NetOp Remote Control Administrator’s Manual Version 9.0 Moving expertise - not people

NetOp Remote Control Administrator’s Manual Version 9.0 Moving expertise - not people

NetOp Remote Control

Version 9.0

Administrator’s Manual

Moving expertise - not people

1

2

Copyright © 1981-2006 Danware Data A/S. All Rights Reserved.

Portions under license from third parties.

Printed in Denmark

Document Revision: 2006151

Please send any comments to:

Danware Data A/S

Bregnerodvej 127

DK-3460 Birkerod

Denmark

Fax: Int +45 45 90 25 26

E-mail: [email protected]

Internet: http://www.netop.com

Warranty

Danware Data A/S warrants the quality of the physical material of the user package, that is manual and

CD-ROM. If these items are defective, we will exchange them at no cost within 60 days of purchase from

Danware Data.

Disclaimer

Danware Data A/S denies any and all responsibility for damages caused directly or indirectly as a result of any faults with the enclosed programs and/or documentation.

License

Danware Data A/S retains the copyright to the user manual. All patent, copyright and other proprietary rights in and to the programs will remain with Danware Data A/S or its licensers.

Your purchase gives you the right to copy and use the programs as described on your Danware License

Certificate included in your package.

Please save your Danware License Certificate and your original CD-ROM. They serve as your legal right to use the software. You may also need them in order to receive future updates to the product.

Please be careful not to install or run the software on more PCs than your Danware License Certificates permits you to do.

The programs may be copied for backup purposes only, and only as long as the above mentioned rules are adhered to.

Trademarks

NetOp® and the red kite are registered trademarks of Danware Data A/S. All other products mentioned in this manual are trademarks of their respective manufacturers.

3

4

Contents

Contents

Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.1 On the Administrator’s Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.2 Common Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.2.1 Window Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.2.2 Menu and Toolbar Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.2.3 Table Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2 NetOp Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2 NetOp Security Management Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2.1 NetOp Security Management Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2.2 NetOp Security Management Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.2.1 Security Database Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.2.2 NetOp Security Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.2.2.3 Running NetOp Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.3 Load NetOp Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.3.1 Security Database Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.4 NetOp Security Manager Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.4.1 Title Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.4.2 Menu Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.4.2.1 File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.4.2.2 Records Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.4.2.3 Edit Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2.4.2.4 View Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2.4.2.5 Options Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

2.4.2.6 Help Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

2.4.3 Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

2.4.4 Filter and Fetching Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

2.4.5 Selection Pane. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

2.4.6 Records Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2.4.7 Messages Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2.4.8 Status Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2.5 Manage Security Database Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2.5.1 Content Creation Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2.5.1.1 Review Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2.5.1.2 Create Role Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

2.5.1.3 View and Manage Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

2.5.1.4 Scheduled Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5.1.5 Security Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5.1.6 NetOp Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5.1.7 Active Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5.2 Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5.2.1 Role Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

2.5.2.1.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

2.5.2.1.2 New Batch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

2.5.2.1.3 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

2.5.2.1.4 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5

6

2.5.2.1.5 Clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

2.5.2.2 Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.5.2.2.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

2.5.2.2.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.5.2.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.5.2.3 Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.5.2.3.1 Security Server Group Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

