Admin Manual
User Management
Users
This section of the web interface allows users to be manually created, edited and deleted. If you want to import a large number of users an AD sync will be easier, but this can be used to make any changes, such as assigning administrators, or just adding specific students.
You should make sure that you change the password for the admin account as soon as possible. Alternatively, you can create a new Web Administrator account and delete the default admin user.
The three buttons here allow you to create New users (including assigning roles), Edit existing users, to change names, passwords, roles and settings, and also to disable a user, and Delete a user to remove them from the list.
The 
button allows you to add a new user:
Enter their details, then select Create User. The Authenticate with Active Directoy option allows a user to use their Domain credentials to log in to AB Tutor - Stringmatch allows users to be recognised by username matching, rather than by Domain matching. The next page allows you to choose which roles that user is to have. Note that the console user roles will not appear until a user is set as a console user.
A Client User can be controlled by AB Tutor. Any students who are to be added to groups of users will need to be given this role. You do not need to create these roles for your client users if you are only going to use Device Groups.
A Console User will have access to open the Console and control Client machines. This permission won't automatically give them Admin access, or the right to create/apply/remove policies. Those roles need to be applied separately.
A Web Administrator has full access to the Web Interface on the Central Server. This allows them to create more users, approve new clients, set up sync jobs etc. This role should be restricted to IT/network administrators for security.
A Dynamic Group Creator can create a group which Clients join, rather than the members being defined in advance. These are useful in situations where the group members aren't known in advance, or when there are so many different combinations of users/devices that it's not practical to create all the groups, for example a school where every student has their own laptop which they carry with them around the school. For more information see Dynamic Groups.
A Policy Creator can create, edit and delete Private Policies. These are policies which only that user has access to. A Console Administrator can also create shared policies, which all users have access to. They need the Policy User role to be able to apply these policies.
A Policy User is able to apply previously created policies, either their own private ones or shared ones, to any Clients they can connect to. They need the Policy Creator role in order to be able to create new policies.
A Private Group Creator is able to create their own groups and add clients to them. This is useful in situations where the Admins aren't able to create all groups in advance, however it does give these users full access to all devices on the network. These Private Groups can only be accessed by the user who created them and by Console Administrators.
A Console Administrator has full access to the Console, allowing them to set Global Settings, create Groups, access All Items, create Protected Policies etc. Again, this role should be restricted to administrators to ensure that users don't get access to Clients they shouldn't be able to access.
There are a few additional user options:
User Disabled means that the user has no effect on the system (they can't login and won't appear in user lists in the Console), but their settings aren't lost - they can be easily restored.
Authenticate with Active Directory means that the user logs in to the Web Interface or Console with their Domain password. This makes it easier for the user as they don't need to remember an additional password for AB Tutor.
String Match Username means that the user will appear when anyone has that username, rather than it requiring them to have logged in through Active Directory. This is less secure as the system can't be sure it's that user, as opposed to a local account with the same name, but it allows support for computers that aren't on the Domain, such as Macs or users' personal computers.
User role permissions
The following table gives an overview of the rights of the Administrator and Tutor.
| Feature | User | Admin |
|---|---|---|
| Connect to computers within a pre-defined group |  | |
| List view |  | |
| Icon view | | |
| Assessments menu | | |
| Events and log viewer | | |
| Administrative tools |  | |
| Connect to All Items | | |
| Remote watch and control | | |
| Send key sequences | | |
| Demo | | |
| Chat | | |
| Audio chat | | |
| Feature | User | Admin |
|---|---|---|
| Launch and close programs | | |
| Create policies | | |
| Create shared policies | | |
| Apply and remove existing policies | | |
| Lock/unlock remote machines | | |
| Logon/logoff/power on/shutdown/reboot remote machines | | |
| Send/collect files | | |
| Customise toolbar and context panel | | |
| Customise toolbar and context panel defaults/overrides | | |
| Groups - set up and manage groups and classrooms | | |
| Tutor Console settings | | |
| Purge log entries | | |
All those functions marked with a question mark can be disabled by an administrator, so might therefore not be available to everyone logged in as a tutor. (See Group Restrictions)