Taskbar for Windows

From Swivel Knowledgebase
Jump to: navigation, search


Overview

The Taskbar utility is a Microsoft Windows executable that either can be activated through the start/programs menu or resides in the users Taskbar and allows a user to generate a Single Channel image for authentication, or to request a dual channel security string to be sent or show the user which security string to use when multiple security strings are sent by SMS or email. It is particularly useful where the image cannot be embedded into the access device, such as SSH, FTP or IPSEC VPN clients. For Apple iOS see Taskbar for iOS.

Note that the screenshots and instructions are from version 1.6. They have not yet been updated for version 1.7.

Versions

  • Version 1.7 is the latest version available. It adds the ability to have separate profiles for different Windows users. Administrators can define a default profile that will be used by anyone who doesn't have a personal profile. It also fixes some minor bugs noticed in version 1.6. The screenshots in this page do not reflect the look and feel of version 1.7.
    • Version 1.7.6 is the latest release.
    • Version 1.7 is provided as a 64-bit program. If you need a 32-bit version, please contact Swivel Secure support.
  • Version 1.6 has support for TLS 1.1 and 1.2, so should be used with Swivel appliance version 3 and later, although it will still work with version 2 appliances and non-appliance installations, subject to the correct Protocol versions being enabled.
    • Version 1.6.1 Restores the ability to import settings from a file on installation.
    • Version 1.6.2 Ensures that the image is always visible, if the screen the image was previously shown on has been detached. It also has an additional settings tab, showing configuration items that were previously only modifiable by editing the registry directly.
    • Version 1.6.3 fixes a few bugs in the new configuration items.
    • Version 1.6.4 works properly with security images other than TURing.
    • Version 1.6.5 is identical to 1.6.4, except that the icon has been changed, and all binary files have been digitally signed (update: version 1.6.5.2 has been signed with SHA256 and SHA1).
    • Version 1.6.6 fixes a bug where the image is not shown initially if started from the command line with the "show" option.
  • Version 1.5 is the last version that supports PositiveID. However, it only supports SSL v3 and TLS 1.0, so should only be used with version 2 appliances, or software-only Swivel installations that do not require the latest TLS versions.

PositiveID Support

The Windows taskbar can also be used to fingerprint the device through which an authentication is being made, turning the laptop, desktop, server into a token which must be used for authentication, for further information see the PositiveID How to Guide.

NOTE: PositiveID is no longer supported by Swivel, and versions 1.6 onward of the taskbar client have no PositiveID functionality.

Installer

The Taskbar utility is deployed as an .msi and can be deployed by SMS.

Alt Sample Taskbar Image

Downloads

Swivel Taskbar Client software:

Version 1.7 requires Windows PC with Microsoft.Net Framework 4.5 or later. Version 1.7 has so far been tested on Windows 10 against version 4 appliances.

Version 1.6 requires Windows PC with Microsoft.Net Framework 4.5 or later. Version 1.6 has so far been tested on Windows 10 and Windows 7, against both version 2 and version 3 appliances. Version 1.6.5 has been digitally signed and it is the name of the file. Despite that the latest version you'll download is version 1.6.6.1.

Version 1.6 32-bit version is a rebuild of the above for 32-bit operating systems.

Version 1.5 requires Windows PC with Microsoft.Net Framework version 3.5 or later. Version 1.5 of the client has been successfully tested with Windows XP, 7, 8 and 8.1. However, see Known Issues regarding version 8.x.

Architecture

The Taskbar Client requests the Swivel image from the Swivel server. The Swivel server must be accessible from the Client, this is usually configured through Network Address Translation. A proxy can also be used, the Swivel virtual or hardware appliance has a proxy port built in usually https://<IP Address>:8443/proxy


Swivel Server Configuration

Enabling Session creation with username

To allow the Single Channel image to be used with the Taskbar, session request by username needs to be enabled. Go to the ‘Single Channel’ Admin page and set ‘Allow Session creation with Username:’ to YES.

To test your configuration you can use the following URL using a valid username:

Virtual or hardware appliance

https://Swivel_server_IP:8443/proxy/SCImage?username=testuser

Software install

http://Swivel_server_IP:8080/pinsafe/SCImage?username=testuser


Taskbar Installation

Starting the Taskbar Setup Wizard

NOTE: the installer was replaced in version 1.6. The screen shots below show versions 1.5 to 1.7.

On the client where the Taskbar is to be installed run SwivelTaskbarInstaller.msi, PINsafeTaskbarSetup.msi or setup.exe, depending on the version. This will start the Taskbar Setup Wizard. Read the licence agreement (version 1.6 onwards) and tick the check box to accept it. Click Next to continue.