2.5.2.3.2 Security Server List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

2.5.2.3.3 Preferred Guest Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

2.5.2.3.4 Preferred Host Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

2.5.2.3.5 Logging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

2.5.3 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

2.5.3.1 Security Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

2.5.3.2 NetOp Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

2.5.3.3 Active Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

2.5.4 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

2.5.4.1 Scheduled Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

2.5.4.1.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

2.5.4.1.2 Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

2.5.4.1.3 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

2.5.4.1.4 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

2.5.5 NetOp Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

2.5.5.1 NetOp Guest ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

2.5.5.1.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

2.5.5.1.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

2.5.5.1.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

2.5.5.1.4 Accessible Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

2.5.5.2 NetOp Guest ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

2.5.5.2.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

2.5.5.2.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

2.5.5.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

2.5.5.2.4 Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

2.5.5.3 NetOp Host ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

2.5.5.3.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

2.5.5.3.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

2.5.5.3.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

2.5.5.3.4 Permitted Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

2.5.5.4 NetOp Host ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

2.5.5.4.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

2.5.5.4.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

2.5.5.4.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

2.5.5.4.4 Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

2.5.5.5 NetOp Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

2.5.6 Windows Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

2.5.6.1 Windows User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

2.5.6.1.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

2.5.6.1.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

2.5.6.1.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

2.5.6.1.4 Accessible Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

2.5.6.1.5 Permitted Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

2.5.6.2 Windows Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

2.5.6.2.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

2.5.6.2.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

2.5.6.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

2.5.6.3 Windows Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

2.5.6.3.1 New. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Contents

2.5.6.3.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

2.5.6.3.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

2.5.6.3.4 Permitted Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

2.5.6.4 Windows Workstation Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

2.5.6.4.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

2.5.6.4.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

2.5.6.4.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

2.5.6.4.4 Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

2.5.6.5 Windows Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

2.5.6.5.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

2.5.6.5.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

2.5.6.5.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

2.5.7 RSA SecurID Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

2.5.7.1 RSA SecurID User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

2.5.7.1.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

2.5.7.1.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

2.5.7.1.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

2.5.7.1.4 Accessible Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

2.5.7.2 RSA SecurID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

2.5.7.2.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

2.5.7.2.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

2.5.7.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

2.5.7.2.4 Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

2.5.7.3 RSA SecurID Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

2.5.8 Directory Services Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

2.5.8.1 Directory Services User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

2.5.8.1.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

2.5.8.1.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

2.5.8.1.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

2.5.8.1.4 Accessible Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

2.5.8.2 Directory Services Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

2.5.8.2.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

2.5.8.2.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

2.5.8.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

2.5.8.3 Directory Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

2.5.8.3.1 New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

2.5.8.3.2 Edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

2.5.8.3.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

2.6 Security Database Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

2.6.1 DWBATH: Scheduled Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

2.6.2 DWCONN: Active Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

2.6.3 DWDOMN: Windows Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

2.6.4 DWDONE: Security Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

2.6.5 DWEVNT: NetOp Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

2.6.6 DWGRUH: NetOp Host ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

2.6.7 DWGRUP: NetOp Guest ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

2.6.8 DWHOGR: NetOp Host ID Group Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

2.6.9 DWHOST: NetOp Host ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

2.6.10 DWLDAPGRP: Directory Service Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

2.6.11 DWLDAPPROP: Directory Service Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

2.6.12 DWLDAPSERV: Directory Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

2.6.13 DWLDAPUSR: Directory Service User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

2.6.14 DWMAIN: Role Assignment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

2.6.15 DWNTGR: Windows Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

2.6.16 DWNTUS: Windows User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

2.6.17 DWPOLI: Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

7

2.6.18 DWPROP: General NetOp Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

2.6.19 DWROLE: Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

2.6.20 DWRSAGRP: RSA SecurID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

2.6.21 DWRSAPROP: RSA SecurID Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

2.6.22 DWRSAUSR: RSA SecurID User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

2.6.23 DWRSGM: RSA SecurID Group Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

2.6.24 DWSERV: NetOp Security Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

2.6.25 DWTODO: Scheduled Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

2.6.26 DWUSER: NetOp Guest ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

2.6.27 DWUSGR: NetOp Guest ID Group Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

2.6.28 DWWKGM: Windows Workstation Group Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

2.6.29 DWWKSG: Widows Workstation Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

2.6.30 DWWKST: Windows Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

2.7 NetOp Security Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

2.7.1 Security Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

2.7.2 Run As Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

2.7.3 Communication Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

2.8 Use NetOp Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

2.8.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

2.8.2 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

2.8.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

2.8.4 Database Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

2.8.5 Additional Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

2.8.5.1 AMPLUS.EXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

2.8.5.2 AMPLUS.ZIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

2.8.5.3 NETOPLOG.ZIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

3 NetOp Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

3.1 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

3.2 NetOp Gateway Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

3.2.1 Incoming and Outgoing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

3.2.2 Outgoing to Incoming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

3.2.3 Networking to Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

3.2.4 Disabled: Incoming to Outgoing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

3.3 NetOp Gateway Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

3.3.1 Communication Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

3.3.1.1 Device Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

3.3.1.2 NetOp Net Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

3.3.2 Security Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

3.3.2.1 Grant all Guests Default Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

3.3.2.2 Grant Each Guest Individual Access Privileges using NetOp Authentication . . . . . . . . . . . . 151

3.3.2.3 Grant Each Guest Individual Access Privileges using Windows Security Management. . . . 154

3.4 Use NetOp Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

3.4.1 Gateways and Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

4 NetOp Name Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

4.1 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

4.2 NetOp Name Management Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

4.3 NetOp Name Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

4.3.1 Name Service Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

4.3.2 Communication Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

4.4 Use NetOp Name Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

5 Advanced Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

5.1 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

5.2 Silent Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

5.2.1 Silent Install (Windows Installer) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

8

Contents

5.2.1.1 NetOp Transform Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

5.2.1.1.1 Install NetOp Transform Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

5.2.1.1.2 NetOp Transform Editor Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

5.2.1.1.3 Title Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

5.2.1.1.4 Tab Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

5.2.1.1.5 MSI Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

5.2.1.1.6 Properties Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

5.2.1.1.7 Features Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

5.2.1.1.8 Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

5.2.1.1.9 Files Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

5.2.1.1.10 INI Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

5.2.1.1.11 Registry Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

5.2.1.1.12 Shortcut Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

5.2.1.1.13 Build Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

5.2.1.2 Run Silent Install (Windows Installer) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

5.2.2 Silent Install (Traditional InstallShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

5.2.2.1 SETUP.ISS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

5.2.2.1.1 First Three Sections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

5.2.2.1.2 [INSTALL] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

5.2.2.1.3 [HOST] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

5.2.2.1.4 [COPY FILES] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

5.2.2.2 Run Silent Install (Traditional InstallShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

5.2.2.2.1 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

5.2.2.2.2 Additional Command Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

5.3 NetOp Deployment Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

