Sentry 3.0 Documentation


Last Revised: April 2011

Copyright © 1998-2011 Fresh Software LLC

Customizing Sentry Layouts

 

Sentry HTML Format   Using the Minibrowser

   Unlocking Sentry in HTML mode     Sentry HTTP Commands     Dynamic HTML Content     Plugins     Tips for HTML Mode

Sentry SLF Format

 


 

Sentry's main screen can be changed between many different Layouts, and each layout can be completely customized.   By default each Layout screen is rendered in HTML (Hyper-Text Markup Language), the standard language for Web pages.   As a result, anything that can be displayed in a web browser can be displayed in Sentry, making the design of your secure-screen very flexible.

 

Sentry's HTML layouts are stored in the Layouts\html folder under the Sentry install directory, which is by default C:\Program Files\Sentry 3.0\.

 

 

Editing Layouts

 

Layouts should be configured by an administrator. 

 

Layouts can be changed at runtime through the Options window, or from the Sentry menu. By default, only administrators have the permission to change the layout at runtime.  To allow users to do this, you must check the "Change Layout" box under User Permissions under Account Options.

 

Administrators can modify a Layouts while Sentry is running by hitting the F11 key.  This brings up the Layout in the default HTML editor, or more specifically performs the default "Edit" action for the registered file type.

 

 

 

Web Server

 

In order for your HTML page to communicate properly with Sentry, commands must be issued to Sentry's internal HTTP server.  These commands are passed by HTML links represented by <a> tags, and/or by form fields represented by <form> tags.  In Sentry's HTML layout files, these links and forms point to the IP address 127.0.0.1, which represents the local computer.  Commands stay with the current computer and do not travel across the network.   However, the Sentry HTTP server does support remote commands.  For example, an administrator could remotely unlock a computer by requesting this URL:

 

http://192.0.10.17:8777/unlock?s_username=bob&s_password=plaintextpassword

 

In the above example, Administrator bob types this

 

 

For example, to allow a username and password field to be passed on to Sentry's unlocking mechanism, a FORM is used that points to the local address 127.0.0.1:

 

To Unlock Sentry via Password field

 

The preferred way to unlock Sentry in HTML mode is by including using an HTML form that posts to the Sentry server.

 

The form must use the GET action on the following address: http://127.0.0.1:8777/unlock

 

    *note localhost can be swapped for 127.0.0.1

    *note a remote computer (remote ip address) can be unlocked when that option is enabled in Security options

    *note that port 8777 is the default port for Sentry's HTTP server and it can be changed

 

 

The HTML form must submit at least a field named s_password containing the Sentry password.

 

If Multi-User mode is on, the HTML form should also submit a s_username field containing the username that goes with the password.

 

Optionally you may send a badpass_page parameter saying where Sentry should navigate to if a bad password is entered. If the parameter is not passed or if the local file does exist, Sentry will use ~incorrectpass.html in the \layouts\html folder.

 

 

Example (Password only unlock):

<form method="GET" action="http://127.0.0.1:8777/unlock" name=f>

    <table border="0">
        <tr>

            <td><b>Password:</b></td>

            <td><input type="password" name="s_password" size="20"></td>
        </tr>
    </table>
</form>

 

Example (Username & Password unlock):

<form method="GET" action="http://127.0.0.1:8777/unlock" name=f>

    <table border="0">

        <tr>

            <td><b>Username:</b></td>

            <td><input type="text" name="s_username" size="20"></td>
        </tr>

        <tr>

            <td><b>Password:</b></td>

            <td><input type="password" name="s_password" size="20"></td>
        </tr>

        <tr>
            <td>&nbsp;</td>
            <td><input type="submit" value="OK" name="B1"></td>
        </tr>
    </table>
</form>

 

NOTE:  When unlocking with Username & Password, a Submit button is required.  When only unlocking with a password field, the user can just hit enter to submit the form.

 

 

 

Sentry HTTP Commands (Links)

 

Several operations can be done when the user clicks a link hosted by the Sentry server.

 

/leavemessage  -  Brings up the "Leave a Message" window for use to leave a note to the computer's owner.

