You can secure the run-time environment by enabling environment protection from the iFIX WorkSpace. Refer to the Run-time Environment Protection section. Once you enable environment protection, you can choose the specific actions you want to restrict.
NOTES:
- Some computer keyboards have special buttons that allow users to directly launch e-mail, searches, or internet browsers. Because these special buttons could circumvent iFIX environment protection, you may want to uninstall the software that operates the special buttons.
- For Microsoft Windows 8 and Windows Server 2012, the only on-screen keyboard for use with iFIX and touch screens is the tabtip keyboard (tabtip.exe). This on-screen keyboard will launch automatically if no physical keyboard is detected, and if the screen focus is on an edit field in the WorkSpace (when the I-Bar cursor is displayed in the edit field).
IMPORTANT: To launch the keyboard automatically from iFIX on Windows Server 2012 systems, there is additional configuration. In the Server Manager, you must install the Desktop Experience feature included in the User Interface and Infrastructure features. (By default, this feature is already enabled in Windows 8). After enabling the feature and restarting Windows, the on-screen keyboard, tiptap.exe, will be available and will display automatically when focus is on an edit field in iFIX.
The following table provides other common tasks you may want to restrict operators from, and the options to do so.
Locking Down the Windows Taskbar
You can control the accessibility of the Windows taskbar in Full Screen mode only, with the "Disable Task Switching" option located on the Environment Protection tab of iFIX WorkSpace User Preferences dialog box. If the "Disable Task Switching" option is selected, the Windows taskbar will not be accessible when the iFIX WorkSpace is running (in Full Screen mode only). If you are not in Full Screen mode or if the "Disable Task Switching" option is cleared, the Windows taskbar will be accessible by pressing the Windows key on the keyboard.
NOTE: The Enable Task Switching security application feature can be used to override the "Disable Task Switching" option for Environment Protection, but only when a user with this privilege is logged in. This override has no effect on the Window taskbar. However, if a user with this override privilege is logged in, this user can use Alt+Tab and the Windows keys to see what tasks are running and to switch to other tasks.
Important Task Switching Information
Task switching is disabled when security is enabled and either the logged-in user does not have task switching rights or there is no user logged-in. The task switching right can be assigned by adding the Enable Task Switching application feature to the user profile in the iFIX Security Configuration application.
Be aware of the following when using task switching in Microsoft Windows 8 and greater:
- When you disable task switching on Windows 8 and greater, iFIX disables the Windows shell which includes the task bar, the start menu, the desktop, file and folder access, the Charms bar, and hot corners that allow access to the Start screen.
- When security is enabled and iFIX is running, a user with task switching rights must be logged in for the shell to run and the desktop to be accessible. (When security is enabled, the rights of the logged in user will always take precedence over the environment protection settings configured in the iFIX WorkSpace User Preferences.) If there is no user logged in, task switching will be disabled, the shell will be disabled, and the system will become inaccessible.
- The Windows shell may be disabled when switching from run to configure mode in iFIX. To avoid this issue, make sure the logged-in user has both task switching rights and WorkSpace configure access, so that the desktop is always available in configure mode. The task switching right can be assigned by adding the Enable Task Switching application feature to the user profile in the iFIX Security Configuration application. The WorkSpace configure access can be assigned by adding the WorkSpace Configure application feature to the user profile.
- When a user with task switching rights is logged in, the Taskbar may be displayed on top of the Workspace. Enable the Auto-Hide the Taskbar property in Windows to push the Taskbar behind the Workspace.
- If the iFIX WorkSpace is not configured as a startup task in the SCU, you must configure a user to be logged in automatically who has task switching rights or the desktop will not be available and the system will become inaccessible when iFIX starts up.
- All users who have iFIX WorkSpace runtime exit privileges must also be assigned task switching rights or the iFIX WorkSpace runtime shutdown will be blocked.
Working with Touch Screens
Be aware that for Microsoft Windows 8 and Windows Server 2012:
- When iFIX is configured to run as a service and to start automatically, Fix.exe should always be started before launching WorkSpace.exe to enable the on-screen keyboard functionality. If WorkSpace.exe is launched without starting iFIX in the user session on a system without a physical keyboard, the on-screen keyboard will not automatically display when the cursor is in an edit control or in edit mode.
- For Microsoft Windows 8 and Windows Server 2012, the only supported on-screen keyboard for use with iFIX and touch screens is the tabtip keyboard (tabtip.exe).
- To launch the keyboard automatically from iFIX on Windows Server 2012 systems, there is additional configuration. In the Server Manager, you must install the Desktop Experience feature included in the User Interface and Infrastructure features. (By default, this feature is already enabled in Windows 8). After enabling the feature and restarting Windows, the on-screen keyboard, tiptap.exe, will be available and will display automatically when focus is on an edit field in iFIX.
- To automatically display the on-screen keyboard when the focus is set to WorkSpace objects that have the ability to accept user inputs, enable PROFICYENABLEFOCUSTRACKING.EXE by adding the following lines to your FIX.INI file (located in the LOCAL folder) in the [OTHERS] section:
[OTHERS]
[SESSION INSTANCE]
INSTANCE0=%PROFICYENABLEFOCUSTRACKING.EXE
NOTE: If these lines are present in the FIX.INI, but are preceded by a semi-colon, remove the semi-colon to enable the lines.
