary Server for licensing validation. If communication cannot be established, the Recorder will not upload data and recording will stop.
Server Name - The computer name or IP address of the computer where the Primary Server is installed. Change the Server Name only if the Primary Server has been moved to a different computer.
Port - The default IP port address for communication with the Primary Server is port 16770. You can change the port by entering a different number. The Server Port configuration in this panel must match the port configuration in the Servers view.
159
Use Static IP Address - Check if the Primary Server is installed on a computer with a static IP address (recommended). Clear to rely on the network's name resolution.
Use Static IP Address - Check to indicate the Data Vault is installed on a computer using a static IP address (recommended). Clear to rely on the network's name resolution.
Server IP - The IP address of the computer where the Primary Server is installed. Click Edit to open an "IP:Port" box and change the IP address. If you don't know the IP address of the Primary Server computer, enter the computer name in the lower field and click Resolve. The IP address for the computer will be displayed in the upper field. Click OK to set your change.
Server IP - The IP address of the computer where the Data Vault Server is installed. Click Edit to change the IP address. Use Resolve, if necessary. Click OK to set your change.
Send Interval - How often the Recorder attempts to send data to the Data Vault Server. The default is every 240 seconds. Max Send Period - How long the connection from the Recorder to the Data Vault Server lasts. The default connection period is 30 seconds.
To set the Client listening port:

Each Recorder listens for Server communication at port 2468. Do NOT change the port unless there is a conflict on your network.
To change Data Vault Server settings:

Each installed Recorder uploads recorded events to the Data Vault Server at a given "Send Interval." Use this section to adjust Recorder communication with the Data Vault, or to direct Recorders using this profile to a different (second) Data Vault Server.
To change Control Center Server settings:

Each recorded computer communicates its status with and receives instructions from the Control Center Server (CCS).
Server Name - The computer name or IP address of the computer where the Data Vault Server is installed. Change the name if the Data Vault service has been moved to another computer.
Server Name - The computer name or IP address of the computer where the CCS is installed. Server Port - The IP port address where the Client Service attempts to communicate with the CCS. The default is port 16768. Do NOT change the port unless there is a network conflict.
Server Port - The IP port address where the Recorder attempts to communicate with the Data Vault Server. The default is port 16769. Do NOT change the port unless there is a network conflict. This port must match the port specified in Control Center Properties for the Data Vault.
Use Static IP Address - Check to indicate the CCS is installed on a computer with a static IP address (recommended). Clear to rely on the network's name resolution.
Server IP - The IP address of the CCS computer. Click the Edit button to change the IP address (see above).
160
Send Interval - How often the Recorder attempts to communicate with the CCS and update its status. The default is every 300 seconds.
Client Options
Windows Profiles Only. Client Options control the visibility of a Recorder installation and provide settings for use of App-V, Published Applications, and other circumstances. Select a profile's General Options > Client Options.
To change Web Filter Server settings:

Windows Profiles Only. The Web Filter Server (WFS) supplies Web Filtering rules to computers (with Server Web Filtering enabled) permitting them to access only allowed web sites. These settings direct Recorders to the WFS they should use.
Server Name - The computer name or IP address of the computer where the WFS is installed. Change the name if the server has been installed on a different computer or if you are directing Recorders using this profile to a different WFS.
Server Port - The IP port selected on installation of the server. The default is always port 16771. Change the port ONLY if there is a conflict on your network. This port must match the port specified in Control Center Properties for the Web Filter Server.
Use Static IP Address - Check to indicate the WFS is installed on a computer using a static IP address (recommended). Clear to rely on the network's name resolution.
Server IP - The IP address of the computer where the WFS is installed. Click the Edit button to change the IP address (see above ).
Choose installation options:

Install in Quiet or Silent Mode? - Check to install the Recorder without any dialog boxes or messages appearing. If the Reboot option is also checked, the only sign of installation is the computer restarting. Clear for a visible installation requiring user interaction with the dialog boxes you choose. If you clear this option and select no further options on this panel, the Client Recorder installation will be interactive, displaying these prompts... 1. Password prompt - If a password has been configured in Security, prompts for the password to begin the installation. The same password is required to uninstall and to open a Viewer.
161
2. 3. 4. 5.
Installation progress bar - A progress bar appears. Readme - Displays notes following the installation. Restart prompt -Displays a restart prompt. Remove install file prompt -Asks to remove the installation file.
Use Fixed Filenames - Check to install Client Recorder software with the same filenames on all computers. Clear this option to randomize the filenames for every installation. Fixed filenames allow you to exclude the Recorder files from antivirus scanning.
Enable App-v Support - Check Enable App-V Support if you have applications deployed using Microsoft Application Virtualization (App-V), formerly SoftGrid. This option allows the Recorder to capture activity within these types of applications. If you do not check this option, the App-V applications will not be properly recorded.
Check to enable options. Clear to skip an action or dialog box.
Reboot Client Computer After Installation? - The Recorder is not fully installed until the computer restarts. Check this option to override the prompt shown in step 4 above and have the Client restart immediately and automatically. Clear this option to allow the user to turn off and restart in normal operation. The Client will not begin recording until the computer restarts.
Enable Alternative Shell Support - This option allows you to install the Recorder on Windows Terminal Services (Microsoft Remote Desktop) or Citrix Server and capture activity that occurs in published applications. Check Enable Alternative Shell Support and then click to open a box where you can specify the alternate shell that is launched to run Citrix or Terminal Server published applications. The alternative shell name is: wfshell.exe - Citrix Server rdpshell.exe - Windows Terminal Server Click OK to set the alternate shell name. Clear this option to record applications running under the normal Windows shell. To record workstation activity in "local" applications, install an additional Recorder on each workstation.
Show Agreement Dialog? - Available when "Install in Quiet or Silent Mode" is cleared. Requires response to an Agreement dialog box. Click the View button to see what this dialog box looks like.
Show License Dialog? - Available when "Install in Quiet or Silent Mode" is cleared. Requires response to a License dialog box. Click the View button to see what this dialog box looks like.
Show Serial Number Dialog? - Available when "Install in Quiet or Silent Mode" is cleared. Requires the user to enter or confirm the serial number.
Show Options Dialog? - Available when "Install in Quiet or Silent Mode" is cleared. Displays a Security Options prompt, allowing the user to set a password for the Viewer, if one is being installed, and whether or not Recorder will be visible on the Windows task bar and as a program or not. The user can change the password during the installation, but not the Hotkey sequence.
Enable Spector Client in Safe Mode - Check this option to activate recording when Windows is started in Safe Mode. When this option is cleared, the Recorder will not launch and record activity when Windows is started in Safe Mode.
Show Installation Warning Dialog? - Begins the Recorder installation with a message that you create. The user must respond to the message before the installation continues. Click Edit next to this option to change the message.
Enable Executable File Mutation - Use only if directed by SpectorSoft Technical Support. Recorder Method - Select these options only if directed to do so by SpectorSoft Technical Support.
162
Record URLs
Windows Only. Normally Spector 360 captures activity at all URLs. Some organizations prefer to exclude select web addresses from recording in order to protect the privacy of users. Others may want to record ONLY sites where work requiring documentation takes place. Select a profile's General Options > Record URLs panel.
When a web site is not recorded, it cannot be blocked or scanned for keywords.
To specify URLs to record (or not record):

1. 2. Check Enable URLs selective recording list (otherwise all). Select one of the following: Record only URLs listed - Record activity only at the web addresses in the list. Do NOT record other URLs. Record all URLs except these listed - Do NOT record activity at the listed addresses. Record activity at all other URLs. 3. Click Add. The Record URL box opens. Type or paste a URL in the blank. A domain name specifies all possible subdomains and URLs within the domain. A URL for a web page specifies one page.
The Record URLs feature differs from other Record settings in that it applies to capture of several web-based activity types at the named URL: Screen Snapshots, Web Site Activity, Online Searches, and Keystrokes Typed. Although browser activity is recorded in Program Events, the Window Titles or Captions for pages viewed at the site are "masked out," as shown below. google.com records or excludes the entire Google domain. mail.yahoo.com records or excludes recording of the Yahoo mail subdomain. www.mycompany.com/products/requirements.htm records or excludes recording of this web page. Click OK to add the URL or Cancel to close the box without adding an item.
163
Selective Recording of Program Captions

Windows Profiles Only. Selective window captioning means that you can "mask out" titles of documents in recording of certain programs. A program window caption usually contains the program name plus the document name ("Microsoft Excel - budget.xls"). Depending on who is managing your Spector 360 data, you may do this for security or privacy. For example, it may be necessary to see all window captions for Internet Explorer, but not for Microsoft Excel. This option is provided in a Profile's General Options > Program Caption settings.
To record captions selectively:
Enable program window caption selective recording - Check this item to turn on selective window caption recording. If it is cleared (default), ALL window captions are captured, as possible.
Record window captions for Programs listed only - Select this to specify which programs to record. Record window captions for programs except listed - Select to specify which programs to NOT record. Add - Click to open a window and add a program name.
Delete - Click to remove a program in the list. Import - Click to import a list of programs from a text file. Export - Click to export a list of programs.

164
Importing a List of URLs or Programs

Windows Profiles Only. Instead of adding URLs one at a time to the Record URLs panel or programs one at a time to the Program Caption panel, you can import a text list of URLs or programs. This allows you to maintain separate lists to use as you wish in different Recorder Profiles (or for other purposes). Start with an exported list, or use any text file containing a list of URLs or programs. Import the list using the Import button on the appropriate Profile panel.
To create a file to import:

Create or modify a file using any application that supports text (.TXT) output. Follow these guidelines:
One URL per line (row) For comments use # (number sign) at the beginning of the line Save the file as a text (.txt) file
Save a spreadsheet of URLs as a text file
You can import more than one list. You can add to a list and re-import it. Each import adds to the URLs or programs already listed. Any new items are added, and any repeated items are ignored. To remove URLs from the Record URL panel, select and Delete them explicitly. To remove Programs from the Program Caption panel, select and Delete them explicitly.
To import the text file:

1. 2. 3. Open the Profile and select the Alert panel. Click the Import button next to the Record URLs list box. Use the Import From box to navigate to your .txt URL list. Select it and click Open. The list loads into the settings panel.
To import an exported list:

First, Export the list you want to use. Use the Export button on the appropriate Profile panel. This creates a text file of all items in the list. 1. 2. 3. Enable Record URLs or selective window caption recording. Click the Import button. Use the Import From dialog box to navigate to the exported keywords file. Select it and click Open. The list loads into the Alert settings panel.
165
Exporting a List of URLs or Programs

Windows Profiles Only. You may want to export the URLs or Program captions you are recording or excluding from recording and use it in another Profile. Open the profile with the list you want and select General Options > Record URL or Program Caption.
To export a list of URLs:

1. 2. Edit the list if necessary, and when the list is ready, click the Export button. In the Export to box, navigate to a folder and type in a file name. You don't need to specify a file extension, but a text file will be created. Click Save to save the export file. The file you create can now be imported to another profile.
166
Manage Computer Licenses
Managing Computer Licenses

Your Spector 360 installation requires a registered serial number, unlocked licenses, and a license for each computer you are recording. The Manage Computer Licenses view helps you keep track of assigned licenses. If all licenses for a Serial Number have been assigned, and you have more computers to record, you may need to Add Computer Licenses.
Status - State of the license: Active: The Recorder is actively communicating with the Primary Server. Reserved: The Recorder is not currently in communication (or has been uninstalled), but is reserved for the named computer.
Last Refresh - Date and time the installed Recorder last checked licensing information at the Primary Server.
To manage your licenses:
Register or re-register your serial number. After installing Spector 360 , or after purchasing additional licenses, register and unlock the product. More..
Add computer licenses to a Serial Number. When you are ready to expand your Spector 360 installation, simply add licenses to your serial number. More...
To view serial number and licensing status:

Select the Computers tool and Manage Computer Licenses. The right pane shows information about your serial number and licenses. Only computers where the Recorder has been installed are listed as "Licensed."
Add a Serial Number. In special cases, multiple serial numbers may be required. More... Refresh. To update the list of Computer Licenses: click the toolbar button - OR Press F5 - OR - Right-click and select Refresh.
Serial Number - A registered Spector 360 serial number. Total Licenses - Total number of computer licenses registered and unlocked for this serial number. Available - Number of Recorder licenses still available to assign to computers. Licensed Computer - Name of each computer that has received a license. A computer receives a license when the Recorder is installed.
167
Reserve a SpectorSoft License
Reserve a SpectorSoft License

Each serial number can be "unlocked" for a certain number of licenses. One license is used for one Recorder installed on a computer. Plan ahead by reserving a license for each computer you intend to monitor. The Computers list shows which computers have been assigned a license. Be careful reserving licenses! You cannot "reuse" or "move" a license from one computer to another. Manage Computer Licenses shows licenses assigned and available.
To reserve a license:
Select one or more computers in the Manage Computers view. Select Reserve License from the Edit menu or from the context (right-click) menu. All licenses you intend to reserve must be under the same serial number. Select the serial number, if applicable. Click OK.
If you are managing more than one serial number, a message cautions you to be sure to select the correct serial number for the license(s). You cannot "undo" an incorrect license reservation. Use the drop-down list to select the correct serial number, and then click OK to reserve the licenses.
If you have selected more computers than you have available licences for, a message appears. Click OK and contact SpectorSoft about purchasing additional licenses.
If the Control Center is unable to communicate with the CCS or Primary Server, or if there are no available licenses, a message appears and no licenses are reserved.
A message asks you to confirm reserving the selected number of licenses from this serial number. Click Yes to continue or No to cancel.
A second message confirms the License Reservation. It may take several minutes for the license icon to appear in the Manage Computers list, but the number of "Available" licenses in Manage Computer Licenses changes immediately. Manage Computers list shows a reserved license.
168
Serial Number Registration
Serial Number Registration

Your serial number allows you to register Spector 360 for the number of computer licenses you have purchased. You can complete Spector 360 Setup without registering your serial number, but before installing Spector 360 Recorders, you MUST register and unlock the Spector 360 installation. Each Recorder requires license validation from the Primary Server in order to operate. In addition to computer licenses, a registered serial number provides access to...
5.
Wait several minutes for the email from SpectorSoft to arrive. The email contains your Serial Number, Registration Code and the Unlock code. Follow instructions below to unlock.
To register at a different computer:

If the Control Center computer is not connected to the Internet, or if you wish to register without going through the Control Center, follow the procedure above to display the Register Serial Number box. 1. 2. 3. Click Copy next to the Serial number. Paste the number in a document. Click Copy next to the Registration number. Paste the number in a document. On a computer connected to the Internet, go to http://www.spectorsoft.com/support/360_register.asp. At the web site, paste in your Serial Number and Registration code. Click the Generate Unlock Code button.

1. 2.
Technical Support Online Knowledge Base Online documents Downloads of updates
You need to register your serial number when you:

Install Spector 360 the first time. Convert to Spector 360 . Purchase additional licenses to record more computers. More... Install a major product upgrade. Install Server Components when they have been uninstalled.
To unlock your installation:

As soon as you register, SpectorSoft sends an Unlock Code by email to the SpectorSoft contact at your organization. It takes just a few minutes. You will use this code to "unlock" and begin using Spector 360. 1. 2. Open the email message from SpectorSoft that contains your Unlock Code. Select (double-click) the Unlock Code - longest number - in the body of the email and copy it (Ctrl+C). If necessary, paste it into a document you can access from the Control Center application. 3. Paste this number (Ctrl+V) into the Unlock Code field of the Register Serial Number box accessed either from the Control Center (described above) or from the Primary Server Administration window.
To register Spector 360:

Select the Computers tool and Manage Computer Licenses. In the left Task Navigation pane, click on Register Serial Number - OR - Click the Register button on the toolbar. A message appears asking if you want to re-register. Click Yes to re-register or No to cancel. 3. 4. In the Register Serial Number box, click the Register button (if the computer is connected to the Internet). When you click the Register button, an email is sent to the email address of the SpectorSoft contact at your organization.
169
Adding Licenses to a Serial Number
4.
Click OK in the Validate License message. Spector 360 is now enabled for the number of computer licenses you purchased.
To add computer licenses:

1. Have your serial number ready. Look for your serial number in the Recording >Manage Computer Licenses in the Control Center. You can also find it in your original email purchase receipt or on the back of the CD holder (if a CD was purchased). If you have misplaced your product serial number, contact us. 2. Contact SpectorSoft.
Adding Licenses to a Serial Number

Your Spector 360 installation allows for a certain number of computer licenses. You may purchase additional licenses at any time.
You can install the Spector 360 Recorder on one computer for each license; if you have a 50 computer license, you can install the Recorder on 50 computers, no more.
If the Recorder is removed from a computer, the license remains reserved for that computer and can only be installed on another computer with the same Windows name on the same network. License reservations are held indefinitely.
At SpectorSoft.Com: Product Inquiry By phone: 1-888-598-2788
When you make the purchase, SpectorSoft will make the appropriate changes to your license agreement and will update your serial number to include the additional licenses. 3. Re-register your serial number. Do this in Manage Computer Licenses. See Serial Number Registration. 4. Unlock the computer licenses. You will receive an unlock code by email when you register. Follow the instructions in Serial Number Registration to unlock the new licenses and enable the Primary Server to validate the additional Recorder installations. 5. Install the additional Recorders. Once the serial number is re-registered, the Computer Licenses pane shows an updated number in the Total Licenses column. You can now go to Manage Computers and assign additional computers a Recorder installation.
If you are recording a Windows multi-user server, then a license is required for each unique user connecting to the multi-user server. For example, a 50-computer license would allow for the installation of the Recorder onto a Citrix MetaFrame server configured for 50 unique users.
Note: Spector 360 uniquely identifies a computer on the network by using its Windows computer name. If the computer name of the computer is changed, another license for that computer will be used in order for the Recorder to continue to record the computer.
170
Manage Recorder Versions
To view Recorder versions:

Select Recording > Manage Recorder Versions. The right pane lists the available Recorder Versions that have been downloaded.
Managing Recorder Versions

Because SpectorSoft continually improves the ability of the Spector 360 Recorder to capture email, webmail, and chat/IM, Recorder (Client) software updates are available more frequently than Spector 360 Server updates. The Manage Recorder Versions view allows you to request updated versions and manage versions you have already downloaded.
Default - A green check mark indicates the version to be installed if no specific Recorder Version has been assigned to a computer. The default version is also used when you request automatic Recorder installations for new computers joining the network.
Recorder Version - The first two numbers (7.2) indicate the Spector 360 version, the next four (.6349) indicate the build, and the last three in parentheses are the Webmail version - 7.2.6349 (170). The Webmail version is updated as available with your Recorder Version downloads.
To manage Recorder Versions:

Recorder downloads occur via an HTTP connection, but you can change this in the Servers > Primary Server properties box. As soon as a new Recorder Version (also known as a signature file) is downloaded and appears in this view, you can assign it to computers and use it in profiles. Updating the Recorder version will NOT remove any recording data from the computer; however, some profile settings may change. Check the computer's profile using the new version to see if settings are as you want them to be.
If you have upgraded your Spector 360 Servers be sure to re-install the Recorder (rather than assign a new version).
Check for and download a new version. More... Change the default Recorder version. After downloading a new version and checking profile settings, you probably want to make the latest version the default. More...
Automatically install new versions on computers. Set computers to receive the latest ydownloaded version at the given update time. You can do this as you Add Computers or Modify a Computer. You can also specify an automatic install when computers are added to Active Directory.
Assign the Version to Computers or Groups. If you are NOT automatically updating the version, assign the new version to select computers. Once the version is assigned, computers will receive it when they check in with the CCS, or when you use the Install Recorder command to install or re-install the client. More...
Refresh the list. Clicking the Refresh button or press F5.
171
Downloading a Recorder Update
Downloading a Recorder Update

If the Control Center computer is connected to the Internet, you can check for and download the latest Spector 360 Recorder Version. The new version of the Recorder will be updated for web-based email, Chat/IM, to improve recording performance and to ensure stealth. The new version will be added to Manage Recorder Versions.
To check for and download an update:

1. 2. Select the Computers tool and Manage Recorder Versions. The Check for Recorder Updates box appears. Click Check for Updates. When you click this button, you are requesting SpectorSoft.com to check for:

3.
A newer version of the Recorder A newer configuration for capturing webmail Available downloads for other new items
If updates are available, wait as they are automatically downloaded. When the download is complete, "Done" appears next to each task.
4.
Click Close to close this box. Refresh the Control Center window to view the new Recorder software in the list of Recorder Versions.
If computers are set up for automatic updates, they automatically receive the latest downloaded Recorder Version from the Control Center Server (CCS) when they "check in." If computers are not receiving automatic updates, you need to "assign" the new Recorder version to computers.
172

If you request to install a Recorder but no Recorder Version has been assigned to the computer, Spector 360 uses the "Default Version." You can assign a new version to computers or groups in Manage Computers at any time, before or after the Recorder is installed. When you're managing Windows and Mac computers, the Assign Recorder Version command allows you to selectively assign versions to both platforms. Note that each platform has a "Default Version." Because a new Recorder version may contain new profile settings, you may want to test the version on a few, select computers before assigning it to all computers.
To assign a Recorder version to selected computers:

1. 2. 3. In Manage Computers, select one or more computers or groups. Open the Edit menu (or right-click) and select Assign Recorder Version. From the submenu or selection box, choose the version you wish to apply to the selected computers. If both Windows and Mac computers are in the selection, choose a version for each platform, from each pane.
4.
A message asks you to confirm the Recorder version and the number of selected computers (and groups). Click Yes to apply the version or No to cancel. The assigned version appears in the Computers list.
To update Recorders now by reinstalling:

Reinstalling the Recorder updates any computer without an "assigned" version to the "default" version and applies any profile changes. 1. In Manage Recorder Versions, set the new Recorder Version as Default. (Modify a profile using the new Recorder to make sure you are satisfied with the settings.) 2. 3. 4. In Manage Computers, select as many computers as you wish from the Computers or Groups list. Right-click and select Install Recorder. Set a schedule for installation and click OK.
A Recorder receives its update at the "Client Update Time" scheduled in the CCS properties. The computer must restart before any new Recorder functionality goes into effect.
173
Automatically Update the Recorder
Automatically Update the Recorder

When you Add or Modify a computer in Manage Computers, you can configure the computer to receive automatic updates.
Setting the Update Time

You can set or change the automatic update time for Recorders for any selected computer or computers in the Manage Computers list. Rightclick the selected computers and select Set Update Time.
To automatically update the Recorder version on computers:

1. In the Add or Modify Computer box, select the latest Recorder Version from the drop-down list.
2.
Select an option for an automatic updates. These options apply after the Recorder has been installed:

Don't automatically update the Spector 360 Recorder Automatically update the Spector 360 Recorder Automatically update the Spector 360 Recorder
Never update the Recorder automatically - The version does not change unless you re-assign or re-install it. Update the Recorder as soon as possible - When a new version has been downloaded, computers receive the update as soon as possible.
Save your changes or continue through the process of adding the computer. The computer must restart before any new Recorder functionality goes into effect.
Update the Recorder automatically at - Computers receive the update at this time. Click on the hour, minutes, or AM/PM and use the arrow buttons to change the time. If the time precedes the download, the update will occur on the next day at the set time.
Click OK. A message asks you to confirm the change. Click Yes to apply, or No to cancel, the change and close the box.
174
Setting the Default Recorder Version
Setting the Default Recorder Version

Windows and Mac OS platforms each have a "default Recorder Version." This version is used to install the Recorder if another version has NOT been assigned to the computer. As you download and test new Recorder versions, you can change the default for each platform to the latest version. Computers receiving automatic Recorder updates will receive the latest download automatically, regardless of the version default setting. 4.
If your Control Center shows only one OS platform and you need both, see Tools > Options.
Click OK to save your selections and set defaults. Click Cancel to discard changes. The default versions will appear in selection lists and with a green checkmark in Manage Recorder Versions.
To set a new default Recorder version:

1. Select the Computers tool and Manage Recorder Versions. A green check mark in the first column of the right pane indicates the current default version. 2. 3. Open the Edit menu (or right-click anywhere in the right pane) and select Set Default Version. If you are monitoring Windows and Mac platforms, select a default version for each platform and click OK. If you are monitoring one platform only, a menu of version choices is displayed. Select the version to use by default from the submenu.
175
Managing Servers
Managing Servers
Spector 360 Servers should be running and ready to communicate as soon as they are installed. The Servers tool allows you to view each Server's location, communication port, and status. From the Servers view, you can stop and start a Server, change the communication port, change credentials , or add a Data Vault or Web Filter Server.
To manage Servers:
Modify Server properties. Select the Server and Modify from the toolbar bar - OR Select Modify the selected Server in the Task Navigation pane. See: Control Center Server Properties Data Vault Server Properties Primary Server Properties Web Filter Server Properties Database Server Properties

To view Servers:
Select the Servers tool from the lower left navigation pane to view:
Add a Server. Add an extra Data Vault or Web Filter Server that you have installed. More... Change Server location. If you move a Server, make sure the change is noted in the Control Center. More... Remove a Server. Remove an extra Data Vault or Web Filter Server. When a lock icon is displayed next to a Server, it cannot be removed. Only "added" Servers can be removed. More...
Server Type: Control Center - Delivers instructions to Recorders. Data Vault - Receives data from the Recorders. Primary Server - Manages licensing for Recorder installations. Web Filtering - Filters access to the Internet. Database - SQL Server access to the database; includes status of the SQL or Spector Agent.
Database login is not required to access Servers, however some changes require the Database SA password.
Host Name - Computer where the Server is installed. Port - The port where the Server listens for communication.
176
Changing Server Credentials

You can verify or change the account under which a Server Component service runs. During Spector 360 Setup, you installed the CCS under a Network Account and all other Servers under the Local System or a Network Account. If a password changes or a Server moves, you may need to change the account type and/or credentials.
Changing credentials of the Data Vault, Web Filter, or Database Server requires entry of the SA password. New credentials entered here are automatically added to the Database.
Use Local System Account for: Data Vault Server
When: The Server is installed on the same computer as MS SQL Server, the Spector 360 Databases, and File Storage location. Any time. The Server is installed on the same computer as the Spector 360 Databases. The Server is installed on the same computer as the Spector 360 Databases.
Primary Server Web Filtering Server Database Server
To use the Windows Local System Account:

Use this option when all components are installed on one computer. Select Windows Local System Account. No user name or password are required because the service is using local administrator login credentials. For security purposes, you may wish to assign the Data Vault and WFS Servers to SQL Server accounts rather than allowing Database access through the Local System.
To use Network User Account credentials:

Select the Network User Account option to use an EXISTING network account. Enter the Domain Name, the Windows Login Name, and the Password to log in to the account. A Network User Account allows a Server access to other computers (such as the Database computer) on the network. For Servers that need to access the Database, the account must have Administrator-level privileges on the Database computer. Use Network User Account: Control Center Server When: Always. The CCS requires Administratorlevel credentials (Domain Administrator) to access and install the Recorder on network computers. The Server is NOT on the same computer as the SQL Server, Database , and File Storage location. The account must have Administrator-level privileges on the computer where the Database is installed for the Data Vault Server to make the connection and write the data.
Data Vault Server
177
Use Network User Account: Primary Server Web Filtering Server
When: Any time. The Server is NOT on the same computer as the Spector 360 Databases. The account must be able to connect to and access the computer where the Database is installed. The Server is NOT on the same computer as the File Storage location; however, the recommended configuration is to assign the File Storage location to a local drive on the SAME computer where the SQL Server and Databases are installed.
Database Server
If your Spector 360 installation uses more than one Data Vault or WFS Server, use the same Network User Account credentials for the second Server.
To use SQL Server Credentials

Select the SQL Server option to allow the Server (Windows service) to run under the Local System Account where it is installed, but to access the Database using a SQL Server user name and password. You may create new SQL credentials here, using any user name and password; the authentication will automatically be added to the database. Uses SQL Server Credentials: Data Vault Server When: The Server is installed on the same computer as the SQL Server and Databases, and you want to protect access to the Database. The Server is installed on the same computer as the SQL Server and Databases, and you want to protect access to the Database.
Web Filtering Server
178
Entering the Database (SA) Password
Entering the Database (SA) Password

Before you can change credentials for a Server that uses the Spector 360 Database (Data Vault, Web Filtering, or Database Server), you must enter the System Administrator (SA) password to the Database. All Control Center users may view the account under which the Server runs, but this step ensures that only users with the highest privilege can change the Server account.
Moving a Server
It's possible to move a Server from one computer to another. Use the Spector 360 Setup program to re-install the Server elsewhere and then make sure to uninstall it from its current location. Move a Server when it is least likely anyone will be using Spector 360 to view activity.
See Adding a Server to ADD another Data Vault or Web Filter Server.
Notes about moving Servers:
Uninstall/Reinstall. When you MOVE the Server, you are uninstalling it on one computer and installing it on another. Local/Network Account. The Primary Server service generally will operate under the Local System account, no matter where it is installed. The Data Vault Server and Web Filter Server need to run under a Network account if installed on a computer separate from SQL Server and the Databases. Be sure to set Server credentials
To enter the password:

1. 2. Type your SA password in the Password field. Click OK to continue or Cancel to return to the Server Properties box.
accordingly.
Control Center. The Control Center will automatically locate the moved Server and configure all Recorder Profiles to use the new Server location. Computers running a Recorder pointing to this Server, however, will need to be restarted.
Static IP. Server computers should be up and running all the time and have a static IP address.
To move a Server:
1. Uninstall the Server you wish to move. Select Start > All Programs > Spector 360 > Uninstall Spector 360 . Clear all component check boxes except the Server you want to move. Verify that you want to remove the Server, and wait for uninstall to complete. Click Finish and restart the Server computer.
179
Moving a Server
2.
Install the Server you wish to move. Run the Setup program, again (you can choose Uninstall from the Start menu) selecting Re-install or Install this time. Select only the Server component you are moving. Locate the CCS (Control Center Server). If you are prompted to locate the CCS, type the computer name where it is installed or Browse to the computer and select it. Enter your serial number. Accept the license agreement and enter your serial number, if necessary. Locate the SQL Server computer, if prompted. The Data Vault and Web Filter Server need to communicate with the Spector 360 Database. Type the name of the Spector 360 SQL Server computer, if prompted, and enter the SA password. Choose a path for installation. The default installation location is C:\Program Files\SpectorSoft\Spector 360 on the computer where you are running the Setup. Select the computer to receive the installation. If you are running the Setup program at the original Server installation location, choose "Install on Another Computer." If you are running the Setup program at the location where you want the Server installed, select "Install on This Computer." Make sure to enter the correct Computer Name or navigate to and select the computer on the network. Enter Network Credentials, if applicable, and click Finish when the installation is complete.
Choose a Local or Network service account. If you are locating the Server elsewhere on the network, you will want to use an existing Windows Network account.
180
Adding a Server
3.
Verify the Server computer in the Control Center. Make sure the Server icon is in the system tray of the new computer. You may need to restart the computer to see the icon. Use the Control Center Servers tool and Modify to verify that the moved Server is listed in the Control Center as running on the specified computer. If you moved the Primary Server, review your Computer Licenses to make sure the proper number of licenses are active.
The Data vault requires about 205 MB of free disk space. Other Servers require about 1 MB of free disk space. See the Deployment Guide for additional configuration requirements.
A Spector 360 installation uses ONE Control Center Server, Primary Server, and Database Server. NOT attempt to install multiple instances of these Servers without contacting Technical Support.
Adding a Server
If you have a large or extremely active Spector 360 installation, you may want to install an additional Data Vault or Web Filter Server to facilitate data delivery and communication. Follow steps below to deploy another Server:
To install the server:

The Spector 360 Deployment Guide provides complete installation instructions. 1. Access the sp360setup73.exe program and select Component
Install - Or - Access the Setup program from a command line.
First, install the extra Server on its computer. Then, add the Server to the Control Center. Finally, apply Computer Profiles that use the new Server Settings to the network computers you want to report to this Server. 2.
Select Windows Start > Run and enter cmd. At the console prompt, navigate to the folder where the Setup program exists and use the following command: sp360setup73.exe /e Select the Server or Servers you wish to install. Provide your serial number at the bottom of the panel to continue.
Server requirements:
The Server Computer. Server computers should be up and running at all times. Server computers should have a static IP address.
The Database must be installed before servers are installed. All servers EXCEPT the Primary Server access the Database. Servers need to know the name of the Database computer. Servers need to run under a Windows account with access to the Database computer.
Servers require Database login credentials. Use the same Database credentials for all Web Filter Servers. Use the same Database credentials for all Data Vault Servers.
3. 4.
Agree to the End User License Agreement by checking the box and clicking Next. Do not download updates if you have not updated other core components (use the same Setup file versions).
181
Adding a Server
5.
Select Database from the right list and type the Database computer name and SA Password. The server will automatically attempt to make connection to the computer and the Spector 360 SQL Server instance.
6.
Select Control Center Server from the right list and enter the CCS computer name. The server will automatically contact the CCS for management.
Enter Database credentials for the Server. Make sure all Web Filter Servers or all Data Vault Servers use the same credentials.
Click Add. It's possible to add more than one server at a time. For a Data Vault, enter the full path to the central File Storage location, as accessed by the Database. The default location would 7. Select the Web Filter or Data Vault Server panel and supply the required information. Type the name of the computer to receive the Server installation. Enter non-Local System service account credentials for the Server. Make sure this account has permission to access the Database computer. 8. be C:\Spector360Data on the Database computer, and might be specified as \\SERVER05\C$\Spector360Data.
Complete the installation process.
The server icon should appear in the system tray of the computer it is installed on.
182
Adding a Server
To add the Server to the Control Center:

1. After the Server has been installed, open the Control Center and select Servers. Click Add a Server in the Task Navigation pane. The Add an Existing Server box appears.
Make sure all Servers are communicating with the Database. Two Servers of the same kind (two Data Vaults) should use the SAME credentials to access the Database. Make sure all Data Vault Servers use a Base Path to the same File Storage location.
To make the Server accessible to recorded computers:

1. 2. Select the Computers tool and Manage Recording Profiles. Add or modify a Computer Profile to use the new Server. Do this on the Server Settings panel of the profile. For example, SiteAProfile may be configured to use the Web Filter Server at Site A, and SiteB-Profile may be configured to use a second Web Filter 2. Select the type of server you are adding, Web Filtering or Data Vault Server, which you have already installed, as described above, on a computer. 3. 4. Browse to the computer where the server is installed, select the computer and click OK. Click OK to close the box and save the change. The Server is added to the Servers list in the Control Center. 3. Server at Site B. The Server Settings in the Computer Profile determine with which Servers a Recorder communicates. Apply the Computer Profiles to the appropriate computers to direct the Recorder to use one Server or the other.
183
Removing a Server
Removing a Server
You can remove an "extra" Data Vault or Web Filtering Server from the Control Center. These servers do NOT have the lock icon displayed next to them in the Servers view. If you want to completely remove or move the primary Server Components, use the Spector 360 Setup program. An extra Data Vault has been added
Control Center Server
How the Control Center Server Works

The Control Center Server (CCS), installed during Spector 360 Setup, is a Windows service that communicates with network computers, returning Recorder status to the Control Center application and relaying instructions to the Recorder. Although you can install multiple Control Center applications, you can install only one CCS. The CCS can be installed on any network computer under a network (as opposed to local) account, using Domain Administrator or equivalent credentials. The service requires administrator-level credentials on all computers in order to manage the Recorder software.
Requirements
To remove a Server:
1. 2. 3. 4. Select the Server (without a lock icon) you wish to remove. Select Remove the selected server from the Task Navigation pane - OR - Right-click on the Server and select Delete. Respond to the confirmation message. Refresh the Control Center. The Server will no longer appear in the Servers list.
One CCS installed Direct network access to Recorder computers Domain Administrator credentials to access all computers Direct network access to Control Center applications) Installed at a static IP address Computer is always up and running Recorder profiles are configured with the correct CCS (or IP
address) and port
To manage Spector 360 Recorders, the CCS:
Requires Administrator-level credentials. To perform its functions, this server must be able to operate as an Administrator user on all network computers being monitored. During installation or from the Control Center, direct the CCS service to log in as a common Windows Administrator User or as a Domain Administrator.
184
Manages the computer list. When you add computers to the Control Center's Computers List, the CCS establishes connection to the computers. Background updating is used to monitor status of the computers. If you choose, the CCS can query Active Directory and automatically update the computers listed in the Control Center. The CCS manages a ONE computer list for all Control Center applications.
Control Center Server Properties

The Control Center Server (CCS) maintains communication with Servers and Recorders from the Control Center. CCS settings provide Active Directory automation, Client Recorder update settings, and Audit connections. Select Servers > Control Center and Modify to view or change these settings. The top of the properties panel contains service settings and the lower portion provides client communication Settings and Auditing settings.
Controls a computer. The CCS delivers your Control Center instructions to STOP and START recording on a computer, RESTART the computer, or run diagnostic tests on the computer.
Control Center Service settings:

A Windows service handles communications for the Control Center.
Installs and uninstalls the Recorder. When you request a client installation, the CCS delivers the Client Install file to the computer and activates the Client Service to install the Recorder at the scheduled time. If you choose, the CCS can automatically install the Recorder on any new computers joining the network.
Provides Recorder configuration. When you make changes to recording at the Control Center, the CCS provides the changes to computers. Client Recorders automatically "check in" with the CCS and receive Recording Profile and Recorder Version updates. CCS settings determine when check-ins occurs and whether version updates will be delivered automatically.
Enables and controls Spector 360 self-auditing. The CCS can be used to log all activity at this Control Center and deliver the activity to the proper SQL Server instance for storage in the database. See Auditing.
Computer Name - The name of the computer where the Control Center Server ( CCS) is installed. If you need to move this server, use the Spector 360 Setup to reinstall the Control Center Server at the desired location and uninstall it from the previous location. Then, make sure the correct computer name appears in this field.
Listen IP Port - The port number (TCP and UDP) where the CCS listens for Recorders to communicate and update their status. Change this port only if there is a port conflict at the CCS computer. Use the arrow buttons to increment or decrement the value or simply type in a new number. A warning message appears if you change the port to another already used by a
185
Spector 360 Server. The CCS attempts to update Server Communications in all Recorder profiles.
Client settings:
The CCS communicates with client computers and manages the Recorder at computers.
Use Default Port - Click this button to return the Listen IP Port to its default value of 16768. Log Detail Level - The Control Center maintains a log of its own activities. The log file includes date/time-stamped scanning, licensing, configuration, and login actions, and can be useful in determining problem areas. By default, the log records a Low level of detail. Change the level to Normal or Debug only if instructed to do so by SpectorSoft Technical Support.
View Log File - Displays the Control Center self-auditing log (stored in \..\SpectorSoft\Spector 360 \ spceadminsvc.log) . Most recent activities are appended to the bottom of the file. More...
Enable communications with Spector 360 Recorder s - This option MUST be enabled in order for the Control Center to communicate with clients. The Control Center communicates with all Client Recorders using the TCP/IP protocol.
Server Status - Reports the status of the Control Center service: Running, Stopped, or Unknown if the service cannot be detected. Stop/Start Service - Stops the Control Center service if it is running; starts the service if it is not running. The service is called "Spector Control Center Server" in your list of Windows Services. The button toggles between "Start" and "Stop."
Client communications port - The port where the Spector 360 Recorder receives Control Center instructions, by default port 2468. Avoid changing the port unless there is an IP Port conflict.
Use Default - Click this button to return the Client communication port to its default port, 2468.
Do not change the Client communication port unless absolutely necessary. If you change the port, Recording Profile Server settings are updated to use this port.
Show Tray Icon - Displays an icon in the Windows system tray at the computer where the CCS is installed. Clear to hide the icon. Credentials - The CCS runs under Network Account credentials established during Setup. The CCS requires administrator privileges on all computers being monitored; in effect Domain Administrator credentials. Click this button to display an Account Information box, change the credentials, and click OK. You'll need to change credentials if the Domain Administrator password used by the CCS changes.
Background updating:
"Background processes" are programs that run without being visible. The CCS communicates continuously with computers through background communication to keep status of Client Recorders and Servers current. Use these settings to control this communication:
Enable background updates of Control Center views - Check to enable background updates of network activity. If a computer's status changes, the change will automatically show up in the Computers list. Clear to stop background updating and manually Refresh the list from the Control Center.
186
Install Spector 360 Recorder to all ADSI computer additions Check this item to instruct the CCS to install a Recorder on any new computer that has been automatically added to the Computers list from Active Directory. Computers will be added to the list AND the Recorder will be installed on those computers.
Be careful enabling the Install Spector Recorder to all ADSI computer additions option. You don't want to commit Recorder licenses to computers you do not intend to record.
Group ADSI Computers by - Use to group ADSI computers as they are added in the Manage Computers list. The default setting is No ADSI Grouping: All computers are added to the Default Group. Select another setting to group computers according to a
Update interval - The frequency (in minutes) with which background updates occur (if enabled), by default every 5 minutes. Type a number from 1 to 1440 or use the arrow keys to change the value. Increasing this value can reduce network traffic and may be satisfactory if users do not log in and out frequently. Decreasing the value is usually not necessary. Experiment with this setting to determine what best suits your situation.
group already defined in Active Directory. See Managing Computers from Active Directory. Active Directory has no impact on grouping of computers already in the Computers list. Custom ADSI Group - When you select Custom for ADSI grouping, use this field to create a group name. All computers added to the Computers list from ADSI will be added to this group. This becomes your default group.
Automatically update the Computer list using Active Directory Check to retrieve a list of computers from Active Directory to populate the manage computers view. Once these computers are added to the list, the CCS will continue to check with Active Directory and automatically add any NEW Active Directory computers to the Manage Computers view.
Client Update Time - Time of day at which the CCS will automatically install or apply updates to Recorders. Select from the following options: As soon as possible after changes are made - Updates will be relayed to client computers when they check in with the CCS. Installation and uninstallation updates will cause computers to restart, unless you have changed the Recording Profile. At this time every day - Set a time for updates to be received by computers. Even if a computer is off, it will receive the update as soon as it is turned on and restarted. Select the hour, minutes, or AM/PM value and type a new value or use the arrows to change the value.
Synchronize the Computer list to Active Directory - Available when the above option is checked. Check this option to add AND remove computers based on Active Directory. Any computers in Active Directory NOT in the computer list will be automatically added to the computer list. Any computers NOT in Active Directory will be automatically removed from the computer list. Clear this option to use Active Directory to update status only.
187
Control Center Server Administration
Auditing settings:
The CCS is responsible for passing audit transactions at this Control Center to the database. In this section, identify the Database computer and the account used for database connection. You will be prompted for the SA Password when you attempt to change these settings. See Auditing for a complete discussion of this feature.
Control Center Server Administration

From the computer where the Control Center Server (CCS) is installed, you can access a service Administration window by double-clicking the hammer icon in the Windows Taskbar or by right-clicking the icon and selecting Administration. This icon only appears on the computer where the service resides. Most of these functions are also available from the Servers tool in the Control Center application.
Server - The computer where the SQL Server database instance is
located. Click the computer button to select a different computer (database instance). See Changing the Database Computer.
To read CCS status:
Connection Account - The account used to access the database for
Version - The software version and build number of the Control Center Server. Communications - Displays the IP port configured in the Control Center Server settings.
audit transactions: SQL Server, Network Account, or Local Account. See Changing Server Credentials.
Auditing Status - Shows at a glance whether auditing is enabled or
disabled.
Enable/Disable - Click to open a box that allows you to enable or
To control the CCS:

Use the buttons in the Administration window:
disable auditing (same as the Tools > Options setting).
Server version:
The currently installed version and build of the Server is displayed at the bottom of its Properties panel. This information may be important for troubleshooting with SpectorSoft Technical Support.
Stop / Start Service - Stops the Primary Server service if the service is running. Starts the service if it is stopped. View Log File - Opens the CCS log file. You can view or print a log of CCS activity when requested by SpectorSoft Technical Support for troubleshooting purposes. More...
188
How the Data Vault Works
Deployment Utility - Opens the Spector 360 Deployment Utility, which allows you to build a Recorder configuration. The preferred method is described in Creating a Manual Setup File.
Data Vault Server
Windows Firewall - If applicable, this button displays the Windows Firewall Settings . You can disable the firewall exception for port 16768 (default) for troubleshooting purposes. By default, the firewall exception is enabled for the port when the CCS is installed and re-enabled every time the Windows Firewall Settings dialog box is opened and then closed.

