InstaTech Reference Guide

Looking for the Quick Start Guide?

Table of Contents

  1. Building
    • Using the Package Builder
    • Building from Source
  2. IIS Setup
    • Required Features
    • Firewalls
    • SSL Certificates
    • Shared Hosting
  3. Customizing InstaTech
  4. The Customer Portal
    • Support Chat
    • Remote Session
  5. The Technician Portal
    • Support Chat
    • Remote Session
    • Computer Hub
    • Account Center
    • Configuration
  6. The Remote Control
    • A Note About UAC and Windows Logon
    • Interactive vs. Unattended
    • Menu Options
  7. The Client Applications
    • Windows Client
    • Windows Service
    • Cross-Platform Client (Electron Version)
  8. Session Recording
  9. Log Files
  10. Utilities and Scripts



1. Building

Using the Package Builder

The Package Builder, which can be found at https://instatech.azurewebsites.net/Downloads, is the easiest way to get an InstaTech server running. It has a form that consists of two fields. The company name is used for the title on the Customer and Tech Portals, and the host name should be the server where InstaTech will be installed. The clients will be modified to connect to that host, then recompiled and packaged in the installer.

The InstaTech server must be installed in its own IIS site. It can't be in a virtual directory of another site. You can use a subdomain, though.

Once finished, you'll be provided a download link for the installer. The installer needs to be run on the server using administrator credentials. Follow the prompts through the installation. After it's finished, you may be prompted to reboot, then you can move down to the IIS Setup section.

Building from Source

When building from source, you'll be working with two solutions: InstaTech_Server and InstaTech_Client. First, go into InstaTech_Server and find /App_Code/Config.cs. This file contains all the configuration properties. The main thing you want to change is the Company Name. Afterward, build and deploy the site.

Next, go into InstaTech_Client, which has multiple projects within it. You need to change the host name that each client will connect to and replace it with your server name. In the .NET clients, there's a preprocessor directive at the top of the file that will say "#define Deploy" or "#define DEBUG".

Make sure the preprocessor directive reads "#define Deploy", and modify the appropriate variable later in the file.

Host names are defined in the following files and need to be changed:

Once the host names are changed, recompile the clients. The cross-platform clients are built with Electron and packaged with electron-builder. See their sites for documentation. You will need Node.js tools installed to work with the Electron project in Visual Studio. Each version (Windows/Mac/Linux) needs to be built on its respective OS.

Create a folder named "Downloads" at the root of the website, then put your clients within it.

2. IIS Setup

Required Features

The following features must be installed on your IIS server:

The Package Builder installer will install these features for you.

If you have the Linux or Mac versions available for download, you must also set a MIME type of "application/octet-stream" for the file type. For example, you can use the following PowerShell command to set the MIME type for AppImage files:

Add-WebConfigurationProperty -Filter //staticContent -Name Collection -Value @{fileExtension='.AppImage'; mimeType='application/octet-stream'}

Firewalls

Inbound traffic for HTTP (port 80) and HTTPS (port 443) must be allowed through the firewall. There are built-in rules for these within Windows Firewall that can be enabled. The ports must also be opened/forwarded in any other firewalls or routers between the server and the internet.

The Package Builder installer will configure Windows Firewall for you.

SSL Certificates

It's highly recommended that you have an SSL certificate installed before using InstaTech in production. You must have a domain or subdomain pointing at your server's IP address. A very fast and easy way of install an SSL certificate is a program called Certify, which can be found here: https://certifytheweb.com

Certify will automatically acquire a Let's Encrypt SSL certificate and install it for you. There are other Let's Encrypt clients available as well.

You can use online SSL tests to make sure your SSL certificate is installed properly, such as the one at https://www.digicert.com/help/

Shared Hosting

InstaTech should work on shared hosting, provided all the above requirements are met. The installer provides an option to extract the files instead of installing them locally. It will place a ZIP file on your desktop that contains all the files that need to be uploaded to your website.

3. Customizing InstaTech

Use the Package Builder at https://instatech.azurewebsites.net/Downloads/ to customize the icons, background images, and WebSocket ports.

You can add custom CSS and JavaScript files to the server by adding them to "Override" folder at the root of the site. They will be loaded after all other CSS/JS files, and they will persist through updates. For customizing the remote control, add a sub-folder in Override named "RemoteControl" and add the files in there.

4. The Customer Portal

The Customer Portal is the main page on the InstaTech Server. You can switch back and forth between the Customer and Technician portals using the button at the top-left.

Support Chat

Customers can start a support chat session by filling out and submitting this form. The Category and Type fields are pulled from the Support_Categories property in Config.cs. To add, change, or remove categories, you can directly edit Config.cs or use the Configuration section in the tech portal.

Once logged in, the customer will be placed in queue to wait for a technician to pick up the support case.

Remote Control

The Remote Control button displays instructions for starting a remote session. The default download is the Windows WPF client. Once downloaded and run, the customer would give the session code to the technician, who can then connect.

5. The Technician Portal

The Technician Portal can be accessed by clicking the button at the top-left of the main page, or by appending "?user=tech" to the site's URL (e.g. https://[yourhostname]/?user=tech). You will need to log in before any options will be available. Admin accounts will have more options than technician accounts.

Support Chat

On the technician side, this is where you'd view and respond to customer cases. After clicking the Enter button, you'll see a list of all cases, sorted into their respective queues. The Exit Chat button at the top-right will remove you from the list of available techs and close the chat interface.