Version 1.7 TaskbarClient17Install1.png

Version 1.6 TaskbarInstall1.png

Version 1.5 Taskbar Setup Wizard 1.jpg

Select Installation Folder

On version 1.5 only, select the installation folder and who will use the installation, then click Next to continue. Version 1.6 does not currently offer the option to select the installation location - it will automatically install in [ProgramFiles]\Swivel Secure\Swivel Taskbar.


Taskbar Setup Wizard 2.jpg

Confirm Setup Details and Install

Verify that installation of the taskbar should begin by clicking on Next.


Taskbar Setup Wizard 3.jpg


When complete the Setup Wizard will verify it has completed, click Close to finish the Setup Wizard.

Version 1.7 TaskbarClient17Install2.png

Version 1.6 TaskbarInstall2.png

Version 1.5 Taskbar Setup Wizard 5.jpg

Installing the Taskbar Client with Preconfigured Settings

The installer will automatically import settings from a file named SwivelSettings.xml located in the same directory as the installer .msi file. This file should have been exported from the same version of the client, so if you are upgrading to a new version, it is recommended that you install on one machine, update and export the settings from there, and then use the exported settings for all future installations that use the same settings.

This feature does not work automatically in version 1.7. Rather, you will be prompted to select a file from which to install the settings.

TaskbarClient17Configure1.png

If you don't have a file, just cancel this and configure the settings manually.

Taskbar Configuration

The Taskbar configuration can be selected by right clicking on the Taskbar and then server settings. The main page for the different versions slightly different.

Taskbar Main Settings

Version 1.7 TaskbarClient17Configure2.png

Version 1.6 TaskbarConfigureMain.png

Version 1.5 Alt Taskbar Main Settings


Username: The username to be used for authentication. Leave blank to use the username that the user is currently logged in with. Use ? to ask the username when an authentication request is made.

Connection type: How the connection is to be made to the Swivel server, options are Direct, IIS Filter, ISA Filter, Proxied. IIS and ISA options can be used when Swivel has an integration with these products.

Server: The Swivel server hostname or IP address, this is usually a NAT behind which the Swivel server resides

Port: The port used for connecting to the Swivel server, for the virtual or hardware appliance this is 8443

Path: The install name of the swivel instance, often pinsafe, for the virtual or hardware appliance this is proxy

Remove Domain from username: This option allows the domain name to be stripped from the request sent to the Swivel server. Note that this only applies if the username is left blank to use the current username.

SSL enabled: To use SSL ensure a tick is in this box, for the virtual or hardware appliance this should be on by default

Permit self-signed certificates: Tick this box if self signed certificates are to be used, for the virtual or hardware appliance this is should be ticked by default

Use TLS (Version 1.5) The TLS option helps overcome issues relating to TLS. This only relates to TLS 1.0.

In version 1.6 onwards, instead of a simple checkbox for TLS, there is a pop-up dialog allowing you to select which protocols to use:

TaskbarConfigureProtocol.png

The default settings are different between 1.6 and 1.7. 1.6 enables both TLS 1.1 and 1.2. 1.7 enables TLS 1.2 only.

Taskbar Servers options

Version 1.7 Alt Taskbar Servers Settings

Version 1.6 Alt Taskbar Servers Settings

Version 1.5 Alt Taskbar Servers Settings


Servers: The order in which servers are contacted for authentication, this can be changed by using the Up and Down buttons, servers can also be Removed and Added

When you select a server, it is automatically displayed on the Main tab.

Right-clicking a server displays a menu with two options:

Rename server: this allows you to change the name displayed in the Image menus.

Load from SSD: this allows you to enter your Swivel site ID to import the settings from the Swivel Site server, assuming you have provided them to Swivel Secure.

Export: The Taskbar utility settings can be exported

Import: The Taskbar utility settings can be imported

NOTE: in version 1.7 the Export and Import buttons were replaced with a "Transfer Settings" dialog, which is described below.

Proxy Server: in version 1.6, this option was moved to the Advanced tab. See below for details.

Taskbar Program options explained

Taskbar Program Settings


This allows a program to be run when a Swivel Taskbar action is requested. Options for running the program are;

  • Do not run a program
  • Run only if TURing not visible
  • Run only if program not active
  • Run every time

Program to Run: Path to the program

Working Directory: Directory or folder in which program resides

Arguments: Additional options that can be applied to the program when it is run

Taskbar Advanced options

This tab is only available in version 1.6 onwards.

Taskbar Advanced Settings


Proxy Server: Settings can be added for a local proxy server for the local Windows PC to access the internet, options are Automatic, None or Specify to enter the details.

Show Image Border: If this option is unchecked, the TURing image is shown with no border, and cannot be moved.

Scaling: The image can be increased or decreased in size, from 1/4 to 4 times original scale (25% to 400%).

