Inside the New Features of ObserveIT v4.08

Posted on June 10, 2009 by Daniel Petri in Windows Server with 0 Comments

ObserveIT is a client/server software application that allows administrators and auditors to replay entire user sessions. It monitors, audits and records all activities performed by people on an enterprise’s servers. The indexed, searchable, visual database allows those activities to be replayed to see exactly what is happening on the monitored servers. Read my “Record and Audit Terminal, Citrix and DRP Session – ObserveIT Product Overview” article for more information.

ObserveIT Express is a freeware version of ObserveIT’s flag ship product – the Pro edition. Read more about it on my “Free Remote Desktop, Terminal & Citrix Session Recorder: ObserveIT Express” article.

Do you use any social networks? Follow ObserveIT on Facebook, Linkedin and/or Twitter.

In its new version there are various changes that have been made to the product’s user interface (UI) and functionality. Some of these changes and features include:

•    Indication of the length of user sessions
•    “On-Air” real-time replay of active sessions
•    Administrator-initiated server messages with acknowledgment and reply functions
•    Granular permissions for user objects
•    Ability to exclude specific users from being recorded
•    Faster Identification Services pop-up window

Indication of the Length of User Sessions

ObserveIT now allows an administrator or auditor to clearly view the overall length of a user session. It does so by displaying the start and end time of each session. This change makes it easier to quickly determine the start and end of each user session.

Note: If the user session is still active, that last user action time is reflected on the results window, however an “On-Air” icon will represent the fact that the session is still active and the user is still logged on to that server.


Figure 1: Session Duration

“On-Air” Real-time Replay of Active Sessions

One of the most exciting features of ObserveIT is the new “On-Air” feature which allows the administrator or auditor to clearly see that the user session is still active on that server, and if clicked upon, it will launch the Slide Viewer in a real-time refresh mode. In this mode, any action performed by the logged on user in the replayed session will be instantly transmitted to the slide viewer, making it possible to view the user actions in real time.


Figure 2: “On-Air” icon

Administrator-initiated Server Messages with Acknowledgment and Reply Functions

In this version it’s possible for the ObserveIT administrator to create one or more messages that will be displayed when a user logs on to the monitored server (agent). This feature enables the administrator to send warnings, information or other types of text to the users that are about to log on to the monitored servers, and is useful in cases of multiple administrators or remote vendors accessing the same machines, ongoing project notifications or other types of one-way communication.


Figure 3: Creating Server Messages

The message(s) will be displayed on the monitored servers’ desktops right after the user logs in. The message(s) window cannot be moved, minimized or resized, and thus forces the user to read it. Each message has an “Acknowledge” check-box that the user must click on in order to acknowledge it, and either move to the next message or close the window in case there was just one message. The user can also move back and re-read the message(s) in case of multiple messages.


Figure 4: Server Messages

While messages are most likely viewed as one-way communication, another feature of the administrator-initiated message is the ability of the receiving user to enter a reply text which will be displayed in the Server or User Diary. This makes it possible for the user or remote vendor to provide textual information back to the ObserveIT administrator or auditor, and have that information recorded inside the ObserveIT database.

ObserveIT provides an easy to use interface for creating, editing, deleting or viewing these messages and replies. Messages can have different characteristics such as the display interval, duration, server focus and more.



Figures 5, 6: Viewing Server Messages

Granular Permissions for User Objects

ObserveIT uses the concept of Console Users. These users can have one of two types of roles, allowing the ObserveIT administrator flexibility when there is need for more than one administrator role, or when there are several separate auditors that need access to specific groups of servers based upon their role in the company:

  • An Administrator – role has full control over all the management features of ObserveIT. An Administrator can make changes to the ObserveIT configuration, and is allowed to view all session recordings.
  • A View-Only Administrator – role can view session recordings, but cannot gain access to any ObserveIT configuration option. These users can be granted access to certain groups of servers, depending on their job function and security clearance.

The new version of ObserveIT allows the administrator to grant permissions for auditors to replay sessions and be exposed only to information that was generated by specific users. This way, the auditor can only view specific recorded sessions and will not be exposed to potentially sensitive information that was recorded on other sessions that were created by users outside the scope of that auditor’s responsibility.


Figure 7: Granting permissions for specific users

Ability to Exclude Specific Users from Being Recorded

By using Server Policies (which are a collection of configuration settings allowing the administrator flexibility in configuring the recording options, identification services and other Agent settings), it is possible to configure the recording policy to record all logged on users (the default behavior), only record specific users excluding any user not specifically entered, or record all users excluding one or more users.

This makes it possible for the ObserveIT administrator to configure the system not to record particular users that need not be monitored.

This setting is very flexible and can be changed in matter of seconds.


Figure 8: Excluded Users


Faster Identification Services Pop-up Window

With Identification Services enabled, ObserveIT can be configured to require users that logon to the monitored servers to identify themselves with a secondary ObserveIT logon prompt. These users are also known as “Forced-Identification” users.

Whenever a Forced-Identification user logs on to any ObserveIT-monitored server or workstation, the user will first enter their credentials in the regular Windows logon screen prompt. After passing that authentication phase, the user will be displayed with a secondary ObserveIT logon screen.

In this version of ObserveIT, the secondary ObserveIT logon prompt has been re-written to appear faster that before, allowing the logged on user faster access to the desktop.


Figure 9: ObserveIT Secondary Logon


Based upon customer feedback and development map, the new version of ObserveIT brings exciting new capabilities and UI changes, allowing administrators and auditors to have a far better control, flexibility and granularity when configuring the various policies and management tasks. Real-time replaying of recorded sessions is now made available, along with server messages and recording policy improvements and better granular access control configuration for user objects.

You can obtain the freeware version of ObserveIT from this link:

Download ObserveIT Express