Click on a queue to see the cases within it, then click a case to see the details. The following buttons are available from the case details:

Once you take the case, you will begin chatting with the customer, and the following buttons will be available:

Remote Session

Remote Session has a download link for the clients, in case you need them, and a shortcut to the remote control page. The remote control is discussed later.

Computer Hub

The Computer Hub is where you can search for and interact with computers that have the InstaTech Service installed. You can search by computer or user name, or leave it blank to search for all computers. You can select a specific computer group to narrow your search.

Once you have results in the table, you can select one or more computers. Hold Ctrl or Shift while clicking to select multiple computers, or click Select All to select all in the results table. You can only Remote Control one computer at a time, but Deploy File and Interactive Console can be used on multiple computers at once.

You can also change a computer's group via the drop-down menu. Computer groups are talked about more in the Configuration section.

Account Center

This is where you can create, delete, and edit accounts for the InstaTech Server.

Set the temp password if you need to reset an account's password. Afterward, when you log in with the temp password, you'll be prompted to create a new one.

An account can be assigned to one or more computer groups. Hold Ctrl while clicking to select multiple. For admins, this doesn't do anything. For technicians, this determines which computers they'll be able to control in the Computer Hub.

Access Level determines what the account has access to. Admins have access to everything. Technicians will not have access to the Account Center or Configuration, and they can only interact with computers that are in one of their computer groups.

Configuration

This is where you can configure various aspects of the server. The configuration data is saved in "/App_Data/Config.json". Below are the details for each option.

6. The Remote Control

The Remote Control can be found at https://[yourhostname]/Remote_Control/. There's also a link to it from the Remote Session button in the tech portal.

A Note About UAC and Windows Logon

The actions you're able to perform while connected to a remote computer is limited by the privilege level of the client process. Most people are familiar with UAC and elevating a process by choosing "Run as administrator." However, when determining if an application is allowed to simulate keystrokes and mouse input in various situations, it gets more complicated.

See the below bullet points for the short version. Here are the details, for those who are interested. The environment in which a process is run within Windows consists of three layers: the session, the window station, and the desktop. That is, each session can contain window stations, each window station can contain desktops, and each desktop can have processes running in it.

Starting with Windows Vista, all services are run in session 0. This is called session 0 isolation. When a user logs into Windows, they get a new session. It starts with session 1 and increments for each new logon.

You can see the session number by adding the Session ID column to Task Manager under Details tab. The desktop you're used to seeing and where you launch applications is in Session[>0]\WinSta0\Default. That's some session greater than 0, window station 0, Default desktop.

There are also Winlogon and Secure desktops. There can only be one active desktop at a time. When the fullscreen UAC window appears (if it's set to "dim" your desktop), or when you switch to the logon screen, your default desktop gets set to inactive, and the other desktop becomes active.

Applications running in one desktop can't interact with a different desktop. It must switch desktops, or close and be re-launched in the new desktop.

Moreover, an application requires special privileges to interact with the Windows logon desktop or the secure desktop. The required privileges are higher than simply "Running as administrator". In fact, only services have the necessary privileges to do so.

The catch is, services (which run in session 0), can't interact with the UI at all unless they have a special certificate purchased from Microsoft. These are typically reserved for accessibility applications, such as screen readers.

The way around this is to have a service launch another process in the user's session, in the active desktop, with the necessary rights. That is why you'll see two instances of InstaTech_Service.exe running when you're connected, with one in session 0 and the other in the user's session.

All this leads up to the below behaviors and restrictions, depending on how the InstaTech Client is launched. The Windows client will attempt to launch with administrative rights if the user's account is an administrator. Otherwise, it will launch as a standard user without prompting.

Interactive vs. Unattended

Interactive Mode is selected by default on the remote control page. In this mode, it expects a session ID that the client will automatically generate when opened. As such, a user must be present at the remote computer.

With Unattended Mode selected, a computer name is expected. Only computers with the service installed can be connected to in this way. The input box will autocomplete with available computer names once you start typing, if a match is found.

Menu Options

The slide-down menu at the top of the remote control screen contains additional features.

7. The Client Applications

Windows Client

The Windows client is compatible with Windows 7, 8, and 10. When launched, it provides a 6-digit code that can be entered into the remote control to connect. The Windows service is embedded in the EXE and can be installed from this client.

Command Line Arguments:

Main Interface:

Menu Options:

Windows Service

The Windows service is compatible with Windows 7, 8, and 10. It's embedded in the Windows client, but can be installed on its own as well. It must be installed from an elevated command prompt or process.

Command Line Arguments:

Cross-Platform Client (Electron Version)

The cross-platform client is built with Electron and runs on Windows, Mac, or Linux. It must be built from the OS that it targets. While it can be used on Windows, the native Windows client is recommended. This client does not contain the Windows service.

Main Interface:

Menu Options:

8. Session Recording

Session recording can be enabled in the Configuration window in the tech portal. If enabled, remote control sessions will be saved in "/App_Data/Logs/Recordings/" as an ITR file. These files can be played back using the InstaTech Player, which is available on the InstaTech Downloads page.

9. Log Files

Numerous log files are kept by the clients and the server. They can be useful for diagnosing issues or for general information. Below are the locations of various logs.

10. Utilities and Scripts

As new utilities and scripts related to InstaTech are developed, they'll be published on the InstaTech Downloads page.