5.3.1 Install NDU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

5.3.2 Load NDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

5.3.3 NDU Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

5.3.3.1 Title Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

5.3.3.2 Menu Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

5.3.3.2.1 File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

5.3.3.2.2 Help Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

5.3.3.3 Media Import Section (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

5.3.3.4 Deployment Setup Section (2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

5.3.3.5 Deploy Section (3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

5.3.4 Media Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

5.3.5 Deployed Module Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

5.3.5.1 Deployed Module Setup (Windows Installer). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

5.3.5.2 Deployed Module Setup (Traditional InstallShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

5.3.5.2.1 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

5.3.5.2.2 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

5.3.5.2.3 Callback Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

5.3.5.2.4 Startup Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

5.3.5.2.5 Hostname Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

5.3.5.2.6 Options Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

5.3.5.2.7 Audio Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

5.3.5.2.8 Copy Files Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

5.3.5.2.9 Help Request Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

5.3.5.2.10 Maintenance Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

5.3.5.2.11 Notify Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

5.3.5.2.12 Logging Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

5.3.5.2.13 Slow Network Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

5.3.5.2.14 Encryption Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

5.3.5.2.15 Windows Firewall Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

5.3.5.2.16 Misc Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

5.3.5.2.17 Confirm Access Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

9

10

5.3.5.2.18 Review and Edit SETUP.ISS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

5.3.5.2.19 Manage Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

5.3.6 Deployment Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

5.3.6.1 NT Remote Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

5.3.6.2 NetOp Scripting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

5.3.7 Deploy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

5.3.7.1 What Happens During Deployment? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

5.3.7.2 Troubleshoot Deployment Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

5.3.8 Deployment Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

5.3.8.1 Deploy from a Remote Controlled Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

5.3.8.2 Deploy Setup Details not Included in NetOp Deployment Template . . . . . . . . . . . . . . . . . . 252

5.3.8.3 WININET.DLL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

5.3.8.4 Deploy Other Programs than NetOp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

5.3.8.5 Remote Computers in a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

5.3.8.6 Remote Computers in an Excel Range. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

5.3.8.7 Remote Computers in an Access Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

5.3.8.8 Remote Computers in a Database Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

5.3.8.9 Using a Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

5.3.8.10 Installation Rights with NT Remote Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

5.3.8.11 Deploying to Different Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

5.4 NetOp Remote Control in Terminal Server Environments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

5.4.1 Installation (TSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

5.4.2 Use (TSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

5.4.2.1 NetOp Naming (TSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

5.4.2.2 NetOp Communication (TSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

5.4.2.2.1 TSE Gateway Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

5.4.2.2.2 Connecting into a TSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

5.4.2.2.3 Connecting out of a TSE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

5.4.2.2.4 Connecting between TSEs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

5.4.2.2.5 IP Broadcast List Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

5.4.2.3 Module Functionality (TSE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

5.4.2.4 Computer Resources (TSE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

5.5 NetOp Guest ActiveX Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

5.5.1 Requirements (ActiveX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

5.5.2 How to Use NetOp Guest ActiveX Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

5.5.3 NetOpX Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

5.5.4 NetOpX Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

5.5.4.1 Keys Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

5.5.4.2 Graphics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

5.5.4.3 Connection Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

5.5.4.4 Name Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

5.5.5 NetOpX Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

5.5.6 Programmer Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

5.5.6.1 NetOpX Methods and their Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

5.5.6.2 NetOpX Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

5.5.6.3 NetOpX Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

5.5.6.4 NetOpX Messages and their Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

5.6 NetOp Scripting ActiveX Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

5.6.1 Creation and Deletion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

5.6.2 Startguest, Initialize and Uninitialize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

5.6.3 Connect and Disconnect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

5.6.4 Transferring Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

5.6.5 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

5.6.6 Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

5.7 NetOp Remote Control Processes and Windows Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Contents

5.7.1.1 Main Host Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.1.2 NetOp User Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.1.3 NetOp Helper Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.2 Main Host Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.2.1 Normal Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

5.7.2.2 Replacing the Local Security Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

5.7.2.3 Disabling Main Host Processes Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

5.7.3 NetOp Helper Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

5.7.3.1 Using the NetOp Helper Service to reload NetOp Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

5.7.4 NetOpActivity Local Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

6 Other Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

6.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

6.2 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

6.2.1 Installation (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

6.2.1.1 Install (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

6.2.1.2 Uninstall (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

6.2.2 NetOp Guest (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

6.2.2.1 Load and Unload NetOp Guest (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

6.2.2.2 NetOp Guest (Linux) Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

6.2.3 NetOp Host (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

6.2.3.1 Start and Stop NetOp Host Daemon (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

6.2.3.2 Display and Hide the NetOp Host Window (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

6.2.3.3 NetOp Host (Linux) Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

6.2.3.4 NetOp Host Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

6.2.3.4.1 Selection Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

6.2.3.4.2 Attributes Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

6.2.3.4.3 Messages Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

6.2.3.4.4 Host Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

6.2.3.4.5 Address Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

6.2.3.4.6 Guest Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

6.3 Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

6.3.1 Installation (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

6.3.1.1 Install (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

6.3.1.2 Uninstall (Solaris). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

6.3.2 NetOp Guest (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

6.3.2.1 Load and Unload NetOp Guest (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

6.3.2.2 NetOp Guest (Solaris) Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

6.3.3 NetOp Host (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

6.3.3.1 Start and Stop NetOp Host Daemon (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

6.3.3.2 Display and Hide the NetOp Host Window (Solaris) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

6.3.3.3 NetOp Host (Solaris) Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

6.4 Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

6.4.1 Installation (Mac) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

6.4.1.1 Install (Mac) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

6.4.1.2 Uninstall (Mac). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

6.4.2 NetOp Host (Mac) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

6.4.2.1 Start and Stop NetOp Host Daemon (Mac) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

6.4.2.2 Display and Hide the NetOp Host (Mac) window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

6.4.2.3 NetOp Host (Mac) Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

6.5 OS/2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

6.5.1 Installation (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

6.5.1.1 Install (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

6.5.1.2 Install from Another Computer (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

6.5.1.3 Silent Install (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

6.5.1.4 Set Up NetOp Hosts Identically (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

11

6.5.1.5 Uninstall (OS/2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

6.5.2 NetOp Host (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

6.5.2.1 Load and unload NetOp Host (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

6.5.2.2 NetOp Host (OS/2) Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

6.5.2.3 NetOp Host (OS/2) Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

6.5.2.3.1 Program Options (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

6.5.2.3.2 Help Request Options (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

6.5.2.3.3 Guest Access Security (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

6.5.2.3.4 Maintenance Password (OS/2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

6.5.2.3.5 Log Setup (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

6.5.2.3.6 Communication Profiles (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

6.5.2.3.7 APPC (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

6.5.2.3.8 ISDN (CAPI 1.1) (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

6.5.2.3.9 Modem Database (OS/2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

6.6 DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

6.6.1 Installation (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

6.6.2 NetOp Host (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

6.6.2.1 NetOp Host (DOS) Load Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

12

1 Introduction

13

1.1 On the Administrator’s Manual

1.1 On the Administrator’s Manual

This manual supplements the User’s Manual, NetOp Guest Help and NetOp Host Help user documentation with administrator documentation in these chapters:

NetOp Security Management

NetOp Gateway

NetOp Name Management

Advanced Tools

Other Operating Systems

This manual is available only in English. These special NetOp Remote Control modules include help systems in English:

NetOp Security Management

NetOp Security Manager Window includes a NetOp Security

Manager Help system.

Advanced Tools

NetOp Deployment Utility includes an NDU Help system.

Other Operating Systems

NetOp Guest (Linux) and

NetOp Guest (Solaris)

include NetOp Guest

Help systems.