The Data Vault Server is a Windows service that communicates with Spector 360 Recorders on the network and receives all recorded data. Every few minutes, the Data Vault Server processes recorded data for insertion into the Spector 360 Database and sends related Email Attachment and Screen Snapshot files to File Storage folders . You can manage the Data Vault Server settings from the Servers tool in the Control Center application.
Data Vault Requirements
Direct network access to Recorder computers Installed at a static IP address Computer is always up and running Runs under an account with credentials to access the
Database / File Storage Location
Recorder profiles are configured with the correct Data Vault

Close - Close the CCS Administration window.
Server Name (or IP address) and port
To hide the Server icon:

You can hide the icon in the system tray by right-clicking the icon and selecting Hide Tray Icon.
Data Vault Server configuration:

The Data Vault server operates under an account with credentials established on installation (Spector 360 Setup).
Same Computer When installed on the SAME computer as the MS SQL Server and Spector 360 Database, the service can run under Windows Local System.
Different Computer When installed separately from the SQL Server database instance or the base path folder, configure the service to use a Windows "Network Account." The Data Vault requires "read/write" privileges to access the computer(s) where data is stored.
189
Remote Office To capture recordings at a remote office, install ALL Server Components (without the Database) on the remote network, giving the Data Vault Server computer direct VPN connection to the centralized Database , under a Network Account.
The transmission lasts a maximum of thirty seconds. Any remaining events are transmitted to the Data Vault on subsequent connections. The Recorder would only reach this thirty-second threshold if it has been disconnected from the Data Vault for a period of time and has accumulated a large number of recorded events in the local Data File. 4. The Recorder deletes the data on the local hard drive. When the recorded events are received by the Data Vault, the Recorder deletes them from the local client hard drive. 4. The Data Vault inserts event records in the Data Vault DB. The Data Vault Server delivers the received data to the Data Vault database, where it is held in "raw" format. 5. The Data Vault Server passes files to the File Storage location. If there are email attachments or screen snapshot files associated with the data, the Data Vault delivers these to the File Storage folder located at the Base Path (default is C:\SpectorData on the Data Vault computer). Attachments are stored in one folder, and snapshots are stored by Domain and User. 6. The Data Vault initiates the "Process DV" jobs. Every few minutes, a Data Vault job runs to process events from a certain type of activity and insert them into the active STORAGE Database. The STORAGE Databases contain records of data for each computer or user sending recorded events. Once the data is in a STORAGE database, a Dashboard user can query and view the data.
Multiple Data Vaults If you add another Data Vault Server to your existing Server Component installation, give all Data Vaults the same account credentials. See Adding a Data Vault or Web Filter Server .
Data Vault sequence of events:

1. The Recorder records events. Each Recorder stores the data in files temporarily on the local computer hard drive. 2. The Recorder attempts to deliver data. Once every four minutes (or as configured), the Recorder attempts to communicate with the Data Vault through the established IP address and port at the Data Vault computer. If the Client Service cannot make contact with the Data Vault Server, the recorded data remains on the local computer until a maximum number days have passed or a storage limit is reached. If a maximum limit is reached (for example, the computer is offline for several weeks), the Recorder begins deleting the oldest data. 3. The Data Vault responds and receives the data. The Data Vault service listens on the established port for Recorder communication and makes the connection. As soon as connection is made, the Recorder pushes all stored data to the Data Vault Server.
190
Data Vault Properties

The Data Vault Server, installed with Server Components, receives data from Recorders and passes it to the Database and File Storage Location. The Control Center allows you to view or change the Data Vault Properties.
Debug - Use when SpectorSoft Technical Support requests more information.
View Log File - Displays the Data Vault Server log file. This information may be requested by SpectorSoft technical support for diagnostic purposes. More...
Service Status - Indicates whether the Windows service is "Running" or "Stopped." Stop Service - Available when the service is running. Click to stop the Data Vault Windows service. This action is the same as stopping the service from the Windows Service Manager or from the Data Vault Administration window. When the service is stopped, Recorder data cannot be delivered to the Data Vault and remains on the local computer until the service is restarted.

Data Vault service settings:
The top of the Data Vault Properties to control the service:
Start Service - Available when the service has been stopped. Click to start the service. Show Tray Icon - Displays an icon in the Windows system tray at the computer where the Data Vault Server is installed. Clear to hide the icon.
Computer Name - Computer where the Data Vault Server is installed. Listen IP Port - The IP port where the Data Vault listens for data from the Clients (16769). Change this port only if there is a conflict on your network. If you change the port here, the CCS will update all Recorder profiles (that use this Server) with new Server Communication settings.
Credentials - Click this button to verify or change the account credentials under which the Data Vault service runs. You will need to enter the SA Password to open the Data Vault Server Credentials box.
If you move this Server (the SQL Server instance), Dashboard users will not be able to aggregate data from the older Server location with newly recorded data. To maintain data from a previous SQL Server instance, (a) stop the Data Vault service (b) create a backup of the database (c) restore the data at the new server location, and (d) restart the Data Vault service.
Use Default Port - Resets the port back to its default value if it has been changed. Log Detail Level - Select the detail level for logging Data Vault activity: Low - Less activity is recorded, resulting in a smaller log file. Normal - The default level of activity is recorded.
191
Database Storage settings:

Configure the Database storage settings:
Combine User Recordings Across Computers - Check to store recordings from all user accounts with the same name in one user data set. This is useful when users log in locally to multiple computers and networks. For example, COMPUTER1/JOHN, COMPUTER2/JOHN, and NETWORK1/JOHN would be combined into <combined>/JOHN instead of three different "users." Clear this option to store data from all logins separately.
To view or change file encryption:

You can choose to encrypt data passed by the Data Vault Server to the File Storage location. Encryption makes it impossible to open or view the files without using the Dashboard.
Server Type - The type MS SQL Server cannot be changed. Server - The computer where the Spector 360 SQL Server instance is running. Click the button next to this field select a SPECTOR360 SQL Server instance on a different computer. The drop-down list displays all instances where the Spector 360 Database component has been installed. When you change the SQL Server instance, the Data Vault service will begin to populate the newly selected database with recorded data.
Server version:
Connection Account - The account this Server uses to connect to the SQL Server database instance. Possible account types are Local System, Network Account, or an SQL Server account.
Base Path - The path to the folder where the Data Vault Server stores Screen Snapshot and Email Attachment files of recorded activity, by default C:\Spector360Data on the computer where the Data Vault is installed. The path shown is relative to the Data Vault computer, not the computer on which you are running the Control Center. Click the button next to the Base Path field to navigate to and select a different File Storage folder.
When you change the Base Path, you change the storage location for FUTURE recordings. Use Windows to move the EXISTING data to a new location.
192
Data Vault Base Path
Data Vault Base Path

The "Base Path" locates the Spector 360 File Storage: where the Data Vault stores files - Email Attachments and Screen Snapshots associated with the data that it inserts into the Database. The default path is C:\Spector360Data, although this may have been changed during Spector 360 installation. Use the Base Path entry box to specify a new Data Vault path to the File Storage location, if necessary.
Data Vault Administration Window

From the computer where the Data Vault Server is installed, you can access a service Administration window by double-clicking the red lock icon in the Windows Taskbar or by right-clicking the icon and selecting Administration. This icon only appears on the computer where the service resides. Most of these functions are also available from the Servers tool in the Control Center application.
The Data Vault Server must be operating under an account with privilege to access this folder. Use Database Configuration - Modify File Storage Location to set up a share for the Spector 360 Data folder to be used by the Dashboard.
To read Data Vault status:
Version - Displays the software version and build number. Communications - Displays the IP port where the service is listening for Spector 360 Recorder deliveries. Database Server - The computer \ Spector 360 SQL Server instance which will receive processed data from the Data Vault. Database Status - This status is "OK, Connected" if the service is communicating with the Database, "Unknown" if the service cannot find the Database, or "Connection NOT established," if the service is not currently communicating with the Database server.
Base Path - The path the Data Vault Server uses to send files to File Storage.
193
How the Primary Server Works
To control the Data Vault:

Use the buttons in the Administration window:
Primary Server
Stop / Start Service - Stop or start the Data Vault Service. When you click Stop Service, you are prompted to confirm stopping the service. When you click Start Service, you are prompted to confirm starting the service.
How the Primary Server Works

The Primary Server is a Windows service that manages serial number registration, computer licenses, and Recorder (Signature File) version updates. A Recorder will not record unless it can establish network connection to the Primary Server. The Primary Server operates automatically behind the scenes. As soon as your Spector 360 installation has been "unlocked," it assigns a license to each Recorder you install. You can control the Primary Server, your serial number(s), and licenses from the Control Center application. Requirements
View Log file - Displays the Data Vault Service Log file. The log file tracks the service's attempts to communicate with the database and Clients, and to complete its data storage tasks. The coded messages assist in Data Vault /Database troubleshooting with the help of a SpectorSoft technical support representative.
Windows Firewall - Displays the Windows Firewall Settings box. Mark the "Enable Service Communication through Windows Firewall" checkbox to enable communication through the firewall; clear the check mark to disable the firewall exception. A status line informs you whether or not Windows Firewall is running at all. Click OK to accept a change in the firewall exception.
One Primary Server installed per serial number Direct network access to Recorder computers Installed at a Static IP address Computer is always up and running Internet access is beneficial but not required Recorder profiles are configured with the correct Primary
Server Name (or IP address) and port
To license and activate Spector 360 Recorders:

1. Spector 360 must be registered and "unlocked." When you register your Spector 360 Serial Number, either during installation or from the Control Center (see Manage Computer Licenses), you receive an "unlock" code for a specific number of computer licenses. Use the code to unlock the installation. You Close - Close the Data Vault Administration window. 2. can then install the Spector 360 Recorder on computers. Each Recorder installed receives a license. As soon as the Recorder is scheduled for installation on a computer, a license from your serial number is assigned to that computer. Once the Recorder is installed, the license cannot be

194
moved to another computer. When you uninstall the Recorder, the license is still reserved for that computer and can only be assigned to a computer with the same Windows name. 3. The Primary Server verifies the Recorder installation. When the Recorder is installed, it attempts to contact the Primary Server once every minute to establish initial communication and activate the license. When communication is established, the Primary Server verifies the computer name and license. 4. When the license is verified, the Recorder begins recording. After initial verification, the Recorder contacts the Primary Server once every four hours to verify the software license. If communication with the Primary Server is lost
If the service has been stopped, or the computer is off-line:
Primary Server Properties

The Primary Server handles licensing and updates of Recorder computers. This Server must be running and in communication with all installed Recorders for Spector 360 to operate correctly. To display the current communication and service account settings, select the Control Center Servers tool, Primary Server and Modify.
The Recorder continues recording, but recorded events will

not be uploaded to the Data Vault Server until communication with the Primary Server resumes.
The Recorder will attempt to contact the Primary Server

every hour to re-establish communications and to validate the software license.
The Recorder cannot respond to communication from the

Control Center for remote management.
195
Primary Server Properties
To view or change Primary Server Service properties:
Administration Window or select Check for new versions under Manage Recorder Versions. The Primary Server computer connects to the Internet IP Address defined by the domain "u2a1376gf-43ty245c.com." Access to this domain address must not be blocked by a network firewall. There are three possible ways to connect to the Update Server.
Computer Name - Displays the network computer where the Primary Server is installed. If you move the Server, be sure to change Server settings for all Computer Profiles.
Listen IP Port - The Primary Server listens for Client Recorders on port 16770. Do NOT change this port unless you have a specific network conflict. Use the arrows to change the number, or type in a new number. If you change the port, the CCS will attempt to change Server settings for all Computer Profiles.
Direct Connection - Use IP port 16771 to connect to the SpectorSoft server for updates. Proxy Connection - Access the Internet via a network web proxy server (HTML). You must specify the address and port for communication: Proxy Address - Enter the Proxy server IP address or name. Proxy IP Port - Enter the Port used to communicate with the proxy server.
Use Default Port - If the port has been changed, you can return it to the default Spector 360 port (16770) by clicking this button. View Log File - Click this button to view or save a text file log of Primary Server activity (splicensemanager.log) to use for troubleshooting purposes. More...
Service Status - Shows the Server as "Running," "Stopped," or "Unknown." Start Service - Available when the service is stopped. Starts the Primary Server service. The service MUST be started for Recorders to operate correctly.
HTTP Connection - (Default) Connect to SpectorSoft via HTTP port 80. This is the default configuration. If your network has a proxy server or a firewall that filters non-standard HTTP traffic, you may need to configure one of the other options provided.
Stop Service - Available when the service is running. Stops the Primary Server service. Credentials - This button allows you to change the account under which the Primary Server's Windows Service operates. By default the Server operates under the Local System account for the machine where it was installed. You can change the account to use a network account or credentials other than the Local System. You will need to enter the SA Password first. More...
Server version:
To view or change the SpectorSoft update connection:

The Primary Server is able to provide software updates by communicating with the SpectorSoft Update Server. Communication begins when you click the Updates button on the Primary Server
196
Primary Server Administration Window
Primary Server Administration Window

From the computer where the Primary Server is installed, you can access a service Administration window by double-clicking the double arrow icon in the Windows Taskbar Windows Taskbar or by rightclicking the icon and selecting Administration . This icon only appears on the computer where the service resides. Most of these functions are also available from the Control Center Servers tool.
View Log File - Opens the Primary Server log file. You can view or print a log of Primary Server activity when requested by SpectorSoft Technical Support for troubleshooting purposes.
Serial Number - Displays the Serial Number Registration dialog box. It's possible to register and unlock Spector 360 from this window.
Windows Firewall - The Windows Firewall Settings displays an exception for port 16770 (default). You can disable the exception for troubleshooting purposes. By default, the firewall exception is enabled for the port when the Primary Server is installed and re-
To read Primary Server status:
enabled every time the Windows Firewall Settings dialog box is opened and then closed.
Version - Software version and build number for the Server. Last Update - Displays last time the software was updated. Communications - Displays IP port configured in the Primary Server settings. RevLevels - Displays current Spector 360 Recorder revision information. This information helps you determine if you have the latest support for recording web-based email and security (stealth) from SpectorSoft.
Close - Close the Primary Server Administration window.

Serial Numbers - Displays the registered serial number and the number of Client licenses reserved, in use, and available.
To control the Primary Server:
Stop / Start Service - Stops the Primary Server service if the service is running. Starts the service if it is stopped. Updates - Check and download the latest Recorder Version. The update becomes visible in the Control Center application, and when the Recorders check in with the Primary Server, they can receive the update. The update file includes updated webmail capture, as the format of these web sites can change frequently.
197
How the Web Filter Server Works
Web Filtering Server
3.
The Recorder requests the WFS before going online. Each time the computer requests to go online to a web site, the Recorder checks with the Web Filter Server.
How the Web Filter Server Works

The Web Filter Server enforces Acceptable Use Policy by preventing users from accessing portions of the Internet. Installed as a Windows service, the Web Filter Server listens for Clients requesting to go online. Any Clients using Server Web Filtering (as opposed to Local Web Site blocking) are subjected to the rules the Web Filter Server delivers from the database. You will manage the Web Filter Server from the Spector 360 Control Center application.
Requirements
4.
The WFS grants or denies access. The server enforces block and allow rules by priority, as set by the Web Filtering rules currently in the database. The first rule is applied first, then the second, and so on, based on "who" and "when" and other settings. This type of filtering is dynamic and applies to the user login rather than the specific computer.
5.
The "Blocked" message is displayed at the computer. If a domain ends up being blocked by the rules, a customized message with a hyperlink can be displayed. The link might lead to an explanation of Acceptable Use Policy or to a request for Internet access. If the domain is not blocked, the site is displayed.
Direct network access to Recorder computers Installed at a static IP address Computer is always up and running Access to the Database Recorder profiles are configured with the correct WFS Name
(or IP address) and port
To apply local (Client-Side) web filtering:

It is possible to revert to Local Filtering as a backup when the Web Filter Server is not available (when the computer is removed from the network). This provides the most effective blocking policy. Although Server Web Filtering overrides Local Filtering as far as web sites (domains) are concerned, you can use local filtering to block ports or Chat/IM. The most restrictive policy always applies.
To apply Web Server filtering:

1. Web Filtering Rules must be defined. Use the Control Center or the Dashboard to define Web Filtering Rules, specifying the categories of domains you wish to filter, the Time Profile for applying filtering, and the users to receive the filtering. The Spector 360 Database provides pre-defined System Categories that cover well-known web sites. You can combine these with your own Custom Categories for a complete filtering policy. Test the filtering rules before enabling them to see if they block web sites as expected. 2. The Recorder must be configured for Server Web Filtering. Make sure the Recorder's profile has Server Web Filtering enabled in the Block > Web Sites settings. If this setting is not enabled, Web Filtering rules will not apply to this computer.
The Recorder ignores instructions from the Web Filter Server. Even if the computer is removed from the network or connected to any other network the filtering will be applied. The Recorder's When to Block and Who to Block settings apply to the specified web sites in addition to specified ports. You would change the filtering on any computer by applying profile changes.
198
Web Filter Server Properties
To apply "combination" web filtering:

It is possible to revert to Local Web Filtering as a backup when the Web Filter Server is not available (when the Client computer is removed from the network). This provides the most effective blocking policy. Although Server Web Filtering overrides Local Filtering as far as web sites (domains) are concerned, if you are also blocking ports or Chat/IM, the most restrictive policy always applies. Examples
Web Filter Server Properties

The Web Filter Server, installed during Spector 360 Setup, intercepts Recorders as they attempt to go online to the Internet in order to apply Web Filtering rules defined in the Spector 360 Database. Use the Control Center Servers tool to view or change the Web Filtering Server Properties and its connection to the Database.
If you block All Internet Access at the local Recorder, no Server Web Filtering rules will apply, because no Internet access is allowed.
If you block HTTP/HTTPS ports during work hours at the local Recorder, the Server Web Filtering rules will apply ONLY during "off" hours, when the Internet port access is allowed.
If you block HTTP/HTTPS ports for specific users at the local Recorder, the Server Web Filtering rules will apply to OTHER users. The locally blocked users are simply blocked from accessing web sites altogether.
If you allow ONLY Chat/IM from specific teachers or business associates at the Recorder, there will be no incoming messages from unauthorized contacts, even though Server Web Filtering rules may allow access to a chat room domain.
If you block ports used by Kazaa at the local Recorder, the user will NOT be able to download media at those ports, even if the domain is permitted.
If you block File Transfer via FTP from the local Recorder, a user might be able to visit a site, but the Recorder will NOT allow an FTP download from the site.
Web Filter Server properties:
Computer Name - Name of the computer where the Web Filter Server is installed now. Listen IP Port - The Web Filter Server listens on port 16771. Change this port only if there is a conflict on your network. If you
199
Web Filter Server Administration Window
change the port here, the CCS will attempt to update Server Communication settings for all Recorders using this Server .
Server version:
Use Default Port - Click this button to reset the port back to its default value if it has been changed. Log Detail Level - Shows the level of detail being captured in the Server log file. View Log File - Click to view a log of Server activity. More... Service Status - Shows the Server as "Running," "Stopped," or "Unknown." Start / Stop Service - Click Start to start the service when it is stopped; click Stop to stop the service when it is running. Credentials - Click to view or change the type of connection account or the account credentials under which the Web Filter Server (a Windows service) is operating. Credentials must provide access to the Spector 360 Database so that the Web Filter Server can receive web filtering instructions. More...
Web Filter Server Administration Window

From the computer where the Web Filter Server (WFS) is installed, you can access a service Administration window by double-clicking the double arrow icon in the Windows system tray or by right-clicking the icon and selecting Administration. This icon only appears on the computer where the service resides. Most of these functions are also available from the Servers tool in the Control Center application.
Database Connection settings:
Server - The Spector 360 SQL Server instance (computer and database) the Web Filter Server connects to. If the location of the Database has changed, click the computer button next to this field to select the correct SPECTOR360 SQL Server instance.
Connection Account - The type of credentials used by the Server to access the Spector 360 Database. The credentials will be the same as set by Set Credentials above. Local System - The service runs under the Local System account. DOMAIN\user - The service runs under a Windows network account. Username and Database - The service uses SQL Server credentials to access the database.
To read WFS status:
Version - Version of the Web Filter Server (WFS) installed. Communications - The port where the WFS is listening for Client requests. The default port is 16771. Database Server - The Spector 360 SQL Server instance (computer and database) providing Web Filtering rules to the WFS.
200
Web Filter Server Status
Database Status - The status of the WFS to the Database and whether the current database is validated. Status can be Connected, Not Connected, and Unknown.
Web Filter Server Status

The Server Status button on the Web Filter Server (WFS) Administration window opens a status box where you can view ongoing Client web events taking place in real time. The purpose of this display is to verify that Client web activity is indeed being detected and processed by the Web Filter Server. If no filtering is taking place, you see only confirmation of the database connection and the listening port. If filtering is taking place, you see each web request made by a user and whether it is allowed (0) or blocked (1).
To control the WFS:
Stop Service - Appears when the WFS Windows service is running. Click this button to stop the Windows service. A message asks you to confirm the action, and a second message tells you the service was stopped. When the service is stopped, either local Client Web Site blocking goes into effect as a backup, or there is no web site filtering.
Start Service - Appears when the WFS Windows service is not running. Click this button to start the Windows service. View Log File - Click this button to view a text log file of Web Filter Server activities. The log file is useful for SpectorSoft Technical Support when they help you troubleshoot problems. If Technical Support requests a "Verbose Log," click Server Status and make the selection.
Server Status - Click this button to view the Spector 360 Recorder activity detected by the Web Filter Server. More... Windows Firewall - Click this button to view the Windows Firewall status. When the WFS was installed, an exception was put into place to allow communication through an XP firewall on port 16771.
Clear Display - Click this button to clear the currently displayed information. Disable Display - Check this option to turn off the display of events on this box. Clear to view all user web requests. WFS Server Verbose Log - This option affects the Web Filter Server log file, which you view from the main WFS Administration window. Check this item when instructed by SpectorSoft Technical Support to increase the detail shown for each web filtering event logged by the Web Filter Server. Clear this option to keep the default, brief log, which logs only two lines for each event.
Close - Close the Data Vault window.

Exit - Closes the Web Filter Server status box.
201
Database Server Properties
Database Server
Change - Click this button to open a box where you can select a different SQL Server instance of the database. See Changing the Database Computer.
Database Server Properties

Database Server Properties allow you to view, change, and stop or start the MS SQL Server and Agent currently provided access to the Spector 360 Database. This SQL Server acts in behalf of the Database to receive data and the Job Agent instigates database jobs.
Service Status - Status of the MS SQL Server service. Running or Stopped if the service is not running. Stop/Start Service - Click this button to stop or startup the SQL Server service. Credentials - Click to change the account under which the Server runs. You will need to enter the SA password before you get to the Server Credentials box.
SQL Agent Service Status - If you are using MS SQL Server Standard or Enterprise, you are using the SQL Agent Service. The status is Running or Stopped.
Stop/Start SQL Agent - Click this button to stop or startup the SQL Agent service. Spector Agent Service Status - Status of the Spector Agent Service: Running or Stopped. Stop/Start Spector Agent - Click this button to stop or startup the Spector Agent service.
To move the Database, install the Spector 360 Database using the Spector 360 Setup program. Be sure to follow instructions in Moving the Database so you don't lose data!
To view or change Database Server properties:

Select the Servers tool, right-click the Database Server in the right pane, and select Modify.
Computer Name - Name of the computer where MS SQL Server and the Databases are installed.
202
Changing the Database Computer
Changing the Database Computer

If you have moved the MS SQL Server and the Spector 360 Databases to a new computer, you can use the Control Center to check and change the Database Server. When you change the Database Server computer, the Control Center attempts to change the Data Vault and Web Filter Servers to also point to the new Database instance.
Auditing
Viewing the Audit History

Organizations that need to audit trusted users of Spector 360 can enable Auditing to capture all Control Center commands, management Dashboard commands, and Server actions, storing them in the Database, and allowing viewing and reporting by user, computer, or action.
To reconfigure Servers for the new Database location:

1. Select Tools > Change Database from the Control Center menu. At the prompt, use the Database drop-down list to select the new location and log in to the Spector 360 SQL Server instance. 2. 3. 4. Select the Servers tool. Right-click and select Modify on the Data Vault Server. Click the computer selection button next to the Server name. The Database Server Properties box opens.
Only the System Administrator (SA) can allow a Spector 360 user access to Auditing, and the SA password will be required to enable or disable Auditing. Users without 5. 6. 7. 8. Use the drop-down list to select the computer. Click OK. A message asks if you want to attach to the Spector 360 Database on the new computer. Click Yes to proceed. Enter the SA password for the Database. Click OK. Click OK on the Database Server Properties box.
Verify the Data Vault Server Properties shows the correct File Storage Base Path on the new computer.
access do not see the Auditing navigation task bar.
What happens when auditing is enabled:

When you enable auditing, Spector 360 automatically begins to capture information about activity within the Control Center, the Dashboard, and Servers. The Control Center Server (CCS) collects auditing data from all servers and stores it in the Database for viewing in Servers > Auditing.
203
Servers - Each server tracks commands issued in its area. For example, the Primary Server tracks changes to assigned licenses, the Database Server tracks Database backups, and so on.
Server, Primary Server, Web Filtering Server, Dashboard, Export Utility, or "No Component."
Background capture - Commands are captured "in the background" without interrupting activity, but the user and computer issuing the command will be identified.
To view audit details:

Click on any + (plus) button to open details for a listed action. Click the - (minus) button to close details. The following illustration shows details for an "New computer" action in the Manage Computers.
CCS collects data - The CCS receives the temporary information gathered by the servers and stores it in an audit table in the Database.
AUDIT Database - The Database begins to manage a database starting as AUDIT-001. As auditing data accrues, new databases are automatically created: AUDIT-002, AUDIT-003 and so on.
Viewing - A user with access to Auditing in the Control Center is able to display and filter the logs for viewing and reporting in Audit History.
Audit data displayed:
Use the Previous and Next buttons on the toolbar to browse through pages of data. Use Refresh to update the view showing the latest data. For each action the following information is provided:
When - The date and time the command was issued. Action - Identifies the end result of the command issued: Add, Modify, or Delete a value or perform a Database operation. User - Identifies the user logged in when the command was issued. Computer - Identifies the computer where the command was issue. Location - Identifies the location in the user interface where the command was executed. Component - Identifies the program from which the command was issued: the Control Center, Control Center Server, Data Vault
Description - Lists fields that were applied or changed. The number of fields depends on the action. For example, "Unschedule Pending Install" may include only the Computer Name and Install Time. "Computers - New" lists all fields applied to the computer in the Add wizard or dialog box. "New Client Recorder Settings" lists all profile settings.
Audit Entity - Names the item added, deleted, or modified. For example, a profile change may list "Initial Profile Mac" as the entity (profile) that was changed. A new Dashboard login may list "wwilks" as the user who was added.
Before Value - The value of the item before modification. A blank value did not previously exist (i.e., the computer in the above
204
illustration). ON and OFF values are represented by 1 and 0. Other values may be another numerical value, a name, a time, and so on. You can match up values to the Component and Location interface that was used.
After Value - The value of the item after modification. The same values as the Before Value column apply to each field. A blank value represents an item that was removed. If the Before and After values are different (a change was made), both values are highlighted, as shown below.
Set Filter Criteria - Click Filter on the toolbar or "Filter the audit data being displayed" in the Task Navigation pane to open a criteria box and zero in on commands, types of data, users, or computers. The Filter Criteria persists in Audit History until you
change it. Click Clear Filter to clear the report and return to all
Audit data. See Audit Criteria.
To sort and filter audit data:
Sort by column - Click on a column heading in Audit History or Audit Details to sort the data (Ascending or Descending order) by When, Action User, Computer, Location, Component, or any of the Details fields.
Filter by column - Roll the cursor over a column heading and click the small filter icon to the right of the heading. This opens a menu allowing you to quickly filter by values in the column. For example, if you select Add from the Action filter menu, only records with an Add action are displayed, and all others are hidden. This option is available both in Audit History and Audit Details. An ALL option is added to the menu once a filter is "on" to show the hidden data. This filter does not persist; when you leave and return to Audit History ALL data is shown.
205
Enable/Disable Auditing
Enable/Disable Auditing
Enable Auditing when you want to track commands issued from the Control Center. When auditing is enabled, the Servers log commands and pass them back to the CCS, which stores all issued commands in the Database. User and computer information is captured with each command. See Viewing the Audit History. 4.
Local System account if the CCS and Database are on the same computer. Click Enable/Disable to display the following dialog box. Once it's configured, you can toggle auditing on or off from Tools > Options.
To enable auditing:
To enable auditing, use the Control Center Server properties to set up auditing and Tools > Options to switch it on and off. For security purposes you will be asked to identify the database and the account the CCS will use, as well as supply the SA password.
To configure auditing:
1. Select Servers > Control Center Server and Modify. Click on the Auditing tab. See Control Center Server Properties.
Enable - Turn on auditing. Disable - Turn off auditing. Cancel - Close this dialog box without changing settings.
2.
Select the Spector 360 Database computer. Click the computer icon button and select the computer where the SQL Server instance is installed.
3.
Specify a connection account. Use the key icon button to open a Server Credentials box. This account will be used by the CCS to access the Database to read and write auditing data. Use the
206
Audit Criteria
Audit Criteria
The Control Center provides filtering criteria (similar to criteria used in the Dashboard) for Audit History. Use Audit Criteria to limit the data shown and focus in on activity. You can select a date range, specific computers or users, or Spector 360 components and sources. For example, you could view all "Archive Database" actions from the previous year or all commands issued by one user so far this month.
Component and Source selections can exclude each other. Make sure a Source selection is a subset of your Component selection (for example, Computers - New source belongs to the Control Center component).
To change criteria:
In the Audit History view, select Filter from the toolbar or Task Navigation pane. Make selections in the Audit Criteria box and press OK. All data not within the filter is hidden.
Date: Select a time period from the drop-down list and fill in date and time fields as requested. Only the data recorded within the selected time period will be displayed. For example, if you request "Previous Month," activity from the current month will be hidden. See Viewing by Date.
Computers: Select one or more computers to include or exclude. See Viewing by Computer. Users: Select one or more users to include or exclude. See Viewing by User. See Components: Select a Spector 360 server or application to view. See Viewing by Component. Sources: Select the interface that is the source of the action. For example, Computer - New shows all commands adding, modifying, or deleting a computer in Manage Computers.
Actions: Select a type of action performed, such as Add, Modify, or Delete. See
If a date or time is not valid (according to this computer's system clock) a red warning symbol and message appear.
207
Viewing Audit History by Date
Criteria Settings
This informational field summarizes your criteria selections, revealing all set values. Use the Clear Filter button on the toolbar to clear all settings and return to a view of all data for "This Year."
active Database. Click on a calendar date to select it and place it in the "To" or "From" date box.
Date and Time Range - View data from a specific start date and time to and end date and time. For example, you might choose to view a critical time period during a company merger, from 3/1/2011 at 9:00 AM until 3/14/2011 at 5:00 PM. Use the dropdown calendar or type in From and To dates, entering an at time for each date. Date format mm/dd/yyyy and Time format is hh:ss:AM/PM or as set by this computer's system clock.
If a date or time is not valid (according to this computer's system clock) a red warning symbol and message appear.

