LogoLogo
  • PlaceOS Documentation
  • Overview
    • Key Concepts
      • Drivers
      • Interfaces
      • Modules
      • Settings
      • Systems
      • Triggers
      • Zones
    • Languages
      • Crystal
      • TypeScript
    • Protocols
      • MQTT
      • SAML
      • OAuth2
  • How To
    • Configure PlaceOS for Microsoft 365
      • Step 1: Room Calendar Access
        • Create Azure App Registration (Application Permissions)
        • Exchange Calendar Group
        • Limit Application Permissions
        • Configure PlaceOS Calendar Driver
      • Step 2: User Authentication & Calendar Access
        • Create a PlaceOS Authentication Source
        • Create Azure App Registration (Delegated Permissions)
        • Configure PlaceOS Authentication Source
        • Add User Login Redirects
      • Concierge Access
      • Troubleshooting
        • Blocked or Blacklisted IP Error
    • Configure PlaceOS for Google Workspace
      • Google Configuration
        • Create Google Cloud Project & Enable API
        • Configure Google Cloud Service Account
        • Add Google Workplace Permissions
        • Create Google Marketplace App (optional)
        • Google Workspace Service User (RBAC)
        • Configure Access to Google Resource Calendars
      • User Authentication
        • Create a PlaceOS Authentication Source for Google
        • Create Google Cloud OAuth2 Client App
        • Configure PlaceOS Auth Source for Google
        • Add User Login Redirects
    • Deployment
      • Deploy AWS Fargate on Modular CloudFormation Stacks
      • Deploy AWS Fargate on Nested CloudFormation Stacks
      • Writing Import Scripts
    • Analytics
      • MQTT Integration
    • Backoffice
      • Add a Domain to PlaceOS
      • Backoffice File Upload
      • Configure Staff API
      • Calendar Driver
      • Enable Sensor UI
      • Bookings Driver
      • Configure a webhook
    • Authentication
      • Azure B2C
        • Azure B2C Custom Policy Framework
        • Configure PlaceOS for Azure B2C
        • 365 Room Resources on Azure B2C
      • Configure SAML SSO
        • Configure SAML2 with AD FS
        • Configure SAML2 with Auth0
        • Configure SAML2 with Azure AD
        • Configure SAML2 with Google Workspace
      • Configure OAuth2 SSO
      • X-API Keys
      • Bearer tokens
    • Location Services
      • Location Services
      • Area Management
      • Discovering User Devices
      • Locating Users on a Network
      • People Finding with Cisco Meraki on PlaceOS
      • People Finding with Juniper Mist on PlaceOS
    • Notifications
      • Catering Orders
    • User Interfaces
      • Booking Panel App
      • Workplace App
      • Native Booking Panel App
      • Deploy a Frontend Interface
      • Microsoft Outlook Plugin
      • Configure Endpoint Auto Login
      • SVG Map Creation
      • Configuring a default UI
  • Tutorials
    • Setup a dev environment
    • Backend
      • Troubleshooting Backend Failures
      • Import Bookable Rooms
      • Writing A Driver
        • Testing drivers
        • ChatGPT / LLM Capabilities
          • Native GPT Plugins
      • Testing Internal Builds
    • Backoffice
      • Adding Drivers & Modules
      • Add Zone Structure
    • Common Configurations
      • Asset Manager
      • Catering
      • Locker Booking
      • Webex Instant Connect
      • Desk booking
      • Sensor Data Collection
        • Configure Kontakt IO
        • Configuring Meraki
        • Configuring DNA Spaces
      • Elevated Privileges
  • Reference
    • API
      • Real-time Websocket
      • Rest API
      • Staff API
    • Drivers
      • PlaceOS
        • Bookings
        • Staff API
        • Visitor Mailer
        • Lockers
      • Microsoft
        • Graph API
    • PlaceOS Skills
    • Privacy Policy
    • Recommended Products
    • Supported Integrations
    • System Architecture
    • System Functionality & Requirements
    • Infrastructure Requirements
    • Security Compliance
      • FAQ
      • GDPR
      • Security
    • Microsoft Azure Permissions
  • Glossary
  • 🎯PlaceOS Roadmap
  • 🆘PlaceOS Support
  • 👩‍💻PlaceOS Github
  • 📝PlaceOS Changelog
Powered by GitBook
On this page
  • Desk Locating Requirements
  • Laptop Docking Stations
  • Example PowerShell Scripts
  • Wireless Location
  • Shared Desktop Configuration
Export as PDF
  1. How To
  2. Location Services

Locating Users on a Network

Locating users on a network with PlaceOS

PreviousDiscovering User DevicesNextPeople Finding with Cisco Meraki on PlaceOS

Last updated 3 years ago

Using existing infrastructure, there is typically enough data available to accurately locate staff. Wireless networks provide a rough indication of location. Cabled infrastructure accurately shows who is sitting at individual desk locations.

You can also augment this with sensors as required. Sensors show desk usage and will need to fall back to Wi-Fi for staff location.

The Lookup Process:

  1. Lookup the username or email address of the person in question (staff search)

  2. Grab the device mappings for that user (as per the diagram above)

  3. Check if any of those devices are plugged in to a switch port (or have a desk reserved)

  4. If not, fall back to wireless lookup of username, email or wireless MAC address

Desk Locating Requirements

  • Switch IP addresses

  • SNMP or SSH service enabled on the switch (SSH preferred as it's easier to troubleshoot and secure)

  • A list of switch ports to desk mappings

  • A method for pairing staff to their devices

Most switches expose a SNMP service for locating details of port usage and the devices connected to each port. This is an common to most network hardware manufacturers. CISCO switches support SSH and PlaceOS supports for secure data transfer.