For easy reference, this Introduction chapter includes this User’s Manual section:

Common Controls

1.2 Common Controls

This section explains the controls of common elements in the NetOp Remote Control user interface. It section includes these sections:

Window Control

Menu and Toolbar Control

Table Control

1.2.1 Window Control

Windows with an icon at the title bar left end share these window controls:

Click the title bar left icon, right-click anywhere in the title bar or press A

LT

+S

PACE

to display this standard window control menu:

14

Restore: Select this command or click the matching title bar right end button to restore a maximized or minimized window to its normal size.

Move: Select this command to display an arrow-pointed +. Press the keyboard arrow buttons to move the window. Press E

NTER

to end the operation.

Note: Typically, move a window by dragging its title bar.

Size: Select this command to display an arrow-pointed +. Press the keyboard arrow buttons to display a double arrow at a window edge and move the window edge to resize the window. Press E

NTER

to end the operation.

1 Introduction

Note: Typically, resize a window by dragging its edges or corners.

Minimize: Select this command or click the matching title bar right end button to minimize the window.

The window can minimize into a taskbar button or a notification area button or if inside a window work panel into a minimized window typically in the lower left corner of the work panel. Click a taskbar minimized window button or double-click a notification area minimized window button to restore the window.

Maximize: Select this command or click the matching title bar right end button to maximize the window.

Close: Select this command, click the matching title bar right end button, press A

LT

+F4 or double-click the title bar icon to close the window without applying window selections. If the window represents a loaded program, the program will be unloaded.

1.2.2 Menu and Toolbar Control

Enabled menu commands appear as black text. Menu commands that are disabled with the current selection appear as gray text. If the window is active, place the mouse pointer on a command to display a hint in the status bar. Commands switching a status On/Off can display a checkmark or an icon. If checkmarked or if the icon appears pressed in, the status is On and selecting the command will switch the status Off. Executing a command closes the menu.

Drag the left end of a toolbar to move it from its default position below the menu bar to place it along another edge of the window below the menu bar and above the status bar or anywhere outside the window.

Enabled toolbar buttons appear in color. Toolbar buttons that are disabled with the current selection appear gray. If the window is active, place the mouse pointer on a toolbar button to display a tooltip with the button name and a hint in the status bar. A toolbar button switching a status On/Off can appear pressed in. If appearing pressed in, the status is On and clicking the button will switch the status Off.

1.2.3 Table Control

Typically, these controls are available with tables in window panes:

Resize the pane by resizing the window by dragging its borders. Change the width of a column by dragging the right border of its heading. Sort records (ascending/descending) by any column by clicking the column heading. If table content extend beyond the pane, it will have scrollbars.

Click a record to select and highlight it. Click a record and while pressing S

HIFT

click another record to select and highlight both records and records in between. Click a record and while pressing C

TRL

click other records to select and highlight clicked records.

15

1.2 Common Controls

16

2 NetOp Security Management

17

2.1 Summary

2.1 Summary

This chapter explains NetOp Security Management that provides centralized control of NetOp Guest access privileges when connecting to NetOp Host. It contains these sections:

NetOp Security Management Overview

Load NetOp Security Manager

NetOp Security Manager Window

Manage Security Database Content

Security Database Tables

NetOp Security Server Setup

Use NetOp Security Management

2.2 NetOp Security Management Overview

NetOp Remote Control can protect computers that run NetOp Host against unauthorized access and actions from computers that run NetOp Guest. Protection can be managed locally on each NetOp Host by

Guest Access Security and centrally for multiple NetOp Hosts by NetOp Security Management.

Locally managed Guest Access Security and how Hosts use NetOp Security Management is explained in the User’s Manual NetOp Host chapter and NetOp Host Help system Host Tools section Guest Access

Security section.

Centrally managed NetOp Security Management is explained in this chapter and in the matching NetOp

Security Manager Help system that is available from NetOp Security Manager.

This overview section includes these sections:

NetOp Security Management Functionality

NetOp Security Management Setup

2.2.1 NetOp Security Management Functionality

NetOp Security Management stores Guest access security data for Guest and Host selections in a central security database that is managed from NetOp Security Manager.

NetOp Security Server services Host requests for Guest roles with themselves by managing

Guest authentication, querying the central security database for security data, determining the applicable role and returning it to the Host to apply it

:

18

1.

A Guest that connects to a Host is requested to identify itself by logon credentials.

2.

The Host forwards the Guest credentials to a NetOp Security Server requesting the Guest security role with itself.

3.

NetOp Security Server manages Guest authentication and queries the security database for security data.

2 NetOp Security Management

4.

Based on received security data, NetOp Security Server determines the applicable role and returns it to the Host

.

5.

The Host applies the received Guest security role.

2.2.2 NetOp Security Management Setup

NetOp Security Management setup falls into three parts:

Security Database Setup

NetOp Security Server Setup

Running NetOp Security Management

2.2.2.1 Security Database Setup

Security database setup is managed from NetOp Security Manager.

The security database can reside in any Open Database Connectivity (ODBC) enabled database. Creating the security database creates tables for these data:

Security Settings

including

Role Assignments

,

Roles

and

Security Policies

.

Logging

including Security Log

,

NetOp Log and Active Sessions .

Scheduling including

Scheduled Jobs .

NetOp Definitions including

NetOp Guest IDs

,

NetOp Guest ID Groups

,

NetOp Host IDs

,

NetOp

Host ID Groups

and

NetOp Properties

.

Windows Definitions

including Windows Users

,

Windows Groups

,

Windows Workstations

,

Windows Workstation Groups

and

Windows Domains

.

RSA SecurID Definitions

including

RSA SecurID Users

,

RSA SecurID Groups

and RSA SecurID

Properties .

Directory Services Definitions including

Directory Services Users

,

Directory Services Groups

and

Directory Services

.

Security Policies specify a

Security Server Group Name

, lists group members in a

Security Server List ,

specifies a Preferred Guest Type

and a Preferred Host Type and specifies

Logging Options

.