A date and time is obtained from your local computer system clock (what defines "today") and from the date/time stamps in the audit data, captured from the user's computer when an event is recorded. Only data that fall within the Date selection will be displayed. For example, you may be interested in what actions have been taken in the last 6 months.
To limit audit history by date:

In the Audit Criteria box, click the Date drop-down list and choose one of the following:
Date Range with Time Constraint - View data within a date range at specific times. For example, you might view data for a 5-day work week, showing only the 8:00 AM to 5:00 PM period.
Date Range - View data within a specific date range. Type a From (beginning date) and a To (ending date) for the range in mm/dd/yyyy format, or click a down-arrow to select a date from a calendar. The "To" date must be equal to or greater than the "From" date. Today's date appears at the bottom of the calendar. Left and right arrows let you backup and go forward through months. You are limited to the first and most recent dates of recorded data in the Use the drop-down calendar or type in From and To dates. Enter the time between the starting time each day and the ending time each day. Date format mm/dd/yyyy and Time format is hh:ss:AM/PM or as set by this computer's system clock.
208
Today - View all data for today's date, a full 24 hours (12:00 AM to 11:59 PM). Note that a portion of "today" is probably not finished, so you will likely not view a full day.
Previous Month - View last month's data from 12:00 AM of the first day to 11:59 PM of the last day of the month. Last 'n' Months - View data for the previous number of months up to the present. Type the number of months to include, Sunday morning (12:00 AM) of the first day through Saturday midnight (11:59 PM) of the last day. The dates for the setting are reflected in the dimmed "From" and "To" fields. Check Include this month if you want to include this month's data, even though the week is not completely finished.
Yesterday - View all data for a full 24 hours (12:00 AM to 11:59 PM) for the previous date. Last 'n' Days - View data for the previous number of days up to the present. Enter or select the number of days to view, and check Include today if you want to include what has been recorded today so far. The selected from and to dates are displayed when you move on to the next field.
This Year - (Default) View all data for the current year, from January 1 through today. Last Year - View data from January 1st through December 31st of the previous year.
To return to viewing data for this year:
This Week - View data so far this week. Weeks are measured from Sunday morning (12:00 AM) to Saturday midnight (11:59 PM). If you select "This Week" on Thursday, you get Sunday through Thursday.
Use the Clear Filter command, or open the Filter Criteria and select This Year.
Previous Week - View last week's data from Sunday morning through Saturday midnight. Last 'n' Weeks - View data for the previous number of weeks. Type the number of weeks to include up to the present week, Sunday morning (12:00 AM) to Saturday midnight (11:59 PM). The dates for the setting are reflected in the dimmed "From" and "To" fields. Check Include this week if you want to include the current week's recorded data, even though the week is not completely finished. Leave "Include this week" blank if you want to make sure that each week is a full week of recorded data.
This Month - View data so far for this month. Months are measured from the morning of the first to midnight of the last day of the month. If you select this option on the 15th of the month, you will view data for days 1 through 15.
209
Viewing Audit History by Computer
Viewing Audit History by Computer

To focus on actions taken at specific computers, filter the Audit History by computer. For example, you may be interested in the actions taking place on an installed branch office Control Center. Or, you may want to see all actions on computers OTHER than the main, trusted administrator's computer.
Viewing Audit History by Component

Selecting components as criteria allows you to see commands issued from the Control Center, Dashboard, or one of the Servers. This criteria matches up to the "Component" column in the Audit History view. For example, you could exclude the Control Center and Dashboard components to focus on any actions involving the servers.
To view select computers:

1. In the Audit Criteria box, select Include Specific Computer(s) to show only selected computers, or Exclude Specific Computer(s) to hide selected computers. A Computers Selection box opens, listing available computers from the Audit History. 2. Select a computer from the Available Computers list. Use the Ctrl and Shift keys to select multiple computers. Click the > button to move the computer to the Selected Computers list on the right. Use < to remove a computer from the Selected to the Available Computers list. Click >> or << move all computers from one list to the other.
To include or exclude components:

1. In the Audit Criteria box, select Include Specific Component(s) to show only the actions in selected components or Exclude Specific Components(s) to hide selected components. A Components Selection box opens. 2. Select a component from the Available Components list. Use the Ctrl and Shift keys to select multiple components. Click the > button to move the component to the Selected Components list on the right. Use < to remove a component; click >> or << move all components from one list to the other.
3.
Click OK to apply the selection and close the box. 3. Click OK to apply the filter and close the selection list. Note that your selections are listed in the Audit Criteria Summary.
To return to viewing all computers:

Use the Clear Filter command, or open the Filter Criteria and select All computers.
To return to viewing all components:

Use the Clear Filter command, or open the Filter Criteria and select All components.
210
Viewing Audit History by Source
Viewing Audit History by Source

Selecting sources as criteria allows you to limit the Audit History to actions that took place within a specific Spector 360 interface. "Sources" match up with Audit History items in the "Location" column. For example, selecting the Source "Computers - New" will show you which computers have been recently added to the Computers list and by whom.
The sources:
The sources reflect the possible locations (user interfaces) where a command can be issued. For example, a "Computers" source would include actions that took place in the "Computers list" area of the Control Center. "New Dashboard Login" would include actions to add Spector 360 from the Dashboard component. Note that Available Sources may not yet have actions recorded in the Audit History.
To include or exclude sources:

1. In the Audit Criteria box, select Include Specific Source(s) to show only the actions in selected sources or Exclude Specific Source(s) to hide actions in selected sources. A Source Selection box opens. 2. Select a source from the Available Sources list. Use the Ctrl and Shift keys to select multiple sources. Click the > button to move the source to the Selected Sources list on the right. Use < to remove a source from the Selected list. Click >> or << move all sources from one list to the other.
To return to viewing all sources:

Use the Clear Filter command, or open the Filter Criteria and select All sources.
3.
Click OK to apply the filter and close the selection list. Note that your selections are listed in the Audit Criteria Summary.
211
Viewing Audit History by Action
Viewing Audit History by Action

Selecting actions as criteria allows you to limit the Audit History to specific actions taken. This criteria selection matches up with action types listed in the "Action" column in the Audit History. For example, you could view just "Delete" actions that have taken place.
The actions:
The actions reflect the possible types of commands that can be issued. For example, "Modify" actions may have taken place from the Computers list and in the Client Recorder Profile as computers were added and profiles changed. Note that some Available Actions may not yet be recorded in the Audit History.
To include or exclude actions:

1. In the Audit Criteria box, select Include Specific Action(s) to show only the actions in selected sources or Exclude Specific Action(s) to hide actions in selected sources. An Action Selection box opens.
To return to viewing all actions:

Use the Clear Filter command, or open the Filter Criteria and select All actions.
2.
Select an action from the Available Actions list. Use the Ctrl and Shift keys to select multiple actions. Click the > button to move the action to the Selected Actions list on the right. Use < to remove an action from the Selected list. Click >> or << move all actions from one list to the other.
3.
Click OK to apply the filter and close the selection list. Note that your selections are listed in the Audit Criteria Summary.
212
Manage the Database
Managing the Database

The Database tool in the Control Center allows you to monitor the status and size of databases, change the backup schedule, perform immediate backups and archives, restore backups and archives, control the File Storage Location (where Screen Snapshot and Email Attachment files are stored) and schedule automatic Space Management to preserve disk space.
To understand the flow of data from the Spector 360 Recorder to the Database, see Tracking Recorded Data.
Moving the Database

If the Database computer needs upgrading or the hard drive fails, it's possible to install the Spector 360 not lose data.
This procedure assumes that you use media or a remote network location for daily system backups, and that a Spector 360 Database Full Backup would be available.
For consolidated reporting, it's important to use only ONE Spector 360 database.
To manage the Spector 360 Database:
To move the Database to a new computer:

1. STOP your existing Data Vault Server. If the old Data Vault is still functioning, stop the Data Vault Service. If your old Data Vault is not functioning, don't worry about the Data Vault Service unless the same IP Address is being used on the new computer. The new Data Vault Service will not receive The Recorder data until you re-configure the Recorder s to send their recorded data to the new computer. Stop the service using the Control Center's Server tool. Select the Data Vault and Modify. Click Stop Service in the Properties box. You can also stop the service at the Data Vault computer, using the Data Vault Administration window
Manage Database Backup and Restore - View databases and the currently available backups and perform a backup, archive a database, or restore a backup or archive.
Manage Database Jobs - View each database job history and status, change job schedule and monitor job progress. Manage Database Configuration Set options for database storage, logs, backups, archives, enable Space Management,and set up Dashboard shares.
See the Servers section of this guide for instructions on verifying and monitoring the Data Vault and SQL Servers.
2.
Copy Snapshots and Attachments with the Backup. If your Database computer is available, use the Control Center to make sure Screen Snapshots and Email Attachments (if you are recording them) are included for Backups. Use Database >
213
Moving the Database
Manage Database Configuration to make this setting. When you do this before backing up, you will be able to restore the Screen Snapshot and Email Attachment files to the File Storage location, and the share names as previously defined will be updated in the CUSTOMER database. Database Configuration settings determine if snapshot/attachments are included 8. 7.
Backup and Restore pane. Exit out of the Control Center and wait for the all Databases to be restored. Activate the Data Vault Server. Follow the instructions in Step one and click Start Service. Check the Database computer. In the Control Center, select Servers, right-click the Database Server and select Modify. Next to "Computer Name" click the Change button. Select the new computer name. A prompt asks you if you want to reapply the Spector 360
When you change the Computer Name in the Database Server properties, the Control Center attempts to point the Data Vault and Web Filtering Servers to the new Database instance. Perform the following steps only if this did not occur.
3.
Perform a Full Backup. If your Database computer is available, perform an immediate Full Backup of the STORAGE databases. If the Database computer is not available, you will have to use the most recent Full Backup you have at another location. Copy the Full Backup Folder (default location on the Database computer is ...\MS SYQL\SQL.1\SPCT_BACKUP\ ) to the new computer's hard drive. 9.
Point the Data Vault Server to the correct computer. In the Control Center, select Servers, right-click the Data Vault Server and select Modify. Under "Database Storage," click the Change button. Select the correct Database computer and click OK. Enter the SA password and click OK. Click OK to save the Properties.
4.
Move your existing File Storage folder. IMPORTANT! If your Database computer is available and the File Storage location is on the Database computer, follow instructions to move the folder BEFORE you Uninstall the Spector 360
10. Point the Web Filter Server to the correct computer. If you are using Server Web Filtering, in the Control Center, select Servers, right-click the Web Filtering Server and select Modify. Under "Database Connection," click the Change button. Select the computer where the Database SQL Server is installed and click OK. Enter the SA password and click OK. Click OK to save the Properties. 11. Inform Dashboard and Control Center users. Test this new Database instance with existing Dashboard installations to make sure connections are working on the network. Dashboard and Control Center users will need to log in to the new Spector 360
5. 6.
Install the Spector 360 Database on the new computer. Use the Spector 360 Spector 360 Restore the backup. Be sure to restore the backup BEFORE you activate the Data Vault Server. At the new Database computer, use the Control Center's Database > Manage Database Backup and Restore and select the Browse for restore folder feature to locate the backup you copied to this computer, if it is not visible in the
214
Moving the File Storage Location
Moving the File Storage Location

Some customers find Screen Snapshots and Email Attachments critical to monitoring. Spector 360 stores in a single File Storage folder on the computer where the Data Vault Server is installed. Because snapshots are graphic files and attachments can be files of any size, depending on your capture settings, as these files accumulate, they can rapidly use up disk space. You can enable Space Management options, or you can simply move the File Storage folder to a computer or hard drive specifically dedicated to storage of these files.
4.
Change the Data Vault credentials, if necessary. In the Control Center, access Servers > Data Vault Properties. Click Credentials for the Data Vault Service. If the File Storage location is now on a computer separate from the Data Vault, you need to use Network Account credentials that have Read/Write privileges at the File Storage location. The credentials must be from an established network account. If necessary, check the computer where you moved the File Storage location to verify user access. The Network Account you select for the Data Vault Server will be automatically added for SQL Server access.
To move the File Storage Location:

1. Stop the Data Vault Server. First, stop the Data Vault while you move the folder to avoid sharing violations. At the machine where the Data Vault Server is installed, double-click the red padlock in the system tray. The Data Vault Administration window opens. Verify the Base Path location while you are here, which identifies where files are stored. The default location is C:\Spector360Data on the Data Vault Server computer.
5.
Change the Data Vault Base Path. In the Control Center's Data Vault Properties box, use the folder button next to "Base Path" to browse to and select the moved folder on the new computer. Click OK to set the Data Vault changes.
6.
Check the Database Configuration. Select the Control Center's Database > Manage Database Configuration. Select Modify file storage location from the Navigation pane. Make sure the Base Location specifies the new File Storage folder. Click the folder icon next to Shared Name to ensure the share refers to the correct folder. If necessary, change the Share folder and click OK.
Click the Stop Service button.
7.
Test the move from the Dashboard. Open a Dashboard, select User Explorer and a user for whom you know you have snapshots. If you see the previously recorded snapshots, the move was successful.
2.
Move the folder. Use Windows to move the File Storage folder (e.g., C:\Spector360Data ) to the new computer or hard drive. Make sure to move the entire folder.
3.
Share the folder. If Dashboard users are using a Share (other than C$ Share) to access files, use Windows to add the Share to the new File Storage folder security settings. Use the same Share name previously defined.
215
Viewing the Databases
STORAGE database in a format the Dashboard can query and
Databases
retrieve.
Viewing the Databases

The Database tool allows you to view and manage the Spector 360 Databases. Select Manage Database Backup and Restore, the first option, to view the version, archive status and size of each database, as well as the disk space used by each. The Databases pane is displayed in the upper portion of the window.
LOOKUP DB - 001: The lookup database is related to the Customer database and contains the program names, domain names, and so on, that appear in lists in the Dashboard. This information grows as data accumulates, and Spector 360
STORAGE DB - 001: Where the recorded data resides. Spector 360 WFS FILTER DB: Where Website Filtering custom categories, category groups, time profiles, and rules are stored. Initially this database is empty.
WFS SYSTEM DB: Where provided data (system categories) for Website filtering is stored. New data is added to this database when SpectorSoft provides WFS System Category updates.
The following information is provided for each database:
Database Name: Identifies the database. As you accumulate data, you will have multiple STORAGE, ALERT, and LOOKUP DBs, but only one ADMIN, CUSTOMER, and DATA VAULT DB.
The Spector 360 Databases
ADMIN DB: Contains the SQL Server instance scripts that are not customer specific. There are no tasks to perform for this database, and it is not included in a Full Backup.
Version: Identifies the Spector 360 Database version. Archived: Indicates whether or not the database has been archived (archives apply only to STORAGE DBs). Maximum Size: Maximum size the database can be before a new one is automatically created. The max for all databases is 4 GB (4,096 MB) for SQL Server Express and a user-defined size for SQL Server Standard / Enterprise. When a STORAGE database reaches this size, it can be archived.
ALERT DB - 001: Contains Event Alert profiles, keywords, and operators. CUSTOMER DB: Contains customer-specific data common to all data, such as login profiles. This database is included in a Full Backup. There are no tasks to perform for this database.
Current Size: The size of the database. The ADMIN and CUSTOMER DB sizes will not change until you upgrade Spector 360 . The DATA VAULT DB size increases as recordings are received from the Clients, and decreases as recordings are processed and inserted in the STORAGE database. The STORAGE
DATA VAULT DB: The Data Vault Server stores raw data it receives from Recorders in this database. The data is held here until the Process Data Vault job runs and inserts the data in the
216
Tracing Recorded Data
DB continues to increase in size until it reaches the maximum size and a new STORAGE DB is created.
Tracing Recorded Data

To manage the Spector 360 data successfully, you need to understand the progress of data from the time it is captured by the Recorder at the network computer until the time it is archived in a database.
Space Used: How much disk space the database is using. Date Created: The date and time the database was created (initially the installation date).
Backup vs. Archive
To record and process user activity:
A "Full Backup" backs up all Spector 360 Spector 360 "Archive" is available only after a STORAGE database
reaches its maximum size and saves data only from one STORAGE database to another location. An Archive Restore makes the archived STORAGE database accessible again at any time without affecting the current state of the database.
1.
The Spector 360 Recorder records and stores events. The Client Recorder, installed on each network computer, detects and records all events, organizing the data into records and storing it in data files on the local computer hard drive.
To manage the databases:

Perform the following tasks from the Databases pane using the toolbar or the right-click menu.
2.
The Recorder s push data to the Data Vault. Once every four minutes, a The Recorder attempts to deliver its stored data across the network
Backup - Back up all Databases immediately: Full Backup - Create a complete backup of the databases. Differential Backup - Back up only data new since the last backup. 3.
to the Data Vault Server, through the established Data Vault port. The Data Vault accepts the data. The Data Vault Server listens on the established port and responds to the Recorder communication. When the Recorder receives acknowledgement that recorded events have been accepted by the Data Vault service, it deletes the files from the local computer's hard drive. If the data is not accepted, or the Data Vault is not available, the data remains on the Recorder computer for a specified duration or until it reaches a maximum size, when the Recorder begins to delete the oldest events. 4. The data goes into the DATA VAULT DB. The Data Vault Server receives the data and directs it to the DATA VAULT database, where it is held in "raw" format. It passes
Restore - Restore all Databases from a backup folder: Restore Databases - Retrieve a Backup from the normal location Browse for Restore Folder - Navigate to a Backup set location.
Archive - Archive the selected, "full" STORAGE database. Archive Restore - Restore the selected archived database. History - View the backup and version history of a database. Statistics - View statistics for a DATA VAULT or STORAGE database. Refresh - Refresh the information shown.
217
files (screen snapshots or email attachments) to the specified File Storage folder location.
For best results, install the Data Vault Server, the Database, and the File Storage location on the same computer.
Viewing Database Statistics

Database statistics give you an idea of the number of recordings and the dates covered within a STORAGE database. The statistics themselves also give you a bird's eye view of activity on your network, showing program/Internet/network usage across broad periods of time. They can help you determine the nature of the data contained in a database before you archive or restore a backup.
5.
Data is processed for the STORAGE DB. The Data Vault periodically runs Process Data Vault (DV) jobs for each type of recorded activity, which format the data in the DATA VAULT DB and place it into the most recent, active STORAGE database.
6.
The Dashboard accesses the data. Once the data is in the STORAGE database, a user can log into the Dashboard, connect to the SQL Server instance of the Spector 360
7.
New STORAGE databases are automatically created. Each STORAGE database stores data records, usually in sequential order. When a database exceeds its maximum size, a new database is automatically created (STORAGE - 002). The Control Center and the Dashboard have access to all available STORAGE databases. You can get statistics on:
STORAGE DB These databases contain the records viewed by Dashboard users. View statistics on a single database (for example, on STORAGE DB - 001) or Across Databases (for example on STORAGE DB - 001 through 003).
8.
Full STORAGE databases can be archived. To conserve disk space, you can archive older, full (at maximum size) STORAGE databases and remove them from the Spector 360
DATA VAULT DB The DATA VAULT database receives raw data passed from the Recorders to the Data Vault service. This data is processed regularly and inserted into the active STORAGE database. Statistics on the DATA VAULT show you the records being captured now.
To view statistics on a database:

1. Select the Database tool and the Manage Database Backup and Restore.
218
Viewing Database Statistics
2. 3.
In the upper right Databases pane, select the STORAGE or DATA VAULT database you wish to view. Select Statistics on the toolbar - OR Select View database statistics from the Task Navigation pane OR - Right-click and select Statistics.
The DATA VAULT statistics may show few or no records, because as data is processed and inserted into the current STORAGE database, it is removed from this database. The DATA VAULT DB refills as Recorders pass new data to it.
summarized in the Database Statistics window. By default, the Dashboard shows statistics by Event:
Across Databases: When checked, this counts records from all available STORAGE and DATA VAULT databases. By default, the option is cleared and you see statistics only from the database you selected. You can switch between the Events/Users/Computers view of statistics with this option selected. If Users is also selected, you will not see the DATA VAULT database.
Events: When checked, this option displays a record count of events, starting with the most active Event type. If you also select Users or Computers, those fields are added.
The statistics shown for all databases take the same format, and all views of the statistics show these fields:
Record Count: Total number of event recordings for each activity type. By default all views of the statistics show records ordered from largest Record Count to smallest.
Start Date: When this database started receiving these event recordings. End Date: Last time the database received new data for each type of recording. Status: Status of the database can be Online, the Dashboard can access the data, or Archived, the data has been archived and deleted from the accessible location.
Users: Displays record count by user, starting with the user with the greatest record count. If you select Users in addition to Events or Computers, Users are listed in the first column. Selected alone, this option summarizes a users activity.
Use the play buttons at the bottom of the window to navigate through Statistics records:
To change the statistics displayed:

Select an option at the top of the Database Statistics window. You can select one, several, or all options. The database contents are
Computers: Displays the record count by computer, starting with the computer with the greatest record count. Selected alone, this option provides a quick summary of activity on a computer.
219
Viewing Database History

To find out when and where a Database backup was performed, use the History function in the Databases pane. You can view the history of the ALERT, CUSTOMER, LOOKUP, STORAGE, and WFS FILTER DB.
The Statistics window always opens to its default view of Events only for the selected database.
To sort statistics by a field
Click on a column heading in the Database Statistics window. The statistics are sorted by that field, greatest to least (down arrow next to field name). If you click on the same column heading again, the sort order is reversed to least to greatest.
To view the history of a database:

1. 2. Select the Database tool and Manage Database Backup and Restore. In the upper right Database pane, right-click on a database and select History, or select a database and click History on the toolbar. The Database History window appears, displaying information about the database. Use play buttons at the bottom of the window to navigate through records.
You can also drag and drop the column headings to change the order of fields in the window.
For example, for a view of one users activity, select all options at the top of the Statistics window. Click the User column heading to sort by user. You can then scroll or page to the user you wish to review.
Date: Date of the database backup activity. Operation: Backup or Restore of the database. User Name: User who requested the backup or restore. File Name: Location of the backup, by default: C:\Program Files\Microsoft SQL Server\MSSQL$SPECTOR360 \Backup\0001\ (for the first full backup)
220
Managing Database Backups
Database Backup, Archive, Restore
Managing Database Backups

Spector 360 automatically creates backups of the databases so that they can be fully restored in the event the data becomes compromised, a system failure occurs, or you decide to move the Spector 360 Database.
By default, Spector 360 performs a Full Backup every week and a Differential Backup every night on the same computer where the currently active databases are installed. Use automatic Space Management options or use Windows file management to move or delete old backups.
Full Backup Date: The date and time the backup set was created by performing a full backup. Differential Backup Date: The date and time the last differential backup was performed for the backup set. File size: The size of the backup file. Database version: The version of the Spector 360 Valid Backup: Indicates whether or not the backup can be restored. Yes means the backup is valid and can be restored; No means the version is invalid or the data has been compromised.
Keep at least two full backups of your databases. In addition, it is good practice to "test" backups by restoring them to a Test Database. See Troubleshooting.
To view Backup History:

Select the Database tools and Manage Database Backup and Restore. The lower portion of the right pane displays your Backup History.
Backup File: Names the full backup file that will be used with the latest differential, if available, to restore the data. Each backup set is stored in its own folder and contains a full backup file (F... BAK) and any differential backups (D... BAK).
221
A Backup Set Contains One Full and Multiple Differential Backups
To manage backups:
Perform the following tasks from the Backup History pane using the toolbar or the right-click menu.

Backup Path: Identifies the path to the folder where backup sets are stored. Each time a full backup is created, a new backup set folder is created within this directory. Subsequent Differential Backups are added to the folder. The folder takes the name SPECTOR360 [date][time]. Change the Backup path and folder from Database Configuration. The Spctr_Backup Folder Contains Your Backup Sets
Refresh the information shown. Select Refresh on the toolbar or from the right-click menu. Delete a backup. Select the backup and click Delete on the toolbar. More... Create a differential backup. Back up only data new since the last backup. More... Create a full backup Create a complete backup of the databases. More... Restore the databases Select a backup set from the Backup History list and click Restore. Locate (Browse to) and restore a backup form another location. More...
222
Creating a Full Backup
Creating a Full Backup

A full backup makes a baseline copy of all databases (ADMIN, ALERT, CUSTOMER, DATA VAULT, LOOKUP, STORAGE, WFS FILTER and WFS SYSTEM) currently in use. The Backup - Full job has a default weekly schedule and destination folder, which you can change to meet your requirements. Each full backup causes a new folder, containing the full backup file and any subsequent differential backups, to be created in the defined backup location.
Alternatively, you can right-click anywhere in the upper right Databases pane and select Create a Full Backup.
To change the schedule for automatic backups:

1. 2. 3. Select Database > Manage Database Jobs. In the right Jobs pane, select Backup - Full. Click the Modify button on the toolbar - OR Right-click and select Modify. See Scheduling Jobs.
If you do not change the default backup schedules, you probably want to enable automatic Space Management options or use Windows file management to control the amount of disk space used by Spector 360
Spector 360 is set to perform a full backup one night every week. A full backup creates a new backup folder (backup set) at the Backup Location. A backup set contains a full backup file and each subsequent differential backup (up to the next full backup).
Each folder has the date and time appended to its name: SPECTOR360 yyyymmddhhmmss The default Backup Location is: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Data\
Creating a Differential Backup

A differential backup backs up all changes since the last full backup. Use it for frequent and quick data backups; a differential backup takes only a fraction of the time taken by a full backup. When you restore a database, the full backup you select, plus the latest differential (if there is one), is used.
Change the location using Database Configuration.

No one should attempt to log in to the Database from the Control Center or Dashboard while a Backup is taking place.
Differential backups are stored in a dated folder with their associated full backup at the Backup Location. Spector 360 is set to run a differential backup every night.
To create a full backup now:

1. 2. Select the Database > Manage Database Backup and Restore. In the Task Navigation pane, select Create a Full Backup. The Job Status window automatically opens, allowing you to view the progress of the Backup - Full job. 3. Right-click and select Refresh Status to be sure the job has finished. The backup takes anywhere from several minutes to an hour depending on the amount of data and your system's performance.
To backup the latest data now:

You may want to create a differential backup on demand (before system maintenance or other events). 1. 2. Select Database > Manage Database Backup and Restore. In the Task Navigation pane, select Create a Differential Backup. The Job Status window automatically opens, allowing you to view the progress of the Backup - Differential job.
223
Archiving a Database
Archiving a Database
A STORAGE database can be archived as soon as it reaches its maximum size and another database has been automatically created. The Archive job moves the STORAGE data to the designated archive location. Archived data is no longer accessible by Dashboard users, but it can be restored at any time without changing the state of the current databases. Use the Database tool to archive old STORAGE Databases, making room for new ones.
Do not attempt to use the Dashboard while an Archive or Restore is taking place.
You can view statistics and history in an ARCHIVE. Normally the data is stored sequentially in order of recording time, so you would be able to investigate or research a particular time period.
Notes about archiving:
An archive affects only STORAGE data. Unlike a full backup, which copies all data from ALL databases to the backup location, an archive moves only STORAGE data to the archive location. Archived data is no longer accessible by Dashboard users. An archive does not include Admin, Customer or Data Vault databases, which remain active following an archive.
To archive a database:
1. 2. Select Database > Manage Database Backup and Restore. In the upper right Databases pane, select the full STORAGE database you wish to archive. The database must have reached its maximum size, and a new database must be started. 3. 4. 5. Click Archive on the toolbar - OR Right-click the STORAGE database and select Archive. A message appears informing you that the database will be offline (not available) after archiving. Click Yes to continue. Wait as the operation is performed. The database is removed to the specified archive location and is no longer directly accessible. Click Refresh on the toolbar to make sure that the archived database now reads "Yes" in the "Archived" field.
You can restore archives. To restore a STORAGE archive, the archived database must be listed in Databases Management and it must be on the database computer. If you've moved the archive off the computer's hard drive, before attempting to restore, move it back on. The default location for archives is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Archive.
You can archive only a full STORAGE database. When a database reaches its size limit (4096 MB for SQL Server Express and user-defined for full SQL Server), Spector 360 automatically creates a new database (e.g., STORAGE-002). You can archive a database only after it is full and a new one is created.
Archives write to the database computer. Archive to the default location C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Archive or to another location on the SQL Server/Database computer. This ensures SQL Server has full permission to the archive. Once the archive is complete, you can move it to a different location.
224
Restoring a Backup
You can set up automatic archiving. The Database provides Space Management settings for automatic archiving when certain conditions are met.
Restoring a Backup
If the data becomes compromised, or if you need to move the data to a new computer, you will need to restore the latest Spector 360 Database.
Restore when the database is not being used! Restore at a time when the fewest users will be affected. During the restore, Dashboard and Control Center users will not be able to connect to the database, all connections to the database will be dropped, and if a user attempts to access data, the application will close. It's best to restore a Backup folder from a local drive on the database computer. In addition, it is good practice to "test" backups by restoring them to a Test Database. See Troubleshooting.
3.
Restore share names. The Backup procedure displays a Share Names box if File Storage share names differ. Select the folder with share names you want to restore. The Share names will allow Dashboard users to access Screen Snapshot and Email Attachments from the File Storage Location. The default is C$ share. Change the Share Name if you wish. Click OK. These Shares will appear in under Database > Manage Database Configuration > File Storage Location.
To restore a Backup:
1. Select a Backup folder. Open Database > Manage Database Backup and Restore. If the backup you want to restore is listed in the Backup History pane, select the backup. 2. Select Restore. Click Restore button on the toolbar and select Restore Databases - OR - Select Restore from a full backup in the Task Navigation pane - OR - Right-click on the backup and select Restore Databases. If the backup you need is NOT listed in Backup History, select Browse for Restore Folder. Navigate to the folder you wish to use. See Browse for Restore Folder. 3.
Choose access during restore. Select whether or not you want users to be able to access the database before the restore is completely finished. Click one of the Allow access buttons to continue the backup. See Restore Steps for help in making your choice.
225
Browsing for a Restore Folder
4.
Wait as the Backup folder is restored. The full backup and latest differential are restored to the current SQL Server instance. If you have chosen to save Snapshots and Attachments for Backup/Restore (see Database Configuration), the Restore job will copy the Screen Snapshot and Email Attachment files to the specified destination folder, and the share names as you have defined them will be updated in the CUSTOMER database. If Snapshots and Attachment files were not included in the Backup, a message appears telling you that only the database will be restored. The Snapshot and Email Attachment files will not be available. Click Yes to restore the database only. Database Configuration settings determine if snapshot/attachments are included
Browsing for a Restore Folder

If your backup is not in the specified Spector 360 Backup location, you can browse for the folder in order to restore the backup. Select Database and Manage Database Backup and Restore. For more information about restoring backups, see Restoring a Backup.
Do not attempt to restore data from a network folder unless you have appropriate network speed and reliability. A lapse in network connection could compromise the data, requiring a database uninstall/reinstall. We recommend you move the Backup folder to a local drive before restoring.
To browse for a restore:

1. In Manage Database Backup and Restore: Click Restore on the toolbar and select Browse for Restore Folder - OR- Right-click in the Backup History pane and select Browse for Restore Folder.
5.
When the Restore is complete, check the data. Open STORAGE database Statistics to see if the data was successfully restored as you expected. 2. By default the Spector 360 Spector 360 Backup location is displayed in the Browse for Folder box. Navigate to any other folder where a Spector 360 backup is stored. Select the Backup set folder ("SPECTOR360 [date][time]") and click OK. See Restoring a Backup for more information on the Restore job
Errors appear if the data is not compatible with the database. If serious errors occur, you may have to uninstall the database, reinstall it, and restore a valid backup.
226
Full Restore Steps
Full Restore Steps

There are two steps to a Full Database Restore. You can allow Spector 360 users (Dashboard and Control Center users) to access the database after Step 1, when the STORAGE data has been restored, or make them wait until after Step 2, when the entire restore including all files is complete. The restore commences immediately when you make a selection.
not available. Users receive the message "The database restore operation is running. The Dashboard must be shut down." Their Dashboard application then shuts down. This is why it is important to inform all users when a restore operation will take place, or run the restore when users will not be using the Dashboard.
If you chose not to copy snapshots and attachment files as part of the backup job, Step 2 does not apply.
Step 2 of Restore
During the Step 2 of a restore job, the restore operation overwrites all screen snapshot and email attachment files. The database has been fully restored and has all pointers to the files, but the files are now being overwritten with restored data. This step can take a long time, and so you are offered a choice:
If you select Allow access after Step 1 on the dialog box, users now regain access to the newly restored database. Dashboard users can access Quick View, User Explorer, and so on. However, if a user attempts to access a screen snapshot or email attachment, a "File not found" error message appears.
Allow access after Step 1 - This allows users to access the database after Step 1 of the restore operation completes. If Step 1 is NOT complete, a message appears and their Dashboard (or Control Center) closes automatically.
If you select Allow access after Step 2 on the dialog box, users are blocked from using the Dashboard until the restore procedure is completely finished. As in step 1 of the process, any attempt to access data causes the Dashboard to shut down.
If Dashboard users are having frequent "File not found" errors, and you have selected Allow access after Step 1, a restore in progress could be causing this problem.
Allow access after Step 2 - This blocks user access through the entire restore operation (Step 1 and Step 2). Users attempting to access the database receive a message and their Dashboard (or Control Center) closes automatically.
Cancel - Cancel out of the request and do not perform the restore. You exit back to Backup and Restore Management.
To check the progress of the restore:

After you launch a restore, wait for a period time for the first part of the restore to complete, and then check on the restore using these steps. If you attempt to check on a restore before it Step 1 is complete, you will receive the shut down message.
Step 1 of Restore
During the first step of a restore job, the restore operation overwrites all data in the current database. While this happens, the database is
227
Restoring an Archived Database
3. 4. 5.
Select the Jobs Management folder in Management. Click the Refresh button on the Dashboard toolbar. Wait several moments for the display to update. Check the Archive/Restore job. If the job status says it is currently executing, the restore is not finished. If the job status shows an updated "Last Run Time" and says that the job is currently idle, the restore operation has completed.
4. 5.
On the toolbar, click Archive Restore - OR right-click the archived database and select Archive Restore. Wait for the database to be restored. Click Refresh on the toolbar. The status for the database will be updated if the restore was successful, and the data will be available to Dashboard users.
Notes on Archive Restore:
Restoring an Archived Database

You can restore an archived STORAGE database for investigation, research, or to reconstruct the data from a particular time period in the past. The list of Databases in the upper right pane under Manage Database Backup and Restore lists which STORAGE databases have been archived for the current Spector 360
The Control Center restores STORAGE archives. Restoring an archive restores only the STORAGE database from the selected archive. If you need to reconstruct the entire Spector 360
The archive must be on the database computer. If the archive folder has been physically moved to a different location, copy it back to the computer where the Spector 360 Spector 360
To check the archived data:

To determine if the STORAGE database you wish to restore actually has the data you need, right-click on the archived STORAGE database and select View Statistics. Statistics provide the dates, computers, and users captured by the stored recordings in the database.
You can restore from a remote Control Center. The restore function automatically looks at the archive destination location on the Database computer for the archive folder. From that folder, select the archive you want.
Only previously archived data can be restored. If a database has not been archived, you cannot perform the Archive Restore function. If you need to restore from a database backup, select Restore from a Full Backup from the Task Navigation pane. See Restoring a Backup.
To restore an archived database:

1. 2. Select the Database tool and Manage Database Backup and Restore. In the upper right Databases pane, select the STORAGE database you wish to restore.
If the archived database is not in the list, you can choose to Browse for Restore to navigate to an archive location that is not at the location specified by the Database Configuration. See Browse for Restore.
3.
228
Deleting a Backup
Deleting a Backup
We recommend keeping at least two full backups of your Spector 360 Database. To save disk space, delete older backups that you probably won't be using. See Space Management for automatic deletion of older backups. The SA login can delete a backup set directly from Manage Database Backup and Restore.
Database Jobs
Managing Database Jobs

Manage Database Jobs provides a list of all Spector 360 Database Jobs. These include SQL Server and database maintenance jobs, backup/archive/restore jobs, and the jobs that process data received by the Data Vault for insertion into the latest STORAGE database. All jobs (except Misc - Archive/Restore) run automatically on a default schedule, and no adjustments are required. The Database Jobs pane shows you which jobs are running and allows you to adjust job schedules as needed.
To delete a backup:
1. 2. 3. 4. Open the Database tool and select Manage Database Backup and Restore. Select the backup you wish to delete. Right-click and select Delete. A message asks you to confirm the deletion. Click Yes to continue. Wait until a message appears telling you that the selected backup and its associated files have been removed. Click OK. The backup is now deleted from the hard drive. 5. Click Refresh on the toolbar (or right-click and select Refresh) to see an updated list of backups.
Partial Database Jobs List
To view jobs for the current database:

Select Database and Manage Database Jobs. Each database jobs is listed in the right pane with its run time, status and description.
Job Name: See "Types of Database Jobs" below. Last Run Time: Date and time the job was last run - "None" if the job has not yet run.
229
Next Run Time: Date and time the job is scheduled to run next "None" if no schedule has been set. Note that Archive/Restore jobs cannot be scheduled through Jobs Management.
Backup Differential. A differential backup backs up all changes since the last full backup. Use it for frequent and quick data backups; a differential backup takes only a fraction of the time taken by a full backup. When you restore a database, the full backup you select, plus the latest differential (if there is one) is used.
Current Status: "The job is currently idle" or "The job is executing." Description: A brief description of the job.
Process DV - Common Data. This job processes data common among the event types users, computers, programs, and domains that has been received by the DATA VAULT database for insertion into current STORAGE Database. The job runs every 2 minutes by default, depending on whether or not the Data Vault is receiving Recorder data from computers. You can change the schedule to meet your requirements.
To access information about database jobs:

View and/or right-click on:
Maintenance Server. This job performs behind-the-scenes, general server maintenance, such as cycling SQL Server logs, flushing cache for all databases, and removing excessive data. By preventing error logs and other files from becoming too large, server maintenance ensures better performance. By default, server maintenance takes place daily at 4:00 AM. You can change the schedule to meet your requirements; for example, a highvolume server may require the job to be run twice a day. Error logs are flat text files stored in ...\Microsoft SQL Server\MSSQL$SPECTOR360\LOG on the Data Vault - Database computer.
Misc - Archive/Restore. This item tracks Archive and Restore jobs. An Archive job moves a specified STORAGE database to an archive location, deleting it from the current database location. A Restore job restores an archive or backup to the active databases. These jobs are not scheduled to run regularly, but you can view their History from Manage Database Jobs.
Job scheduling does NOT apply to Misc - Archive/Restore jobs, although an archive can be run automatically as part of the Maintenance - Space Management job.
Maintenance Database.This job performs behind-the-scenes maintenance to ensure database performance, such as re-indexing all tables in the current STORAGE databases. By default, database maintenance runs once a week on Sunday night. You can change the schedule to meet your requirements.
Process DV - Lookup Data. This job processes the lookup values Spector 360 uses internally from event data in the DATA VAULT database for use in the STORAGE database tables. By default, this job runs every 2 minutes. You can change the schedule to meet your requirements.
Backup Full. A full backup makes a baseline copy of all databases (ADMIN, ALERT, CUSTOMER, DATA VAULT, LOOKUP, STORAGE, WFS FILTER and WFS SYSTEM) currently in use. The Backup - Full job has a default weekly schedule and destination folder, which you can change to meet your requirements. Each full backup causes a new folder, containing the full backup file and any subsequent differential backups, to be created in the defined backup location.
Maintenance - Space Management. This job executes any archives or deletion of archives and backups that you have set up in Space Management. If you have not enabled automatic space management, the job has no effect on the data. Select Management Database Configuration and Space Management in
230
the left pane to change the settings. By default, this job runs once a week.
Process DV - Snapshot Data. This job processes Screen Snapshots received from Recorders. By default, this job runs every 5 minutes.
Maintenance - Flush Search Cache. This job flushes the Dashboard Search tool cache. The Search cache keeps Dashboard search results available so that a user can return to them after using other Dashboard tools. Because this cache uses up memory, it is flushed when the Dashboard is closed AND as often as set in this job schedule. By default, the Search cache is scheduled to be flushed once every four hours, every day. You can change the schedule to improve performance on your system.
Process DV - User Activity Data. This job processes User Activity (log on / log off) received from Recorders. By default, this job runs every 5 minutes.
Process DV - Email Data. This job processes Email Activity received from Recorders. By default, this job runs every 5 minutes.
Maintenance - Data Retention. This job executes deletion of transactions that you have set up in Space Management. If you have not enabled automatic space management, no deletions take place. By default the job is scheduled to run once a day.
Process DV - Keystroke Data. This job processes Keystrokes Typed activity received from Recorders. By default, this job runs every 5 minutes.
Process DV - Update DV Statistics. This job updates the Data Vault statistics so that you can view the latest Recorder data received. See Viewing Database Statistics. By default, this job runs every 15 minutes.
Process DV - Chat Data. This job processes Chat/IM activity received from Recorders. By default, this job runs every 5 minutes.
Process DV - Document Data. This job processes Document Tracking activity received from Recorders. By default, this job runs every 5 minutes.
Process DV - URL Data. This job processes Web Site activity received from Recorders. By default, this job runs every 10 minutes.
Process DV - Keyword Data. This job processes Keyword activity received from Recorders. By default, this job runs every 5 minutes.
Process DV - Update User/Computer Statistics. This job processes events for display of Database statistics by user or by computer. See Viewing Database Statistics. By default, this job runs every 20 minutes.
Process DV - P2P Data. This job processes File Transfer (and peer-to-peer) activity received from Recorders. By default, this job runs every 5 minutes.
To manage database jobs:

Select tasks under Task Navigation, use the toolbar at the top of the window, or select a job in the Database Jobs list and right-click to access functions.
Process DV - Port Data. This job processes Network activity (at ports) received from Recorders. By default, this job runs every 5 minutes.
Refresh the status of all jobs in the list. Click Refresh on the toolbar or right-click and select Refresh. Modify a job's schedule. More... View a job's history. More... Monitor Job Status. More...
Process DV - Program Data. This job processes Program Activity received from Recorders. By default, this job runs every 5 minutes.
231
Scheduling Database Jobs
Scheduling Database Jobs

Manage Database Jobs allows you adjust the schedule for database jobs. By giving you the ability to control job schedules, Spector 360 lets you control your server performance.
Daily: Start Time Daily Schedule
The job executes every day. The job starts at the set time (hh:mm:ss AM/PM) Every 1 day(s) - Runs every day Every 2 day(s) - Runs every other day Every n day(s) - Runs every n days (select a number) Occurs once: Once a day at the start time. Occurs every n Minutes or Hours: The job runs periodically throughout the day. Process DV - every day, every 2 or 5 Minutes. Maintenance - Server runs once a day at 4 AM. Maintenance - Data Retention runs once a day at 10 PM (depends on Space Management settings) Maintenance - Flush Search Cache runs every day, every 4 hours.
Control your backups - Be aware that backups can take a significant amount of time and disk space. Be sure to adjust the weekly Backup - Full and daily Backup - Differential jobs as needed to avoid overtaxing your resources. Use Space Management to control backup use of disk space. Daily Frequency Default Daily Schedules
Schedule Process DV (Data Vault) jobs by importance - If you do not collect and report on ALL events, you can reduce the load on the server by processing the type of events you DO collect more frequently and those you don't less frequently. For example, if you view Web Site reports daily, but Keyword Alert reports only monthly, you can increase Process DV - URL processing and push off Process DV - Keyword Data processing.
Weekly: Start Time Weekly Schedule
The job executes every week. The job starts at the set time (hh:mm:ss AM/PM) Every 1 week(s) - Runs once a week Every 2 week(s) - Runs every other week Every n week(s) - Runs every n weeks (select a number) Select one day (Mon-Sun) to run once a week or multiple days to run several times a week. Process DV runs every day, every 2 or 5 Minutes. Maintenance - Server runs once a day at 4 AM. Maintenance - Data Retention runs once a day at 10 PM (depends on Space Management settings) Maintenance - Flush Search Cache runs every day, every 4 hours.
Schedule Process DV jobs by reporting time - If you have timecritical reporting needs for example, you need a report on Network Activity by 4 PM each day you can schedule the Process DV - Network Activity job to run just before report time.
Schedule to improve performance - If you have a high-volume site, you can balance database request volume with Data Vault processing and database maintenance. Runs on Default Daily Schedules
To modify a job schedule:

1. 2. 3. Choose frequency at which the job occurs (Daily, Weekly, Monthly). Choose a Start Time. Select the explicit schedule. The following tables show options available and default schedules.
232
Monthly: Start Time Monthly Schedule
The job executes every month. The job starts at this time (hh:mm:ss AM/PM) Day: Run the job on a day (1-31) of the month. For example, select 1 to run on the first day of each month. Select 15 to run the job on the fifteenth of each month. The nth Day of the month: Run the job on the first/second/third/fourth or last day, which is a Sunday-Saturday/Weekday/Weekend Day. For example, run the job on the - second Sunday of every month - third Wednesday of every month or - last Weekend Day of the month.
Viewing Job History

