KeyScan, security systems and your data held hostage.

Nearly all technology companies have some sort of access control system in place. From bio-metric finger print scanners to simply proximity key cards or key fobs, maybe even the cheaper magnetic strip cards. But something is usually used to identify you and let you in or out of the building.

Generally when you start at a company they issue you this right away. After all they want you to be able to show up for work right?

I’ve dealt with these things in various flavors for years and on the back end they all pretty much suck. They are archaic, crappy applications usually still built using Visual Basic by wanna be programmers who obviously have never taken a class or read a book on computer interfaces. These applications are just terrible.

They don’t have to do much though. They also talk to some pretty unsophisticated equipment over serial interfaces, or serial equipment that has been network enabled.

The applications basically allow you to create access entries, set up time schedules and they log ‘alarms’ to a database. Hell some don’t even use a real database.

So apart from sending some binary or text to set up alarm panels, logging the alarms from said panels, any other functionality is pretty much fluff. Some might allow you to run reports though they are usually pretty poor. Most will sell you ‘optional add-on’ modules to create picture based ID cards, etc, etc. But again, I have still never seen a quality Access Control back-end package.

Now granted, the market here isn’t huge. It’s something you buy once every 10 years and maybe upgrade now and again. But that’s no excuse for publishing crap and charging and arm and a leg for it.

We’re now going to beat up on one of my favorites, KeyScan.

My biggest problem with Keyscan and a lot of companies just like them is that they take your data, yes your access and alarm data, and log it into a SQL database, MSDE to be exact, and hold it hostage.

First that’s not exactly true, you can get to it, if you use their report engine. But heaven forbid you want a report that they can’t deliver. You’re only hope then is to send in a feature request. Since we’ve had the product, they’ve only released a couple 0.x releases so I don’t see our report request as being a high priority.

Oh, and they did tell me that the can ‘Sell’ me yet another add on that will intercept the data from the controllers or alarm panels and I could take that data and put it into my own SQL database or data store.

And lastly I could run a report detailing everything and dump that via CSV and import into something else. (nice)

What they wouldn’t give me was access to the data in the already existing MSDE database, or let me redirect the application to use a SQL server that I already had so that I could (a) absorb the licensing cost of said SQL server and (b) right my own damn reports as I need and want them.

After all it’s MY DATA.

What was their reason for this? They actually didn’t have one other than, “It’s a security application and we can’t share the password that we use” As much as I tried to explain to them I didn’t want their password, only a READ ONLY username/password to the data, they stuck to their guns, “Even that is a security problem, and we’re not going to do that, ever”

Hello? I can already (a) dump it all, so where’s the security risk? What I can’t do is get up-to-date information unless I manually dump it and re-import it every time I want to run my report.

So basically let me translate for you, what they were really saying was; “We don’t know how to do it, and if we did we wouldn’t now how to charge you for it.”

The fine folks at KeyScan can bite me.

You deserve access to your data, and the ability to use far better tools for reporting than what they give you.

Here’s how you can do it.

Take your KeyScan System Off Line So that it’s not communicating with any devices (so it stops logging)

Backup your KeyScan Database using the utility; this should contain all of your latest data.

Then Uninstall MSDE (from add/remove software).

Then kindly reinstall from KeyScan from your CD. At that point KeyScan will see that it’s installed and prompt you to do a repair which will only reinstall MSDE.

When the install finishes it will ask you to reboot but DO NOT REBOOT.

Keyscan puts a registry entry in the system that will create the MSDE SA user and password with their utility so you need to create your user account here and now.

Open a command line and use osql to create another user in the database or MSDE environment for you to connect to using the following commands:

use osql to add a login and make that login a sysadmin, (sysadmin role has superpowers).

osql -U sa
passwd:<blank>
>exec sp_addlogin ‘admin’
>go
>exec sp_password NULL,’password’,'admin’
>go
>exec sp_addsrvrolemember ‘admin’,’sysadmin’
>go

close the command prompt and you’re done.

Finish rebooting and you should still be able to login with your created admin login using SQL 2000 tools or earlier. (basically anything you want. Create an ODBC connection and have fun) The database Schema is very easy to follow.

Everything you want is in the ALARM table.

Written by datapoohbah on September 14th, 2006 with 3 comments.
Read more articles on IT and Network Managment and The Truth Hurts.

• [+] Digg: Feature this article
• [+] Del.icio.us: Bookmark this article
• [+] Furl: Bookmark this article

Related articles

• Absolutely terrific data analysis and visualization software. (June 19th, 2008)
• Enterprise iPhone (a week with 2.0 Beta) (April 28th, 2008)
• host-tracker.com Check your sites performance (April 11th, 2008)
• Firefox bookmarks toolbar broken… (March 30th, 2008)
• Wordpress 2.5 (March 29th, 2008)