The key element in NetOp Security Management is the Role Assignment that specifies a Guest selection,

a Host selection and the Role of the Guest selection when connected to the Host selection.

• A Guest selection can be a

NetOp Guest ID or

NetOp Guest ID Group

, a Windows User or

Windows Group

, an RSA SecurID User or

RSA SecurID Group , a

Directory Services User

or

Directory Services Group

or everybody (any Guest).

• A Host selection can be a

NetOp Host ID or

NetOp Host ID Group , a

Windows User

, Windows

Group ,

Windows Workstation ,

Windows Workstation Group ,

Windows Domain

or everybody (any

Host).

• A

Role specifies allowed/not allowed/denied Guest actions on the Host and a Host confirm access

selection.

You can create Role Assignments

mutually between multiple

Windows Groups

and with Windows

Domain

computers in a batch operation.

You can create other Role Assignments

one by one.

NetOp Security Manager can retrieve

Windows User

,

Windows Workstation

,

Windows Group

and

Windows Domain

information from available Windows user and computer management and

Directory Services User

and

Directory Services Group

information from available directory services

to create

Windows Definitions

and

Directory Services Definitions

Role Assignments

without previously creating security database records.

NetOp Definitions

and

RSA SecurID Definitions

records must be created in the security database to

create Role Assignments

with them.

You can modify two of the four built-in

Roles

and create additional

Roles

.

19

2.3 Load NetOp Security Manager

By group memberships, multiple

Role Assignments

can be available between each Guest and each Host.

The composite of multiple assigned Roles

will apply.

Security database setup is explained in these sections:

Load NetOp Security Manager

NetOp Security Manager Window

Manage Security Database Content

Security Database Tables

2.2.2.2 NetOp Security Server Setup

Install NetOp Security Server preferably on multiple computers for load balancing and fault tolerance.

Add NetOp Security Servers to the

Security Server List .

Log NetOp Security Servers on to the security database.

Enable NetOp Security Server communication with Hosts that use it.

NetOp Security Server setup is explained in this section:

NetOp Security Server Setup

2.2.2.3 Running NetOp Security Management

After Security Database Setup and

NetOp Security Server Setup , NetOp Security Management can run

unattended with very limited maintenance demands.

Read this section for guidelines:

Use NetOp Security Management

2.3 Load NetOp Security Manager

You can install NetOp Security Manager from the NetOp Remote Control CD, see the User’s Manual

Installation chapter or the matching NetOp Guest Help or NetOp Host Help system section.

Note: We recommend that you install NetOp Security Manager on the workstations of NetOp Security

Management administrators. Its full functionality will be available only if installed on a networked

Windows Server 2003, XP, 2000 or NT computer. NetOp Security Manager files including the program file AMCONFIG.EXE and NetOp Security Server files will reside in the same directory.

To load NetOp Security Manager, select Start > All Programs > NetOp Remote Control > Security

Manager.

20

2 NetOp Security Management

Initially, this window will be displayed in front of the NetOp Security Manager Window :

Tip of the Day

The pane will display a tip to NetOp Security Manager.

Close: Click this button to close the window.

Next Tip: Click this button to display another tip in the pane.

Show tips on startup: Leave this box checked to display this window when loading NetOp

Security Manager. Uncheck to not display it. If suppressed, you can display it from the

Help

Menu Tip of the day command.

This window will be displayed in front of the NetOp Security Manager Window :

It logs on to a data source to open or create a NetOp security database in it.

Create local test database: Check this box to disable the fields below to create a local test database on your computer.

Note: If you are loading NetOp Security Manager for the first time, we recommend that you create a local

test database to try out NetOp Security Manager before creating your working security database. Creating

21

2.3 Load NetOp Security Manager

a local test database requires administrator rights on the computer. We do not recommend using the local test database as your working security database.

Data source []: This field will by default display NetOp_Security_Evaluation to log on to the local test database. Specify the data source name (DSN) of the database in which the security database resides or shall reside.

Username []: Specify in this field the user name required to log on to the database in which the security database resides or shall reside. No user name is required to log on to the local test database.

Password []: Specify in this field the matching password. No password is required to log on to the local test database.

Change...: Click this button to display the Windows Select Data Source window to select a data source whose name will be displayed in the Data source field.

Exit: Click this button to close the window and the NetOp Security Manager window behind it to unload

NetOp Security Manager.

Logon: Click this button to log on to the specified data source.

• If the specified data source contains

Security Database Tables

, the NetOp Security Manager

Window will be displayed.

• If the Create local test database box was checked before clicking Logon, this window will be displayed:

22

The local test database with the data source name NetOp_Security_Evaluation will be created in the file AMEVAL.MDB that will reside in the path C:\Documents and Settings\All Users\Application

Data\Danware Data\NSS.

Click OK to run the

Security Database Wizard to create the local test database.

2 NetOp Security Management

• If the specified data source cannot be opened, this window will be displayed:

It indicates that invalid data source credentials were specified or Security Database Tables are

corrupted. The

Security Database Wizard cannot repair corrupted

Security Database Tables . If you

cannot repair corrupted

Security Database Tables

manually, delete them and Load NetOp Security

Manager

to create

Security Database Tables

with the

Security Database Wizard .

If the specified data source contains no Security Database Tables , the

Security Database Wizard will

run to create them.

23

2.3 Load NetOp Security Manager

2.3.1 Security Database Wizard

If no Security Database Tables

exist when logging on to the security database, the Security Database

Wizard

will run to display this window:

24

It specifies the security server group name.

Note: A matching

Security Policies window is explained in

Security Server Group Name .

Group Name (Private) []: By default, NetOp will be specified in this field. Characters will display as dots or asterisks. Leave this name to try out NetOp Security Management. To create a working security database, specify another private Group Name that should be known only among NetOp Security

Management administrators.

