for example starting other applications, ending the PROMOTIC application, etc.
registration database (system registers) in order to make the running PROMOTIC application secure against unwanted actions of the user. Configuration files and scripts are located in the
folder. Everything that is described here that works in
. In fact this is not a PROMOTIC component, but only a specific
Behavior of so configured system
a) After starting the computer, the PROMOTIC application is started automatically (Windows user Promotic is automatically logged in and the batch AutoStart.bat file in which the PROMOTIC application is triggered, is started).
b) Neither the Windows desktop nor the TaskBar is started nor the TaskManager is accessible.
c) Keys Ctrl+Esc, etc. aren't functional
d) Keys Alt+Tab, Alt+F4, etc. are functional and they enable handling with already opened windows and applications.
If the PROMOTIC application is decreased, then even the right mouse button doesn't work over the desktop outside the PROMOTIC application. Decreasing and closing the application can be barred on top of that in the configurator of the PmaRoot
object on the Application
No task can be started by interactive tools in the OS Windows
Since OS Windows Vista the Ctrl+Alt+Del keys can be pressed and then user log-off or computer shutdown cannot be prevented.
From application scripts it is possible to start any application by means of the Pm.CreateProcess
function (even in the context of another Windows
user respectively, for example Admin
, by the utility RunAs
h) Logging off the user or switching off the computer must be engaged in the application
by means of the Pm.ShutDown
function (prefarably to call it on termination of the application in the PmaRoot.onAppStopBegin
Characteristic of work with PROMOTIC and application
All installation and upgrade of the PROMOTIC system and the application itself proceeds under created Windows
). This account has no security properties and it allows unlimited work with the OS Windows
, the PROMOTIC and the application. This configuration refers to normal, non-protected operation.
The protected operation of the PROMOTIC application itself proceeds under created Windows
and temporarily even the group Administrators
during the configuration due to writing into the register database). The application has an access into the folder \Promotic
with the installed PROMOTIC system for read only.
Because the application is installed under the user Admin
and operated under the user Promotic
, all files and folders of the application must be accessible to the user Promotic for read and write
. This is accomplished in the file system FAT32
where it isn't possible to set rights for files and folders but in NTFS
this condition must be ensured (it wouldn't be accomplished by default).
If the OS Windows
is installed on a stand-alone computer (outside a domain
), then the OS Windows
use simplified security model. It is not possible to set the user access rights for files and folders manually, but there is a shared Windows folder
for OS Windows Vista, Win Server 2008
and higher), that has its rights preset in order to enable all folders and files stored in it to all Windows
users for read and write. This is the reason why it is suitable to place the application, including the folder with the application data files, into this shared folder.
If the OS Windows
are located into a domain
, then the application can be installed wherever but it is necessary to enable reading and writing the application folders and files to the user Promotic
. In case of emergency, the simplified security model of sharing files in the OS Windows XP
that are not in the domain, can be switched off by means of 'Local security principles' of the computer.
On the configuration of the SafeOper
component it is necessary to follow the guideline precisely. It is important that it is possible to bar the automatic logging in the user Promotic and consecutive starting the application by the key Shift
, kept pressed during the whole start of the OS Windows
, and, instead of this, to log in as the user Admin
and to make pertinent modifications in the SafeOper
configuration, in the application or in the PROMOTIC system. In the last resort it is possible to delete the user Promotic
and to start the whole installation again from the point 7). It is possible to start REG files
) only under the user Promotic
and in the moment when it is temporarily added even in the group Administrators
. Basically it is necessary to start the SafeOperStart.reg
file only once during the installation while the SafeOperStop.reg
file typically needs to be never started.
Description of individual steps during installation in OS Windows
By a wrong installation the situation when it isn't possible to connect correctly to the installed system, can come in the extreme case. That's why the following walkthrough is recommended:
1) Login as user Administrator.
2) Create a new user Admin, member of the group Administrators (important step, do not skip this).
3) Log out and log in as user Admin.
Installation the PROMOTIC system into the folder C:\Promotic
5) Installation the application into a new folder located in the shared folder C:\Users\Public\Documents (for OS Windows Vista, Server 2008 and higher).
files in the \Promotic\Tools\SafeOper
starts the PROMOTIC application, SafeOperStart.reg
configures the user Promotic
in the SafeOper
mode and SafeOperStop.reg
configures the user Promotic
back in the normal mode).
6.1) AutoStart.bat, in the file a command for starting the PROMOTIC application is edited (the file can be copied elsewhere so that it cannot be overwritten on the PROMOTIC upgrade).
6.2) SafeOperStart.reg, in the file a key with path to the file AutoStart.bat (Shell), computer name (DefaultDomainName) and password of the user Promotic (DefaultPassword) are edited.
7) Create new user Promotic, member of the group Users and Administrators.
8) Log off and log in as the user Promotic.
10) Remove the user Promotic from the group Administrators.
11) Restart computer.