Manage Database Jobs logs run dates and status for a job each time it is run in the Job History. See Managing Database Jobs for a description of each job in the Database Jobs list.
To view the job history for a database:

1. 2. Select the Database > Manage Database Jobs. In the Database Jobs list, select a job. Right-click on the job and select View Job History. The Database Job History window lists all jobs of a type that have been run and whether or not the job was run successfully.
Runs on Default Daily Schedules
Select one day (Mon-Sun) to run once a week. Select 2 or more days to run several times a week. Process DV runs every day, every 2 or 5 Minutes. Maintenance - Server runs once a day at 4 AM. Maintenance - Data Retention runs once a day at 10 PM (depends on Space Management settings) Maintenance - Flush Search Cache runs every day, every 4 hours.
Run Date: Date and time the job was executed Duration: How long the job took to complete Status: The job Succeeded or Failed Status Message: If the job failed, a message indicates what might have happened
Use the play buttons at the bottom of the window to navigate through job records:
Click Close to close the window.
233
Monitoring Job Status
Monitoring Job Status

Normally database jobs work in the background and there's no indication of their progress. However, it is possible to open a Job Status box and watch a "Process" job run every few minutes as scheduled, as well as any other scheduled job. When you launch a Full Backup, Differential Backup, or Archive, the Job Status box automatically appears to indicate progress. Especially in the case of a Full Backup, Archive, or Restore, you need to know if the job is running and when it is finished. Requires Master Login.
Database Configuration
Managing Database Configuration

The Database tool provides Manage Database Configuration to allow you to control the Spector 360 SQL Server instance. Use Modify Database Settings to change data, backup, and archive locations, as well as include Screen Snapshot and Email Attachment files with backups and archives. Database Settings also provides the automatic Space Management that will help you prevent using up disk space on the Database computer. Note that you must be logged in as SA to set database and memory size limits.
To monitor job status:

1. Select the Database > Manage Database Jobs and Monitor status of jobs. (also available from the context menu) or request a Backup or Archive. The Job Status box appears. A green bar next to the job title shows the job is running; it does not show percentage of completion. When the job is finished, the green bar disappears. 2. Leave the Job Status box open to continue monitoring jobs. You can switch to other Control Center views and the box will remain on top. Click the Close button to close the Job Status box.
The database jobs are polled every 10 seconds for status. If an error occurs (a database timeout, or other error), <Unavailable> is displayed where the progress bars normally appear.
To set the database size:

SA only. When a STORAGE database reaches the maximum size, it automatically "clones" itself and starts a new database, incrementing the number (e.g., STORAGE-002), with the same maximum size.
Max Size: Available for MS SQL Server 2005 Standard or Enterprise only. The SA login can change the maximum database size. For example, if you have a large server, you may want to expand the maximum database size from 5 GB to 10 GB. If you have MS SQL Server Express installed, the database maximum size is 4 GB and cannot be changed.
234
Unlimited: Available for MS SQL Server 2005 Standard or Enterprise only. The SA login can check this option to specify a STORAGE database with no size limit. This means that the database will not clone when it reaches a certain size, but continues to grow as one database. Be aware that a large database affects the performance of database jobs and Dashboard queries. If you have MS SQL Server Express installed, the database maximum size is 4 GB and cannot be changed.
Click Save at the bottom of the Database configuration pane to save your settings. If you leave the folder without saving, you will be prompted to save.
set the top end of the range. In the following example, 250 MB of memory are reserved to process the Dashboard requests, and no more than 382 MB will ever be used.
Fixed: Displays a slider that lets you set the exact amount of physical memory that the SQL Server database will have available to it when the Dashboard is run. In the following example, exactly 382 MB of memory are always reserved to process the Dashboard requests.
To set the memory size:

SA Only. The Memory Size setting determines how MS SQL Server handles database query and retrieval demands on your physical system memory. By default the database uses dynamic memory. This option is available to the SA login only.
Limiting the memory available to the SQL Server database instance may slow down processing of Dashboard requests. Not limiting the memory when memory and disk space are a concern may cause problems with delivery of Dashboard requests.
Click Save at the bottom of the right pane to save your changes and close the dialog box.
Choose one of these options:
To change database and log locations:

Click the folder button to the right of each path to open a Browse box and select new locations for future STORAGE database files and database logs. These settings will not affect the live database or current logs. Click OK on the Browse box, and remember to click Save on the Database Configuration Management pane to save your change.
Dynamic: Allows the SQL Server to use as much physical memory as it needs, when it needs it. If it needs 100 MB, that's what it uses; if it needs 500 MB, that's what it uses. Use this setting for best performance when you are not worried about memory and disk space on the computer where the Spector 360 Database resides.
Dynamic Range: Displays a slider that allows you to set a range of memory used by SQL Server in MB. The bottom of the range is always used, and the top is never surpassed. Move the slider to
235
Data Location: Shows the location of the STORAGE databases where recorded data is stored. This folder contains the .mdf and .ldf master and local database files used by SQL Server for the Spector 360 Database. You can change the location for the creation of the next STORAGE database created on the Spector 360 Database computer's hard drive. The default location is: C:\..\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Data\
Backup Location: Path to the backup folders and files where full and differential backups are stored in incrementally numbered subfolders. The default path is:
Log Location: Shows the location of the SQL Server database logs. This folder contains error logs and SQL agent logs maintained by Microsoft SQL Server. The logs are flat text files with date stamps, message codes, and Microsoft messages. Click the folder button to the right of the path to open a Browse window and select a new location for the logs. This setting goes into effect when the next STORAGE database is created and does not affect the current logs. The default location is: C:\..\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Log\
All locations set must be on the Data Vault / Database computer (hard drive or media). The locations can only be set from a Dashboard installed on the Data Vault / Database computer.
C:\..\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Backup\
Archive Location: Path to the folder where archive files are stored. The default is: C:\..\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Archive\
To copy snapshots and attachments with backup or archive:

If you record Screen Snapshots and capture Email Attachments, you can include these files with Backup/Restore operations and with Archive/Restore operations. If you choose not to include Snapshot and Attachment files as part of Backup or Archive, when you Restore the data, the Dashboard will not be able to display an event record's Snapshot or Email Attachment.
Snapshot and Attachment files can take up a great deal of disk space, depending on the settings for these recordings. Maintaining multiple backups and archives that include these files could be a burden to resources. Clear these options if you wish to save only the data records.
To change backup and archive locations:

Click the folder button to the right of each path to open a Browse box and select a new location for future backups and archives. These settings do not affect existing backups or archives. Click OK on the Browse box, and remember to click Save on the Database Configuration Management pane to save your change.
Check the options for Snapshot and Attachment files:
236
Database Space Management

There is no default space management in Spector 360; you are responsible for tracking disk space and making sure database backup and archive sets don't fill up your server's disk space. The Database tool, however, does allow you to enable and Modify Space
Copy snapshot and attachment files during backup/restore: Check this option to copy Screen Snapshot and Email Attachment files to the appropriate location when a Backup or Restore Backup operation takes place. Clear this option if you do not want these files included.
Management Settings. These settings allow automatic archives, archive deletion, backup deletion, and deletion of data in the database or File Storage. Space Management settings are executed regularly as a single database job (Maintenance - Space Management. If Space Management is enabled, the job runs by default once a month on the first day of the month. You can change the job schedule. Space Management set to delete Backup Sets
Copy snapshot and attachment files during archive/restore: Check this option to copy Screen Snapshot and Email Attachment files to the appropriate location when an Archive or Restore Archive operation takes place. Clear the option if it does not matter to you that these files can be restored from archive with the data.
The final options let you set an error tolerance for Backup / Archive / Restore, as well as control the log file for these operations.
Write update activity to Log File: The Backup / Archive / Restore log file is written automatically to the ...\MSSQL\Spctr_Log\ location and always includes errors encountered. Check this option to include all activity in addition to errors so that you can see exactly how many files have been copied and where in the process an error occurred during a restore. Clear this option to omit other activity and collect only the errors.
To enable space management:

1. Check the first option, Enable Automatic Space Management, to activate the disk space management options. Clear this option if you do NOT want to use Space Management. It is possible to use the Windows file system to move and/or delete archive and backup sets. 2. Check the type of Space Management you wish to use (see below). Enter (or use the arrows to select) the number of days after which to make deletions. Enter 1 in the days field to remove
Maximum errors before stopping file backup/archive/restore: By default this option is set to 0 (Zero). As soon as one error occurs, the Backup, Archive, or Restore operation stops. Type in or use the arrows to select a greater tolerance. For example, if you set this option to 100, the operation will process and encounter 100 errors before stopping. This may not be a problem if the errors are spread over thousands of files.
237
all days except today. Enter 0 in the days field to remove all days including today. 3. 4. Click Save at the bottom of the Space Management pane to save your settings. Click Delete Data at the bottom of the pane to delete event data from the databases right now. See Deleting Event Data.
If you leave Space Management without saving, a prompt appears.
If you need to access data from an archived STORAGE database, simply Restore the Archive.
If Dashboard users generate regular reports and don't require frequent access to past data, archiving STORAGE databases that have reached their maximum size to another location can save substantial disk space for new, ongoing STORAGE databases.
To automatically delete archive sets:

Check Delete Archive Sets old than... day(s) to automatically delete any Archive set that was archived more than the specified number of days ago. Type or use the arrows to set the number of days. Clear this item if you don't want automatic deletion of archives.
To automatically archive Storage databases:

Check Archive Storage Databases older than... day(s). This option causes an automatic Archive job to run on an inactive STORAGE database, where the last record inserted is older than the specified number of days. Type or use the arrows to set the number of days. Clear this option if you don't want automatic archiving.
The number of days you enter specifies the "age" of the archive set. With "60 days" as the setting, an archive set created 60 days ago will be deleted tomorrow.
A STORAGE database cannot be archived until it has reached its maximum size. As soon as a STORAGE database reaches its maximum size, it becomes inactive. A new STORAGE database is created and becomes the active database.
The archive sets) must be at the location specified in Database Settings in order to be automatically deleted. An archive cannot be restored or recovered once it is deleted. To delete ALL archive sets, you would enter 0.
If you are automatically archiving STORAGE databases (the above option), you may also want to automate control of the archives, discarding those older than a certain time period. Keep in mind that your regular database Backups provide the true "safety net" for your system.
The number of days you enter specifies how long the STORAGE database is inactive before it is automatically archived. With "30 days" as the setting, a STORAGE database that received its last record (and became full) exactly 30 days ago will be archived tomorrow.
To archive a database as soon as it becomes full (and when an Archive job is set to occur), you would select "0 days." The Archive job copies the STORAGE database to an "archive set" at a location you specify. It is then removed from the Spector 360
To automatically delete data records:

Check Delete Records older than... day(s) to remove data records from the live database. Type a number or use the arrows to specify the number of days to keep transactions before deleting them. Clear this option to leave the data as is, so that it can be archived.
238
The number of days specifies the "age" of the data records. With "60 days" as the setting, any recordings stored in a currently active STORAGE database 60 days ago will be deleted tomorrow.
The number of days specifies the "age" of the Screen Snapshot file. With "90 days" as the setting, any Snapshot files stored 90 days ago will be deleted tomorrow.
The Data Retention job performs this task. Use Database Jobs to schedule this job. The deleted data is gone forever, unless it was present for a Full Backup, which can be restored. If the criteria for deleting the data (e.g., older than 30 days) deletes ALL data in the database, the whole database will be dropped. For example, if all data in STORAGE 001 is older than 30 days, STORAGE 001 is dropped.
The Data Retention job performs this task. Use Database Jobs to schedule this job. The deleted data is gone forever, unless Screen Snapshots were included with a Full Backup, and the Restore is set to include Snapshots. See Database Settings.
To delete ALL snapshots, you would enter 0.

If archiving Snapshots is not a concern, you should remove older files from the File Storage Location folder to make room for new ones.
If the whole database is dropped, Spector 360 This option does not affect archived databases. To delete ALL records, you would enter 0.
If you are not concerned with archiving data, you can simply remove data records from the live database after they reach a certain age.
To delete Alert history:

Check Delete Alert History older than... day(s). to remove Alert event files from the live Database. Type in field or use the arrows to set a number of days after which to delete a file. Clear this option to preserve the history.
To automatically delete Snapshot files:

Check Delete Snapshots older than... day(s). to remove Snapshot files from the File Storage Location. Type in field or use the arrows to set a number of days after which to delete a file. Clear to preserve all Screen Snapshots.
To automatically delete backup sets:

Backups by default are scheduled to occur nightly (differential) and weekly (full backup). Check Delete Backup Sets to control database backups. Select one of the options below. Clear this option to delete backups manually.
Screen Snapshots (photographic images of user screens) are graphic files that can take up a great deal of disk space, especially for a large installation or when many Snapshot "Triggers" are used.
Older than n day(s): Check to delete any backup set older than the specified time period. Type or use the arrows to set the number of days. For example, with the above setting, a backup folder created 30 days ago will be deleted from the disk tomorrow.
If you include Screen Snapshots with Archives (see Database Settings), they will be archived with their associated data, and the entire Archive can be moved to another location. Otherwise, Screen Snapshots remain indefinitely in the File Storage folder.
Older than the last n set(s): Check to delete the oldest of the specified number of backup sets. Type or use the arrows to set the number of backup sets. For example, if you specify 10 backup sets, when the 11th full backup occurs, the 1st (oldest) is deleted.
239
Deleting Event Data
The backup sets) must be at the location specified in Database Settings in order to be automatically deleted. To delete ALL backups, you would enter 0.
We recommend keeping two full backups of your data, but additional backups may compromise disk space on your system.
To schedule Space Management:

Automatic archives, delete archives, and delete backups run as a regular Maintenance - Space Management job. If you choose to delete transactions directly from the live database, this deletion is executed as the Maintenance - Data Retention job. The jobs have default schedules that can be changed, and you can check their history from Database > Manage Database Jobs. 2. 3. Click Yes to continue. The Delete Event Data box appears. All event types are selected. Use this box to set the criteria for deleting from the database: select a date, user(s), computer(s), and the types of events to delete. (see the next page). 4. 5. Click Delete at the bottom of the box. A message asks you to confirm deleting the transactions. Click Yes. Wait as events are deleted, and then click Close.
Deleting Event Data

Space Management provides a Delete button at the bottom of right pane that allows you to delete event transactions for a user and/or a computer. For example, if someone no longer works at the organization, you can clear his or her data. The user will no longer appear in Dashboard reports; however, if new recording detects the same user name, new transactions will be added to the database under the same user name. Select the Database > Manage Database Configuration > Modify space management settings.
You can also delete events from the Dashboard's Users Management or Computers Management.
To delete event data:

1. Click Delete Data at the bottom of the right pane. A message informs you that you will be permanently deleting data from the database.
240
Deleting Event Data
Older than 'n' Days - Enter the number of days (maximum 1000) of transactions to remove. For example, "Older than 30 Days" removes event data up to 31 days ago. Older than 'n' Weeks - Enter the number of weeks (maximum 1000) of transactions to remove. For example, "Older than 1 Week" removes event data up to 8 days ago. Older than 'n' Months and enter the number of months (maximum 1000) to remove. For example, if today is January 5, 2010, and you select "Older than 12 Months," you will remove data up through December 31, 2008.
User(s): Click the down-arrow and Delete All Users to remove event data for ALL users or Delete Specific Users to open the Users Selection box. Select Available users and click > to move them to the Selected list. Click OK to set your selection. Return to and change your selections by clicking the button next to the Users drop-down list.
Users and Computers will remain in the Users / Computers Management, but without available data will no longer appear in charts, reports, and forms.
Computer(s): Click the down-arrow and select Delete All Computers to remove event data for ALL computers or Delete Specific Computers to open the Computers Selection box (similar to the Users Selection box). Select Available computers and click > to move them to the Selected list. Click OK to set your selection. Return to and change your selections by clicking the button next to the computers drop-down list.
To set criteria for the deletion:

Make selections in the following fields:
Date: Click the down-arrow and select from the following. All Dates - Removes event data for the selected users and/or computers in the database from ALL dates, including today. If you wanted to clear all data for user or computer from the database, you would select "All Dates."
241
File Storage Location
File Storage Location

DATABASE COMPUTER ONLY. To view Screen Snapshots and Email Attachments, a Dashboard user needs (at minimum) read-only privileges on the computer where these files are stored. The default File Storage location is C:\Spector360Data on the Database computer, but can be any folder. Rather than giving the Dashboards full access (C$ Share) to the computer, you can (1) create a Share for the folder with Read permission and (2) use the Control Center to assign that share name for use by the Dashboard. 3. Click Permissions to select a Group if you wish, and to make sure that "Read" is the only Permissions allowed. Click OK, and OK again to change the folder Properties.
To automatically share the folder with Dashboards:

1. In the Control Center, select Database > Manage Database Configuration. Select Modify file storage location in the Task Navigation pane. 2. 3. To set up sharing, you must have Administrator (full access) privileges on the Database / File Storage computer. Double-click on the Base Location you would like to share. The Edit Shared Name box appears Enter the computer and Shared Name for the folder. Dashboard users automatically receive access under this share name. You must either enter a valid Share Name or select the local folder. An error message appears if the name or folder is invalid.
To create a share for the File Storage folder:

1. Locate the top-level File Storage folder, by default C:\Spector360Data on the Database computer. If you wish, use Windows to limit access to specific folders. Email attachments are stored in attachments. Snapshot files are in snapshots, which may contain Domain and Local folders, which in turn contain user folders.. 2. Enable sharing for the top-level Spector360Data folder under a share name. Procedures vary based on the operating system. Right-click and select Sharing and Security or select Properties > Sharing (use Advanced Sharing in System 7.) 4. Click OK. The Shared Name appears in File Storage Locations.
242
Managing Database Logins
When you create a Database login account, the account is
Database Logins
automatically added to the Database with the permissions specified. As part of the login account, each user also receives a Dashboard profile that may provide custom criteria, custom charts and reports, and predefined groups of users, computers, and domains.
Managing Database Logins

Although NOT required to manage Servers and Computers in the Control Center, A Database login account grants access to all Spector 360 functions that access the Database, including viewing activity in the Dashboard. Users can be assigned one of two account levels: Standard or Master. Each of these can be limited by permissions. Only a Master login can create and edit login accounts. Select the Database tool and Manage Database Logins to view the list of Database login accounts.
To view the Database logins:

When you first install Spector 360 , only two login accounts appear: the SA (System Administrator) Master account and the Service Account (System) used by the various Spector 360 Servers. A Standard login will be able to see only his or her own account. Each login appears with the following information:
Display Name - The descriptive name of the user as displayed in Spector 360. The Display Name can be any name. You can change the Display Name by editing the login account. More...
Login Name - The name the user uses to log in to the Dashboard and Database. If the login was created to use Windows authentication, this will be the user's Windows login name. If the login was created to use SQL Server authentication, this can be any login name.
Users may be accessing the Database from either the Control Center or the Dashboard. All users are required to login in order to:
Authentication - Indicates whether the login account uses Windows authentication or has an SQL Server user name and password. More...
Login Type - Indicates whether the login account has Master, Standard, or System privileges. More...
Use any part of the Dashboard (Standard or Master Login) Manage Recording Profiles (Master Login) Manage Web Filtering (Master Login) Manage Event Alerts (Master Login) Manage the Database itself, including Database Login accounts (Master Login)
Control Center users who manage Servers, Computers and Recorders can open the Control Center without logging in.
To manage the login accounts:

Master Login Only.
Sort the list. Click on any column heading to re-sort the list of logins. Update the display with the latest data. Click Refresh. The Control Center requests the latest data from the Database.
243
Login Roles and Types
Add a new Dashboard login account. Click New on the toolbar or right-click in the right pane and select New. More...

Spector 360 User Management provides Standard and Master login accounts for accessing the Database. Before setting up Database login accounts, consider the role of the user. A Master account has access to all functionality. Both Standard and Master (non-SA) login accounts may have restricted access to users, events, and Control Center / Dashboard tools, assigned when you Add or Modify a Login.
Change a Dashboard login account. Change the Display Name, SQL password, and access to users, events and/or Dashboard tools. Right-click on the login and select Edit. More...
Delete a Dashboard login account. Select the account and click Delete on the toolbar (or right-click and select Delete). You will be prompted for confirmation.
The following user types are possible:
No Login Account - A user without Database credentials can use the Control Center application to install, update, and uninstall Recorders. He or she will have access ONLY to the Computers (excluding Profiles management) and Servers tools. This user can NOT open the Dashboard.
Copy a login to create a NEW login account. Select a login and click Copy on the toolbar - OR Right-click on the login and select Copy. More...
Copy a Dashboard profile to another, existing account. Select a login and click Copy on the toolbar - OR Right-click on the login and select Copy. Use the Dashboard to set up... User Groups - User Groups facilitate assigning user
privileges to login accounts. For example, one login might access only a "Marketing Group." Another login might access all users except those in an "Executive Group."
Standard Login - A Standard login has the above Control Center privileges to access Computers and Servers and can also log in to and use the Dashboard (Quick View, Search, Data Explorer, User Explorer, and Reports) to view user activity. Most Spector 360 users will have Standard accounts. The Standard login, unlike a user without a login account, may be given permission to view (without changing) additional areas of the Control Center or Dashboard, such as Web Filtering rules. See the table below.
NOTE: The SA Password is always required to make modifications to Server that interact with the Database.
User / Computer / Program / Domain Groups - Groups

simplify Event Criteria selection in the Dashboard.
A "Template" Profile - Create one Dashboard login

account that has all the custom charts, reports, and grids you need. Copy this account, or use its profile, to give all Dashboard login accounts consistent and useful reporting.
Master Login - A Master login account, similar to a "super user" login, should be reserved for the persons) responsible for organizing network resources and managing the Spector 360 data. The Master login can use all tools in both the Control Center and the Dashboard, and can manage the Database, Database Logins, Groups, Scheduled Reports, and centralized Web Filtering and Event Alerts. See the table below.
244
Master SA - The System Administrator account, similar to a "root" login, is the SQL Server account defined on installation of the Spector 360 SQL Server database. There is only one SA. This login has access to all Spector 360 functions and all recorded data. It is required to start the Dashboard or the Control Center for the first time before other logins are created. The password is required to install, uninstall, and update Spector 360 . Keep your SA password secure! We recommend that you do NOT use the SA account for normal Control Center or Dashboard operation.
Control Center Run Computer Diagnostics Manage Computer Licenses Create/Modify Computer Profiles Manage Recorder Versions Servers View Servers Modify Server Properties Add Servers
Master X* X X X
Standard X* X
No Login X* X
System - The Spector 360 Server Components access the Database through special "service" accounts. These accounts are not managed as users.
Do not lose the SQL System Administrator credentials. You will need the password to manage Servers and to upgrade the Spector 360 installation. If you lose or forget the SA login, follow procedures in Recovering the SA Password.
X X** X** X
X X** X** X
X X** X** X
Start/Stop Servers Database View Databases, Backups, Jobs View Database Statistics View Database History Backup or Archive Restore a Backup Restore an Archive Monitor Job Status
X X X X X X X X X X X X
X X
Login Access to the Control Center

If access is permitted to ALL Control Center tools, the differences among login types apply to functions that access the Database. The following permission is available to each login type BEFORE any tool restrictions. Tool restrictions do not apply to users without a login. Control Center Computers Add/Remove Computers Install/uninstall Spector 360 Recorder Assign Profiles and Versions to computers Create/Assign computers to groups X X X X X X X X X X X X Master Standard No Login
Set Database Configuration Space Management options File Storage location or shares View Database logins Create/Modify a Login
X (own)
245
Control Center Web Filtering View Web Filtering Summary, Rules, Times, Groups, Categories Create/Modify Filtering Rules Create/Modify Time Profiles Create/Modify Category Groups Create/Modify Custom Categories Event Alerts View Alert Profiles, Times, Operators, Keyword Groups Create Alert Profiles, Times, Operators, Keyword Groups Modify Alert Profiles, Times, Operators, Keyword Groups Import/Export Keyword Groups
Master
Standard
No Login
Dashboard Management Folders Database Logins
Master
Standard
View Logins (* your own) Change SQL password (* your own)
X X X X X
X* X* X*
X X X X
View permissions of login (* your own) Create/Edit Standard Logins Create/Edit Master Logins Computers View all computers Add or import computers
X X X X
X X X X
Edit the computer description Delete computer transactions Users View users (* as permitted)
X* X X X
X*
Add or import users Edit a user name Delete user transactions Programs View all programs Edit program description Domains View all domains Edit a domain description Groups View all groups (* as permitted) Add or edit groups
* Running Computer Diagnostics requires Domain Administrator or equivalent credentials on computers. ** Requires entry of SA password.
X X
Login Access to Dashboard Management

All users must have a Standard or Master login to open the Dashboard. The differences between a Master and Standard login apply mainly to the Dashboard Management tool. The following table shows access BEFORE any Dashboard tool restrictions are set. The * indicates where user restrictions apply.
X X
X* X*
X*
246
Defining a Login Account
Dashboard Management Folders Delete groups Schedule Reports View scheduled reports Schedule reports (* permitted data) Delete scheduled report tasks Online Search Rules View search rule domains and tags Edit search rules Create new search rules Website Filtering (same as Control Center) Alert Profiles (same as Control Center)
Master X*
Standard

The New or Edit Database login box allows a Master login to define and change Spector 360 user accounts. Each login account includes a Dashboard user "display name," authentication (SQL or Windows) to access the SQL Server instance, and permission to access to users, events, and tools. Changes to a login account apply after the user logs out and logs in again. A Standard login can view his or her own permissions and change an SQL authentication password (if the account uses one).
X X* X
X X X
* As permitted by access to users defined in the login account
To add or edit a Database login account:

Open the Add or Edit Database login Account box. Select New or double-click on an existing login to modify the account. If you wish, select a login and select Copy. See Copying a Login. After defining the login type and privileges, use the toolbar at the top of the box to Save or Save and Close to add the login account to Database logins Management.
247
Toolbar in the New / Edit Login box
Do NOT use the following reserved characters in an SQL Server login name or password: / | ' " [ ] { } ( ) , ; ? * ! @ $ \ or <space>. These characters are blocked by the Dashboard. You will receive an error message when you attempt to save the account.
Only the Login Name (and Password, if SQL authentication is used) and Display Name are required to create an account.
Login Name (SQL SERVER) - For SQL Server Authentication, the Login Name can be any name, following the rules in the above box. The name does NOT have to be defined elsewhere. You cannot edit this field once an account is saved. If you need to change the login name, delete the login account and start over with a new one.
To define the login authentication and type: The Authentication type sets whether the user logs into the database automatically using Windows Authentication, or by entering an SQL Server Login Name and Password (see Types of Authentication). The Display Name is used for Dashboard / Control Center display.
Password (SQL SERVER ONLY)- Enter a password to use for SQL Server authentication, following the rules in the above box. If you need to change an SQL Server password, click Change Password on the toolbar at the top of this window.
Use Windows Authentication - Select this option to use Windows credentials for authentication. If the user has logged on to Windows using the specified account, the Dashboard (or Control Center with Database access) opens automatically. You must enter a valid domain\username in the Login Name field, but no password is required.
Confirm Password (SQL SERVER ONLY) - Repeat the SQL Server password in this field. Display Name - REQUIRED A name used to identify the login account in the Dashboard. Enter the name as you wish it to be displayed within the Dashboard. You can change this name at any time without affected login credentials.
Use SQL Server Authentication - Select this option to define an account for the SQL Server instance. The user will be required to enter both the Login Name and Password you define here to open the Dashboard (and/or Control Center with Database access). The current Windows login will make no difference.
The Login Type differentiates an administrative Master from a Standard user (see Login Roles and Types).
Master - A Master login account may have access to both Dashboard viewing and Management functions. Standard - A Standard login account may have access to Dashboard viewing and reporting functions, but may only view Management resources in the Dashboard.
Login Name (WINDOWS) - For Windows Authentication, the Login Name MUST be a valid domain\username or local Windows account name. Click the button next to this field to browse a list of network users known to Spector 360 . Select the name you want and click OK. You cannot edit this field once an account is saved. If you need to change the login name, delete the login account and start over with a new one.
The Access Type restricts Dashboard viewing for this user to certain users or user groups. By default, a login has access to ALL USERS. Each login can be limited to specific users by selecting an Access Type other than "All Users" and then selecting users or user groups under
248
the Select Users tab. Use the drop-down list to select one of the following:
list shows which users or groups are currently accessible to the Database login. Select a user or group from the Available list. Use the Shift and Control keys to select multiple groups.
All Users - View activities of all users. Include Specific User(s) - View activities only of selected users. Include Specific User Group(s): View activities only of users in selected groups. Exclude Specific User(s): View activities of all but selected users. Exclude Specific User Group(s): View activities of all but selected groups. Display user's Name in event data - Check to allow this login to view permitted user data with user names. Clear this item to "mask out" (replace with ****) the user names in Dashboard views of user data.
Click the > button to send highlighted users or groups to the right "Selected" list. Click the >> button to send ALL users or groups in the "Available" list to the "Selected" list. Click < to return selected users or groups in the "Selected" list back to the "Available" list. Click << to return all users or groups back to the "Available" list.
Examples You may want to restrict managers to viewing Dashboard activity only for their direct reports by selecting Include Specific User(s). You may want to allow someone access to All Users in order to set up Alert Events, even though this person will NOT have permission to view data in Dashboard Events. You may want a supervisor to look out for inappropriate behavior in a group, but not necessarily identify the problem individual by name. You would clear the Display user's name item.
Users are added to the Database as they are recorded by Spector 360. A Master login can add users to the Database BEFORE they are recorded by using the Dashboard's Management > Users. User Groups must be created using the Dashboard's Management > User Groups.
To restrict event privileges:

OPTIONAL. By default, a Database login has access to all recorded events. You can limit this access under the Select Events tab. Checked events can be accessed; cleared events can not. A login who does NOT have access to Emails, for example, will see no data in Quick View email charts, Data Explorer email forms, or User Explorer email. Note that accessible event types will only show data for the allowed Users. Examples...
Someone responsible for tracking compliance issues may benefit from focusing on File Transfers and Document Tracking, but has no need to see other forms of monitoring.
It may be useful to assign monitors of specific recording activity type (Mr. Z oversees monitoring of Web Sites & Online Searches).
To restrict user viewing privileges:

If you choose to include or exclude Specific Users or Specific User Groups, the "Available" list displays all users or groups. The "Selected"
249
The person in charge of Alert Events may want to see Alert Activity, but have no need to drill down to the details in other activity.
Dashboard Tools- Check these items to allow access to the view of user activity; clear to omit the tool completely from the navigation pane and Tools menu. For example, if you clear ALL
To restrict access to Spector 360 tools:

OPTIONAL. By default, a login has access to ALL Dashboard and Control Center tools, although the login type, Standard or Master, determines how much the user can do with this access (see Table of Permissions). You can restrict any login's access to Dashboard and Management tools under the Select Tools tab. Checked tools will be available; cleared tools will not. Note that any permitted is limited by the allowed Users, the allowed Events, and the Login Type. Examples...
options and then select ONLY Search, only the Search button will be available in the Dashboard. The user will not see Quick View, Data Explorer, User Explorer, or Reports.
All Management Tools- Check to allow access to Dashboard Management functions (and Event Alerts and Web Filtering in the Control Center). Clear to restrict access. Check the individual folders you want the user to be able to access. A Standard login with access to Management folders will be able to VIEW but not CHANGE items in Management folders. A Master login with access to Management folders can fully use all folders that are checked.
Someone responsible for monitoring a set of users may have no need to access the Management tool at all. You would clear All Management Tools.
Alert Events- Check to allow access to all aspects of setting up Alert Profiles. Clear to restrict access. You can allow access to individual folders. For example, you might allow a login to set up Keyword Groups, but restrict his or her ability to define Alert Profiles and Operators.
Someone responsible for setting up Alert Events and Web Filtering policies may have no need to view actual user activity. You would clear Quick View, Search, Data Explorer, User Explorer, and Report.
Time Profiles - Time Profiles under Alert Events and Web Filtering refer to the same functionality. If one is checked, both are checked (the login may set up Time Profiles); if one is unchecked,
250
Browse for Users
both are unchecked (the login will have no access to Time Profiles either in Alert Events or Web Filtering).
Browse for Users

When you create a New Database Login with Windows Authentication, you can browse the network and select a Windows user.
Website Filtering- Check to allow access to all aspects of Web Filtering. Clear to restrict access. You can allow access to individual folders. For example, you might allow a login to create and add domains to Custom Categories, but restrict their ability to define Filtering Rules and Time Profiles.
To choose a Login from Windows users:

1. Click the browse button next to the Login Name field.
Database logins- Check to allow a Master login access to create and modify Dashboard login accounts. Clear to restrict the user from accessing logins. 2. A message informs you that loading the user list for the first time may take several minutes. Click Yes to continue and wait for the list of Windows Users to appear. Users are listed alphabetically by Display Name. 3. Select a user and click OK.
Jobs- Check to allow access to Database Jobs in the Control Center under the Database tool. A Standard login will be able to view job status; a Master login will be able to schedule, and view history and statistics of jobs. Clear to restrict the user from accessing these functions.
Backup and Restore- Check to allow access to Backup and Restore in the Control Center under the Database tool. A Standard login will be able to view Databases and Backups; a Master login will be able to view Database Statistics, Backup History, and perform backups, archives, and restores. Clear to restrict the user from accessing these functions.
Database Configuration - Check to allow access to Database Configuration in the Control Center under the Database tool. A Standard login will be able to view settings for Data / Backup / Archive jobs, automatic Space Management and File Storage share names. A Master login will be able to change settings. Clear to restrict the user from accessing these functions.
On the Windows Users box, click any column heading to sort the list alphabetically by that column.
Display Name: Descriptive name provided for Windows login User Name: The Login name Domain: The network domain the user logs into
Use the play buttons to navigate through the user records in the list.
When you are finished, click Save and Close on the New or Edit Database login toolbar to save your selections and close the window. You can edit a Database login's access privileges at any time. Changes go into effect when the Dashboard user logs in again.
251
Database Authentication Methods
Database Authentication Methods

There are two types of user authentication for the Control Center:
Dashboard profile settings include:
SQL Server authentication Requires entering a user name and password to start the Control Center. SQL Server authentication allows the user to log in to the Control Center at any computer that can access the appropriate database. This type of authentication is preferable for a Master administrator, providing easier access at more locations.
"Default" criteria and content for each chart, report, and data form Any custom charts, reports or data forms that have been created Any custom folders that have been created Global criteria "default" settings Any created User Groups, Computer Groups, Program Groups, or Domain Groups
Windows authentication Does not require login when the Control Center starts. If the Windows user currently logged into the computer is a valid Control Center Administrator, the user simply presses OK on the login prompt and Control Center opens. The Control Center passes the current Windows account credentials to database server and will attempt to log in automatically the next time it is opened.
Create a template:
Use the Dashboard to set up a profile as you want it, and create your login "template." Once a template is created, use either the Dashboard or the Control Center to copy the profile from the "template" account to new or existing user accounts. From the Control Center, select Database and Manage Database Logins. Give users the same profile (Dashboard groups, default settings, and report formats) to facilitate training, troubleshooting, and standardized reports.
It is possible to log in as a different user after the Control Center automatically logs in under Windows authentication.
To log in as a different user:

1. 2. 3. 4. Open the Tools menu on the main Control Center window. Select Change Database. You are prompted to save any changes that may be in progress. In the SQL Server Login box, select Use SQL Server authentication. Enter your SQL Server Login Name and Password and click OK.
To copy a profile to an existing Login:

1. In Manage Database Logins, select the account you want to use as a template. Click the Copy button on the toolbar - OR Right-click and select Copy. The Copy Profile box appears. 2. At the top of the Copy Profile box, select Existing User to apply the selected profile to users without creating a new account. When you select this option, the existing logins appear in the Copy Profile box.
Copying a Login Profile

When you create a new Database login, the login account inherits the Spector 360 Dashboard default settings, or "profile." If you Copy login to a new account, the account inherits the original login's profile. You can also apply a profile to an existing login.
252
Changing an SQL Server Password
Changing an SQL Server Password

All users should change their passwords from time to time to ensure security of the recorded data. If you have a Database login account with SQL Server authentication, you can change your own password. If you are a Master login, you can change the password for any SQL Server login account. Only the SA (System Administrator) Master login can change the SA SQL Server password.
To change your SQL Server authentication password:

1. 2. Select the Database tool and Manage Database logins. Double-click the login account in the right pane - OR Select the login and click Modify on the toolbar - OR Right-click the login and select Modify . 3. 4. Select the logins to receive the profile. Click OK. The profile is now applied to the existing logins). 3. On the Edit Login toolbar, click Change Password.
To copy a profile to a new login account:

1. In Manage Database Logins, select the account you want to use as a template. Click the Copy button on the toolbar - OR Right-click and select Copy. The Copy Profile box appears. 2. 3. At the top of the Copy Profile box, select New User. No other selections are necessary on this box. Click OK. The New Database login window appears. Follow instructions in New/Edit Database login to define the login account. 4. When you save the account, a Dashboard login account is added with all profile settings (Global Criteria, charts, reports, and groups) as the login account it was copied from. 5. 4. A message tells you that you will have to restart the Control Center or login again using your new password after you change it. Click Yes to continue. In the Change Password window, enter your current password. Type your new password and confirm it. Click OK.
253
Deleting a Login Account
Deleting a Login Account

You need Master login privileges to delete a Database login account. Note that the System Administrator (sa) login cannot be deleted.
To delete a Login:
1. 2.
Do not use the following characters in your SQL Authentication password: / | ' " [ ] { } ( ) , ; ? * ! @ $ \ or <space>.
Select the Database tool and Manage Database logins. In the right pane, select the login account and click Delete on the toolbar - OR Right-click and select Delete from the pop-up menu.
3. 6. 7. A message informs you that the password was changed successfully. Click OK. If you have changed your own password, close Control Center and open it again to log in with your new password.
A message asks to confirm the deletion. Press Yes to remove the login.
254
Database Support
Database Support
The local Spector Agent checks SpectorSoft FTP site for scripts. Scripts are downloaded and executed automatically for your Spector 360 SQL Server installation.
Database Support
Manage Database Support allows you to work directly with SpectorSoft Technical Support to solve database issues. For example, if data isn't showing up in the Database, you would "Start Database Support," a log file would be generated, and connection to SpectorSoft would be established. Steps below tell you how it works.
Scripts that have been downloaded and successfully executed are listed in the right pane of the Manage Database Support view. Doubleclick or select View Support Script to view the script.
To stop Database support:

When the issue is resolved, click Stop Database Support. The Spector Agent stops checking the SpectorSoft FTP for scripts; the connection to SpectorSoft support is terminated.
To configure Database support:

Once you UNBLOCK the installation, select Configure Database Support to control how automatic the Database Support process will be. See Configuring Database Support.
To upload your support log:

If you have configured Database Support to NOT automatically upload your Database Support Log, select Upload Support Log to upload the log file to the SpectorSoft FTP site. If you have configured support for
To start Database support:

When a Database issue cannot be resolved by normal troubleshooting, SpectorSoft Support recommends starting Database Support. Select Database > Manage Database Support and click Start Database Support.
automatic uploads, the support log is automatically sent.
To view the Database script:

If you have configured Database Support to NOT automatically run scripts, select View Support Script and when you are ready, Approve and run the script. See Viewing a Database Script.
A debug log file is generated locally. SpectorSoft is notified that a Database Support log is ready for upload. A SpectorSoft engineer acknowledges and uploads the file via secure FTP. The SpectorSoft engineer selects the appropriate script.
255
Configuring Database Support
Configuring Database Support

When your installation of Spector 360 is purchased and active, you can use Configure Database Support to make the SpectorSoft support process less automatic. This may be desirable if you want to view scripts before running them or control when the scripts are run.
Support Log becomes active. Use this command to send the log file when you are ready. Click OK to save your changes or Cancel to discard them.
Viewing a Database Script