Confirm Group Name []: Re-specify in this field the private Group Name for confirmation.

Group ID (Public) []: This field will display the 32-digit hexadecimal checksum generated from the private Group Name. This is the public Group ID that must be specified on Hosts that use this security server group.

2 NetOp Security Management

Note: From this window, you can copy the public Group ID to the clipboard to make it available to Host

users. If the private Group Name and consequently the public Group ID is changed, Hosts that use this security server group must change their specified Group ID accordingly.

Click Next to display this window:

It specifies security server group members and enables NetOp Access Server compatibility.

Note: A matching

Security Policies

window is explained in

Security Server List .

To try out NetOp Security Management, click Add to create a record of the NetOp Security Manager computer in the pane as shown in the image. To add members to the group and enable NetOp Access

Server compatibility, see Security Server List

.

25

2.3 Load NetOp Security Manager

Click Next to display this window:

Preferred Guest Type (wizard)

26

It specifies the type of credentials that Hosts shall preferably request from connecting Guests.

Note: A matching

Security Policies window is explained in

Preferred Guest Type .

Select one of these options:

Guests Enter Windows Username and Password: Hosts shall request Windows credentials (User

Name, Password, Domain) if they can (default selection).

Guests Enter NetOp Guest ID and Password: Hosts shall request NetOp credentials (Guest ID,

Password).

Guests Enter RSA SecurID Username and PASSCODE: Hosts shall request RSA SecurID credentials (User Name, (Password), PASSCODE) if they can.

Guests Enter Directory Services Username and Password: Hosts shall request directory services credentials (User Name, Password, Directory Server) if they can.

2 NetOp Security Management

Select the option that matches your preferred NetOp Security Management setup.

Typically, leave the default Windows selection to generally base

Role Assignments

on Guest

Windows

Definitions

.

Select NetOp to generally base

Role Assignments

on Guest

NetOp Definitions

.

Select RSA SecurID to generally base Role Assignments

on Guest

RSA SecurID Definitions

.

Select Directory Services to generally base

Role Assignments

on Guest

Directory Services Definitions .

Older version Hosts that do not support

Windows Definitions ,

RSA SecurID Definitions or

Directory

Services Definitions

can only request NetOp credentials. If NetOp Security Management shall support

them, Role Assignments

based on Guest

NetOp Definitions

must be available in the security database.

Click Next to display this window:

Preferred Host Type (wizard)

It specifies how Hosts shall preferably identify themselves to NetOp Security Server.

Note: A matching

Security Policies

window is explained in

Preferred Host Type

.

27

2.4 NetOp Security Manager Window

Select one of these options:

Windows User if one is logged on, otherwise Workstation: If they can, Hosts shall identify themselves as the logged on

Windows User if a user is logged on to Windows or the network on the

Host computer and identify themselves as the Host computer

Windows Workstation if no user is

logged on (default selection).

Always the Workstation: If they can, Hosts shall always identify themselves as the Host computer

Windows Workstation .

NetOp Host ID: Hosts shall identify themselves as their

NetOp Host ID .

Select the option that matches your preferred NetOp Security Management setup.

Typically, leave the default Windows User if one is logged on, otherwise Workstation selection to

generally base Role Assignments

on Host

Windows Definitions

and enable applying different

Roles

if different users are logged on to the Host computer or network or no user is logged on. A Host on which the user name is disabled will identify itself as a workstation on which no user is logged on.

Select Always the Workstation to apply the same Role if a user is logged on or not.

Select NetOp Host ID to generally base Role Assignments

on Host

NetOp Definitions

.

Older version Hosts that do not support Windows Definitions

will always identify themselves as their

NetOp Host ID . If NetOp Security Management shall support them,

Role Assignments

based on Host

NetOp Definitions must be available in the security database.

Click Finish to end the wizard to display the NetOp Security Manager Window .

2.4 NetOp Security Manager Window

After logon to the security database, this window will be displayed:

28

It contains these elements:

Title Bar

Menu Bar

Toolbar

Filter and Fetching Bar

Records panel with a left

Selection Pane

and a right

Records Pane

Messages Panel

Status Bar

2.4.1 Title Bar

This is the

NetOp Security Manager Window title bar:

2 NetOp Security Management

It will display the name of the logged on to data source.

Window controls are explained in

Window Control

.

2.4.2 Menu Bar

This is the

NetOp Security Manager Window menu bar:

Menu and toolbar controls are explained in Menu and Toolbar Control .

The menu bar contains these menus:

File Menu

Records Menu

Edit Menu

View Menu

Options Menu

Help Menu

2.4.2.1 File Menu

This is the

NetOp Security Manager Window File menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Exit: Select this command or the

Window Control Close command, click the Window Control

Close button or double-click the

Title Bar

NetOp Security Manager icon to close the

NetOp Security Manager

Window and unload NetOp Security Manager.

2.4.2.2 Records Menu

This is the

NetOp Security Manager Window Records menu:

29

2.4 NetOp Security Manager Window

Menu and toolbar controls are explained in Menu and Toolbar Control .

Expanding commands manage security database records as explained in

Manage Security Database

Content .

Reset All: Select this command to display a confirmation window to confirm deleting all Security

Database Tables and run the

Security Database Wizard

to create empty Security Database Tables .

EXTREME CAUTION: Selecting this command may waste hours of work and leave NetOp Security

Servers unable to service NetOp modules that depend on them until security data have been re-created.

Select this command only if you are absolutely certain that you want to start all over creating security data.

2.4.2.3 Edit Menu

This is the

NetOp Security Manager Window Edit menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Copy Ctrl+C: Select text in the

Messages Panel

and select this command or press C

TRL

+C to copy the selection to the clipboard.

2.4.2.4 View Menu

This is the

NetOp Security Manager Window View menu:

30

Menu and toolbar controls are explained in Menu and Toolbar Control .

Toolbar: This command expands into the commands:

No Toolbar: Select this command to hide the

Toolbar .