Laptop Docking Stations

Desk locating relies on device MAC addresses to identify staff as they move around a building. Docking stations often sit between the laptop and the switch. We need to ensure that the MAC address exposed by the docking station is unique to each staff member.

User Device Discovery

We automate the mapping of laptops and phones to staff.

This is a two step process.

  1. Firstly we need to discover the IP addresses of the devices in use by a user

  2. Once we have the IP address we need to find the associated MAC addresses

This maintains a mapping of MAC addresses to user accounts which can be used in conjunction with port usage to determine the location of users.

User Account To IP Address Mapping

There are multiple ways to obtain this information and these can be used simultaneously.

  • Users connecting to the staff application

  • Users logging on to their machines triggering an event on the Windows domain controller

  • Users connecting to a file share or print server

  • Custom tray application locating the logged in user, any IP address changes and associated MAC addresses

Windows Domain Controller

The Windows domain controller is used to authenticate users as they log onto a device. This would typically be a laptop, desktop computer or thin client.

File Share Or Print Server

Similar to the Windows domain controller method, audit logging can be enabled for file share access events.

IP Address To Mac Address Resolution

At this point we have a user account and an IP address. We need to lookup the MAC address associated with the IP address so we can associate the user to the MAC address / device.

  • PlaceOS will communicate with the switches over UDP port 161 or TCP port 22

  • The switches may communicate to PlaceOS over UDP port 162 (Not required for SSH connections)

Switch DHCP Snooping Table

We query DHCP snooping tables on level 2 switches as they maintain a list of DHCP allocated IP addresses and the MAC addresses of assigned devices.

If DHCP snooping is undesirable, DHCP Gleaning can be used instead.

Example PowerShell Scripts

It's possible to use additional events and modify scripts as required for security compliance.

Wireless Location

There are many methods for locating users on the wireless network and PlaceOS has integrations for various systems.

Depending on the wireless solution in place and it’s level of integration we may still need server notification scripts even in a wireless only environment.

  • CISCO CMX for instance can provide usernames when users are connected to the wireless, if configured to do so.

  • Microsoft FindMe will always provide a username

  • Huawei provides raw RSSI values, IP and MAC addresses. PlaceOS manages floor fingerprinting and estimating location based on these values

Shared Desktop Configuration

For monitoring desktop computer usage, such as locating a computer in a call center, you need to capture log-off events. You can only get these from the machine itself.

This is a simplified overview of data extraction from auditing events

Enable Auditing In

User Notification Script

This script can be modified to filter notifications for a subset of users, such as those in a specific domain or IP range.

Filename: user_ip.ps1

param (
    [Parameter(Mandatory=$true)][string]$ip,
    [Parameter(Mandatory=$true)][string]$username,
    [Parameter(Mandatory=$true)][string]$domain
)
$postParams = ConvertTo-Json @{module="LocateUser";method="lookup";args=@(,@($ip,$username,$domain))}
Invoke-WebRequest -Uri http://yourcompany.com/control/api/webhooks/trig-O6AXyP7jb5/notify?secret=f371579324eb56659b2f0b2c6f43d617 -Method POST -Body $postParams -ContentType "application/json"

Create An Action For The Event

  1. Create a basic task that runs an application (click through next in the wizard)

    • Program / Script: PowerShell

    • Arguments: -ExecutionPolicy Bypass -windowstyle hidden c:\aca-apps\user_ip.ps1 -ip $(ip) -username $(username) -domain $(domain)

  2. Open Task Scheduler -> Event Viewer Tasks -> (task name)

  3. Export the task

  4. Delete the task

  5. Import the edited task

<Triggers>
  <EventTrigger>

    <!-- Add this section: -->
    <ValueQueries>
      <Value name="ip">Event/EventData/Data[@Name='IpAddress']</Value>
      <Value name="username">Event/EventData/Data[@Name='TargetUserName']</Value>
      <Value name="domain">Event/EventData/Data[@Name='TargetDomainName']</Value>
    </ValueQueries>
    <!-- ================= -->
    <Subscription><!-- Filter on logon types --></Subscription>

  </EventTrigger>
</Triggers>

All commercial docking solutions offer a method for passing on a unique MAC, or do this by default. Two of the more common docking solutions are HP (BIOS or EFI configuration) and USB docks (Dell, Lenovo, Fujitsu, Targus, Kensington, HP and Toshiba among others).

Display Link provides a PowerShell to automate the configuration which can be deployed via SCCM.

This provides detailed logging which can be useful when deploying.

By auditing credential it's possible to query these logs to inform PlaceOS of the user account and the corresponding IP address associated with the event.

DHCP snooping is a and enabling it has additional advantages beyond user locating.

This covers the basics of user discovery using a domain controller. A third-party machine can be configured to query server logs remotely - for how this is achieved

For more details on how this is implemented please see our detailed .

Add the ValueQueries (below, )

industry standard
SSHv2
Displaylink
script
https://support.displaylink.com/knowledgebase/articles/613455-how-to-configure-displaylink-ethernet#macclone
alternative script
validation events
https://technet.microsoft.com/en-us/library/dd772679%28v=ws.10%29.aspx
https://technet.microsoft.com/en-us/library/dn311489%28v=ws.11%29.aspx
https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/
security feature
see the detailed scripts
configuration guide
CISCO CMX
CISCO Meraki
HP Aruba (Analytics and Location Engine
Ruckus SPoT
Huawei WLAN positioning
Microsoft FindMe
more details