If you configure Database Support to NOT automatically run scripts, you can view SpectorSoft Database Scripts before running them. When Database Support has been started and a script is available, the View Support Script button becomes active in the toolbar. Click it to view the script in a Viewer window.
To execute the script:

Click Approve at the bottom of the Script Viewer window. To close the window without executing, click Close. You will be able to view the script until it has been run. Once it is run successfully, it appears in the Database Support SQL Script History.
Automatically Execute the Scripts - Check to run the database scripts received from SpectorSoft automatically. Clear to receive the scripts from SpectorSoft without having them execute automatically. When this option is disabled and a script is downloaded, View Support Script becomes active. Click the button or link to view the script, and click Approve on the Script Viewer window to run the script.
Automatically Upload the Debug Log to SpectorSoft FTP - Check to upload the log file created when you click Start Database Support to the SpectorSoft support FTP site. Clear to create the log file without uploading it. When this option is disabled AND SpectorSoft has approved the upload of the debug log, Upload
Managing Web Filtering
256
Getting Started with Web Filtering

Use Spector 360 to set up network-wide, centralized filtering policy by defining rules that either allow or block access to the Internet. A single rule or a series of rules may be required to accomplish your policy. For example, one rule might block shopping sites, except for an hour at noon and after work. Another rule might block all adult sites and all gaming sites all of the time. Before you begin, have an Acceptable Computer/Internet Use Policy in place to provide guidelines. To set up a filtering policy, think about... If the Local Web Filtering option has been selected for any computers, the Web Filter Server will ignore Internet requests at those computers, allowing local settings at the Recorder computer to take precedence. 2. Assign the Recording Profile to computers. In the Manage Computers view, assign the Profile with Server Web Filtering enabled to computers. 3. Run the New Rule Wizard. Select Web Filtering > Web Filtering Summary > Create a New Filtering Rule.
What kind of web sites should NEVER be accessed? Should any web sites ALWAYS be allowed? Should access differ at different times of day? Should rules and exceptions be created for specific users? Do I want to tie Web Events to Web Filtering Categories?
To set up Web Filtering:

The Web Filtering service must be installed, running, and connected to the Database Server. 1. Enable Server Web Filtering in the Recording Profile. The Recorder must know to send Internet requests to the Web Filter Server. This setting is in the Recorder Profile and is NOT enabled by default. Select Recording >Manage Recording Profiles and modify or create a Profile. In the Profile settings, select Block and Web Sites Visited. Check to enable the Server Web Filtering option. Decide whether a rule will Allow or Block access to web sites. For example, you can either ALLOW shopping at noon or after work, or BLOCK it at all times except at noon and after work.
257
4.
Specify When to allow or block access. Each rule requires a Time Profile. Three Time Profiles are provided: All Times, Non-Office Hours, and Office Hours. "Users" appear in the Database as recording occurs. "User Groups" are Spector 360 groupings of users (by department, risk category, etc.) If you wish, define a New User from this panel, using user names as known to the network. You cannot define a New Group until more than one user is available. Use the Dashboard Management tool to manage Spector 360 User and User Group lists. 6. Specify What to allow or block. Select the domain Categories or Category Groups that will be allowed or blocked. Ready-made Web System Categories are available that cover commonly known domains. Use the New button to create a new Time Profile as you define your rule, or modify the provided times. See Defining a Time Profile.
5.
Specify Who the rule affects. Select to which Users the rule will apply. "All Users and User Groups" is a provided selection. As long as the user is logged into the network, the rule applies.
258
8.
Review and finish the rule. The final wizard panel summarizes settings for the rule. You can click < Back to make corrections or click Finish to save the rule. To see the rule listed in the Web Filtering Summary or Manage Filtering Rules, click Refresh after a brief period of time. Note that filtering takes 5-10 minutes to go into effect, and may not affect web sites currently being viewed.
9.
Set the rule's priority. If you have more than one rule defined, the rules are applied in their order of appearance in the Web Filtering Rules list. The first rule is applied first and has top priority. If you need exceptions to general rules, place them above the general rule. Use the Move
For example, the provided Shopping category includes Amazon, eBay, and other well-known shopping sites. As soon as additional problem sites filter through in the recorded data or within the Dashboard's detected Domains list, you can create new, "custom" categories. If you wish, add a New Category or New Group while defining this rule. 7. Give the rule a name and description. The name and description appear in the Web Filtering Rules list. Decide whether you want to Disable this rule for now or Enable it immediately. A rule must be enabled to take effect.
Down/Move Up buttons on the Manage Filtering Rules toolbar to order the rules. Example:
Rule 1: ALLOW user X access to ALL WEB SITES at ALL TIMES. Rule 2: ALLOW all users access to SHOPPING and BANKING at noon only. Rule 3: BLOCK all users from SHOPPING, BANKING, and category group BLACKLIST sites at ALL TIMES.
In this example, user X is not blocked at all, even when other users are. Everyone can use shopping and banking sites at noon, but only user X can use them at other times. Example:
Rule 1: BLOCK all users from ADULT, GAMBLING, and GAMES sites at ALL TIMES. Rule 2: ALLOW user group Q access to CHAT at ALL TIMES. Rule 3: BLOCK all user groups access to CHAT at ALL TIMES.
In this example, users in group Q, like everyone else, cannot access forbidden sites. However, they are the ONLY ones who can use Chat/IM sites.
259
Web Filtering Summary
Web Filtering Summary

Requires Login Spector 360 provides centralized, user-based web filtering. When Web Filtering rules are enabled, the Web Filter Server intercepts web requests from network computers where the Recorder is installed. If the requested domain is blocked by rules defined in the Database, the user sees a "Blocked Web Site" page. The message may include links to request access permission.
To view Web Filtering summary:

Select Web Filtering > Web Filtering Summary .
Filtering Rules: Filtering Rules are complete definitions of who, what, and when to allow or block. The Summary box tells you how many rules are currently enabled (are in effect right now) or disabled, and how many rules have been defined total. Each Filtering Rule uses a Time Profile, Categories/Category Groups, and applies to some or all users. Click View List to view or set up Filtering Rules.
Time Profiles: A Time Profile is a schedule for applying the rule. Two Time Profiles (Office Hours and Non-Office Hours) are provided, and you have to option to choose "All Times" when defining a rule. The Summary box tells you how many Time Profiles in addition to "All Times" are available. Click View List to view or set up Time Profiles.
Use the Web Filtering tool in the Dashboard or Control Center to define a network-wide Web Filtering policy. The Web Filtering Summary provides a synopsis of the policy you have in place. Initially there are no rules in place. See Getting Started with Web Filtering for a complete explanation.
Master login users are able to update Web Filtering rules while viewing web site data (in the Dashboard). The Database provides one set of Web Filtering rules that any Master Login with appropriate permission can adjust.
Category Groups: A Category Group allows you to combine Categories for a rule. You need to set up your groups before using them in a rule. The Summary box tells you how many groups exist. Click View List to view or set up Category Groups.
Categories: A Category is a list of domains of a certain type, such as Sports, Adult Sites, or Gambling domains. Spector 360 provides a complete set of ready-made Web Filtering System Categories, available for use in Filtering Rules and in Category Groups. See System Categories. You can augment the provided categories with your own Custom Categories. For example, you might set up a "More Gambling" category that contains gaming sites detected by the Spector 360 Recorder , but not included in the provided system categories. Select Categories under Management Folders to view the provided System Categories and to define your own Categories.
260
Editing the "Blocked" Message
Editing the "Blocked" Message

4.
and select and change the color of the text and the message background. Click OK at the bottom of the box to save the message.
To add a hyperlink to the message:

1. 2. When a user attempts to connect to a web site that has been blocked by Spector 360 Web Filtering, a message appears informing the user that the site is not accessible. A default "Blocked Web Site" message is provided, but you can change the text and format of the message. If you wish, add a hyperlink to another location that might provide additional explanation or offer the user an opportunity to request permission to go around the filtering. The current "Blocked" message is displayed in main Website Filtering Summary pane. 3. Select the type of link to create: file: - Open a folder or a file at the specified location on the network. ftp: - Open the specified FTP location. gopher: - Open a network using the Gopher protocol. http: - Open a posted web page. https: - Open a web page that has been secured. mailto: - Send an email to the specified email address. news: - Open a newsgroup at the specified Internet news (NNTP) server. telnet: - Open a telnet session at the specified host. wais: - Access a Wide Area Information Server. 4. Type the target URL in the second field. The target depends on the type of link you chose (above) and could open an .html page, a document at a file folder location, or an email addressed to an administrator who needs to know when someone wants to circumvent the filter. Select the text where you want the hyperlink to appear. Click the Hyperlink button. This button is not active until you select text. A Hyperlink box opens.
To change the message:

1. 2. 3. Click the Edit button below the Blocked Web Site message area. An Edit Blocked Web Site Message box opens. Remove the existing message and type the new message. Use the formatting tools along the top of the Edit box to set the message appearance. You can change the font type and size; apply boldface, italics, or underline; align the text as you wish;
261
Managing Filtering Rules
Filtering Rules

Requires Master Login. Filtering Rules are rules that you set up to block or allow certain web sites from certain users at certain times. Select the Web Filtering tool and Filtering Rules to create, edit, test, or find a rule. When you first 5. 6. Click OK. The link is in place. Click OK to save the message. Whenever a web site is blocked, the Blocked Web Site Message appears users, and users will be able to click the link for the desired connection. begin, there are no rules in this list. The rules are applied in order of priority. By combining rules, you can create a filter that exactly fits the needs of your organization.
To view Filtering Rules:

Select the Web Site Filtering and then select Filtering Rules from the Task Navigation pane. If any Web Filtering rules have been defined, they appear in the right pane.
Priority: Rules are applied in order of priority. The first rule has top priority and is applied first, the second rule is applied next, and so on. Keep the "exceptions" higher in the list than the general rule they apply to. Move a rule up or down in priority by selecting it and clicking the Move Down or Move Up button on the toolbar. In the illustration above, rule one prevents specified
262
television and media sites from being used hours when bandwidth is needed most. Rule two allows other entertainment (not specified by rule one), shopping, and banking to be available at noon. The last rule blocks adult sites at all times.
Rule Type: A rule can either Allow or Block categories of web sites. Enabled: No means the rule is currently disabled. Yes means it is working right now. Any rule that is enabled is actively blocking or allowing access to web sites. To enable a rule, click Enable on the toolbar. To disable a rule, click Disable (which becomes active when the selected rule is enabled).
A rule change takes 5-10 Minutes to take effect. When you create a new rule or change an existing rule, it will not take effect until the Client checks in with the Web Filter Server and updates its currently cached rules with the new rules. If you add a domain to be blocked, the domain may be available for several minutes before it becomes blocked. If the user has the web site open, the blocking won't occur until the user refreshes (F5) or attempts to navigate to a new page in the domain.
If you are the M aster Login :

Only a Master Login can use:
Rule Name: Name of the rule. Description: Description of the rule.
New: Open the New Filtering Rule wizard. Use the wizard or "Advanced Setup" to create a Website Filtering rule, following onscreen instructions. More...
To manage the Filtering Rules:

Use the toolbar at the top of the window. The toolbar allows you to create a new rule, delete a rule, refresh the list, move rules down or up the list in priority, Block, enable or disable a rule, or find a rule based on a domain, user, or time. See Finding a Filtering Rule.
Modify: Double-click a rule, or right-click and select Modify to edit the rules General, Who, When, and What settings. More... Delete: Delete the selected rule from the list (and from the database). Move Down / Move Up: Move the selected rule down or up the list, changing its priority (see below). Allow / Block: Change the rule from "Block" to "Allow," or from "Allow" to "Block." For example, you can select a rule that ALLOWS all users to shop during noon and click Block to instantly prevent all users from shopping during noon (also on the New/Edit
Refresh: Update list of rules. Click the Refresh button on the toolbar. Find: Open the Find Rules pane and discover which rules, if any, block a particular domain. More... Test: Open the Test Rules pane and test whether domains will be blocked at certain times of day for certain users. More...
General panel).
Disable / Enable: Disable the selected active rule or enable a selected rule that is not currently active (also on the New/Edit General panel). A disabled rule remains in the Filtering Rules list, but doesn't do anything. Disabling ALL rules leaves the network without any Website Filtering.
263
New Rule Wizard
When you first create a rule, you may want to disable it until you have it placed in the correct priority in the Filtering Rules list.
New Rule Wizard

When you choose to create a new Filtering Rule, you have the option of using a "wizard" or the Advanced Setup (New/Edit Website Filtering rule box). The advantage to using the wizard is that you are led through all steps, and you can create a time profile on the fly.
To set rule priority:

If you have more than one rule defined, the rules are applied in their order of appearance in the Web Filtering Rules list. The first rule is applied first and has top priority. If you need exceptions to general rules, place them above the general rule. Use the Move Down/Move Up buttons on the Manage Filtering Rules toolbar to order the rules. Example:
To open the wizard:

1. 2. Select Web Site Filtering and Manage Filtering Rules in the left navigation pane. Right-click and select New or click New on the toolbar above Filtering Rules Management.
Rule 1: ALLOW user X access to ALL WEB SITES at ALL TIMES. Rule 2: ALLOW all users access to SHOPPING and BANKING at noon only. Rule 3: BLOCK all users from SHOPPING, BANKING, and category group BLACKLIST sites at ALL TIMES.
To complete the wizard:
Step 1: Welcome. Choose to use this wizard or Advanced Setup and click Next. Step 2: Select Type of Rule. Specify whether this rule will Allow access to web sites or Block access to web sites and content. Click Next to continue.
In this example, user X is not blocked at all, even when other users are. Everyone can use shopping and banking sites at noon, but only user X can use them at other times. Example:
Step 3: Select When to Allow/Block. Choose a Time Profile from the "Existing Time Profile" drop-down list, or click the New button to add a new Time Profile now. If you add a new Time Profile, it is automatically selected for this panel. Click Next to continue.
Rule 1: BLOCK all users from ADULT, GAMBLING, and GAMES sites at ALL TIMES. Rule 2: ALLOW user group Q access to CHAT at ALL TIMES. Rule 3: BLOCK all user groups access to CHAT at ALL TIMES.
Step 4: Select Who to Allow/Block. Select the users to be included in the rule. All Users and User Groups includes everyone. Specific Users and User Groups activates the User Groups and Users list. Check the users or groups you wish to include in the rule and click Next to continue. Select All - Checks all users/groups. Clear All - Clears all check marks.
In this example, users in group Q, like everyone else, cannot access forbidden sites. However, they are the ONLY ones who can use Chat/IM sites.
Step 5: Select What to Allow/Block. Choose categories of web sites to include in the rule. All Web
264
Defining a Filtering Rule
Sites blocks (or allows) all domains. Choose Specific Categories and Category Groups activates the list. Check the Category Groups, System Categories, and Custom Categories to include in this rule. Click Next to continue. New Category - Creates a new Custom Category and includes it in the rule. New Group - Creates a new Category Group and includes it in the rule. Select All - Checks all items in the list. Clear All - Clears all check marks.

The New/Edit Website Filtering Rule box (click New on the Web Site Filtering toolbar) allows you to use either a Wizard or the "Advanced Setup" panels described here to define a filtering rule. The Advanced Setup panels allow you to define Who, When and What will be affected by the rule. You cannot save a rule until you have selected a Time Profile, the users it applies to, and the categories to be allowed or blocked. Each rule you save can be enabled as part of your filtering policy.
Step 6: Enter a Rule Name and Description. The Rule Name appears in the list of Filtering Rules and is required. The description is optional. Check "Disable this rule when it is saved" to start the rule disabled. You can Enable it when you are ready at any time using the toolbar button at the top of Filtering Rules Management.
To save a rule:
Use the Toolbar at the top of the New/Edit Website Filtering Rule box to save your rule. You will be prompted for missing information if the rule is not complete.
Step 7: Review Your New Rule. The final panel of the wizard summarizes the rule name, type, time profile, users and categories. If the rule is correct, click Finish to close the wizard and add the rule to Filtering Rules Management. If the rule is not correct, use the Back button to go back through the steps and make corrections. Cancel ends the wizard without saving the rule.
To define a filtering rule:

1. Under the General tab, enter: Rule Name - A name for the rule, up to 50 characters. Description - A description of the rule. The description may be up to 255 characters.
265
From the Selection Type list, select: All Users and User Groups - Applies the rule to all users. Specific Users and User Groups - Allows you to select users to whom the rule applies. If you are selecting specific users or groups, click on names under Available Users and User Groups. Use the Ctrl+V and SHIFT keys as needed to multiple-select. Click the > button to send the selected users to the right column. Click >> to send ALL Available Users to the Selected Users and Choose whether to start with this rule: Enabled - As soon as you save it, the rule goes into effect. Disabled - The rule will be added to the Filtering Rules list, but not activated until you click the Enable button on the Filtering Rules toolbar. Choose whether this rule will: Allow - Specify web sites that users may view, or Block - Specify web sites that users may NOT view
For example, you might create one rule to ALLOW access to your company and all work-related domains. Other rules would BLOCK undesirable domains.
User Groups list. Click < or << to send one or more Selected Users and User Groups back to the "Available" column. When the Selected Users and User Groups contain all users you want to include in the rule, continue on to When. 3. Click the When tab. This is where you set the time the rule will be in effect.
2.
Click the Who tab. Here, you specify to whom the rule applies. From the Time Profile list, select: All Times - The rule is always in effect, or Select another Time Profile that has been defined in Time Profiles Management. You cannot edit the Time Profile from this panel; the filtering schedule is shown for your information only. Go to the Time Profiles folder to create or change a Time Profile. Click the What tab. Here, you specify Categories or Category Groups to allow or block.
266
A rule change takes 5-10 Minutes to take effect. When you create a new rule or change an existing rule (and it is enabled), it will not take effect until the Client checks in with the Web Filter Server and updates its currently cached rules with the new rules. If you add a domain to be blocked, the domain may be available for several minutes before it becomes blocked. If the user has the web site open, the blocking won't occur until the user refreshes (F5) or attempts to navigate to a new page in the domain.
Use the Selection Type drop-down list to select: All Web Sites - To block (or allow) all access. Specific Categories and Category Groups - To select categories to block or allow. If you're not blocking all web sites, select a Category or Category Group in the Available column. If you wish, use the CTRL and SHIFT keys to multiple-select. Category groups (all custom) are set up in Category Groups Management. Custom categories you define in Categories Management. System categories are automatically provided with the Spector 360 Database. Click the > button to send the selected users to the Selected Categories and Category Groups column. Click >> to send ALL Available Categories to the Selected list. Click < or << to send Selected Categories back to the available column. List all categories you want to include in the rule in the "Selected" column. 4. When you have selected Who, When, and What (or made a change anywhere to an existing rule), click Save and Close to save the rule and add it to the Filtering Rules list.
267
Finding a Filtering Rule

If you end up with a long list of Filtering Rules, or rules that are somewhat complex, it may become difficult to edit and fine-tune the filtering policy. The Find tool in Filtering Rules Management allows you to focus in on the rule or rules you are looking for: by domain, by time of day, by category or category group, or by specific user. A star appears next to all rules that match your Find criteria, whether or not the rule is enabled.
Find all rules where a particular domain was specified. Domain: enter the domain you would like to find. Leave the default "All" setting in the remaining fields. A star will appear next to all Filtering Rules that include this domain. Find all rules that apply to a specific user, such as "Bill Smith." User/Group: Click the button next to this field and select the individual user, "Bill Smith." Leave all other fields at their default "All" setting. A star will appear next to all rules that affect Bill Smith. Find all rules that are in effect at 12 noon. Time of Day: Enter 12:00 PM or 12:00:00 (depending on your system's time format). Leave all other fields at their default "All" setting. When you click Find, a star will appear next to all rules in effect at noon. Find out if a domain is in a system category. Domain: Enter the domain name or IP address. Category/Group: Click the button to the right of this field and select the System Category you want to check. A star appears next to all rules that include this domain and use the system category.
To find a rule:
1. 2. 3. 4. Select Web Site Filtering and Manage Filtering Rules to display the full list of rules. Click the Find button on the toolbar. A Find Rule(s) pane opens at the top of the Web Filtering Rules list. Enter a Domain and/or change any field (see below) to specify what you wish to find. Click the Find button at the bottom of the form. If a match is found, a star appears next to the rule.
Find out if problem sites are being filtered at noon for a particular department. Category/Group: Select the defined Category Group, such as "Problem Sites." Time of Day: Set to 12:00 PM or 12:00:00. User/Group: Click the button and select the defined User Group, such as "SALES." Leave the Domain and Day setting at their default "All" setting. When you click Find, a star appears next to all rules filtering any domain in "Problem Sites," in effect at noon, which apply to users in the "SALES" department.
If no matches are found (no star appears next to a rule) to indicate a domain is blocked, you must assume users have access to the domain.
268
To clear fields:
Click the Clear button. This returns ALL fields to the default <All> setting. If you want to clear User or User Group selections without resetting other fields, open the Select User or User Group box and check the "Match All Users and User Groups" option.
To set conditions to find a rule:
Domain: The rule addresses a specific Internet domain. Enter the domain name in this field. Type the name and the top-level domain in the format domain.com, or enter an IP address (255.222.22.2). Domain names may contain letters, digits (0-9), a dot (.) and a dash (-). An IP address may contain digits (0-9) and dots (.) only. Other characters are illegal and cause a message to appear. If you are not looking for a specific domain, leave this field set to <All Domains and IP Addresses>.
Users: The rule addresses specific users or user groups. Click the button to the right of the User/Group field. This opens a box where you can select ONE User or User Group. At the top of the box you can choose to show all Users and Groups, only Users, or only Groups. You can also click on a column header to sort by that column, for example, sort by Description. Make your selection and click OK. The rules found must specifically include the User or User Group you have selected (a rule set to apply to All Users and User Groups will NOT be a match).
Time of Day: The rule blocks access at a certain time of day. Enter the time in the format used by your Windows desktop. In most cases, the format is HH:mm PM/AM, and you would type 12:00 PM for noon. If time of day is not your concern, leave the setting at <All Times>.
Day: The rule blocks web sites on certain days. Select the day from the drop-down list. The rules found must be in effect during the day specified. If you're not looking for a particular day, leave the setting at <All Days>.
Category/Group: The rule addresses a defined Category or Category Group (such as "Sports" or "Shopping"). Click the button to the right of the Category/Group field. This opens a box where you can select ONE system or custom category or one Category Group. At the top of the box you can choose to show all Categories and Groups, only Categories, or only Groups. You can also click on a column header to sort by that column, for example, sort by Description. Make your selection and click OK. The rules found must include the Category or Category Group you have selected. Check Match All Users and User Groups to clear selections in this box. This returns the Find setting to its default "All Users and User Groups" when you click OK.
269
Testing the Filtering Rules
Testing the Filtering Rules

You can test the logic of your filtering policy by applying the enabled rules to a specific domain, time of day, and user. For example, one rule may ALLOW shopping during the noon hour, but a following rule may BLOCK all such sites. A star appears next to the rule that applies, given the criteria you enter. The star indicates "Yes, this site is specifically ALLOWED (or BLOCKED) at this time, for this user." You can test a rule BEFORE you enable it, or you can test only enabled rules to make sure certain sites are blocked as expected. You can find out if:
To test the filtering:

1. 2. 3. 4. Select Web Site Filtering and Manage Filtering Rules. Click the Test button on the toolbar. The Test a Rule pane opens at the top of Filtering Rules Management. Fill in ALL fields (described below) to locate the rule (if any) that is in effect for this domain, time of day, and user. When all fields contain entries, click the Run Test button at the bottom of the form. A star appears next to the rule that effectively blocks or allows the domain for the selected user.
If there are no test results (no star appears next to a rule), the domain is neither blocked nor specifically allowed by the rules. You must assume that the user has access to the domain.
A site is being blocked at 10:00 AM, but allowed at 12:00 PM and 7:00 PM. A site is being blocked for one user, but not for another user who requires access. A site is always blocked for any selected user.
This test verifies that access to amazon.com is ALLOWED to John Smith at 1:00 PM on Wednesdays.
To set conditions to test a rule:
Domain: Enter a domain name in the format domain.com, or enter an IP address (255.222.22.2). Domain names may contain letters, digits (0-9), a dot (.) and a dash (-). An IP address may contain digits (0-9) and dots (.) only. Other characters are illegal and cause a message to appear.
Match Disabled Rules: OPTIONAL Check this box to find matches in disabled as well as enabled rules. Clear this box if you are testing ONLY the currently enabled rules.
Time of Day: Enter the time you wish to check. Use the time format used by your Windows desktop settings, such as 1:00 PM or 13:00:00.
Day: Select the day you wish to check from the drop-down list. User: Click the button next to the user field or press Enter or the Spacebar to open a Select User box. Select (highlight) the ONE user you wish to test and click OK.
270
Adding a New User
The Select User box closes and the name is entered in the User field.
Adding a New User

Normally users are added to the Database when they log in and are recorded by Spector 360. If you know the exact user name and domain (or computer for a local login account), you can ADD users and organize them in user groups before any data has been collected through recording. This can be useful in setting up Spector 360 filtering, charts, and so on, or preparing for new employees. If the New User information you enter is correct, as soon as the user logs in, Spector 360 begins storing the user's activity at the correct location in the Database.
To reset all fields and start again:

Click the Clear button. This returns all fields to the default <All> setting.
Adding a user in Users Management does NOT set up monitoring of the user. Computer monitoring begins when a Spector 360 Recorder is installed on the user's computer.
To add a new user to Spector 360:

Select Management > Users in the navigation pane. Right-click anywhere in the right pane and select New, or click New on the toolbar. The New User box appears. Enter information in the following fields and click OK to create the user in Spector 360 or Cancel to exit.
Display Name - The Display Name is used only by Spector 360 for charts, criteria selection, and other purposes. It does not have to match a name on your network. You can change a user's display name at any time using Management > Users in the Dashboard.
271
Adding a User Group
Enter up to 50 characters. By default, users are listed alphabetically by the display name.
Adding a User Group

Rather than hunting through a long list of users to make selections, Spector 360 allows you to create and select Groups of users. Select the User Groups you define when setting up Dashboard Chart Criteria, Web Filtering, Event Alerts, or Database login permissions. User Groups are defined by a Master Login and managed in the Dashboard: Management > User Groups.
User Name - The User Name is the account user name by which the user logs in to the computer and the network. This name must exactly match the user name known to the network. If in doubt, look for the user name at the Windows or Mac computer under user account information.
The Login Name is automatically supplied from your User Name and Domain/Computer Name entries.
Login Type - Select how the user logs in from the drop-down list. Local - The user logs in locally to the computer being used. Network - The user logs into the computer and into a domain network.
Computer Name - For a Local Login Type, select the computer name from the drop-down list. The computer must already be "added" to Spector 360 and known to the Database.
Domain - For a Network Login type, select the domain where the user will log in from the drop-down list. The list contains domains known to Spector 360 . You can type in a new name, but make sure it is a valid domain on your network.
For example, grouping users by department makes it easy to assign a manager a Database login account with access only to users in his or her particular department.
To group users:
The New/Edit User Group box opens when you click New in the Dashboard's User Groups Management or New Group while defining "Who" in a Web Filtering rule. Simply move available users on the left to the right column to select them for the group.
When you click OK to add the user, the new user appears will appear in Dashboard (and Control Center) lists.
272
Web Filtering Categories
Categories / Category Groups

Categories are lists of domains (Internet sites) with something in common. The Spector 360 Database provides a set of System Categories that cover types of domains from "Adult Sexually Explicit" to "Web-based Email." Custom Categories are lists of domains or folders within domains that you define and edit yourself. It's convenient to filter using the pre-defined System Categories, and then define a Custom Category to add any domains that get through the
Group Name - Name of this group, up to 20 characters, to be displayed in User Group selection lists. Description - A description for this group, up to 110 characters. Group Type - Specific Users: Lists all users in the "Available" column allowing you to select individual users for the group. All Users from Specific Domains: Lists all domains in the Available column, allowing you to select all users in one or more domains.
filter. Both System and Custom Categories are listed in the Web Filtering Categories pane. o
Available Users - The list of users or domains in the left column is available for grouping. Use the Shift and Control keys to select multiple-select. When all desired users are in the Selected list, click Save and Close on the toolbar. The window closes and the new user group appears in the list. Click > (or double-click) to send all highlighted users or domains to the right-column Selected list. Click >> to send all users or domains in the Available list to the Selected list. Click < (or double-click) to return highlighted users or domains in the Selected list back to the Available list. Click << to return all Selected users or domains back to the Available list.
SpectorSoft automatically updates your Web Filtering system database with the latest System categories and their domains.
To view categories:
Select Web Filtering tool and Manage Categories. The right pane lists all categories. System Categories are in light italics, and Custom Categories are in normal typeface.
273
Category: The name of the category that appears in filtering rule selection lists. Type: System Categories are included with the Spector 360 Databases. These include most commonly known domains and are dimmed because you cannot edit or remove them from the list. Custom Categories are those that have been defined to cover specific domains. You can edit and remove these categories. More...
To find a domain in the categories:

You can find out if a domain is included in one or more of the categories - System or Custom. If a domain is not included, you can always create a Custom Category that includes it. 1. Click the Find button on the toolbar. A Find Domain pane opens at the top of Categories Management.
Description: A brief description of the types of domains included in the category. Roll your cursor over a category for a clearer picture of a dimmed System description.
To manage categories:
Use the toolbar at the top of the window or the right-click menu. 2. 3. In the Domain field, enter the domain name (name.com, name.co.uk, name.org, and so on). Select Find in: All Categories - Search all categories in the list Custom Categories - Search only Custom Categories System Categories - Search only the predefined System Categories 4. Click the Find button. A star appears next to each category where the domain was found.
New - Create a new Custom Category. More... Modify - Change the selected Custom Category (or simply doubleclick the category). More... Delete - Remove the selected Custom Category from the database. Refresh - Update the view with the latest categories from the database. Find - Open the Find Domain pane at the top of window in order to see if a specific domain is included in one or more categories. See below.
You cannot modify System Categories. However, you can combine Custom and System Categories in a Category Group.
274
System Categories
System Categories
A "category" in Spector 360 is a list of domains (Internet sites) with something in common. "System Categories" are ready-made domain lists provided with the Spector 360 Database. For example, the Shopping System Category will include Amazon, eBay, well-known department stores and other online shopping sites. All System Categories are marked as type System in selection lists.
Use the Find button in Categories Management to see whether a domain is included in one or more of the System Categories. For example, you'll find the domain msn.com in the News and Search Engines categories.
Category Games Government Hacking Health and Medicine Hobbies and Recreation Illegal Drugs Illegal Software Job Search and Career Development Kids News Personals and Dating Phishing and Fraud Proxies and Translators Religion Ringtones and Mobile Phones Search Engines Shopping Social Networking
Description Sites offering online (non-gambling) games. Sites providing government and military related information. Sites offering hacking and cracking information. Sites providing information on personal health. Sites providing information on hobbies such as pets. Sites providing information on illicit drugs. Sites providing illegal pirate software. Sites providing information to job seekers.
Category Adult Sexually Explicit Advertisements and PopUps Chat Computer Viruses Downloads Entertainment Finance and Investment Food and Dining Gambling
Description Sites offering adult content including artistic nudity, porn, sexuality and nude lifestyles. Sites with advert servers and banner URLs. Sites with chat rooms and/or client and web-based messenger services. Sites that host virus infected files. Sites that host downloadable content including audio, video and software. Sites that promote television, radio, movies, books and magazines. Sites offering online banking and investing services. Sites offering information on cooking and eating. Sites offering online games of chance.
Sites that kids tend to waste time on. Sites providing news and weather information. Sites providing dating information and services for singles. Sites that attempt to trick people into providing personal information. Sites that offer mechanisms to bypass network security software. Sites that promote religion. Sites providing mobile/cell phone products and downloads. Sites offering Internet search engines and utilities. Sites offering online shopping, auctions and various goods and services for consumers. Sites offering social networking information and journal/diary services.
275
Defining a Custom Category
Category Society and Culture Sports Spyware Travel Violence Web based eMail
Description Sites offering information about childcare. Sites relating to sports and sports news. Sites that use spyware techniques. Sites relating to personal travel and vacations. Sites relating to promoting and depicting violence. Sites offering webmail and online email services.

A Custom Category contains the domains you specify. One Custom Category might list sites containing harmful content not covered by the System Categories. Another Custom Category might contain your own company domain and other work-related sites your employees regularly use that you want to ALLOW. Select the Web Filtering tool and Manage Categories to access the Web Filtering Categories.
You cannot modify System Categories. However, you can combine Custom and System Categories in a Category Group.
To add a new Custom Category:

1. Select Create a new Custom Category - OR Click New on the toolbar - OR Right-click and select New. You can also click New on the Custom Category box toolbar when it is open to open a cleared form. 2. 3. 4. 5. Enter a Category Name up to 50 characters. This name will appear for selection in Filtering Rules and in Category Groups. Enter a Description for the category. Select at least one domain for the category using one of the provided tabs (see below). When you are ready, click Save to save this category and add another New one now. Click Save and Close to close the box and add this category to the Web Filtering Categories list. You are prompted to save your changes if you attempt to open a another New Custom Category or close the box without saving.
276
To modify a Custom Category:

Any change to a category is applied to a Filtering Rule using that category. From the Web Filtering Categories list: 1. Double-click on an existing Custom Category - OR Click Modify on the toolbar - OR Right-click and select Modify. 2. Make changes in the Modify Custom Category box. Click Save or Save and Close to save your changes.
Dashboard users can request web site charts based on domains within Categories.
field, simply start typing to call up a list. For example, type shop to list domains starting with these letters. Select the domain or domains you want to add from the list. Use Shift and Ctrl to multiple-select. Click the Add button between the columns to add the selected domain(s) to the right-column category list.
To add a domain to a category:

Use any of the three tabbed panels to build a list of domains.
Enter IP Address - Select this tab to enter an IP address or address range. Use the asterisk (*) to indicate a range. Press Enter or click Add to add the IP address or range to the rightcolumn category list.
Enter Domain Name - Select this tab to type a domain name or specific domain subfolder. Press Enter or click the Add button to add the domain to the right-column category list.
Use any of the following formats: badsite.com www.badsite.com badsite.com/section2 For example, you may wish to allow www.google.com for searching, but block www.google.com/ig and gmail.com to block use of Gmail (Google Mail).
Instead of entering or selecting domains, you can import a list (text file) of domains into a category. See Importing Domains.
To remove a domain from the category:

Select the domain in the right-column list. Use Shift and Ctrl to multiple-select. Click the Remove button between the columns, and Save your change. The domains are removed from the category and from any active filter using the category.
Select Event Domains - Select this tab to choose from domains that have already been recorded by Spector 360 . In the Filter
277
Importing Domains to a Category
Importing Domains to a Category

When you add or modify a Custom Category, it's possible to import a list of domain names or IP addresses. This is more efficient then entering domains one by one. It is also useful when the installation is fresh, with little data to select from, or when you have an existing list of domains or IP addresses that you would like to block.
To import a list of domains:

1. Select the Web Filtering tool, Manage Categories and Create a new Custom Category or Modify the selected Custom Category to open the New/Modify Custom Category box. See Add or Modify a Custom Category. 2. 3. At the top of the box, open the File menu and select Import Domains. Navigate to and select the text file you wish to import. Click Open.
To create the import file:

Use any application to create a text file list of domains.
The file can have a .csv, .txt, or other extension, as long as the format is plain text. For example...
4.
Confirm that you want to import the selected file by clicking Yes.
Domains in the list can be separated by commas, tabs, line breaks, or spaces. The import accepts domains in the following formats: example.net example.net\subfolder www.example.net subdomain.example.org - OR - an IP address or address range in the format n.n.n.n, for example: 123.123.12.* 5. Wait for the domains to be imported. A message confirms the number of domains that were successfully imported. Even if you canceled the operation, some domains may have been imported. Click OK.
The import adds to (does not replace) domains already in the Custom Category list. The import will not "repeat" domains that already exist in the Custom Category list; duplicate domains are skipped.
278
Web Filtering Category Groups
Web Filtering Category Groups

Category Groups allow you to combine categories into a larger set of web sites. For example, you might group your custom "hate" category with the system "illegal drugs" and "gambling" categories in a single "Blacklist" Group. When you select Management tool, and Category Groups under Website Filtering, you see all Group names, types and If there is an error in the file, a message appears, and the import will only accept what it interprets as a valid domain or IP address. Accepted domains or IP addresses appear in the right-column list of domains for this category. descriptions that have been defined in the right pane. If you are just starting, there are no groups listed.
To manage category groups:

1. 2. 3. Right-click and select New, or Click New on the toolbar. The New Category Group box opens. Fill in the fields, as described in New/Edit Category Group. When you are ready, click Save and Close.
Dashboard users can request web site charts based on Categories and Category Groups.
To edit an existing group:

Any change to a category group applies to Filtering Rules using that group. Select a group in the Category Group Management right pane, right-click, and select Modify.
279
Defining a Category Group
Defining a Category Group

When you add a new Category Group or double-click an existing group, Category Group box appears. Category Groups facilitate adding "what" items to Web Filtering rules. Rather than selecting multiple categories, select one or two groups. Groups can combine System and Custom categories.
To define a category group:

1. 2. 3. Next to Group Name, type a name for the Category Group, up to 50 characters. Enter a Description of the group. The Group Type is Specific Categories. Select a Category from the Available Categories column and click > to send it to the Selected Categories column. Use Shift and Ctrl to multipleselection, or click >> to select all categories. 4. When the Selected Categories list for this group is complete, click Save and Close on the toolbar. You return to the Category Groups Management pane, and this window closes.
280
Managing Event Alerts
281
Managing Alert Profiles

Requires Master Login. Applies to Windows computers only. Spector 360 provides centralized keyword detection and alerts. Instead of browsing or searching through the recorded Dashboard data, you instruct Spector 360 to watch for sets of alert conditions, called Alert Profiles. When alert conditions are met, Spector 360 records an Alert Event and immediately notifies you or any other "operators" who need to know by email.
file transfers) among people with access to the data. As soon as a match to an alert profile appears, you get an email.
To view Alert Profiles:

Select the Event Alerts and Manage Alert Profiles . All predefined and custom profiles appear listed in the right pane. Re-sort the list of Alerts by clicking on any column heading, and refresh data by selecting Refresh (F5) on the toolbar.
Event Name: Name of the Alert Profile. Event Type: The type of events this profile watches. Each profile watches only one activity type, which can be Chat/IM, Email, File Transfer, Keystroke, Program, Web, Network, Document Tracking, or User Activity.
Enabled: No means the profile is currently disabled. Yes means it is working right now. Description: A description of this Alert Profile.
About Alert Profiles:

An Alert Profile instructs Spector 360 to watch for conditions in the recorded data. Each Alert Profile is based on one type of activity, such as Chat/IM or Email. If the Who, What, and When conditions are met,
Centralized Alerts do not apply to Macintosh computers.
an "Alert Event" is recorded, and (if requested) notification is sent to an Alert Operator. You can enable, disable, or change Alert Profiles at any time.
Examples:
To manage Alert Profiles:

Use the toolbar, Task Navigation items, the menu bar, or the context (right-click) menu to execute these commands:
You can watch for "Bullying" and "Hate" keywords in the content of Chat/IM activity initiated by suspected troublemakers. As soon as one of the words pops up in a conversation, you get an email.
If you're worried about sensitive financial data, you can create a Keyword Group containing relevant words, filenames, and file locations; and then watch for activity (email, document activity,
Add a new profile - Master Login Only: Click New on the toolbar - OR Select Add an Alert Profile - OR -
283
Provided Alert Profiles
Right-click in the right pane and select New - OR Copy an existing Profile to create a new one. More....
generated when conditions for a profile are met, but no email notification is sent until an Alert Operator is assigned to the profile. At any time, you can disable a profile or change the users, conditions, and time period to which it applies. Event Name Clock Change Event Type User Activity Document Tracking File Transfer Web Site Network Document Tracking Program Email Description Attempts to change the computer's clock settings, based on User Activity events Instances of files being copied to removable media based on Document Tracking events .EXE or .ZIP files downloaded from the Internet based on File Transfer events Any files being downloaded from a web site, based on URL type Users with more than 100,000 total bytes per day of network bandwidth Users with more than 50 printing events in one day, based on Document Tracking Instances of game programs running, based on known program names Email messages that contain (possibly) improper topics for work, based on a keyword* Chat and Instant Message conversations on (possibly) inappropriate topics, based on a keyword* Internet searches (possibly) not related to work topics, based on a keyword*
View or edit an existing profile: Standard logins with access to Alerts can view profile details. Master logins can update an Alert Profile to enable/disable it, or change profile's email recipients (operators), users to watch, conditions, or time profile. Double-click a profile in the profiles list - OR Select the profile and click Modify on the Toolbar - OR Right-click on a listed profile and select Modify . More...
Copying Files
Set up email delivery of Alert notification - Master Login Only: Click Email Configuration on the toolbar - OR Select Modify Alert Mail Configuration in the Task Navigation pane - OR Select the Alert Profile in the right pane, right-click and select Email Configuration. More... Downloading Dangerous File Downloading Files Excessive Network Use Excessive Printing Game Programs Improper Email Messages Inappropriate Chat
Show or hide disabled profiles: By default, Spector 360 shows ALL Alert Profiles that have been defined ("No" appears in the Enabled Column for profiles that have not been enabled). To show ONLY profiles that are now enabled, click to turn OFF Show Disabled Profiles on the toolbar - OR Select Show Disabled Profiles from the Edit or context (rightclick) menu. Click the button or select the menu item again to change the setting back to "Show" disabled profiles.