Large Toolbar: Select this command to display large icons in the Toolbar

.

Small Toolbar: Select this command to display small icons in the

Toolbar (default selection).

Security Settings: Select this command to checkmark/uncheckmark it to display/hide the Selection Pane

Security Settings branch (default: checkmarked to be displayed).

Logging: Select this command to checkmark/uncheckmark it to display/hide the

Selection Pane

Logging

branch (default: checkmarked to be displayed).

Scheduling: Select this command to checkmark/uncheckmark it to display/hide the

Selection Pane

Scheduling branch (default: checkmarked to be displayed).

NetOp Definitions: Select this command to checkmark/uncheckmark it to display/hide the Selection Pane

NetOp Definitions branch (default: uncheckmarked to be hidden).

Windows Definitions: Select this command to checkmark/uncheckmark it to display/hide the

Selection

Pane

Windows Definitions

branch (default: checkmarked to be displayed).

2 NetOp Security Management

RSA SecurID Definitions: Select this command to checkmark/uncheckmark it to display/hide the

Selection Pane

RSA SecurID Definitions branch (default: uncheckmarked to be hidden).

Directory Services Definitions: Select this command to checkmark/uncheckmark it to display/hide the

Selection Pane

Directory Services Definitions branch (default: uncheckmarked to be hidden).

Messages: Select this command to checkmark/uncheckmark it to display/hide the

Messages Panel

(default: checkmarked to be displayed).

Clear Messages (C

TRL

+M): Select this command or press C

TRL

+M to delete the

Messages Panel content.

Status Bar: Select this command to checkmark/uncheckmark it to display/hide the Status Bar .

2.4.2.5 Options Menu

This is the

NetOp Security Manager Window Options menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Program Options...: Select this command to display this window:

Program Options

Number of Records to Fetch at a Time []: NetOp Security Manager fetches security database records to the

Records Pane in batches. Specify in the field a number in the range (default: 50).

Automatic Refresh: Check this box to automatically refresh the

Records Pane content whenever a

record is changed (default: checked).

Note: Refresh will discard the

Records Pane content and fetch security database records. Refresh

manually by clicking the

Filter and Fetching Bar Refresh button or pressing F5.

Confirm Successful Changes: Check this box to display a window to confirm each successful

Records Pane

record change (default: unchecked).

SQL Debug Messages: Check this box to display SQL debug messages in the

Messages Panel

(default: unchecked).

31

2.4 NetOp Security Manager Window

2.4.2.6 Help Menu

This is the

NetOp Security Manager Window Help menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Online Help: Select this command or press F1 to open the NetOp Security Manager Help system on the topic of the currently or most recently displayed

Records Pane .

Help on Viewing: Select this command to open the NetOp Security Manager Help system on the

View and Manage Data

topic.

Tip of the Day: Select this command to display the

Tip of the Day

window.

About NetOp Security Manager: Select this command to display this window:

32

This window specifies the NetOp Security Manager version and build number (in parentheses).

These numbers will be asked for if you request support for NetOp Security Manager.

2.4.3 Toolbar

From the expanding View Menu

Toolbar command, you can hide/display the NetOp Security Manager

Window toolbar and select two toolbar sizes:

Small Toolbar (default selection):

Large Toolbar:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Note: To include

NetOp Definitions buttons in the toolbar, while the NetOp Definitions branch is

displayed in the

Selection Pane select in the

View Menu Small Toolbar or Large Toolbar.

The toolbar can contain these buttons:

New Role Assignment (F2): Click this button, press F2 or select the Role Assignment menu New...

command to display the

Role Assignment Wizard

.

New NetOp Guest ID (F3): Click this button, press F3 or select the

NetOp Guest ID

menu New... command to display the

NetOp Guest ID

window.

2 NetOp Security Management

New NetOp Guest ID Group (F4): Click this button, press F4 or select the

NetOp Guest ID Group

menu New... command to display the

NetOp Group (Guest ID)

window.

New NetOp Host ID (F6): Click this button, press F6 or select the

NetOp Host ID menu New...

command to display the

NetOp Host ID

window.

New NetOp Host ID Group (F7): Click this button, press F7 or select the

NetOp Host ID Group

menu New... command to display the NetOp Group (Host ID) window.

New Role (F9): Click this button, press F9 or select the

Role menu New... command to display the

NetOp Security Role

window.

New Scheduled Job (F10): Click this button, press F10 or select the

Scheduled Job menu New...

command to display the

Scheduled Job Wizard

.

Edit Selected (Ctrl+E): Select a

Records Pane record and click this button, press C

TRL

+E or select the record type menu Edit... command to display the record editing window.

Delete Selected (Ctrl+D): Select a

Records Pane record and click this button, press C

TRL

+D or select the record type menu Delete command to display a confirmation window to confirm deleting the record.

Large Icons: Click this button to make it appear pressed in to display

Records Pane records as

horizontal rows of large icons.

Small icons: Click this button to make it appear pressed in to display

Records Pane records as

horizontal rows of small icons.

List: Click this button to make it appear pressed in to display Records Pane

records as vertical columns of small icons.

Details: Click this button to make it appear pressed in to display

Records Pane records in a table

with details in columns (default selection).

2.4.4 Filter and Fetching Bar

This is the

NetOp Security Manager Window filter and fetching bar:

It can specify a filter criterion and contains a Refresh button and if more records than are displayed in the

Records Pane are available in the security database two record fetching buttons.

Where: Check this box (default: unchecked) to enable the drop-down boxes to the right to specify a filter criterion that will be applied when fetching records from the security database.

The list of the left drop-down box list will contain the

Records Pane Details display column names.

Select a column name in the list to display it in the field to filter fetched records by the selected name column.

The list of the middle drop-down box contains these operators:

LIKE: Selects records that in the selected column contain the string of characters that is specified in the right drop-down box field.