Transfer Settings

This dialog is available from version 1.7.

Transfer Settings

The options on this dialog reflect the changes to the way settings are stored in 1.7.

In previous versions, settings were always stored for all users. In version 1.7, settings are always stored for the current user, and different users can have different settings.

Import from File: this option allows you to import the settings from a previously exported XML file. This dialog is shown the first time any user runs the program if there are no common settings.

Export to File: this option allows you to export the settings for use on another machine.

Import old Settings: if you are upgrading from an earlier version you will need to use this option to import the settings from the previous version.

Copy Common Settings: this option will make a copy of the common settings (if there are any) for the current user, allowing them to modify the settings for their user.

Export to Common: this option requires Administrator privileges. It will export the current user's settings to common settings, which will be used by default for all users. If the machine is likely to be used by multiple users, it is advised that you execute this option after installing and configuring for the first time. Otherwise, every user will be required to configure the settings themselves.

Using the Taskbar Client

Once the taskbar client is configured, you will want to use it to get TURing images etc.

It is recommended that you configure the taskbar client to run on login. Otherwise you will need to start it manually.

When the program is running, a Swivel Secure icon will be displayed in the taskbar notification area. To display a TURing image, simply double-click on this icon.

For other options, right-click on the icon to show the context menu

TaskbarClient17Menu.png

The first 3 options allow you to display a TURing image, the index for a mobile app string or to request a security string to be sent via SMS. If you have configured multiple servers, these options will have sub-menus, allowing you to select which server to request from.

NOTE: the sub-menus for String Index and Send String are only available from 1.7.

The Server Settings and Transfer Settings options show the appropriate dialogs described earlier.

Reload Settings should only be necessary if the settings have been changed by another user while you have been logged in. It refreshes the settings from the registry storage.

Command Line Options show the command-line parameters if for example you want to run the program to show a single string and then exit.

Transport Selection

The Taskbar from version 1.4 can be used to generate Dual Channel SMS messages or the security String index telling the user which security string to use where multiple security strings are sent in an SMS or email message. To select these options right click on the Taskbar utility and select Get String Index to find which security string to use, or Request Security String to receive a new Security String by SMS or email, a Confirmed image will appear to acknowledge the request. For more information on the Security String Index see Multiple Security Strings How To Guide


Security String Index telling user which security string to use


Taskbar security string index.JPG


Security String request confirmed image


Taskbar dual channel.JPG

Enabling PositiveID Authentication on the Taskbar

NOTE: This option is no longer available from version 1.6 onwards.

Right click on the Swivel Taskbar and click on the line Use PositiveID, ensure a tick appears next to the menu item. For further information on PositiveID see the PositiveID How to Guide

PINsafe Taskbar select Use PositiveID.jpg PINsafe Taskbar Use PositiveID enabled.jpg

Uninstalling the Taskbar

Use the Windows Program Management tools to uninstall the software.

The following program will remove registry settings Taskbar Cleaner Program

The settings for the Taskbar application are stored in the registry under \\HKEY_CURRENT_USER\Software\Swivel Secure\SwivelTaskbar. The uninstall program removes the SwivelTaskbar key, and if no other entries are found, also the Swivel Secure key.

Since the entries are under HKEY_CURRENT_USER, if multiple users have run the application on the same machine, each one will need to run the application as themselves.


Known Issues

'No Image is generated and The underlying connection was closed: An unexpected error occurred on a send.

TLS protocol extension called Server Name Indication (SNI) is an optional TLS extension protocol and must be supported on both client and server for it to be operational. Windows Vista, Window 7 and 2008 server onwards support the protocol. It may be possible to add the server hostname to the list of recognised hosts on the front end firewall. This issue is resolved in version 1.4.2 onwards of the Taskbar.

Compatibility with Windows 8

Version 1.5 of the taskbar client is compatible with Windows 8. However, there is a known issue with multiple users on the same computer. Even if you install the application for all users, every new user needs to run the installation script the first time they use it, which requires administrator intervention. This issue is being investigated.

This does not appear to be a problem with version 1.6 on Windows 10. Version 1.6 uses a new installer, and seems to install for all users successfully.

Taskbar Problems

No Image is generated

Ensure settings are correct, particularly IP, port, SSL, and self signed certificates

Is a 'Single Channel Session' message generated on the Swivel server logs for the user

can the user generate a session in the users web browser using: https://<IP>:8443/proxy/SCImage?username=test for a virtual or hardware appliance or http://<IP>:8080/pinsafe/SCImage?username=test for a software install.

Also check here Turing Image absent


The server committed a protocol violation. Section=ResponseStatusLine

This error can be generated when Swivel is running https, but SSL is not enabled the Taskbar, ensure the SSL Settings is enabled with a tick