An Alert Profile in Spector 360 checks for conditions within the recorded data. The following set of ready-made Alert Profiles is provided with the Spector 360 Database. These profiles apply to "All Users and User Groups" and are Enabled. Alert Events will be
Chat/IM
Non-Work Searches
Web Search
284
Event Name Off-Hours Logins Social Networking Sites Suspect Web Searching Too Few Hours Too Few Keystrokes Too Much Browsing Too Much Chat Too Much Web Surfing Uncommon Search Engines Unsupported Browsers Use of iTunes
Event Type User Activity Web Sites
Description Network logins during non-office hours. Monday- Friday. 5:00 PM-9:00 AM. Anytime on weekends Visits to social networking web sites, based on a URL name or web site category** Visits to web sites with inappropriate topics or content based on a keyword* or web site category** Users with fewer than 6 hours on the computer in an 8 hour work day Users with fewer than 2,000 keystrokes in one day Users with more than two hours usage of Internet Explorer, based on Program Activity More than 10 chat sessions in one day, based on a count of Chat/IM Events Users with more than two hours usage of the Internet, based on Web Sites Visited Internet searches done with uncommon search engines (not Google, Yahoo, Bing, Live, or MSN) Use of (possibly) unsupported (on your network) Internet browsers: Firefox, Opera, Safari, Chrome iTunes running and using bandwidth to download and play music, movies, TV Shows, podcast or radio Sending or receiving webmail
Event Name Messages
Event Type
Description messages
* Keywords are defined within Keyword Groups. See the What tab for the Alert Profile. **Domains included in categories are defined within Web Filtering Categories. See the What tab for the Alert Profile.
Centralized Alerts do not apply to Macintosh computers.
Web Site
User Activity Keystroke Program
Chat/IM Web Site
Web Search Program
Program
Webmail
Email
285
Defining an Alert Profile

The panels in the New or Edit Alert Profile window allow you to view, define, or edit Who, What and When will be affected by the profile. Each profile you save can be enabled as part of your centralized alert policy. Use the Toolbar at the top of the box to save changes to this profile or start a new one. You will be prompted for missing information if the profile is not complete.
Alert Name - Enter a name for the profile, up to 50 characters. Description - Enter a description of the rule. The description may be up to 255 characters.
Enabled - As soon as you save it, the alert goes into effect. Disabled - The alert will be added to the Alert Profiles list, but not activated until you click the Enable button on the Alert Profiles toolbar.
Name the Alert Profile under General Select all or specific users to watch under Who Choose an event type and at least one condition under What Choose how often to notify and when to watch for the alert under When
Each Alert Profile is based on ONE ACTIVITY type (e.g., email or chat). It's possible to edit the provided profiles to better suit your needs.
Alert Recipients - Check the Alert Operators (defined in Alert Operator Management) who should receive email notification when this alert occurs. Click New Alert Operator to define a new operator on the spot. The New Recipient will be added to this list and to the list of Alert Operators.
Define the General profile:

Fill in these fields under the General tab:
286
Define who to watch:

Click the Who tab. On this panel, select the users or user groups you wish to watch. Leave the default "All Users" selection if the Alert will apply to everyone. Otherwise, select at least one user. Two users are being watched
Define what to watch for:

Click the What tab. On this panel, specify the alert conditions. Each Alert Profile watches ONE activity and must watch at least one activity field for words in a Keyword Group or for the entry you type. If you want to watch more than one activity, define another Alert Profile. See Alert Conditions for detailed help with this panel. Downloads of .exe and .zip files are being watched
1.
From the Selection Type list, select: All Users and User Groups - Applies the profile to all users. Specific Users and User Groups - Allows you to select users to whom the rule applies.
2.
If you are selecting specific users or groups, click on names under "Available Users and User Groups." Use the CTRL and SHIFT keys as needed to multiple-select.
1. 2. 3. 4. 5.
Select an Event Type from the drop-down list. Click the Add Field button to activate the first row. The first two columns of the first row will be blank. Under Field Name, select an event field from the drop-down list. Under Operator, select from the drop-down list how you want the contents of the event field to match the given Value. Under Value, depending on the event field, enter or select a value, keyword, or Keyword Group.
It takes only one field to set up an alert. Remember, if you are not watching All Users and User Groups, the alert applies ONLY to the users you have selected under Who.
3.
Click the > button to send the selected users to the right column. Click >> to send ALL Available Users to the Selected Users and User Groups list.
4. 5.
Click < or << to send one or more Selected Users and User Groups back to the "Available" column. When the Selected Users and User Groups contain all users you want to include in the rule, continue on to What.
287
6.
Click Add Field to activate subsequent rows and add more conditions for this particular Event Type. For a second field, select a Logical Operator (AND/OR) in the second column. If you want to add nested conditions, click on the first column to select the opening parenthesis, which always appears alone on its row. See the Alert Conditions topic for further explanation and examples. 3.
a day. The most frequent alert schedule is once every hour; and you can receive alerts as infrequently as once every 6 months. Select a Start Date. Enter a date in mm/ dd/ yyyy format or click the drop-down arrow to display a calendar. Use arrows next to the month and year to change these values, and click on a date.
Define when to watch for alert conditions:

Under the When tab, specify how often to send messages to Alert Operators, and when to watch for alerts. The watch period is the time profile Non-Office Hours
4.
Select a Start Time. The time will be in the format used by your computer's system clock. Select a time field and use the arrows to increment or decrement the value. A 12-hour clock includes AM or PM selection.
1.
Select a Time Profile from the drop-down list. The graphic schedule immediately shows green for hours when the alert is in effect and a table below the graphic lists the hours the alert is in effect. You can select: All Times - Spector 360 always watches for the alert conditions. Other Time Profiles you have defined. See Time Profiles for detailed help.
When you are finished defining or modifying the Alert Profile, click Save to save your changes or Save and Close to close the New/Edit Alert Profile window and add the profile to the list of Alert Profiles.
2.
Select an Alert Frequency. If this alert occurs, even if it occurs multiple times, the Alert Operator will receive an email message at this frequency. Use the drop down list to select Every 'n' Hours / Days / Weeks / Months. In the second field, type or select a number. The above illustration shows an Alert Frequency of once
288
Alert "What" Conditions

The WHAT tab for an Alert Profile specifies conditions that set off an alert. Keep in mind that these conditions are further limited by WHO (who is being watched) and WHEN (when watching is enabled) conditions. To begin, select an Event Type and click Add Field.
To select a value for the "What" first column:

Master Login Only. The first column is reserved for nesting parentheses. You cannot begin the first field (row) with a parenthesis. If you select a starting parenthesis:
A row is added above for a Logical Operator (AND or OR) to precede the parenthesis. A closing parenthesis is added two rows down. The nested condition must be enclosed by parentheses. You cannot make any other selections on the parenthesis row select your Field Name in the next row down, or use Add Field to add the next row.
All conditions within the parenthesis are analyzed together before going on to the next top-level condition. In the following illustration, the Keystrokes event would have to pass this test before continuing to the next condition: There are more than 8 keystrokes OR The keystrokes contain the character " mypass" AND The current window caption includes the characters "login"
The first two columns of the first row are always blank; there is no need for grouping parenthesis or a Logical Operator.
To select an Event Type:

At the top of the "What" panel, click the Event Type drop-down list. Each Event Type has its own set of fields.
To use a Logical Operator (2nd column):

The second column of the "What" panel allows you to select a logical operator before specifying another condition. You cannot use a logical operator in the first field (row).
289
AND - The previous and next conditions must both be met. For example, to find bullying words in a MySpace Chat room, your logic might be: In Chat/IM Events - Chat Contents contains words in the group "Bullying" AND - The Window caption contains the word "MySpace."
can watch Chat/IM events for Count of Events > (is greater than) 10 within an Alert Frequency of 1 Day.
To set the Operator and Value (4th and 5th columns):

Operators available for selection differ based on the Event Type and Field you select. Reviewing events in the Dashboard provides an idea of what values to enter. Some fields, such as Chat Type can only contain a set list of values (AOL/ICQ, IRC, MSN, and so on), and you must check the values to watch. For other fields you can enter any value or watch for words in Keyword Groups.
OR - Either the previous or the next condition must be met. For example, to get alerts when activity takes place in either Facebook or MySpace, your logic might be as follows: In Web Events - The Window caption contains the word "Facebook" OR - The Window caption contains the word "MySpace" Whenever there are multiple "OR" conditions for a single field, you probably can define a custom Keyword Group. You can define a "Social Network" Group that contains all sites you'd like to watch (MySpace, Facebook, Blogger, Twitter, etc.) and use the secondary Operator in group to specify that custom group as the Value. The Alert Profile would simply state: In Web Events - The Window caption is in the group "Social Networks"
When you make multiple selections "in group" or where there are specific value selections, there is an implicit OR in the value selection: For example, you can select Chat Contents "in group" of "Bullying or Drugs." You can select Chat Type events that contain "AOL/ICQ or YAHOO or MSN."
Operators
Operator Definition Greater than value entered Great than or equal to value Less than value Less than or equal to value Equal to value Not equal to value Includes the value entered or selected Does not include the value Includes any of the words from selected Keyword Groups. You can create custom groups in order to select the words you need. Does not include the words from selected Keyword Groups
> >= < <= = !=

contains does not contain in group
To choose a Field Name (3rd column):

Click the down-arrow in this column and select a file within this Event Type's data record. See the links to Event Types above for a list of Field Names available for each type (also displayed in a Dashboard Events window). not in group
Count of Events - Select this field to instruct Spector 360 to watch for an aggregated count of this activity type for one user/computer during the Alert Frequency (set under "When"). For example, you
290
Managing Alert Operators
Managing Alert Operators

Alert Operators are the people who receive email notification when Spector 360 detects a Keyword Alert condition An operator must be defined and enabled in the General section of the Alert Profile, before he or she receives alert notification by email.
To manage Alert operators:

Master Login Only
Create a new Alert Operator: In Manage Alert Operators, click New on the toolbar - OR Select Add an Alert Operator from the Task Navigation pane OR - Right-click in the right pane and select New. See New/Edit Alert Recipient. You can also define an Alert Operator while creating or editing an Alert Profile.
Edit a defined Alert Operator: Double-click a listed operator - OR - Select an operator and click on Modify the selected Alert Operator - OR - Right-click on an operator and select Modify. Use the Edit Alert Recipient box to change the name, description, email address and whether or not the operator is "enabled" to receive alerts. See New/Edit Alert Recipient.
To view Alert Operators:

Select the Event Alerts tool and Manage Alert Operators in the left navigation pane. Any operators that have been defined are listed in the right pane. Re-sort the Alert Operators list by clicking on any column heading. Click Refresh on the toolbar to update the list with the latest information.
Disable or enable an Alert Operator: An Alert Operator who is "Disabled" ("No" appears in the Enabled column) has been defined, but is not currently receiving email notification. An Alert Operator who is "Enabled" ("Yes" appears in the Enabled column) receives email as soon as alert conditions are met. You may wish to disable an operator when the person is out of the office. To enable or disable an operator, double-click on the Alert Operator in the list to open the Edit Alert Recipient box. Clear the Enabled checkbox to disable or check it to enable the operator. Click OK.
Name - A name that identifies the operator. Email - The email address where alerts are sent. Description - A description of this operator. Enabled - Yes means the operator is enabled for receiving alert notification; No means the operator is disabled and will not received alert notification messages until enabled.
Show or Hide disabled Alert Operators: By default, ALL operators are listed. To remove disabled operators from the Alert Operators list, select Alert Profiles. Double-click on a profile in the list. Under the General tab, select Hide Disabled Alert Operators. When this option is checked, any operator for this Alert Profile who has been disabled will NOT appear in the Alert Operators.
291
Defining an Alert Operator
Defining an Alert Operator

Alert Operators receive email notification when Spector 360 detects a keyword. Use either Add an Alert Operator under Manage Alert Operators, or the General portion of an Alert Profile, to define a new Alert Operator. This box also appears when you Modify an Alert Operator.
Managing Keyword Groups

When you create an Alert Profile, it's possible to type individual keywords in the "What" form, but it may be easier to use or set up a Keyword Group that covers all words you want to detect. For convenience, Spector 360 provides Keyword Groups, but you can also define your own.
System vs. Custom Keyword Groups

Spector 360 provides a set of Keyword Groups to use in your alerts and quickly cover "Bullying," "Cheating," and other categories of Recipient Name - Enter an identification or name for the recipient. Description - Type a description of the recipient or the type of alerts being sent to the recipient. Email - Enter a valid email address. The email will be sent secretly from the user's computer. Anything special to know or set up for this email? terms. The provided system groups may change with Spector 360 updates to keep current with the latest Internet problems. Obviously, not all possible words are included in each list, and some words (e.g., "plagiarism") may elicit alerts from an innocent context. Be sure to review the words, choose a list carefully, and emphasize the need for Alert Operators (Recipients) to explore the context for alerts they receive. If you want to add words to a system group, you will need to create a new, custom group. A custom keyword group can include any words, phrases, document titles, IP addresses, network paths, or other collection of characters to detect.
Enabled - Check this box to enable the Alert Operator recipient. If this box is not checked, no email will be sent to this person, even if he or she is designated as alert recipient for an active Alert Profile.
Click OK to save the recipient and the name to the Alert Operators Management list.
292
Managing Keyword Groups
To view the contents of any Keyword Group:

Select Event Alerts > Manage Keyword Groups. Double-click on a Keyword Group in the list OR - Right-click on a group in the list and select Modify. The Keyword Group window opens, revealing all words in the group in the right, "Selected" list. You cannot add or remove words from the list.
computers on the network are restarted). See Defining a Keyword Group.
Modify a Keyword Group. Make changes to a custom group by selecting it, right-clicking, and selecting Modify. See Defining a Keyword Group.
Import a Keyword Group or Groups. Right-click in the right pane and select Import. Either a CSV or XML list of keywords, formatted as described in Importing Keywords and Groups can be processed and added to the Keyword Groups Management list.
Delete a Keyword Group. You can delete any predefined or custom Keyword Group that you don't need. Select a group and click Delete on the toolbar, or right-click on a Keyword Group and select Delete. A message appears asking you to confirm the deletion and warning that you cannot undo it. Click Yes to continue (or No to cancel the operation). The Keyword Group is removed from the Dashboard and from the Database; it cannot be recovered unless a Database Backup is restored.
To manage Keyword Groups:

Master Login Only Although you cannot add to or delete from provided Keyword Groups, you can add custom Keyword Groups that target scenarios or sensitive areas in your organization.
Create a Keyword Group. Click New on the toolbar, or right-click in the right pane and select New. Pick and choose from any of the words in existing groups, and/or add your own words. You can change words in a custom Keyword Group at any time, and all Alert Profiles using that group are immediately changed (taking effect as soon as applications or
293

An Alert Profile in Spector 360 checks for conditions within the recorded data. The following set of ready-made Alert Profiles is provided with the Spector 360 Database. These profiles apply to "All Users and User Groups" and are Enabled. Alert Events will be generated when conditions for a profile are met, but no email notification is sent until an Alert Operator is assigned to the profile. At any time, you can disable a profile or change the users, conditions, and time period to which it applies. Event Name Clock Change Event Type User Activity Document Tracking File Transfer Web Site Network Document Tracking Program Email Description Attempts to change the computer's clock settings, based on User Activity events Instances of files being copied to removable media based on Document Tracking events .EXE or .ZIP files downloaded from the Internet based on File Transfer events Any files being downloaded from a web site, based on URL type Users with more than 100,000 total bytes per day of network bandwidth Users with more than 50 printing events in one day, based on Document Tracking Instances of game programs running, based on known program names Email messages that contain (possibly) improper topics for work, based on a keyword*
Event Name Inappropriate Chat
Event Type Chat/IM
Description Chat and Instant Message conversations on (possibly) inappropriate topics, based on a keyword* Internet searches (possibly) not related to work topics, based on a keyword* Network logins during non-office hours. Monday- Friday. 5:00 PM-9:00 AM. Anytime on weekends Visits to social networking web sites, based on a URL name or web site category** Visits to web sites with inappropriate topics or content based on a keyword* or web site category** Users with fewer than 6 hours on the computer in an 8 hour work day Users with fewer than 2,000 keystrokes in one day Users with more than two hours usage of Internet Explorer, based on Program Activity More than 10 chat sessions in one day, based on a count of Chat/IM Events Users with more than two hours usage of the Internet, based on Web Sites Visited Internet searches done with uncommon search engines (not Google, Yahoo, Bing, Live, or MSN)
Non-Work Searches Off-Hours Logins Social Networking Sites Suspect Web Searching Too Few Hours Too Few Keystrokes Too Much Browsing Too Much Chat Too Much Web Surfing Uncommon Search Engines
Web Search User Activity Web Sites
Web Site
Copying Files
Downloading Dangerous File Downloading Files Excessive Network Use Excessive Printing Game Programs Improper Email Messages
User Activity Keystroke Program
Chat/IM Web Site
Web Search
294
Defining a Keyword Group
Event Name Unsupported Browsers Use of iTunes
Event Type Program
Description Use of (possibly) unsupported (on your network) Internet browsers: Firefox, Opera, Safari, Chrome iTunes running and using bandwidth to download and play music, movies, TV Shows, podcast or radio Sending or receiving webmail messages
Defining a Keyword Group

You can create a new, or modify an existing, group of keywords to use in Alert Profiles. Spector 360 provides some useful, pre-defined Keyword Groups, but you may want to set up your own groups to watch for specific names, domains, file names or other data you're interested in. The following box appears when you select New in Keyword Groups, or when you double-click to open an existing group.
Program
Webmail Messages
Email
* Keywords are defined within Keyword Groups. See the What tab for the Alert Profile. **Domains included in categories are defined within Web Filtering Categories. See the What tab for the Alert Profile.
Although you can view the words in any group, you cannot modify the provided, system Keyword Groups. If you need different words, create a new Keyword Group.
To define a Keyword Group:

1. 2. In the Keyword Group box, type a Group Name and Description. These will appear in the Alert Profile selection lists. Select a tab for your keyword source. You can use both tabs to build a list of "Selected" keywords. Enter Keywords - Select this tab to create new keywords.
295
Importing Keywords and Groups
Type a word in the Keyword field. Use any characters, numbers or spaces. If you wish, type a phrase or an entire document path or URL. Click the > button to move this word to the Selected list. Keep in mind that Spector 360 looks for a match to a complete keyword. If you used the above Keyword group and Spector 360 found C:\bin\admin\documents\2008\text.txt in a field, it would set off a an alert. If it found C:\ bin\admin\text.txt, it would not. Select Keywords - Select this tab to choose words from any existing Keyword Groups.

You can import Keywords and Keyword Groups for Alert Profiles using either a text file with comma-separated values (CSV) or the XML formatting described below. This makes it possible to use other programs (such as Microsoft Excel) to collect and maintain keywords, and to import and re-import them to update your Keyword Groups. Repeated words are ignored, and new words and groups are added.
You cannot import words into the provided system Keyword Groups. You can, however, export a system Keyword Group, edit the words, and import them as a new Keyword Group.
To import keywords:
1. Double-click a word to select it and move it to the Selected Keywords list. Or, using Shift and Ctrl to multiple-select in the lefthand list, and then click the > button to move words to the Selected list. Click >> to move all words to the Selected list. Click << to move all words out of the Selected list. Click the > button to add a word to the list. To remove a word from the Selected list, highlight it and click the < button. 3. Click Save on the Keyword Group toolbar to save your changes, and Save and Close to save and close the Keyword Group window. If you attempt to close the window after making changes, you are prompted to save. 4. 2. 3. Prepare a list of keywords in a CSV (comma separated value) or XML formatted text file as described below. Select the Event Alerts > Manage Keyword Groups. Click Import on the toolbar - OR - select Import data into a Keyword Group from the Task Navigation pane - OR - right-click in the right pane and select Import. The import box appears. Select Keywords and Groups and click Next.
5.
Choose to import either a . CSV (Comma Separated Values) or an .XML ( eXtensible Markup Language) file. Directions for both are below. Make your selection.
296
6.
Click Browse to browse to and select the file you wish to import, or type the path and filename in the field. Be sure you select a file in the format you have selected. Click Open.
7.
Click Next. If the file is correctly formatted, an import box lists all keyword records about to be imported. If there is a problem with the import file, a message appears at the top of the box. The bottom of the box tells you how many records are detected, and you can use the play buttons to browse through and check the records.
A new group name creates a new, custom Keyword Group. If the group already exists, and a keyword being imported already exists, the keyword is ignored.
11. Close the window when you are finished. Each new group is listed in Keyword Groups Management, and new words should be added to any existing custom Keyword Groups.
To import a CSV File:

A CSV (comma separated values) file is a text file saved with the .csv extension (for example, words.csv). In the file, records are separated by a line break, and fields are separated by commas or tabs, using the format: Keyword,Group
If you wish, click Back to choose a different file format, or Cancel to exit the import. 8. 9. Click Import to continue at the bottom of the box to continue. If the group already exists, a message asks if you would like to replace the keywords in this group with the imported keywords. Click Yes to replace words in the group or No to add any new words to the existing group. 10. A check mark appears in the Imported column for each record that was successfully imported; an import error is noted in the Error column. If you receive errors, check the records causing the problem. The original file may need to be corrected.
Use a spreadsheet to create the list and save it as a CSV file, or
Create a plain text file from any application using comma separated values.
297
Exporting Keyword Groups
Follow the steps above to select and import the file you created.
Exporting Keyword Groups

It's possible to export Keyword Groups and manage them using another program, such as Microsoft Excel. You can export a Keyword Group to either a CSV (Comma Separated Values) or XML (eXtensible Markup Language) formatted text file. As long as you maintain the correct CSV or XML format, you can import the Keyword Group back into the Control Center after making changes. The Control Center will ignore repeated words and will automatically add new groups to its list of Keyword Groups.
You can export a system Keyword Group (such as "Bullying" or "Violence") but you can NOT import into a system group. Before re-importing a changed system group, replace the group name in the file with a custom name (such as "Bullying2"). System groups cannot be edited.
To import an XML File:

An XML file is a text file with XML markup, saved under a name with the .xml suffix (for example, words.xml). The XML for importing keywords requires a <Keywords> start and a </Keywords> end tag. Between these tags, a statement for each keyword includes the Word and Group to which the word belongs. In the example below, two words will be added to the group "Financial," and two words will be added to "Sensitive Files."
<Root> <Keywords> <Keyword Word="invoice" Group="Financial" <Keyword Word="budget" Group="Financial" /> />
<Keyword Word=" sensitivefile.doc Group="Sensitive Files" /> </Root>

1. 2.
To export a Keyword Group:

Select the Event Alerts too and open Manage Keyword Groups. Select the Keyword Group you wish to export and click Export on the toolbar - OR Select Export the selected Keyword Group from the Task Navigation pane - OR Right-click on the Keyword Group and select Export. A Save As box appears. 3. 4. Select the folder where you want to save the file and enter a File Name. Next to Save as type, select Comma Separated Values (*.csv) or eXtensible Markup Language (*.xml).
Import Rules
When you import keywords, the following rules apply:
If a required field is missing, a message informs you that "Some records do not have the required information. Continue processing the file?" If you choose to continue the import, the records with errors will be skipped and all valid records will be imported.
If a keyword already exists in the group specified by the import file, the record will not be imported. If an imported keyword is assigned to a group where it does not yet exist, it is added to the group. If a Keyword Group does not exist, it is added.
298
Alert Email Configuration
5.
A message appears when the export is complete and asks if you would like to open the file you just created. The file has been created at the location you request in exactly the same format as required for import. Click Yes to open the file now, or No to close the message box. An XML file opens in the default application or Internet browser.
Alert Email Configuration

To set up Keyword Alert notification for Keyword Operators, you must configure how the email will get to the designated email addresses.
To configure email delivery of an Alert Profile:

Right-click on a profile in Alert Profiles Management and select Email Configuration or (in the Edit Profile window for an Alert Profile) click the Configure Email button.
A CSV file opens in the default application, such as Microsoft Excel.
From Email Address: The email address from which alert notification will be sent. From Friendly Name: Any name to identify the email alert source. SMTP server: The name of the computer, domain, or IP address of the mail server used by the default email client on this computer. For example, the SMTP Server might be a computer
299
Printing Event Alerts
named SERVER1 or the domain mail.mywebsite.com. An IP Address would have the format 11.22.33.44.

The Add or Modify Event Alert box allows you to print a formatted report on this alert, including whether the alert is enabled, all alert recipients, users or user groups being watched ("Who"), conditions for the alert ("What"), and the time profile and frequency ("When").
Send Timeout: The period of time in seconds to continue attempting to send the email before timing out. The default is 130 seconds.
Port Number: The port from which to send the Alert notification email. The default is 25, a standard outgoing SMTP port. Use SSL: Check this box if you wish to use Secure Socket Layer encryption for security of the email. This must be supported by your mail server.
To preview the printed alert:

At the top of the Add or Modify Alert box, select File > Print Preview from the menu bar. A Print Preview box opens, providing a thumbnail view of the printed Alert report. Use the Page arrow buttons to view all pages of the report.
Logon Type: How the email server will be accessed. Windows Credentials - Select to use your Windows login and password to access the Task Scheduler to send the email. Login and Password - Select to enter a User Name and Password to access the email server.
Click OK to configure the email and close the box. Click Cancel to close the box without changing the configuration.
300
To change the page format:

At the top of the Add or Modify Alert box, select File > Page Setup from the menu bar. A standard Page Setup box opens, allowing you to set paper size, margins, landscape or portrait orientation, and select a printer on the network.
To print an alert report:

Select the Print icon on the Print Preview box to send the report directly to the printer - OR - select File > Print from the Add or Modify Alert box menu bar. A standard Print dialog box opens allowing you to select a printer, number of copies to print and so on.
301
Time Profiles
Managing Time Profiles

Requires Master Login. To create an Alert Profile or a Web Filtering rule, you need to select a Time Profile that specifies WHEN to apply the profile or rule. Select Time Profiles to view each available Time Profile. Each Time Profile is also available for selection under the WHEN tab for an Alert Profile or a Filtering Rule.
To manage Time Profiles:

Master Login Only. Use the toolbar or the right-click menu in the Time Profiles Management pane.
New: Define a new profile. More... Modify: Edit a Time Profile. More... Delete: Remove the selected Time Profile from the database. Refresh: Update with the latest data and changes. Details: Select Show All to show the day-by-day schedule for each listed Time Profile. Select Hide All to view only the Time Profile names.
To view Time Profiles:

Select the Management tool and Time Profiles in the left navigation pane. Initially, only the provided Time Profiles are displayed. You can change the times for these profiles and add new ones.
Profile Name: The name of the defined Time Profile. Click the (minus sign) next to a profile name to close up details, or the + (plus sign) button to open the daily schedule for the Time Profile.
Description: Change the Description of the Time Profile when you add or edit a Time Profile.
302
Defining a Time Profile
Defining a Time Profile

You can define a schedule to use with either Web Filtering or Event Alert profiles. Each Time Profile you add will be displayed for selection when you create a Web Filtering rule or an Alert Profile.
color in filtering time in the grid, the days and times you select are listed below the grid. The list is for your information only; to make changes, click and drag on the calendar grid.
The time period is shown with the cursor position.
To define the Time Profile:

Click New or right-click and select New in the Time Profiles Management folder under Website Filtering or under Alert Profiles. Enter the following information.
The selected time periods are listed below the schedule graphic.
Name: Enter a profile name up to 50 characters. Description: The Time Profile description appears next to the profile selection when you are defining the filtering rule. Describe the schedule and, if you like, include instructions for using it. The description may be up to 255 characters.
Keyboard shortcuts: Use Alt+L to place focus immediately in the When to Filter schedule. Use the arrow keys to position the cursor. Hold down Shift and use the arrow keys to color (or remove color from) the schedule grid.
To save the profile:

Click Save or Save and Close on the toolbar to save the profile or save and close the window.
When to Filter: In the calendar grid, click on date/time squares to color them. Colored areas define the filtering times. Hold down the mouse button and drag to color an area. Click a time column heading to color that time for all days, or click a day row heading to color all times in that day. Drag over colored areas to clear them. Dragging over colored AND blank areas colors all areas.
To create another profile:

Click New on the toolbar at the top of the window. If you have not saved your current Time Profile, you are prompted to do so. The Time Profile form clears and you can enter a name, description, and filtering times for the new profile.
In the above illustration, the profile would apply to Sun-Wed, from 1:45 to 5 AM and from 12 to 1 PM and NOT at other times. As you
303
Developer Tools
A Simple API to the Database

Developer Tools It is possible to retrieve data directly from the database for use in other applications or processes. This section provides information on those tools. The Spector 360 Database provides a stored procedure that allows you to access data directly from the database to use for other purposes. Only the System Administrator login can access this stored procedure. Remember to take into account any permissions (i.e., "read" access to Attachment and Snapshot files) necessary for accessing the data.
A call to the stored procedure requires a value for EventType_ID, StartDate and EndDate. Other parameters are optional. If you use the parameter names in the call, the order and inclusion of optional parameters will not be required. If you do NOT use the parameter name (supply just the value) all parameter values must appear in the order shown.
EventType_ID:
Integer, REQUIRED argument The first parameter (integer) specifies the type of records to retrieve (Programs, Web Sites Visited, Email, Keywords, etc.). Each Event Type ID and the fields it retrieves are outlined in the following tables.
Definition
The ReturnRawDataSet stored procedure retrieves a list of records (with all data fields) for one event type within a time range. Seven possible parameters allow you to specify the data you want. For example, the procedure could retrieve all Email events from January 1-10 for user Bill Smith (on the CHICAGO domain) recorded on any computer. The procedure would be called as follows:
ID 1 2 3 4 104 5
EVENT TYPE Program Events Web Site Events Snapshots Email Events Email Attachments Keystroke Events Chat/IM Events File Transfer (P2P) Events Keyword Alerts Network Events (Port) Document Tracking Events User Activity Online Searches
EXEC SPCTR_ADMIN.dbo.usp_Utility_ReturnRawDataSet @int_EventType_ID = 4 ,@int_TransactionID = 0 ,@dte_StartDate = '2008/01/01 00:00:00' ,@dte_EndDate = '2008/01/10 23:59:59' ,@int_MaxRowCountPerRequest = 0 ,@str_FullLoginName = 'CHICAGO\bsmith' ,@str_ComputerName = ' '
7 8 10 11 12 13 14
304
TransactionID:
integer, OPTIONAL argument Default = 0
StartDate / EndDate: datetime, REQUIRED arguments The required StartDate and EndDate parameters specify the beginning and end of the date and time range for the data you want to retrieve. Data records are stored by date and time and usually are retrieved sequentially from earliest to latest within the time range (see the note above). Only records within the date range will be retrieved. Be sure to use the format: yyyy/mm/dd hh:mm:ss No milliseconds are used. For example, the following call retrieves all Program records for all users from midnight, January 1, to a second before midnight, January 5 (up to the default limit of 50,000 records).
The transaction (record) to use as a starting point. Each record inserted in the database is associated with a Transaction ID. A Transaction ID value of 0 (zero) begins a count of Transaction IDs retrieved. Use the Transaction ID to control the row pointer for successive calls. For example, if 5889 records are retrieved in the first call, to get the next segment of data, the subsequent call would specify: ,@int_TransactionID = 5889 If you use the MaxRowCount argument, the number of rows (records) you specify will be retrieved as a maximum. If you do NOT use the MaxRowCount argument, a maximum of 50,000 records will be retrieved. To retrieve the next set of records beyond the maximum, you need to use: ,@int_TransactionID
= 50000
Transaction IDs vs. Dates Transaction IDs are retrieved sequentially in the same order in which the records were inserted in the database. However, you cannot assume that Transaction IDs will also be ordered by date. Example: A sales person disconnects from the network for 5 days, returns to the office, and all recordings are uploaded at that time. Transaction IDs from the salesman's data are ordered as they were inserted in the database, while the recording date/time of each transaction accurately reflects the time of the recording:
EXEC SPCTR_ADMIN.dbo.usp_Utility_ReturnRawDataSet @int_EventType_ID = 1 ,@dte_StartDate = '2008/01/01 00:00:00' ,@dte_EndDate = '2008/01/05 23:59:59'
MaxRowCountPerRequest integer, OPTIONAL argument Default = 0, or 50000 rows Use the Maximum Row Count parameter to specify the maximum number of rows to return for each call to the procedure. The number of rows actually returned may be fewer, but will not exceed this maximum. This parameter allows you to expand the maximum if you need to retrieve more than 50k records in a single call, or reduce the maximum if your processing resources are limited. If you omit this parameter or use the default 0 value, the maximum rows retrieved per call will be 50,000.
Transaction 1 - Recording date was 2008/01/20 employee Transaction 2 - Recording date was 2008/01/21 employee Transaction 3 - Recording date was 2008/01/15 salesman Transaction 4 - Recording date was 2008/01/16 salesman Transaction 5 - Recording date was 2008/01/22 employee
305
Requesting a large number of data records will consume disk and memory resources on your database machine. Be especially careful when requesting content-heavy events, such as Email or Keystrokes. If the database machine is being used for other processes, we recommend using the default 50K row limit or setting an even smaller maximum row count.
1 - Program Events
ID 1 1 2 3 4 5 6 7 8 9 10 11 Fields Returned Program StartDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName TotalTime FocusTime ActiveTime WindowCaption ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) int int int varchar(128) varchar(50) Data Type (max)
FullLoginName: varchar(128), OPTIONAL argument Default = empty string, or all users Use the Full Login Name string parameter (maximum 128 characters) to retrieve data recorded for an individual user. You can omit this parameter (or pass an empty string) to retrieve event records for ALL users. Use the complete Domain\Username specification, as listed in the Dashboard Management Users list, or as returned by this procedure without this parameter.
FullComputerName: varchar(128), OPTIONAL argument Default = empty string, or all computers Use the Computer Name string parameter (maximum 128 characters) to retrieve data recorded on a single computer. You can omit this parameter (or pass an empty string) to retrieve event records for ALL computers. Use the complete computer name specification, as listed in the Dashboard Management Computers list, or as returned by this procedure when this parameter is not used.
2 - Web Site (URL) Events

ID 2 1 2 3 4 5 6 7 8 9 Fields Returned URL StartDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName TotalTime FocusTime ActiveTime datetime int varchar(255) varchar(255) varchar(512) varchar(128) int int int Data Type (max)
306
ID 10 11 12 13 14 15
Fields Returned URI HostName DomainName WindowCaption URL ComputerSerialNumber
Data Type (max) varchar(50) varchar(256) varchar(256) varchar(128) varchar(3072) varchar(50)
UNCPath returns a string value containing the (Universal Naming

Convention) path where you can access the snapshot files. The snapshot files themselves are not returned.
Filename is the name of the snapshot data file. EncryptKeyType returns the encryption type for snapshot files:
0 = non-encrypted format 1 = Internal encryption 2 = 3DES encryption You can use the Snapshot converter (ExportFile) to decrypt the snapshots for viewing outside of a SpectorSoft product.
3 - Screen Snapshots
ID 3 1 2 3 4 5 6 7 8 9 10 11 12 Fields Returned Snapshot StartDateTime TransID ComputerDomainName ComputerName FullLoginName EndDateTime UNCPath FileName SnapshotCount EncryptKeyType EncryptKeyGUID ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) datetime varchar(512) varchar(128) int int varchar(40) varchar(50) Data Type (max)
EncryptKeyGUID returns the key that you will need to decrypt

the files if 3DES encryption was used. Encryption type is set in the Data Vault Properties.
4 - Email Events
ID 4 1 2 3 4 5 6 7 8 9 10 11 12 Fields Returned Email RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName AttachCount IncomingFlag EMailType EMailBodyType FromName FromAddress datetime int varchar(255) varchar(255) varchar(512) varchar(128) int int varchar(12) varchar(64) varchar(128) varchar(128) Data Type (max)
Notes about Snapshot Events:
307
ID 4
Fields Returned Email
Data Type (max)
13
14 15 16 17 18 19 20 21 22 23 24 25 26
ToNameAddress Subject CCNameAddress BCCNameAddress EncryptedFlag TooBigFlag UnsentFlag BodyErrorFlag AttachErrFlag AttachOffFlag WebMailHost BodyDisplay BodyText ComputerSerialNumber
blob varchar(512) blob blob int int int int int int varchar(256) blob blob varchar(50)
SPCTR_ADMIN.dbo.usp_Utility_ReturnRawDataSet @int_EventType_ID = 104 ,@int_TransactionID = 0 ,@dte_StartDate = '2006/01/01 00:00:00' ,@dte_EndDate = '2006/01/10 23:59:59'
104 - Email Attachments

For email events returned (event type 4) that have file attachments, a call made to Event Type 104 returns the following fields. ID 104 1 2 3 4 5 6 7 8 Fields Returned Email Attachment TransID AttachedFileName AttachmentName FileSize UNCPath EncryptKeyType EncryptKeyGUID ComputerSerialNumber int varchar(100) varchar(256) int varchar(512) int varchar(40) varchar(50) Data Type (max)
For email attachment information, make a call to Event Type 104, as described below. The first call below to Event Type 4 returns the first 50,000 (maximum) email events for the given date range. The second call to 104 returns all email attachments matching the email events returned in the first call.
Notes about Email attachments:
UNCPath returns a string value containing the (Universal Naming Convention) path where you can access email attachment files. The email attachment files themselves are not returned.
SPCTR_ADMIN.dbo.usp_Utility_ReturnRawDataSet @int_EventType_ID = 4 ,@int_TransactionID = 0 ,@dte_StartDate = '2006/01/01 00:00:00' ,@dte_EndDate = '2006/01/10 23:59:59'
EncryptKeyType returns the encryption type for email attachments: 0 = non-encrypted format 2 = 3DES encryption If 3DES encryption was used, the EncryptKeyGUID field returns the key that you will need to decrypt the files in this standard
308
format. Encryption is set in the Control Center Properties for the Data Vault.
7 - Chat/IM Event
ID 7 Fields Returned Chat 1 2 RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName ChatDataFormat ChatType ProtocolType ChatUserName ChatRemoteUsers WindowCaption ChatData ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) varchar(20) varchar(20) varchar(20) varchar(128) varchar(1024) varchar(128) blob varchar(50) Data Type (max)
5 - Keystroke Event
ID 5 1 2 3 4 5 6 7 8 9 10 11 12 Fields Returned Keystroke StartDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName FormattedKeyCount WindowCaption KeyboardLocale CharacterSet KeystrokeCombined ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) int varchar(128) varchar(20) int blob varchar(50) Data Type (max)
3 4 5 6 7 8 9 10 11 12 13 14
Notes about Keystrokes:
KeystrokeCombined returns all text representation of Unicode from all keys and key combinations for the event.
309
8 - Files Transferred (P2P)