Example use: <a href="http://127.0.0.1:8777/leavemessage">Leave me a Message</a>

 

 

/readmessages -  Opens up the messages for viewing, if the user is authorized to read them

Example use: <a href="http://127.0.0.1:8777/readmessages">Read Messages</a>

 

 

/exit  -  Exits Sentry upon proper authorization. Sentry will bring up a username/password confirmation dialog on the local computer.

Example use: <a href="http://127.0.0.1:8777/exit">Exit Sentry</a>

 

 

/changeawaymessage  -  Changes the current away messsage

Example use: <a href="http://127.0.0.1:8777/changeawaymessage">Change Away Message</a>


 

/logs  -  Opens up Sentry Logs

Example use: <a href="http://127.0.0.1:8777/logs">View Log Files</a>


 

/options  -  Brings up Sentry Options, if authorized.  If authorization is not presented, Sentry will prompt for password before showing options.

Example use:    <a href="http://127.0.0.1:8777/options">Options</a>


 

/standby  -  Puts the computer in Standby mode.

Example use: <a href="http://127.0.0.1:8777/standby">Put Computer to Sleep</a>


 

/hibernate  -  Puts the computer in hibernation mode, if supported.

Example use:    <a href="http://127.0.0.1:8777/hibernate">Hibernate PC</a>


 

 

 

Not Implemented, but coming soon

 

/command1  -  Executes a custom command, script, or batch file.

Example use:  <a href="http://127.0.0.1:8777/command1">Page System Operator</a>

 

/randomscreensaver

 

/sendemail?to=x&from=&smtpserver=x&smtpuser=x&smtppass=x&subject=x&body=x

 

/leavemessage?from=blah&subject=blah&body=blah

 

/about

 

Dynamic HTML Content in Sentry

 

Priot to loading any HTML page, Sentry will first scan the document for special codes and replace them with dynamic content:

 

Text in Layout Is Replaced with....

%AWAYMESSAGE%

current Sentry Away Message
%MESSAGECOUNT% number of messages that has been left since Sentry started
%TIME% current time in 12 hour format: h:nn:ss am/pm
%DATE% current date in m/dd/yy format
%LONGDATE% current date in mmmm d, yyyy format*
%COMPUTERNAME% name of the computer (local hostname as specified by Winsock)
%SENTRYSTART% system time that Sentry was activated
%SENTRYUPTIME% amount of time Sentry has been up (x days, x hours, x minutes, x seconds)
%SYSTEMUPTIME% amount of time the computer has been up / time since last restart
%INTERNALIP% internal ip address
%SENTRYSTATUS% locked/unlock status of sentry
%IDLETIME% time sentry has been idle
%WINUSERNAME% username that's currently logged on to windows
%SENTRYVERSION% the version of sentry
%MASTERIP% ip address of sentry manager computer (inactive)
%TIMELOCKED% how long the computer has been locked
%SENTRYDIR% the path to the sentry folder, as a url
%CURLAYOUT% URL reference to the current default layout. (LayoutFile)
%CURPAGEURL% URL reference to the current page being viewed, if different from CurLayout.
%WORKGROUP% the workgroup the computer belongs to
%DOMAINNAME% the domain the computer belongs to
%HOSTIP% the local IP address
%BATTERYLIFEPERCENT% how much power is left in the battery
%BATTERYLIFETIME% how much time before the battery runs out
%COMMENT% network identication comment
%OsName% windows version
%OsVersionCSD% extra windows version information
%IEversion% internet explorer version information
%CPUTYPE% what kind of processor system is running on
%CPULOAD% current cpu load, as a percent of total capacity
%CPUNORMFREQ% speed of cpu clock, in Megahertz (MHz)
%TotalPhysicalMemory% Total physical memory in system  (in MB)
%UsedPhysicalMemory% Used physical memory  (in MB)
%FreePhysicalMemory% Available physical memory (in MB)
%pcntUsedPhysicalMemory% What percent of physical memory has used up
%TotalVirtualMemory% Total virtual memory in system  (in MB)
%UsedVirtualMemory% Used virtual memory  (in MB)
%FreeVirtualMemory% Available virtual memory  (in MB)
%pcntUsedVirtualMemory% What percent of virtual memory has used up
%TotalPageFileMemory% Total page file memory in system  (in MB)
%UsedPageFileMemory% Used page file memory  (in MB)
%FreePageFileMemory% Available page file memory  (in MB)
%pcntUsedPageFileMemory% What percent of page file memory has used up
%SwapFileSize% How large of a swap file windows is using
%SwapFileUsage% swap file usage, in percent
%MemoryLoad% overall memory load of the system

 

 

There are many more useful codes that could be implemented here.  If you have suggestions for more dynamic content, please email us or submit a request on Mantis.