ID 8 1 2 3 4 5 6 7 8 9 10 11 12 Fields Returned Files Transferred RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName P2PAction P2PProtocolType IPAddress FullDomain FileName ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) varchar(20) varchar(20) varchar(50) varchar(256) varchar(256) varchar(50) Data Type (max)
ID 10 9 10
Fields Returned Keyword IPAddress ComputerSerialNumber
Data Type (max)
varchar(50) varchar(50)
11 - Network Event (Port)

ID 11 1 2 3 4 5 6 7 8 9 Fields Returned Network Activity StartDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName IPAddress Port HostName DomainName ConnectionCount TotalTimeMS TotalBytes ReceivedBytes SentBytes ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) varchar(50) int varchar(256) varchar(256) int int int int int varchar(50) Data Type (max)
10 - Keyword Alert
ID 10 1 2 3 4 5 6 7 8 Fields Returned Keyword RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName Keyword KeywordSource datetime int varchar(255) varchar(255) varchar(512) varchar(128) varchar(50) varchar(20) Data Type (max)
10 11 12 13 14 15 16
310
12 - Document Tracking Event

ID 12 1 2 3 4 5 6 7 8 9 Fields Returned Document Tracking RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName DocDeviceType DocDeviceName DocAction ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) DocDeviceType varchar(128) varchar(12) varchar(50) Data Type (max)
14 - Online Search
ID 14 1 2 3 4 5 6 7 8 9 10 Data Type (max) 11 Fields Returned Web Search StartDateTime TransID ComputerDomainName ComputerName FullLoginName ProgramName TotalTime FocusTime ActiveTime URI HostName DomainName WindowCaption URL ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(128) int int int varchar(50) varchar(256) varchar(256) varchar(128) varchar(3072) varchar(50) Data Type (max)
13 - User Activity
ID 13 1 2 3 4 5 6 7 8 9 10 Fields Returned User Activity RecordedDateTime TransID ComputerDomainName ComputerName FullLoginName ActionDescription StartDateTime EndDateTime TotalTime ComputerSerialNumber datetime int varchar(255) varchar(255) varchar(512) varchar(50) datetime datetime int varchar(50)
12
13 14 15
311
Snapshot Export Control

Developer Tools A Snapshot "Export Control" makes it possible to access Screen Snapshots and Email Attachments without using the Dashboard interface. The Spector 360 installation includes a COM (Component Object Model) interface with an Export Control that allows you to decrypt the files or programmatically output selected Screen Snapshots in .AVI video format. You need only the Export Control .dll, access to the File Storage Location, and a program set up as described below.
If you have upgraded your Spector 360 installation - It will be necessary install the NEW Export Control (ExportCtl2.dll) file. Because this is a new control with new arguments and methods, you will need to register the .dll before use. The new version of the control includes the ability to decrypt a file and enhances the ExportAsAVI function to export snapshots encrypted with 3DES.
To uninstall the control:

Open the Windows Start menu and use the Run command and execute the following command:
Regsvr32 /u <LocalPath>\ExportCtl2.dll
To access and use the control:

Once the control is installed, you should be able to access the interface with any COM-enabled language, such as C++, C#, or Visual Basic. First, create an object of type ExportCtl2Lib.SpecExport. Use this object to call methods from the Export Control in your program as follows. An example of a C# program is shown below the list of arguments.
ChooseCodec() Calls the interface that allows a user to choose which Codec the control should use, and stores this information in the registry. This method has no arguments. The interface allows selection of a codec, some of which allow adjustments to compression quality. Call this function before calling ExportAsAVI() unless PromptForCodec is set to TRUE within the export function.
To install the control:

6. 7. Locate the ExportCtrl2.dll file in your Spector 360 installation folder Copy it to the local system where you will run it, if necessary, or register it from its original location. Open the Windows Start menu and use the Run command to execute the following, where <LocalPath> is the folder where the .dll file resides:
ExportAsAVI() This function exports an AVI file from a set of image files. The function uses the following arguments (in order): Files (array of strings) The array specifies names of files to load. To obtain the filenames of screen snapshots, run the Simple Database API Stored Procedure with the Event Type ID of 3. The filename is returned in the 8th field of each retrieved record.
Regsvr32 /i <LocalPath>\ExportCtl2.dll
For example:
Regsvr32 /i C:\tools\ExportCtl2.dll
312
EncryptKeyTypes (array of integers) Specifies the encryption method for each file in the above array (they can be mixed). This array must be in alignment with the Files array. See Encryption Key Types below for valid values. EncryptPasswords (array of strings) Supply the password for each element in the above Files array. The Files and Passwords arrays must be aligned, so that the first element in Passwords specifies the password for the first element in Files. Obtain the passwords from the same procedure used above; the password is returned in the final two encryption key fields (type and GUID). SnapCounts (array of integers) Each integer specifies the snapshot count for each file. Obtain the count from the above procedure; the count (integer) is returned in the 9th field for each record. OutFile (string) Specify the name of the output .AVI file. The resulting video will be stored at the location and under the name you specify. BeginDate ( DateTime) Specify the beginning of the date and time range you wish to include in the export. Use the format: yyyy/mm/ dd hh:mm: ss EndDate ( DateTime) Specify the ending of the date and time range to export. Only snapshots within the range will be included in the resulting .AVI. Use the format: yyyy/mm/ dd hh:mm:ss PadSeconds (BOOLEAN) Allows creation of an .AVI that plays close to real time. If TRUE, the export function will fill in any missing seconds (where there are no snapshots) by duplicating the previous frame. One pad frame is inserted for each second there is no new snapshot. If FALSE, no padding is supplied, and the frames are simply inserted directly from the available snapshots, one after another. PadThreshold (integer) Only valid if PadSeconds is TRUE. Specifies the maximum number of frames to insert between time
gaps. If the number of seconds (with no new snapshots) is greater than this value, the function will not insert ANY padding between those two frames. In the example below, the PadThreshold is set to 900. This means if a gap of 500 seconds occurs, 500 pad frames will be inserted. If a gap of 900 seconds occurs, no padding is used; the movie jumps directly to the next segment of user activity. Fps (integer) Specifies the Frames Per Second value for the .AVI file; this is the speed at which snapshot frames are displayed in the movie. PromptForCodec (BOOLEAN) If TRUE, then a UI will be displayed allowing the user to choose the Codec (see illustration above). This is the same UI that is displayed in a call to ChooseCodec(). If FALSE, then ChooseCodec() must have been called manually BEFORE the ExportAsAVI() command is first issued, otherwise this function will fail.
ExportAsImages() This function is not yet implemented. ExportFile() - Decrypts any attachment or snapshot file. Uses the following arguments: SourceFileName (string) Specifies the full path to the encrypted source file. DestFileName (string) Specifies the full path to the decrypted destination file. The argument must include path and filename information. EncryptKeyType (integer) Specifies the encryption method used in the source file ( SourceFileName). See Encryption Key Types below for valid values. EncryptPassword (string) Specifies the password for SourceFileName.
313
Encryption Key Types

Value 0 1 Encryption No encryption. If 0 is specified as the Encryption Key Type in ExportFile or ExportAsAVI, the file is simply copied. Internal SpectorSoft encryption. Applies to Spector 360 Snapshot files. If 1 is specified in ExportFile or ExportAsAVI, the file is decrypted for export. 3DES encryption. Applies to any file using 3DES encryption, either Attachments or Snapshots. If 2 is specified in ExportFile or ExportAsAVI, the file is decrypted for export.
Export an AVI with Internal Encryption

The following C# example shows export of an AVI file using internal encryption. The final line is the function call (specExport.ExportAsAVI) and has no line breaks.
ExportCtl2Lib.SpecExport2 specExport = new ExportCtl2Lib.SpecExport2(); DateTime dtStart; DateTime dtEnd; int[] counts = new int[1]; string[] fileNames = new string[1]; int[] encryptionTypes = new int[1]; string[] passwords = new string[1]; fileNames[0] = "c:\\spectorsoft\\data\\snapshots\\B50A8499DF7D5EE1C2F 741DA47DF60DC4BFB008E.yml"; encryptionTypes[0] = 1; passwords[0] = "testpass"; counts[0] = 34; dtStart = DateTime.Parse("March 02, 2008 00:00:00"); dtEnd = DateTime.Parse("March 03, 2008 00:00:00"); object object object object objFiles = fileNames; objTypes = encryptionTypes; objPass = passwords; objCounts = counts;
Decrypt a Snapshot File (Internal Encryption)

The following C# example decrypts a snapshot file using Internal encryption. The final line is the function call ( specExport.ExportFile) and has no line breaks.
ExportCtl2Lib.SpecExport2 specExport = new ExportCtl2Lib.SpecExport2(); specExport.ExportFile("c:\\spectorsoft\\data\\snapshots \\B50A8499DF7D5EE1C2F741DA47DF60DC4BFB008E.yml", "C:\\spectorsoft\\decrypted\\Decrypted.sdf", 1, "testpass");
Decrypt an Attachment File (3DES)

The following C# example decrypts an email attachment file (.jpg) using 3DES encryption. The final line is the function call (specExport.ExportFile) and has no line breaks.
specExport.ExportAsAVI(ref objFiles, ref objTypes, ref objPass, ref objCounts, "c:\\spectorsoft\\exported\\testavi.avi", dtStart, dtEnd, true, 900, 1, false);
ExportCtl2Lib.SpecExport2 specExport = new ExportCtl2Lib.SpecExport2(); specExport.ExportFile("c:\\spectorsoft\\data\\attachmen ts\\attach012949e.1", "C:\\spectorsoft\\decrypted\\attachment.jpg", 2, "{81EACCAC-A927-4f50-A8F3-6177DCB153C9}");
314
Troubleshooting
Troubleshooting
SpectorSoft is committed to providing you with the best overall product experience. Our products are designed with superior quality and ease of use in mind, but we understand that issues do arise from time to time that require outside help. Follow these steps to get answers to questions when you are having trouble.
removing installed files. Although SpectorSoft continually improves and updates the Recorder stealth so it will not be detected, software vendors also continually update their "risks." Refer to the Spector 360 Deployment Guide for proactive solutions that exclude SpectorSoft from scans and prevent detection from happening in the future. Consult the Knowledge Base for specific instructions in adjusting settings in major antivirus / anti-spyware packages, such as McAfee and Symantec.
Check for Updates Minor updates between the major releases are provided free of charge in order to provide continuous support for the ever changing email, instant message, and web browser programs that we record. These updates may also contain minor functionality improvements and software bug fixes. Make sure you frequently check for an updated Recorder Version.
Update Your Virus Protection and Windows Files Improper recording may result when there are underlying Windows issues on your computer, for example unwanted viruses, software conflicts, or an out-of-date Windows program. Spyware applications that sometimes accompany Internet downloads can interfere with Windows and with SpectorSoft software. Keep your systems clean!
Consult the Spector 360 Guides Consult the Troubleshooting topics in this guide. Other Spector 360 guides to consult are: Spector 360 Deployment Guide Spector 360 Dashboard Guide Consult our Knowledge Base by clicking the link at the bottom of this page.
Email or Call Technical Support When all else fails, contact Technical Support.
Read the Support FAQs Visit Technical Support's Online FAQs (Frequently Asked Questions) to view the most common and easiest to resolve support requests. You will be required to enter your registered Serial Number.
Antivirus/Anti-spyware Detection Many times trouble with Spector 360 recording has to do with antivirus or anti-spyware software detecting and quarantining or
315
Contacting Technical Support
Contacting Technical Support

If you have gone through all general Troubleshooting steps and checked all topics that pertain to your issue in the Troubleshooting section of this guide, you may wish to contact Technical Support.
Log File Technical Support may request that you send a Server or Recorder log file. They may ask you to send this log file to (see below) to assist in solving the problem.
Additional Information The Troubleshooting Help topics for each type of recording will give you a list of other information to send.
To contact Technical Support by email:

Select the Home button and Contact SpectorSoft - OR - Select Help > Contact Technical Support from the menu bar. A browser window opens to the SpectorSoft web site. Your serial number will already be entered.
To increase the level of logging:

Technical Support may ask you to increase the level of logging for the area where you are having trouble. For example, the Recorder log file is normally set to the lowest detail level in order to save space on the local computer. Refer to the following topics:
To be prepared:
To fully describe your problem to Technical Support by email or by phone, have the following information available:
Recorder Computer Windows OS Version The operating system and version running on the recorded computer. This is available from My Computer Properties such as Windows XP Professional, Version 2002, Service Pack 2.
Viewing a Recorder Log File Viewing a Server Log File Viewing the Control Center Application Log
Server Computer(s) Windows OS Version If the problem pertains to a Server Component, have the operating system and version of that computer ready.
Server Component Versions Check the Control Center's Help > About for the installed Control Center and Database version. In the Control Center's Servers list, right-click each Server and select Modify to display the Properties where versions are listed at the bottom of the box.
Client Recorder Version Note the Recorder Version used on computers where you are having a problem. The installed Recorder version is listed for each computer in question in the Control Center's Computer > Manage Computers list under "Recorder Version" such as V7.0(1009). The version 7.0 is followed by the build version in parentheses.
316
Viewing the Control Center Log
Viewing the Control Center Log

The Control Center application maintains a log of its own activities. The log file includes each action, its date and time, and success (or lack of success). This can be useful for troubleshooting problems you may be having.
The Control Center application log is different from the Control Center Server (CCS) log. See Viewing the Server Log File.
To use the log file menu bar:

Select File > Open to open older log files. Select File > Save As to save the log file. The default file name is SpectorControlCenter-yyyy-mm-dd.log Select Edit > Copy to copy selected rows to the Windows Clipboard. Select options from the View menu to filter the type of data displayed.
To view the Control Center log:

Select Help > Technical Support Diagnostics > View Log File from the Control Center menu bar. Sort the messages shown in the log file by clicking on a column header. Each log entry has the following columns:
Errors - Display only errors that have occurred. Error messages appear in red typeface. Warnings and errors - Display only warnings (in blue) and errors (in red). Information, Warnings, and Errors - Display all messages in the log file.
Use the Window menu to switch to main Control Center window or another open window. Use Refresh to update the information shown in the log.
Program - Program where activity occurred. Type - Type of message logged: Information, Warning, or Error. When - Date and time activity was logged. Level - Level of severity. PID - Identifies the running process. TID - Identifies the thread where the log statement is generated. Message - A description of the activity, warning, or error logged.
317
Troubleshooting Recorder Installation
Recorder Installation
Antivirus is preventing installation:

If the Recorder install task has completed, and a license is reserved, but the Recorder status reads "Not Installed" under Manage Computers and no activity is recorded, antivirus or anti-spyware software may be detecting and preventing the installation. You need to exclude SpectorSoft files from scanning either from the antivirus/antispyware server or at each computer. 1. 2. First, check the antivirus software to see if SpectorSoft files have been detected. Disable antivirus/anti-spyware scanning before attempting to reinstall SpectorSoft components. Instructions for disabling various programs are provided in the SpectorSoft Knowledge Base. 3. Exclude the Recorder files from scanning. A list of all Recorder files installed is provided in the Spector 360 Deployment Guide and Knowledge Base. 4. At the Spector 360 Control Center, make sure you have the Recorder option to install with fixed filenames enabled. Re-install the Recorder on computers. 5. Re-enable antivirus/anti-spyware scanning to protect your network.

You can tell if the Spector 360 Recorder is properly installed from Manage Computers view. For each recording computer you should see:
Computer Status - Recording Recorder - Installed Recorder Version - Displays a version number Last Recording - Date and time of last data sent Profile Name - Profile settings installed
If you do not see these indicators following installation, or if the Recorder appears to be installed but is not recording, read this section.
Computer is "Not Detected":

If a computer remains "Not Detected" in the Control Center Computers list, it is not on the network, does not have the required Windows settings enabled, or you have not logged in using an Administratorlevel account with access to that computer. Try this...
Check the account credentials for the Control Center Server. The Server must have domain administrator access to computers. Test connection to and, if necessary, enable the Administrative Share (C$) on the remote computer. Test for and, if necessary, enable Remote Registry Services on the remote computer. Test for and, if necessary, enable File and Printer Sharing on the remote computer.
Recorder State remains "Pending":

When a Recorder Install is executed, the Recorder column indicates the installation is "Pending." In a normal Recorder install, the Client Bootstrap service is deployed to the computer, the Recorder .sds file is downloaded and installed, and the "Pending" status changes to "Installed." If you continue to see "Pending" after the Recorder computer reboots (or is manually rebooted) and after time passes:
The Recorder install file could not be downloaded to the computer. Or, the bootstrap service was never installed.
Try this...
318
1.
Refresh the view. Make sure the Control Center is updated with the latest information from computers. Click Refresh.
2.
Verify that the scheduled install time has really passed. The installation is activated by the time on the computer where the Recorder is being installed. If there is a difference in system clocks, the install may not happen because the time has passed, or the install may happen later than you think. To find out how a computer clock is set, type: net time \\ computername where computername is name of the computer in question.
Recorder Version is "V0.0 (0000)":

If you see V0.0 (0000) in the Recorder Version column, the Recorder software has been installed, but is not communicating with the Recorder Client Service and no recording is taking place. You may need to reinstall the Recorder. Try this... After installation, the Recorder Client Service attempts to contact the Primary Server once every minute in order to establish the initial communication and receive the computer software license. When communication is established, the Recorder version is displayed in the Manage Computers view. If communication and license verification does NOT occur, the Recorder will not record. 1. Refresh the view. Make sure the Control Center is updated with the latest information from computers. In the Manage Computers view, right-click on computer without a recorder and select Refresh. 2. 3. Check the Primary Server. Make sure the Primary Server is on the network and running. Re-install the Recorder. In the Manage Computers view, right-click on the computer and select Install Recorder. Check the Push box. A message will tell you that "Spector is already installed on this computer." 4. Click Yes on the message to continue the installation.
3.
Verify how far the installation progressed. Run Automatic Computer Diagnostics on the computer in question (make sure you are logged in to the Control Center computer with Administrator-level credentials at the computer you are testing). If the Computer Diagnostics show the Client Bootstrap Service (the Windows service that downloads the Recorder at the scheduled time) is installed and running, but the Recorder has not yet been installed, select View > Bootstrap Log File in from the Control Center menu bar and review the log file for indications that the bootstrap service is unable to communicate with the Control Center Service. If the Computer Diagnostics indicate the Client Service (Recorder) has been installed, review the computer's status under Manage Computers. If the Last Client Check-In field is populated, try to Cancel Recorder Install/Uninstall.
4. 5.
Make sure antivirus/anti-spyware is not interfering. See the instructions above. Reinstall. After performing these steps, try installing the Recorder again. Select the Push option.
319
License is not available:

If the Client Service appears (in Diagnostics) to have been installed, but the computer lists the Recorder as "Not Installed" or there is no entry in the "Last Check-in" field, you may have used all computer licenses for this serial number. . Check Manage Computer Licenses, which tells you how many licenses have been assigned and how many are available. If all licenses have been assigned, you need to update your serial number for additional licenses with SpectorSoft. You may then install the Recorder. See Adding Licenses to a Serial Number. When you have another license, reinstall the recorder on the computer.
Recorder is not sending data:

If the Recorder is successfully installed, but the "Last Recording" column is not updated or you are not receiving the data you expect:
Check your Computer Profile settings. Make sure recording is ON for all activities. Make sure Internet access has not been blocked for the type of recording you expect.
Make sure Spector 360 supports recording. There are a few applications, protocols and circumstances where Spector 360 does not record. See the specific topics in this section.
Check your antivirus / anti-spyware software. Although SpectorSoft continually improves and updates the Recorder stealth so it will not be detected, software vendors also continually update their "risks." Your software may suddenly begin detecting and quarantining the Spector 360 Recorder software. Refer to the Spector 360 Deployment Guide for proactive solutions that exclude SpectorSoft from scans and prevent detection from happening in the future. Consult the Knowledge Base for specific instructions in adjusting settings in major antivirus / anti-spyware packages, such as McAfee and Symantec.
Recorder is "Not Installed":

If a Recorder has an Assigned Version but appears to be "Not Installed," or if you get a Client Service error, it's possible the Client Service was not properly installed or the Recorder configuration has been corrupted. 1. 2. 3. 4. Select Run Diagnostics. Select Start Automatic Diagnostics. If the Client Bootstrap Service is running, the installation is in progress. Wait a few minutes and then re-run the diagnostics. Look for "The Client Service is installed." If the result is "Yes," then the Spector Client Bootstrap Service (needed for installation) should already have been removed. 5. Look for "The Client Service is running." If the result is "No," and the service has been installed. Try the Manual diagnostics to start the service. 6. If you are unsuccessful, Uninstall and Install the Recorder again. If necessary use a manual install at the computer.
Consult the online Knowledge Base. Click here and enter your serial number. The Knowledge Base covers issues, workaround, and solutions to a variety of problems.
320
Recorder Requirements
Recorder Requirements
Once the Server Components are installed, you can deploy the Spector 360 Recorder to network (Client) computers to complete your installation. The installation includes the Recorder software and a hidden Client Service to accomplish tasks and communication. Each Recorder receives instructions from the Control Center Server (CCS) and sends recorded data to the Data Vault Server. Most domain networks are already set up to meet Spector 360 Recorder communication requirements. Read this topic to ensure you are ready to install Recorders.
* You will install the Recorder directly on Windows XP Home (or on legacy Windows computers) as these operating systems do not have the required Windows services running that allow remote installation of the Recorder. See Installing at the Computer.
Do you have Administrator-level privileges?

The CCS requires Administrator-level credentials on all computers to install remotely, and you must be logged in under Adminstrator-level credentials in order to install manually.
On a domain network, simply use the Domain Administrator login. This is a user account that is a member of the network Domain Administrator Group, which in turn should be in the Local Administrator Group on each computer. Most domain networks have this set up already.
Does the computer meet Recorder requirements?

Any network computer that you plan to record must meet these requirements:
You have an available license for this computer (e.g., a 50 computer license to install the Recorder on 50 computers). The computer is on the network and able to communicate through a TCP/IP connection. The computer has at least 50 MB free hard disk space. The computer is able to communicate with computer(s) where the Primary Server, the Control Center Server (CCS), and the Data Vault Server are installed. We recommend using a static IP address for the Server Components computer(s) to ensure communication.
On a Windows Workgroup network, you may need to add a special account to each computer's Local Administrator Group and use that account for the Control Center. More...
Is Administrative C$ Share enabled on the computer?

To remotely manage Recorders, the CCS relies on access to the administrative C$ share or equivalent administrator access (Windows Vista) on each computer. This share, along with Administrator group membership on the local computer, gives the CCS access to manage the computer. More...
The computer has one of the following Windows operating systems installed (32- or 64-bit edition): Windows Vista Windows 7 Windows XP Pro or XP Home* Windows Server 2003 or Server 2008
Are Windows services available on the computer?

The Recorder will install on most Windows systems without a problem. If there is a problem, use Run Diagnostics under Manage Computers. The CCS will attempt to check and enable Windows Services it relies on to remotely manage and configure computers.
A Macintosh computer has Mac OS 10.5 or 10.6 (Leopard, Snow Leopard, or later) with an Intel-based processor.
Remote Registry Services File and Printer Sharing
321
Running Diagnostics
If a computer fails the Diagnostics, or if the CCS is unable to enable one of these services, see the Troubleshooting Section of this guide for instructions on enabling services at the computer operating system. An alternative for managing older Windows machines is to install the Recorder manually, at the computer.
Running Diagnostics
Computer Diagnostics allow you to query the progress and status of Spector 360 Recorder installation on a remote computer. These tests determine if a computer will meet the requirements to receive a Recorder installation and pinpoint any point of error in the Client Recorder installation process. Two sets of tests are provided: Automatic and Manual. Access Run Computer Diagnostics from the Recording >Manage Computers.
Because diagnostics involve extensive resource requests, you cannot run automatic diagnostics more than once every 15 seconds. A countdown at the bottom of the screen shows how many seconds remain until the automatic diagnostics can be run again.
Is there a firewall in place?

If any computers are separated from the Primary Server or Data Vault Server by a network firewall, make sure that IP Port 16770 and 16769 are open between the networks where the computers reside. The Spector 360 installation automatically creates exceptions for a Windows XP firewall as needed.
Will antivirus/anti-spyware software be a problem?

Some antivirus/anti-spyware programs detect the Recorder as soon as it is installed and remove it. Others may warn the user, compromising stealth. If you are using managed antivirus software, you can make changes to multiple computers from the software server; if not, you may need to configure the antivirus software at each computer.
Exclude the SpectorSoft "risk" (signature) from detection - OR Use the fixed filenames profile option when installing the Recorder, and then specifically exclude those files from scanning in the antivirus program.
Macintosh: The first (ping) diagnostic can be run to test communication with a Macintosh computer. The other diagnostics do not apply.
To run automatic diagnostics on a computer:

Automatic diagnostics run a sequence of tests when you press the Start Automatic Diagnostics button. Use these diagnostics prior to, during, or following a Recorder installation to prepare the computer and/or to check the status of the installation. 1. 2. 3. In Manage Computers, select one computer. Select the Run Diagnostics command from the Task Navigation pane or from the context (right-click) menu. Under the Automatic tab, click Start Automatic Diagnostics. Wait as diagnostic tests are started and performed.
Refer to instructions in the Spector 360 Deployment Guide. Find specific third-party instructions in the Spector 360 Knowledge Base.
322
Running Diagnostics
If the computer is OFF... The "Ping" test fails, and no other tests are performed.
If the Recorder has been successfully installed... The Client Bootstrap Service has been removed and is not running, and the Client Service is running.
If the Recorder is not installed, but the computer can receive one The communication tests are successful.
If tests that you expect to pass fail, for example, you have attempted to install the Client Recorder but the Spector Client Service does not appear to be installed or running, try the Manual Diagnostics, then check the computer and consult the Troubleshooting section of this guide. For more about each test, see below.
323
Running Diagnostics
To run manual diagnostics on a computer:

Windows Only. Use manual diagnostics following a Recorder install to check or change the Spector Client Service state and retrieve details about the Recorder installed on this computer. 1. 2. Open the Computer Diagnostics box as described above and select the Manual tab. Click the Change State button to check and/or change the state of the Spector Client services. The Client Service was found and is running. 3.
Start the Spector Service?The service is installed but not running. Click Yes to start the service or No to leave it stopped. Click Read Configuration to retrieve the Recorder version and build, webmail version, and Viewer installation status. The Spector Client Service is running, a Recorder version is installed, no Viewer is installed.
If the configuration is not available, a message appears: Cannot open Service Control Manager on computer...The computer may be off the network or you may need to log in to Windows using Administrator credentials. If the service was not found, a message appears in the status box: Unable to retrieve Spector configuration data...The Spector Client Service has been stopped or is not installed. If the configuration is available, it is displayed in the status box.
Cannot open Service Control Manager on computer...The computer may be off the network or you may need to log in to Windows using Administrator credentials.
Service System Event Dispatcher was not found on computer..The Recorder is not installed. An installer service was not found..
If the service was found, a popup message appears:
Stop the Spector Service? The service is installed and running. Click Yes to stop the service or No to leave it running.Type your expanding text here.
324
Running Diagnostics
The automatic diagnostic results are as follows:
message appears. Make sure you have logged into Windows using Domain Administrator or an equivalent administrator-level account with access to the system directory on all computers.
Communicate with (ping) \\computer Checks for presence of and ability to communicate with the computer on the network. If communication is successful, the results return the computer's IP address along with communication time and TTL. If communication is not successful, you see "Ping failed," and none of the other tests are run.
Client Bootstrap Service is installed Windows computers only. Tests for the presence of the service initially sent from the CCS to install the Spector Agent on this computer. If the service is found, the result is "Yes" and indicates the Recorder installation is in progress. If this test continues to result in "Yes," and the Spector Client Service test continues to fail, you may need to uninstall and reinstall the Recorder. If the result is "Service Systems Events Dispatcher was not found on computer <computer>," either a Recorder installation was never received by the computer, or the Recorder was successfully installed and the installation service has been removed.
Start the Windows Remote Registry Service Windows computers only. Attempts to start and/or connect to the Remote Registry service on the machine where the Control Center is running. If the Remote Registry service is running or was successfully started, the result is "Yes." If the Remote Registry cannot be started, an error message appears. If necessary, check settings at the computer. More...
Access the Windows Remote Registry Service Windows computers only. Attempts to connect to the Remote Registry service on the remote computer being tested. If the communication succeeds, the result is "Yes." If the above test failed, this test will also fail, and an error message appears. Check the computer, if necessary. More...
Client Bootstrap Service is running Windows computers only. Tests to see if the installation service is running. If the service is running, the Recorder is being installed and the result is "Yes." If the service is not found in the above test, this test is not performed. If the service is found in the above test but is NOT running, there may be a problem with the Recorder installation.
Read Windows configuration data from the registry Windows computers only. Determines if the current Windows account (used to launch the Control Center) has authority to access the Remote Registry. If the test succeeds, the result is "Yes." If the test fails, an error message appears. Make sure you have logged into Windows using Domain Administrator or an equivalent administrator-level account. If necessary, check services at the computer. See Recorder Requirements.
The Client Service is installed Tests for the presence of the Client Service that is installed with the Recorder. If the service exists, the result is a green check and "Yes." If the service has not been successfully installed, the result is red x and "Service System Event Dispatcher was not found on computer <computer>."
The Client Service is running Determines if the Client Service is running on the remote computer. If the Recorder is running, the result is "Yes." If the Spector Client Service was not found, this test is not performed. If the service is installed but not running, an error message appears. Check Troubleshooting Recorders.
Access the Windows SYSTEM32 directory Windows computers only. Determines if the current Windows account (used to launch the Control Center) has authority to access the system folder where the Recorder will be installed. If the test succeeds, the result is "Yes." If the test fails, an error
325
Manual Uninstall Cleanup
Read Client configuration information If the Client Recorder is installed and can communicate with the CCS, this test returns the Recorder version and build number, the webmail version, and whether or not a Viewer was installed with the Recorder. If the Client has not been installed, the test is not run.
Viewing a Recorder Log File

Each installed Spector 360 Recorder maintains a log of its own activity. The log can be useful for troubleshooting Recorder issues, and you can view any Recorder's log from the Control Center. The Recorder log provides a date and time stamp with a brief description of its activity at the computer. By default, only the minimum actions are logged to avoid a large log file and save space on the Recorder computer. You can disable the log file altogether or change the level of detail captured in a log file from the Computer Profile's Advanced Application Settings.
Manual Uninstall Cleanup

If you have uninstalled a Recorder at the computer using SPUninst.exe, you can direct the CCS to discard information about this computer, in essence finishing up the uninstall from the server side.
To view the Recorder log file:

1. 2. 3. Select Recording >Manage Computers. Select a computer in the right pane where the Recorder is installed. Select View log file in the Task Navigation pane - OR Select View > Recorder Log File from the menu bar. The Log File is displayed in the log viewer. The computer name (domain\name) appears at the top of the window.
To clean up a manual Uninstall:

After uninstalling the Recorder at a computer, open the Edit menu and select Manual Uninstall Cleanup. Click Yes at the prompt.
326
Viewing a Recorder Log File
To save a copy of the log file:

Click the Save As button at the bottom of the log viewer window. The default file name for a Recorder log file is: Spector-clientcomputername-Recorder-YYYYmmddhhmmss.Log For example, for a computer named JIM005, the filename may be: Spector-JIM005-Recorder-20100125100055.log
are troubleshooting email recording, you might check Email and Webmail in addition to the default options. Click OK.
To change the log file level:

Do not change the level unless instructed to do so by SpectorSoft Technical Support. You may want to create a NEW, separate Recorder profile in order to apply the changed log file level only to the computer you are troubleshooting. 1. 2. Select the Recording >Manage Recording Profiles. In the right pane, double-click the profile to modify - OR right-click and select New to create a new profile. Select a Recorder version and proceed to the Settings box. Give a new profile a name on the Security panel. 3. 4. 5. In the Settings box, select General Options > Applications. Click the Advanced button. On the Advanced Application Settings box, make sure Enable Log File is checked, and click the up-arrow button next to "Log File Detail Level" until it is set to 2. 6. Click OK to close the Advanced box and OK again to close the Settings box. To speed up the troubleshooting process, restart the computer in question. When the computer restarts, attempt to recreate the situation that caused the problem. The Recorder log file for the computer will provide more information, as requested. Remember to apply a new profile or reset logging back to the default when you are finished. A detailed log file uses up disk space on the computer!
To disable the log file

Follow the instructions above and clear the Enable Log File on the Advanced Application Settings for the profile. 6. To increase logging for a particular problem, click Configure Logfile on the Advanced Application Settings box. Select the components need more logging information. For example, if you
327
Viewing the Client Bootstrap Log File
Viewing the Client Bootstrap Log File

When you request a Client Recorder Install or Uninstall, the Client Bootstrap service is deployed to the remote computer and its activity is logged in a file. If you are having trouble with a Recorder installation, a SpectorSoft Technical Support representative may ask you to send this file to aid in troubleshooting. This log file will NOT be available after the client Recorder is successfully installed or uninstalled.
Uninstalling the Client Bootstrap Service

Windows Computers Only A Recorder installation may fail due to a previous installation that got "hung up" or failed in some way. If Diagnostics show that the Client Bootstrap Service is found, if the Client Service test continues to fail, or if a computer continues to have a "Pending" installation, you may need to force removal of the bootstrap service and reinstall the Recorder. The Control Center provides a tool to clear the remnants of a previous installation so that a fresh install is possible. How it works: When you request a Recorder installation on a computer, the CCS initially sends a Client Bootstrap Service to install the Spector Agent (which works in conjunction with the Spector Client Service as "the Recorder"). Once on the computer, the bootstrap service performs the installation, and removes itself. The Spector Client Service is activated when the computer restarts. The installation will not be complete until this happens. See How the Recorder Works.
Use Computer Diagnostics to determine if a partial or failed installation is a problem at a computer.
To view the Client Bootstrap log file:

1. 2. Select Recording >Manage Computers. Select a computer in the right pane where the Client Bootstrap is still found (see Running Diagnostics). This computer will appear as "Pending" in the Manage Computers view. 3. Select View > View Client Bootstrap log file from the menu bar. The log file is displayed in the log viewer. The computer name (domain\name) appears at the top of the window.
To uninstall the Client Bootstrap Service:

1. 2. Select Recording >Manage Computers in the Control Center. Select the single computer where the trouble is occurring. Select Tools > Uninstall Client Bootstrap Service from the menu bar or from the context (right-click) menu. A confirmation prompt appears. Click Yes to continue. 4. If the uninstall is successful, click OK at the "success" message. The remote computer will be restarted. If the uninstall is not successful, an error message appears. The error appears if the Recorder is actually installed, if the bootstrap service was not found, or if there is a communication problem. Try running Computer Diagnostics again.