 

 

Plugins

 

Sentry supports the use of external plugins to be loaded in an HTML layout.  All plugins are stored in the Plugins folder under the Sentry install directory, which is by default C:\Program Files\Sentry 3.0\.

By default, Sentry comes with two plugins, one called Grapher that is used in the System Resources layout to display CPU usage, and one called NasaUpdate that is used in the ISS 3.0 Layout to update telemetry for the International Space Station.

 

Plugins are executable code, and for security's sake, it is the job of the computer administrator to make sure Sentry's Layouts are only populated with trusted plugins.

 

A Plugin can be embedded in an HTML layout by adding an HTML comment followed by SENTRYPLUGIN and a list of parameters:

<!--SENTRYPLUGIN PluginName top left width height parameter1 parameter2 -->

So, this comment would call the Grapher plugin from C:\Program Files\Sentry 3.0\plugins\Grapher.exe and place its window 10 pixels from the top of the screen, 10 pixels from the left of the screen, make it 300 pixels wide and 200 pixels tall:

<!--SENTRYPLUGIN Grapher 10 10 300 200 -->
For more information, see the Plugin Specification.

 

Tips for using HTML layouts in Sentry

 

 

1.  Give the Username or Password field keyboard focus by default

 

It is always nice to have a text field ready to receive your keystrokes automatically. By default, browsers may not give input focus to a text field unless you click on them with your mouse. To fix this, include a script that looks like this right below the <head> section of your document.

<script>
<!--
function setfocus(){document.myform.s_password.focus();}
// -->
</script>
 

 

Then modify your <body> tag so it matches the function name:

 

<body onload=setfocus()>
 

myform should correspond to the name of the form on the page.  To name a form:

 

    <form method="GET" action="http://127.0.0.1:8777/unlock" name=myform>

 

s_password should correspond to the name of the text/password field to set focus to.  To name a username or password field:

 

    <input type="text" name="s_username" size="20">

 

    <input type="password" name="s_password" size="20">

 

 

The name of a username field must be s_username and the name of a password field must be s_password.

To make sure the script is executed when the page loads, include this in your <BODY> tag.

 

    <body bgcolor="#808080" onload=setfocus()>
 

 

 

2.  Turn off form Auto-Complete and Password Saving

 

 

3.  Toggle borders, scrollbars under Advanced Options

 

 

4.  Pop up a new browser window

This can be accomplished in JavaScript.

 

4.  Turn off the SentryBar for Full Screen

 If you want the layout to take up the full screen, you can minimize or hide the SentryBar in Options.

 

 

 

 

 

Using the Minibrowser

 

The Minibrowser is the small browser window at the bottom of the screen.

By default, links clicked on in the minibrowser will load in the minibrowser.

To make a link load in the main Sentry window, append a pound sign (#) to the link.

 

For example:

   <a href="myfile.html#">Click to load in main window</a>

 

To switch from the Minibrowser to the Sentry status console, click the icon that looks like the earth (4th from left).

 

By default, Sentry will start by showing the Minibrowser on the SentryBar, and load the file minibrowser.html in the Sentry folder. 

To make the status console show instead, go into Options -> SentryBar -> and check Show Status Console Instead of Minibrowser

 

 

 

 

 

 

 

SLF Layouts

 

Sentry can display layouts in a 2nd format called Sentry Layout Format.  This is based on standard Windows controls. While SLF lacks the web features of HTML layouts, they may offer security reassurances to those concerned about the use of HTML.

 

Sentry's SLF layouts are stored in the Layouts\slf folder under the Sentry install directory, which is by default C:\Program Files\Sentry 3.0\.

 

You can read the SLF specification here.