Click the Save As button at the bottom of the log viewer window. The default file name for a Client Bootstrap log file is: Spector-clientcomputername-Bootstrap-YYYYmmddhhmmss.Log For example, for a computer named JOHNLT, the filename may be: Spector-JOHNLT-Bootstrap-20100125100055.log
3.
328
Enable File and Printer Sharing
Enable File and Printer Sharing

Windows Computers Only The Control Center relies on File and Printer Sharing to remotely manage computers. File and Printer Sharing is a software component installed and enabled for each network connection on your network computers. It allows other computers on your network (such as the Control Center) to access the resources of the network computer (the Client). File and Printer Sharing must be enabled for the Control Center to retrieve status information and deliver remote Recorder installations to the network computers.
Enable Remote Registry Service

Windows Computers Only Contact with the Windows Remote Registry service is required for the Control Center to display the computer's status. If a computer is displayed as Not Detected and you are sure it is on and connected to the network, most likely Remote Registry service capabilities are not enabled for that computer, or you do not have Administrator privileges to access it. The Control Center Server will automatically enable Remote Registry Services on computers, if possible. You can also select Run Diagnostics to access and start the Remote Registry Service. If Diagnostics are unable to start the service, try the instructions below.
On Windows XP systems:
1. 2. 3. 4. 5. 6. Go to the network computer and open the Windows Control Panel. Open Network Connections and access Properties for Local Area Connections. Make sure File and Printer Sharing for Microsoft Networks is checked. Click OK. Return to the Control Panel and open Windows Firewall. Click the Exceptions tab. In the list of Programs and Services, make sure File and Printer Sharing is present and checked, indicating that an exception in the firewall exists for this communication.
To test Remote Registry Services from Windows:

1. 2. 3. 4. 5. Select Start > Run (Windows XP) or Select Start > Search programs or files (Windows Vista/7) In the Run or Search entry box, type: regedit Press OK or Enter. Select File > Connect Network Registry. For an object type of Computer, type the name of the computer you are not detecting and press OK. If you do not receive a list of Registry folders for the computers, enable Remote Registry Services at the computer.
On Windows Vista or System 7:

1. 2. 3. 4. Open Windows Explorer and select Network. Click on Network and Sharing Center. Select Change Advanced Sharing Settings. Make sure Turn on file and printer sharing is selected.
To enable Remote Registry Services:

The procedure varies, depending on your operating system. 1. 2. 3. At the computer you wish to record, open the Windows Control Panel. Select Administrative Tools and Services. Find the Remote Registry Service. Verify that it runs on System Startup.
329
Enable Administrative C$ Share
Enable Administrative C$ Share

Windows Computers Only In order to install and control the Spector 360 Recorder from the Control Center, you need access to administrator-level account credentials on the computer (usually a Domain Administrator). In addition, the administrative C$ share must be enabled at the computer. This allows the Control Center to install and manage Recorder software on the computer. By default, computers operating under Windows XP Pro, Vista, and System 7 have C$ share (or the equivalent) enabled. If the administrative C$ share is not enabled, Diagnostics for the computer will fail.
To enable Administrative C$ Share on an XP computer:

1. 2. 3. At the computer, open My Computer. Right-click on "Local Disk ( C:)" and select Properties. Select the Sharing tab and verify that C$ has been shared.
To enable C share on a Vista or System 7 computer:

1. 2. 3. 4. 5. At the computer, open Computer. Right-click the C drive and select Properties. In the Properties box, select the Security tab and verify that the Administrator's group has full privileges. To set up C drive sharing with a specific account, select Sharing and click Advanced Sharing. In the Advanced Sharing dialog, select Share this folder, provide a share name, and set user permissions.
To test for access:

1. 2. Select Start > Run or Select Start > Search programs or files In the Run or Search programs and files entry box, type: \\computername\C$ where computername is the name of the computer not detected. Press OK or Enter. If you receive an error message, such as Network Path Not Found, or Windows cannot access \\computername\C$, the computer name may be incorrect, the computer is off, or the computer is not connected to the network. If you receive a password prompt or an Access Denied message, you have not logged into the Control Center computer using an account that is a member of the computer's Administrator User group. Make sure the Control Center Server is using an account with Administratorlevel access on remote computers.
330
File Transfer Recording
Troubleshooting Recording
occurred and add it to Files Transferred System Settings. Be aware that some Gnutella clients communicate on many ports, using only one or two ports for the actual File Transfer. A trial-and-error approach may be required to pinpoint the ports in question.
File Transfer Recording

Files Transferred recording captures exchanges between computers (FTP, HTTP, KAZAA, etc.). If the Dashboard is not displaying Files Transferred as expected, follow these steps. If you still do not see activity, contact Technical Support. In addition to the Recorder log file, provide the type of transfers you are having trouble capturing and the Recorder's File Transfer settings.
Test for File Transfers. Use a computer where the Recorder is installed to make file transfers of the type you want to see and see if you can pinpoint where the error occurs. See Check Data Progress.
Document Tracking
Document Tracking is OFF by default, except for printing and CD/DVD activity (IMAPI). Follow the steps below to solve issues if you do not see activity as expected in the Dashboard. If necessary, contact SpectorSoft Technical Support. Have the Recorder log file and information about activity you are hoping to track ready.
To troubleshoot File Transfer recording:
Check other activity. Is Keystroke, Program, Snapshots or ANY recording taking place at the computer? If not, network connection, antivirus/anti-spyware software, OS settings, or another problem may be occurring. See Troubleshooting.
Check Record settings. Is Files Transferred recording is ON? Open Computer Profiles, select Record and check for the green ON button next to Files Transferred. See Files Transferred Settings.
To troubleshoot Document Tracking:
Check other activity. Check to see if Keystroke or Snapshots or ANY recording is taking place at the computer. Network connection, antivirus/anti-spyware software, OS settings or another problem may be occurring.
Make sure the protocol you want to record is supported. Refer to Files Transferred Recording to see which types of communication Spector 360 records and which it does not.
Make sure recording is ON. Is Document Tracking ON for the type of activity you wish to track? Open the Computer Profile, select Record and check for the green ON button.
Check blocking. Check Web Filtering and local Recorder blocking. If you filter out FTP domains, for example, transfers won't take place and will not be recorded.
Verify tracking is ON for the drive. Make sure the network drive or type of drive you wish to record has File Tracking enabled. Make sure the type of activity you wish to see (Creating, Writing, Renaming) is enabled. If you are tracking by drive, check Default Tracking to make sure settings have not been changed to exclude activity.
Check communication ports. When a Gnutella or FTP exchange happens on port not listed in the Files Transferred System Settings, it will not be recorded. You can see evidence of a non-standard exchange in the Dashboard's Network Activity event details. Note the port where the activity
331
Chat/IM Recording
Check the File Name Filter. Verify that the Include or Exclude filters for Document Tracking are not preventing recording of important information.
would be unable to capture the conversation. In this case, you can change the Recorder so that instead of using "auto" capture it always uses the "high-level" method of capture. You can use "high-level" capture for all types of Chat/IM except MSN Messenger. Refer to the Recorder Profiles Chat/IM System Settings.
Windows OS not supported. Document Tracking is not supported on Windows 98/ME systems.
Chat/IM Recording
Follow the suggestions below to resolve Chat/IM recording problems, and retest Chat/IM recording after trying each solution. If you are still unable to capture Chat/IM following these steps, contact Technical Support. Have the Recorder log file and information about the chat or IM client and any special configuration available.
No longer recording a type of Chat/IM. Windows Only. If the Recorder was previously recording Chat/IM from AOL, Yahoo, MSN, ICQ, or IRC, and suddenly stops recording, it is possible that the Chat/IM interface has been upgraded to a version or protocol no longer supported by Recorder. Verify that other Chat/IM conversations can be recorded using an interface other than the one not being recorded. If other Chat/IM interfaces can be recorded, change the Advanced Chat Settings to force either the low-level or high-level method. The user's Chat/IM application must be closed and restarted after the profile settings have changed. If you are still unable to resume recording of the Chat/IM interface, contact SpectorSoft Mac Only. If the Recorder stops recording Chat/IM, make sure the user has not switched to secure communication. The Recorder may not capture conversations in Chat/IM when the application is using Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption to connect with the server. To get around this problem, go to the computer in question and check the chat client preferences. Make sure options to use SSL or TLS are not enabled. Make sure the user is not connected to a secure IM host, such as slogin.oscar.aol.com.
To troubleshoot chat or IM recording:
Check the Chat/IM Configuration. Is Chat/IM recording is ON? Open the Computer Profile, select Record and check for the green ON button. Check the System Settings to make sure recording of the type of chat you want to capture is not disabled.
Check support for the type of Chat/IM. Spector 360 records chat and instant message (IM) conversations from most of the popular programs. If the chat or IM you are interested is NOT captured by the Recorder, you can always view Keystrokes Typed, Program Activity and Screen Snapshots. To see which Chat/IM protocols are captured by Spector 360, refer to Chat/IM Recording.
Change record level, if capture is unreliable. Windows Only. The Recorder applies default capture "levels" to different types of conversations. Sometimes the default setting fails to capture communication. For example, if a Chat/IM application uses unencrypted communication, the Recorder may automatically apply the low-level method of recording. If the user then switches to encrypted communication, the Recorder
332
Email Recording
Email Recording
Various circumstances could cause Spector 360 to not record email. Use the following steps to troubleshoot the most common problems with email recording.
Mac only. If the Recorder stops recording a type of email, make sure the user has not switched to secure communication. The Recorder may not record email when the application is using Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption to connect with the server. To get around this problem, go to the computer in question and check the email client preferences. Make sure options to use SSL or TLS are not enabled.
To troubleshoot Email Activity recording:
Check other activity. If Spector 360 was previously recording email and no longer is, it is possible that all recording has stopped on the computer. Check other types of recording, such as Keystrokes or Snapshots to see if ANY recording is taking place. Network connection, antivirus/antispyware software, or another problem may be occurring. See Troubleshooting.
Check the MS Exchange Outlook version. Windows Only. If MS Exchange email is not being recorded, make sure the user is using MS Outlook 2000 or MS Outlook XP or a later version. The Recorder cannot capture MS Exchange email if earlier versions of MS Outlook are being used on the computer.
Check record settings. Is Email Activity recording is ON? Open Computer Profiles, select Record and check for the green ON button next to Email Activity. Check Email System Settings to make sure the type of email you want to record is enabled. To record a specific "internal" webmail site, it must be specially configured in the settings.
Check blocking. Check Web Filtering and local Recorder blocking (in the profile) to make sure you are not filtering out domains and preventing the email you expect from occurring.
Test email recording. Use a computer where the Recorder is installed to send and receive email of the type you want to see. Check the progress of the event data. See Check Data Progress.
Make sure the email type is supported. Verify that the email type you want to record can be captured by the Recorder. If not, Dashboard users can still review sent email in Keystrokes and received email in Screen Snapshots. See Email Activity Recording for supported email applications and Webmail Recording for supported web email sites.
No longer recording a type of email. If the Recorder was previously, but is no longer, capturing a type of webmail or email, it is possible the webmail signature or email application has changed, and the Recorder no longer recognizes it. Download the latest version from the Control Center's Recording >Recorder Versions, and configure network computers to automatically receive the update.
333

Various circumstances could cause the Recorder not to record Network Activity. Follow the suggestions below to resolve email recording problems, and retest email recording after trying each solution. If you are still unable to capture email following these steps, contact Technical Support. Have the Recorder log file and port information ready.
Network Activity is not recorded on Macintosh computers in this version of Spector 360.
Web Site Recording

Follow the suggestions below to resolve web site recording problems, and test recording after trying each solution. If you are still unable to capture web sites visited following these steps, contact Technical Support. Be ready to provide the Recorder log file, the web browser and version used, and any special recording configuration used.
To troubleshoot Web Sites Visited recording:
To troubleshoot Network Activity recording:
Make sure recording is ON. Is Web Sites Visited recording is ON? Open Computer Profiles, select Record and check for the green ON button. Check Web Sites Visited System Settings to make sure recording of the browser you want is not disabled.
Make sure recording is ON. Is Network Activity recording is ON? Open the Computer Profile, select Record and check for the green ON button. Check Who to Record and When to Record to make sure activity you need to see is not being excluded.
Make sure the web browser can be recorded. The Recorder captures Web Sites Visited in most popular browsers. Some Web browsers, such as Opera, are not recorded. See Web Site Recording.
Verify appropriate program and IP/Port filters. Check the Network Activity settings panel to make sure the profile is not excluding programs or ports that you wish to record. If you are recording at specific IP/ports, make sure they are the correct ones, and that activity you need to see is not taking place elsewhere. See Network Activity Settings.
Check blocking. Check Web Filtering and local Recorder blocking (in the profile) to make sure you are not blocking access to web activity that you expect.
Check HTTP/HTTPS ports. If a user is accessing the web from a non-standard web server port or a proxy server, you may need to add ports to Web Sites Visited System Settings. Check the Dashboard 's Network Activity event details for evidence of web activity on non-standard ports.
Check Internet Explorer Browser Extension on the recorded computer.
334
Windows Only The Recorder uses a programming interface provided within Internet Explorer called a Browser Helper Object to record details about visits to Web sites. Internet Explorer 6.0 and later versions allow the user to disable this Browser Helper Object interface by clearing the Enable third-party browser extensions option under the Internet Explorer Tools > Internet Options > Advanced tab. If this option is disabled, the Recorder will be unable to record some information for Web sites visited with Internet Explorer. Note: This same option would disable other third-party extensions to Internet Explorer such as the Google Toolbar and Adobe Acrobat.

Various circumstances could cause Spector 360 not to record Programs used on the monitored computer. The following is a guideline to help you troubleshoot the most common problems with Programs recording.
To troubleshoot Program Activity recording:
Check other activity. If the Recorder was previously recording programs, but no longer is, it is possible that all recording has stopped on the computer. Check other types of recording, such as Keystrokes or Snapshots to see if ANY recording is taking place. Network connection, antivirus/anti-spyware software, or another problem may be occurring. See Troubleshooting.
Make sure recording is ON. Is Program Activity recording is ON? Open Computer Profiles, select Record and check for the green ON button.
Make sure the program has been restarted. If the program was up and running before recording of the program was enabled, it must be restarted for recording to begin. Note that Spector 360 does not record background programs, services, or programs visible only in the system tray.
Make sure the program has not been excluded. Check General Options > Application in the profile. Make sure programs have not been wrongly excluded from recording on this panel. See Application Settings.
Enable recording of App-V applications. If your network uses Microsoft Application Virtualization (App-V) or "SoftGrid," the Recorder needs to be deployed with the App-V option enabled or these programs will NOT be recorded. This option is available in General Options > Client Options. See Client Options.
335
Troubleshooting Servers
3.
In the Properties box, check the Computer Name and Listen IP Port. If the computer is wrong, use Change to set the correct Computer Name and location. If the port is wrong, change the Port number. Click Use Default Port if you know you are using the defaults and the number may have been wrongly changed.
This topic provides some general troubleshooting tips for Spector 360 Server Components.
A Server is not running:

If a Server has stopped running for some reason, try starting it from the Control Center Servers tool: 1. 2. 3. Select the Server tool. Right-click on a Server and select Modify. In the Properties window, click the Start Service button to start the Server. If the Stop Service button appears, the Server is already running.
Only the Control Center Server (CCS) is visible:

If you see only one Server when you select the Control Center Servers tool, it may be the CCS is not currently running, or your Control Center application is not successfully communicating with the CCS. Try starting the CCS. As soon as the CCS starts, the list of Servers becomes available. 1. 2. 3. Select the Server tool. Right-click on the Control Center Server and select Modify. In the Properties box, click the Start Service button. If you get an error trying to start the CCS, there may be a problem with the network communication to the CCS. If the service starts, on a Refresh, all Servers will be visible in the Control Center. If you are unable to modify the Control Center Server, you may need to exit out of the Control Center and reinstall the Control Center Server. This will not affect other components. Make sure you give Domain Administrator or equivalent credentials to the service when prompted during the installation.
A Start Service button is disabled:

If the Start Service button is visible but disabled when you open a Server Properties box, it means that the Control Center cannot connect to the service control manager on the CCS machine typically a machine offline," connectivity, or permissions issue.
Make sure you are logged into Windows under domain administrator or an equivalent account. Make sure the CCS machine is running and on the network. Check the Server at the computer where it is installed to determine whether or not the service is running.
Check the CCS computer and port:

If your Control Center is having trouble communicating with the CCS, check the CCS computer and port. If either the CCS location or port are not correct in your Control Center's Properties, the application will not find the service. 1. 2. Select the Server tool. Right-click on the Control Center Server and select Modify.
Cannot stop or start the service:

You attempt to stop or start the Server (using the Stop/Start Service button) and see the "Starting" or "Stopping" progress message, and then the message "Cannot stop [start] SPDataServer service on computer 'COMPUTERNAME'.
336
Viewing the Server Log File
This operating system message may indicate a problem with the Server, but it also may be that the service was actually stopped or started, after you click OK on the error message. The Control Center's connection to the Windows Service Control Manager (SCM) may get hung up by the shutdown request while attempting to stop the service. This may also happen if you stop or start the service from SCM.
Viewing the Server Log File

Each Server provides a self-auditing log of all actions taken. Actions are logged with a date and time stamp, starting with the earliest event at the top of the file to the most recent action taken at the bottom of the file. The log tells you if the service has been running and if there have been errors. If you are having trouble with your Spector 360 installation, a SpectorSoft Technical Support representative may ask you to send this file to aid in troubleshooting.
Check the Server log file:

If there appears to be a problem with a Server, check its log file for errors or other interruptions. The log file lists all Server actions and events with a date and time stamp. Scroll to the bottom of the log to view the latest events. SpectorSoft Technical Support may ask you to send a copy of the log file to troubleshoot a problem. 1. 2. 3. Select the Server tool. Right-click on a Server select Modify. In the Properties button click the View Log button.
To view the Server log file:

1. Select the Servers tool and double-click on the Server in the right pane you wish to view - OR - double-click on a Server icon in the Windows system tray and select View Log File from the Server Administration window. 2. Click the View Log File button. The Log File appears in the viewer.
Check the Server's Administration window:

Double-clicking the Server icon in the System Tray of the computer where the Server is installed. The administration window at the Server computer allows you to Start/Stop the service, check the version, communications, and other information.
Reinstall a Server:
If a Server installation or its computer has become compromised, you can always reinstall the Server using the Spector 360 Setup program. Be sure to uninstall a Primary Server or CCS before installing it on a new computer. You may need to re-register your serial number and receive a new unlock code. Be sure to use the Spector 360 Setup version compatible with your other installed components and Database.

Click the Save As button at the bottom of the log viewer window. The default file name for a Server log file is: Spector-serverlogfilename-YYYYmmddhhmmss.Log For example, the Data Vault log file name would be: Spector-SPDataServer-20100125100055.log
337
Download the Setup Program
Download the Setup Program

If you are having trouble with your installation and no longer have the correct Setup, it is possible to download your existing Spector 360 software version and reinstall. You will need to supply your serial number.
2.
Select Internet Protocol (TCP/IP) and then click Properties. If the IP address is being obtained automatically, manually configure the computer to use a specific IP address, Subnet Mask, and specific DNS server addresses. Make appropriate adjustments to your network setup. This requires Domain Administrator privileges on a domain network.
To download your Spector 360 software from SpectorSoft:

1. 2. 3. 4. Go to www.spectorsoft.com/support/Login.asp? Enter your serial number and click Continue. Click the Download Again button. Click DOWNLOAD NOW. The Additional Options link allows you to initiate the Setup from the SpectorSoft web site or download the Setup program via HTTP connection.
3.
Change the Server IP addresses at the Control Center, if necessary. If you configured the Server computer(s) with a static IP address BEFORE using Setup to install the Server Components, the correct IP address will appear in the Server settings. If not, use the Control Center's Servers tool. Modify each Server to use the correct static IP address.
4.
Instruct the Recorder to use the static IP address for communication with the Servers. At the Control Center, access the Computer Profile Server settings. Otherwise, enter the correct IP address. Be sure to check Use Static IP Address for each server.
IP Address and Listening Port

The Spector 360 Recorder will not work properly unless it can communicate with the Server Components (Control Center Server, Primary Server, Data Vault, Web Filter Server). Because this communication is so important, SpectorSoft recommends using a static IP address for Server Component computer(s) instead of relying on domain name resolution. If naming services are disabled, if computers are connecting across a WAN, or if computers are in a Workgroup, the static IP address will ensure proper communication. The IP ports the Recorder expects to use for communication are also listed below. 5.
If settings have changed, be sure to re-install or re-initialize the Recorders.
Check Server listening ports:

Spector 360 uses a TCP/IP network connection, which allows access across a local network, Intranet, WAN, or the Internet. All communication ports used by Server Components to listen for the Recorder are opened automatically during installation. The Recorder looks for the specified IP address and expects to use:
To set a static IP address at the Server:

1. On the Server computer, open the Windows Network Connections Properties. In the computer's Network Connection box, rightclick your Local Area Connection (or current network connection) to select Properties.
IP Port 16770 for the Primary Server IP Port 16769 for the Data Vault IP Port 16768 (TCP and UDP) for the Control Center Server IP Port 16771 (TCP and UDP) for the Web Filter Server
If using these ports will result in a conflict, you can change the port in the Server settings (for the Client) AND in Control Center (for the server).
338
Using a Test Database
Troubleshooting the Database
5.
Log in to the Control Center, specifying the NEWCOMPUTER\SPECTOR360 instance and using the test SA password. See Logging in.
Using a Test Database

Requires Master Login. It is possible to test and verify the quality of your Spector 360 Backups by restoring them to a test database instance. A test database allows you to determine if the backup files are valid and whether the backup files contain all the information that you expect.
If you have not converted to Spector 360, you do not yet have an SA account and must use the Database Support feature.
6.
Use the Browse for Restore function to locate and restore the copied Backup set. See Browsing for a Restore Folder.
Perform this test regularly to ensure a valid Backup is always available.
To include Snapshots in a Backup:

If you are expecting Screen Snapshots and get a message during the Restore that no Snapshots are in the Backup, you will want to change the Database Settings to include Snapshots (and Email Attachments, if you wish) in Backups and Archives. Otherwise, no Snapshots will be included in Backups.
To create a test database instance:

1. Use the Spector 360 Setup program to install ONLY the Database to a machine separate from your live Spector 360 Database. See the Deployment Guide . 2. Make sure you direct the installation to a different computer. This Spector 360 database will have a different instance name; for example, NEWCOMPUTER\SPECTOR360 . 3. Use a different SA password (for security).
To verify the restored data:

Log in to the test database instance from the Control Center and/or Dashboard.
Check the Control Center. Select Database > Manage Database Backup and Restore, and check the Valid Backup column in the lower pane. "No" indicates the Backup was not valid; "Yes" indicates it was. In the upper pane, right click on STORAGE DB and select Statistics. Check for appropriate record counts and Start and End Dates. See Viewing Database Statistics.
To test a backup set:

4. Copy the Backup folder (containing a Full Backup and each subsequent Differential Backup file) to the NEWCOMPUTER machine. The default location for Spector 360 Backups is: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Data\ For example, you might copy a folder named SPECTOR36020091006183802. This folder would contain a FULL backup file, plus all DIFFERENTIAL backup files created since the full backup.
Check the Dashboard. If you have the privileges, use the Dashboard to view activities you need to record, during the time period covered by the Backup. If you are able to view Dashboard data from the LIVE Database, but not the Test Database, there probably was a problem with the Backup and it needs to be performed again.
339
Checking the Progress of Recorded Data
If the restore fails:

If the Restore procedure fails or the Backup is not recognized as "valid," log in to your live Database and create a FULL BACKUP immediately. Test a copy of this backup. Some reasons a Backup may not restore are:
Checking the Progress of Recorded Data

Troubleshooting If data is not showing up in the Dashboard and you suspect data is not being delivered to the Database, you can check the flow of data using the following methods.
Data was not finished restoring. You must give the Restore time to complete. If you attempt to use the Control Center or Dashboard while a Restore is in progress, the application will close. TIP: Start Job Status Monitoring before you launch the Restore.
To check the flow of data:
Check the Recorder Profile settings. Make sure recording is on for the event you wish to see. See the "Troubleshooting Recording" section in this guide for tips. See also Add or Modify a Computer Profile.
Incompatible Database. The Database Backup was created with an earlier version of Spector 360 and is not compatible.
Check the Recorder Status in the Computers list. See if the Recorder is installed and detected and when the "Last Recording" was delivered to the Data Vault. In the Control Center select Recording >Manage Computers.
Backup data is missing or corrupt due to disk space issues. Backups will not be performed properly if the Database hard disk is full. Make sure you enable some form of automatic or manual Space Management on the Database machine. Don't forget to manage the File Storage location. The Snapshot and Email Attachment files can rapidly use up disk space.
Install a Viewer with a Recorder on the computer. If you're having trouble with a specific computer, create a Profile that includes a Viewer. At the computer, open the Viewer interface (press Ctrl+Alt+Shift+S) to make sure the Recorder is recording the type of data you want to see. If data is visible in the Viewer, it has been recorded but has not yet been delivered to the Data Vault. If NO data is visible, check the Record settings. Remember to remove the Viewer when you are done testing.
Check the Data Vault Server. Make sure it is running and identifies the Database on the correct computer. In the Control Center, select Servers > Data Vault in the right pane, and click Modify on the Toolbar. See Troubleshooting Servers.
Check Data Vault DB Statistics. Find out if events have been received, how many, which types, from which computers, and when events were last delivered. In the Control Center, Select Database > Manage Database Backup
340
Database Connection and Compatibility
and Restore > DATA VAULT DB (in the upper right pane), and click Statistics on the toolbar. See Viewing Database Statistics.
Recovering the SA Password

The System Administrator password is required to open the Dashboard the first time, to install and uninstall Spector 360 , and for select database maintenance functions. If you lose the SA password, you can recover it or reinstall the database to define a new password.
Check Storage DB Statistics. Find out if and when events were processed and added to the Database. See Viewing Database Statistics.
Check Database Jobs. Find out when the Data Vault was last processed for the type of event you wish to see. Check the Job Schedule.
To recover the SA password:

1. Navigate to the Spector 360 database folder, the default location is: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Spctr_Data 2. Find the sapwd.txt. The file is present after you have started and logged into the Dashboard at least once. 3. 4. Attach the file to an email to SpectorSoft Technical Support, explaining what you need. SpectorSoft Technical Support will be able to decrypt the file and send you your SA password.
If you have changed the SA password using an external SQL application, such as Enterprise Manager or OSQL, the file will not contain the current password and SpectorSoft will not be able to help you. You must reinstall the database and define a new password.
Pinpoint as best you can where the data is held up, and if still have trouble, contact SpectorSoft Technical Support and initiate Database Support.
Database Connection and Compatibility

The Control Center and the Dashboard require the correct version of Spector 360 Database to run. If the application or the Database needs to be upgraded, an error message will appear. Make sure you upgrade all components of Spector 360 , including all Control Centers and Dashboards. See Updating Your Installation.
If the login fails, a message appears: "Unable to establish database connection..." with the failed login information. Make sure the Control Center has direct network access to the Database, the Database computer is up and running, and the Database you are trying to access is compatible.
341
To define a new SA password by reinstalling:

You do not need to reinstall all Server Components, just the Spector 360 Database. For safety, back up your current database and move the backup to a safe location. A reinstall procedure, however, should not disturb or remove the existing data. 1. 2. 3. 4. 5. Stop the Data Vault service. This forces the Clients to retain data until you are ready to receive it again. Run the Spector 360 Setup program. Make sure the Setup you use is for the latest version you have installed. Select the Reinstall option. Deselect all components except Database and begin the Setup. Follow the Setup instructions. You will be reinstalling the SQL Server service and upgrading the Spector 360 databases to the latest version. 6. 7. 8. When the Database Security panel appears, enter the new SA password. Be sure to keep track of it! When the installation is finished, restart the Data Vault service. Start the Dashboard, logging in with the new SA password. When you are prompted to update your profile, respond NO. This leaves all charts and reports exactly as you had them defined.
Centralized Alerts Troubleshooting

Various circumstances could cause Spector 360 not to detect keywords and send Event Alert notification. The following is a guideline to help you troubleshoot the most common problems with Keyword Alerts.
Centralized Alerts do not apply to Macintosh computers. Event Alerts are available after you purchase and convert Spector 360 to full access
Check the Alert Profile:

Verify that an Alert Profile has been defined, using the keywords you need. Make sure:
The Alert Profile is enabled. More... The Alert Operator who receives email notification is enabled. The email address used is correct. The Alert Profile is applied to the proper users or user groups. The Alert Profile contains the Keyword Groups or the specific fields required to trigger an alert. More... The Time Profile used for the Alert is set to watch for keywords at appropriate times. More... The Event Alert Email Configuration uses the correct SMTP Server, port, and credentials. More... If you use a keyword as specified by the profile, an alert is actually generated and can be viewed in the Dashboard.
Check the Recorder configuration:

At the recorded computer, make sure:
The computer(s) you are watching has the latest Spector 360 Recorder installed. More...
342
Centralized Alerts Troubleshooting
Recording is ON for the type of activities you wish where you are watching for keywords. More...
Check the SMTP email server:

If you are trying to configure an external SMTP Server (AOL, Comcast, BellSouth, RoadRunner, etc.) to send the email, it is possible your network will not allow access to the external SMTP server, or the external SMTP server will not allow access to their server from your network. It is typical of commercial ISPs NOT to allow access to their SMTP servers unless the computer is on the ISP network. More... The SMTP communications port 25 is used to send email to another SMTP server.
Verify that your network does NOT have a firewall blocking communication on this port from the computer Try configuring an internal email address instead of an external email address. Try configuring a Webmail address (Yahoo, Hotmail, Google, etc.) to receive alert notification.
Contact Technical Support:

If you are unable to get Spector 360 to record or respond to alerts after reviewing this Troubleshooting section, contact Technical Support. You may need to send your Database log file along with additional information below to SpectorSoft for review.
The Email program and version used to send alerts The Keyword Groups and "What" settings used for the Alert Profile Any other information helpful in resolving the problem
343
SpectorSoft Information
Contact Us
When sending email, please include your company name, city, and state to ensure your request is handled as promptly as possible. Feel free to contact us 24 hours a day, 7 days a week.
Copyrights and Trademarks

Copyright Notice
Copyright 2011 SpectorSoft Corporation, 1555 Indian River Blvd., B-210, Vero Beach, Florida 32960 U.S.A. All rights reserved. Spector 360 , Copyright 2001- 2011 SpectorSoft Corporation. SpectorSoft and Spector are Registered Trademarks of SpectorSoft Corporation. This software includes code under license from Microsoft Corporation. 1995-2011 Microsoft Corporation. All rights reserved. All materials appearing anywhere within SpectorSofts Help file are protected by worldwide copyright laws and treaty provisions. The copyright on such materials is held by SpectorSoft Corporation or its subsidiaries (collectively, "SpectorSoft"), or by the original creator of the materials. None of the materials may be copied (other than for personal use), reproduced (other than for personal use), displayed, modified, published, uploaded, posted, transmitted, or distributed in any form or by any means without SpectorSofts prior written permission. All rights not expressly granted herein are reserved. Any unauthorized use of the materials appearing on SpectorSofts Help Files may violate copyright, trademark, and other applicable laws and could result in criminal or civil penalties. Your use of SpectorSofts Help Files constitutes your acknowledgment and acceptance of SpectorSofts terms of use. If you do not agree with these terms of use, please do not use SpectorSofts Help Files.
General Contact
SpectorSoft Corporation 1555 Indian River Blvd., B-210 Vero Beach, FL 32960 USA World Wide Web: www.spectorsoft.com U.S. & Canada: 888-598-2788 International: 772-770-5670
Sales Contact
Contact our sales staff for pre-sales questions, information about the latest SpectorSoft products, upgrade options, and pricing for our current products. SpectorSoft Corporations professional sales staff is ready to answer your sales questions: Monday - Friday; 9:00 AM to 10:00 PM EST Saturday & Sunday; 10:00 AM to 6:00 PM EST Web: Request Info Email: sales@spectorsoft.com Sales Fax: 772-770-3442
Technical Support
Web: Request Support Email: 360support@spectorsoft.com
Trademarks for other companies
Microsoft Windows, MSN and other Microsoft products referenced herein are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and / or other countries.
345
Index
Macintosh and Mac, Mac OS X, and Leopard are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AOL and AOL Instant Messenger are trademarks of America Online, Inc. Adium is a trademark of the Free Software Foundation, Inc. iChat is a trademark of Apple Computer, Inc. MobileMe is a service mark of Apple Computer, Inc. Yahoo! Brand Features are trademarks of Yahoo! Inc. Gmail and Google are trademarks of Google, Inc. JABBER is registered trademark of the XMPP Standards Foundation. Lotus Notes is registered trademark of IBM. ICQ is a trademark of ICQ, Inc. Citrix is a registered trademarks or trademarks of Citrix Systems, Inc. Novell is a copyright of Novell, Inc. Skype is a registered trademark of Skype Limited. Trillian is a trademark of Cerulean Studios.
These Help Files may contain other names and phrases (marks) that may or may not be trademarks of other organizations. All other trademarks and service marks are the property of their respective owners.
346
Index A
Active license ......................................................................... 164 Add a WFS user...................................................................... 267 Add computer group ................................................................. 71 Add computer licenses............................................................. 167 Administrative C$ share........................................................... 326 Advanced Security settings - Recorder ....................................... 148 Alert fields to watch for ........................................................... 283 Alert notification (from Recorder) .............................................. 130 Alert on Keyword (from Recorder) ............................................. 128 Alert Profiles Provided with Spector 360 ............................................ 278, 288 Recipient (operator) ............................................................ 286 Users to watch ................................................................... 281 What to watch for ............................................................... 283 Alert recipient (Operators) Email configuration ............................................................. 293 New recipient ..................................................................... 286 Allow websites ....................................................................... 261 Archive database Include snapshots/attachments ............................................ 232 Job history......................................................................... 229 Job status.......................................................................... 230 Maximum errors before stopping ........................................... 232 Assign profile to computer ......................................................... 77 Assign version by platform ....................................................... 170 Assign version to computer ...................................................... 170 Attachments Copy with backup, archive, restore ........................................ 232 Audit filter criteria................................................................... 203 Audit History .......................................................................... 200 Auditing ................................................................................ 200 2011 SpectorSoft Corporation, All rights reserved. Authentication ........................................................................ 248 Automatic Recorder updates ..................................................... 171
B
Backup Delete a backup .................................................................. 225 Location of ......................................................................... 232 Maximum errors before stopping ........................................... 232 Restore a backup ................................................................ 221 Base path .............................................................................. 189 Block web sites via centralized web filtering .................................................. 253 Blocked web site message ........................................................ 257 Blocking Schedule (local) ......................................................... 145 Browse for backup .................................................................. 222 Browse for Windows users ........................................................ 247
C
Categories Find a domain in categories .................................................. 270 System categories ............................................................... 271 Category Groups ..................................................................... 275 Check for new Recorder version ................................................ 168 Client bootstrap service ........................................................... 324 Column layout .......................................................................... 39 Components in auditing ........................................................... 206 Computers Groups ................................................................................ 72 Import a list ......................................................................... 49 Remove from list................................................................... 53 Configure database support ...................................................... 252 Configure SMTP email .............................................................. 293 Copy snapshots with backup ..................................................... 232 347
Index
Copyright .............................................................................. 341 CSV export of Keyword groups ................................................................. 292 CSV import of Computer list ....................................................................... 49
by Drive ............................................................................ 104 CD/DVD burning (MAPI) ....................................................... 103 File filter for ....................................................................... 107 Printing ............................................................................. 103 Settings ............................................................................. 102 Download .............................................................................. 169 a Recorder update ............................................................... 169 Recording of ....................................................................... 108
D
Data retention ........................................................................ 236 Data Vault Server ................................................................... 186 Database............................................................................... 209 Compatibility...................................................................... 337 History .............................................................................. 216 Moving .............................................................................. 209 Restore ............................................................................. 221 Database jobs History .............................................................................. 229 Status of ........................................................................... 230 Database support ................................................................... 251 Configure .......................................................................... 252 Database support script History of scripts run ........................................................... 251 Running ............................................................................ 252 Viewing ............................................................................. 252 Default group ........................................................................... 72 Default Recorder Version .................................................. 172, 173 Define category group ............................................................. 276 Delete Archives automatically ......................................................... 234 Backups automatically ......................................................... 235 Computer group ................................................................... 72 Computers........................................................................... 53 Login account..................................................................... 250 Transactions from live data .................................................. 236 Deployment Utility .................................................................... 66 Document Tracking
E
Edit blocked message .............................................................. 257 Email alert Configuration of .................................................................. 293 from the Recorded Computer ................................................ 130 Email recorded Email recording filter ............................................................. 96 Enable web filtering rule........................................................... 261 Error ..................................................................................... 311 Event Alerts Define a keyword group ....................................................... 289 Recipients .......................................................................... 286 What to watch for ............................................................... 283 Exclude recording of URL.......................................................... 160 Export Computers selected ............................................................... 57 Keyword groups .................................................................. 292 Export program ...................................................................... 163 Export URL............................................................................. 163
F
File and printer sharing ............................................................ 325 File Storage Base path to....................................................................... 189 Including files with backup/archive ........................................ 232 Moving .............................................................................. 211
348
Index
File Transfer recording ............................................................. 108 Ports recorded.................................................................... 110 Record settings .................................................................. 109 Firewall Exception for Data Vault ...................................................... 190 Exception for Primary Server ................................................ 193
J
Job history ............................................................................. 229
K
Keyboard shortcuts ................................................................. 298 Keystroke recording ................................................................ 111 Keystrokes vs. characters..................................................... 113 Keyword groups Add new group ................................................................... 289 Export keyword groups ........................................................ 292 Modify a group ................................................................... 289 Keywords detected Trigger snapshots ............................................................... 128 Keywords in events ................................................................. 128
G
Gnutella ................................................................................ 108 Group - Category.................................................................... 275 Group - Computer .................................................................... 70 Add a new group .................................................................. 71 Delete a group ..................................................................... 70 Move a computer to a different group ...................................... 72 Set default group .................................................................. 72 View groups ......................................................................... 70 Group users ........................................................................... 268 Group, Category ..................................................................... 276
L
Licenses ................................................................................ 164 Adding to a serial number .................................................... 167 Register and unlock ............................................................. 166 Status of............................................................................ 164 Total number...................................................................... 164 Limewire................................................................................ 108 Listening ports........................................................................ 334 Log file .................................................................................. 333 for Control Center ............................................................... 313 for Control Center Server ..................................................... 182 for Database ...................................................................... 231 for Primary Server............................................................... 192 for Web Filter Server ........................................................... 196 Login As a different user................................................................. 11 Authentication .................................................................... 248 Deleting............................................................................. 250 Event privileges .................................................................. 245
H
History of a Database..................................................................... 216 of a Database job ............................................................... 229
I
Import .................................................................................... 49 Computers to the Control Center............................................. 49 Keyword list for local alerting ............................................... 134 Inactivity timeout ................................................................... 120 Install Recorder at the computer ................................................................... 66 IP Address ............................................................................. 334
349
Index
User privileges ................................................................... 245 Logon warning - Recorder ........................................................ 148 Lost serial number .................................................................. 166
Administration window ......................................................... 193 Print event alerts .................................................................... 294 Privileges ............................................................................... 245 Profiles .................................................................................... 74 Program Caption ..................................................................... 161 Programs recorded Enable/disable activity recording ........................................... 119 Inactivity timeout................................................................ 120 Monitor all except the following ............................................. 152 Monitor only the following .................................................... 152 Network activity in .............................................................. 114
M
Manage computer licenses ....................................................... 164 Manual install - Recorder ........................................................... 66 Manual uninstall - Recorder ........................................................ 67 Masking All program titles ................................................................ 148 Window captions at web sites ............................................... 160 Maximum errors on backup, archive, restore .............................. 232 Maximum size of Database....................................................... 230 Move a Server ............................................................................ 176 Computers to a new group ..................................................... 72 File Storage location............................................................ 211 the Database ..................................................................... 209
R
Recipient of alert notification .................................................... 286 Record by URL ........................................................................ 160 Recorder installation Check for update ................................................................ 169 Uninstall .............................................................................. 67 Recorder Version .................................................................... 168 Automatically update ........................................................... 171 Set default ......................................................................... 172 Update computers ............................................................... 170 Recording .............................................................................. 213 Excluding or including URLs .................................................. 160 Excluding or including users.................................................. 126 Scheduling ......................................................................... 125 Remove ................................................................................... 67 Computers from list ............................................................... 53 Data from Database ............................................................ 236 Group of computers............................................................... 72 Recorder from computer ........................................................ 67 Server ............................................................................... 180 Reserved license ..................................................................... 164 Restore a Backup ........................................................................... 221
N
Network Activity recording ....................................................... 114 Ports recorded.................................................................... 114 Programs recorded ............................................................. 114 Settings ............................................................................ 114
P
Passwords Changing SQL Server password ............................................ 249 SQL Server authentication ................................................... 248 Windows authentication ....................................................... 248 Peer-to-peer (P2P) .................................................................. 108 Ports recorded.................................................................... 110 Port Web Filter Server listens on.................................................. 196 Primary Server
350
Index
Job status for ..................................................................... 230 Rules for email recording ........................................................... 96
T
Technical support .................................................................... 341 Testing a filtering rule .............................................................. 266 Time profile Adding a new profile ............................................................ 298 Trigger screen snapshots ........................................................... 87 When keywords are detected ................................................ 128 Troubleshooting ...................................................................... 311
S
Schedule Blocking at the computer ..................................................... 145 Screen Snapshot recording Triggers and timing ............................................................... 87 Selective recording of window captions ...................................... 161 Serial number ........................................................................ 164 Serial number registration ....................................................... 166 Server Move to a different computer................................................ 176 Server ports .......................................................................... 334 Service monitoring credentials .................................................. 148 Service polling delay ................................................................. 54 Set default group...................................................................... 72 Set warning text ..................................................................... 148 Show file names .................................................................. 66, 74 Sources in auditing ................................................................. 207 Space Management Job status.......................................................................... 230 SQL server Authentication .................................................................... 248 Start database support ............................................................ 251 Static IP ................................................................................ 334 Stop database support ............................................................ 251 System Categories .................................................................. 271 System tray ........................................................................... 193
U
Uninstall Recorder ..................................................................... 67 Unlock code ........................................................................... 166 Update Recorders ................................................................... 170 Update Spector 360MERGEFORMAT ............................................. 22
W
Web Filter Server Account credentials ............................................................. 196 Admin window .................................................................... 197 Properties .......................................................................... 196 Status ............................................................................... 198 Stop or start service ............................................................ 196 Web Filtering Test rules .......................................................................... 266 Web site recording Limit recording of URLs ........................................................ 160 Settings ............................................................................. 123 What conditions - Alerts ........................................................... 283 When to record ....................................................................... 125 Who to record ........................................................................ 126 Window caption recording ........................................................ 161 Windows ................................................................................ 248 Authentication .................................................................... 248 Firewall exception ............................................................... 193
351
Index
Wizard - web filtering rule ........................................................ 260 Write update activity to log file ................................................. 232
X
XML export ............................................................................ 292
352

360admin v73 621040

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

360admin v73 621040

Загружено:

Авторское право:

Доступные форматы

Spector 360 Administrators Guide

2011 SpectorSoft Corporation, All rights reserved.

Using the Control Center .............................................. 10

Spector 360 Administration ........................................ 20

Computer/Recorder Administration ........................ 36

Recording Profiles and Settings ................................ 77

2011 SpectorSoft Corporation, All rights reserved.

Manage Computer Licenses ....................................... 167

Managing Servers .......................................................... 176

Manage the Database ................................................... 213

2011 SpectorSoft Corporation, All rights reserved.

Managing Web Filtering .............................................. 256

Managing Event Alerts ................................................. 281

Time Profiles .................................................................... 302

2011 SpectorSoft Corporation, All rights reserved.

Managing Time Profiles ......................................................302 Defining a Time Profile .......................................................303

Developer Tools .............................................................. 304

Troubleshooting ............................................................. 315

SpectorSoft Information ............................................. 345

Index ................................................................................... 347

Troubleshooting Recording ....................................... 331

2011 SpectorSoft Corporation, All rights reserved.

Spector 360 Administrators Guide

The Spector 360 Components

Spector 360 Recorder

What Kind of Help Do You Need?

How Spector 360 Works

Deploying Spector 360 Recorders

Deployment Guide for step-by-step instructions.

Expanding or Updating Your Installation

Setting up Web Filtering

Setting up Event Alerts

2011 SpectorSoft Corporation, All rights reserved.

What's New in This Version

What's New in This Version

Database & File Storage

Control Center Application

Client Recorder enhancements

Enhanced Mac Support - Added support for Mac recording includes:

2011 SpectorSoft Corporation, All rights reserved.

What's New in This Version

2011 SpectorSoft Corporation, All rights reserved.

Using the Control Center

To log in to the Database:

To start without logging in:

2011 SpectorSoft Corporation, All rights reserved.

Navigating in the Control Center

Navigating in the Control Center

Click the Login button.

To navigate in the Control Center:

To change the current login:

To change the Database instance:

2011 SpectorSoft Corporation, All rights reserved.

Navigating in the Control Center

To hide tool buttons in the lower pane:

Buttons. The bottom button is removed. Select Show More Buttons

2011 SpectorSoft Corporation, All rights reserved.

Control Center Home

To hide the Task Navigation pane:

Control Center Home

To access Home features:

To rearrange the tools:

2011 SpectorSoft Corporation, All rights reserved.