=: Selects records that in the selected column contain a numerical value that is equal to the numerical value that is specified in the right drop-down box field.

33

2.4 NetOp Security Manager Window

>: Selects records that in the selected column contain a numerical value that is larger than the numerical value that is specified in the right drop-down box field.

<: Selects records that in the selected column contain a numerical value that is smaller than the numerical value that is specified in the right drop-down box field.

The list of the right drop-down box will contain strings of characters and numerical values that have been specified before. Select a string or value in the list to display it in the field or specify a new string or value in the field.

Note: Strings of characters can contain wildcard characters. Use the wildcard characters specified by the

security database data source type.

Refresh: Click this button or press F5 to discard all

Records Pane records and fetch from the

security database applying any filter criterion specified to the left up to the number of records specified in the

Program Options

window to the

Records Pane .

One More Lot: This button will be displayed if more records than are displayed in the

Records

Pane

are available in the security database. Click it to fetch from the security database applying any filter criterion specified to the left up to the number of records specified in the

Program

Options

window to the

Records Pane

.

All Remaining: This button will be displayed if more records than are displayed in the Records

Pane

are available in the security database. Click it to fetch from the security database applying

any filter criterion specified to the left all remaining records to the Records Pane

.

2.4.5 Selection Pane

This is the

NetOp Security Manager Window records panel left selection pane:

34

It contains

Records Pane

commands in a tree structure.

By default, expanded

Security Settings

,

Logging

,

Scheduling

and

Windows Definitions

branches are displayed in this order. Collapse expanded branches by clicking [-] buttons. Expand collapsed branches

by clicking [+] buttons. Hide/display branches by selecting the matching View Menu commands.

Select a command to dim its icon and bold its name to display its records in the

Records Pane .

2 NetOp Security Management

2.4.6 Records Pane

This is the

NetOp Security Manager Window records panel right records pane:

It will display records according to the

Selection Pane selection. in the Selection Pane,

the displayed records pane icon is dimmed and name is bolded. To display another records pane, select it in the

Selection Pane .

To change the records display, click a Toolbar

display button. Large Icons, Small Icons and List buttons will display records as icons. The Details button will display records in a table with details in columns.

Column names are security database column names that cannot be changed. Table controls are explained in

Table Control

.

Note: If you sort records by a column, records in the pane will be discarded and new records will be

fetched from the security database, see

Filter and Fetching Bar .

Records panes are explained in the Manage Security Database Content

section in the

Records Menu

order.

2.4.7 Messages Panel

This is the

NetOp Security Manager Window messages panel:

The messages panel will display NetOp Security Manager messages and can, if selected in the

Program

Options

window, also display SQL debug messages.

Drag the lower border of the

NetOp Security Manager Window to adjust the height of the messages

panel. Use the scrollbars to view invisible parts of the messages panel.

Hide/display the messages panel from the

View Menu

Messages command.

Select the View Menu Clear Messages command or press C

TRL

+M to delete all messages panel messages.

Right-click in the messages panel to display a standard editing menu. Select Copy in this menu or in the

Edit Menu or press C

TRL

+C to copy selected text to the clipboard. Select Select All in this menu to select the entire messages panel content.

2.4.8 Status Bar

The NetOp Security Manager Window

status bar will be displayed unless hidden from the View Menu

Status Bar command:

When the mouse pointer is over a menu command or a

Toolbar button, the left end of the status bar will

display a hint to the command or button.

35

2.5 Manage Security Database Content

2.5 Manage Security Database Content

This section explains how to manage the content of a NetOp security database from NetOp Security

Manager. It contains these sections:

Content Creation Guide

Security Settings

Logging

Scheduling

NetOp Definitions

Windows Definitions

RSA SecurID Definitions

Directory Services Definitions

If you are new to NetOp Security Management, we recommend that you read the Content Creation Guide

before creating security database content.

2.5.1 Content Creation Guide

This guide will introduce you to the main tasks of making your security database ready to service NetOp

Remote Control modules installed on the computers of your organization. It contains these sections:

Review Security Policies

Create Role Assignments

View and Manage Data

Scheduled Jobs

Security Log

NetOp Log

Active Sessions

2.5.1.1 Review Security Policies

Before creating any other security database content, review the

Security Policies

created in the

Security

Database Wizard to align them with the desired NetOp Security Management setup.

The key issue is to select the right Preferred Guest Type

.

If NetOp Security Management shall run in a Windows domain environment that uses Windows Security

Management, typically select the Preferred Guest Type

Guests enter Windows user name and password.

If you are upgrading from an old version NetOp Access Server setup to a NetOp Security Management

setup, you can select the Preferred Guest Type

Guests enter NetOp Guest ID and password for a swift transition. Otherwise, we do not recommend this selection as security database maintenance will be more demanding.

If your organization applies a policy of RSA SecurID authentication, select the

Preferred Guest Type

Guests enter RSA SecurID user name and passcode.

If your organization applies a policy of directory services authentication, select the

Preferred Guest Type

Guests enter Directory Services user name and password.

Regarding

Preferred Host Type , in a Windows domain environment typically select Windows user if one

is logged on, otherwise workstation to enable applying Host computer user dependent

Role Assignments

.

To apply only computer dependent Role Assignments

, select Always the workstation.

If you are upgrading from an old version NetOp Access Server setup to a NetOp Security Management

setup, you can select the Preferred Host Type NetOp Host ID and password for a swift transition.

Otherwise, we do not recommend this selection as security database maintenance will be more demanding.

36

2 NetOp Security Management

These selections will determine which records must be created to service the environment of NetOp

Guests and Hosts.

2.5.1.2 Create Role Assignments

The main objective of creating security database content is to create mutual

Role Assignments

between all users and computers that shall be serviced by NetOp Security Management.

You can swiftly create Role Assignments

mutually between multiple Windows Groups

as Guest and Host selection and with

Windows Domain computers as Host selection in a batch operation from the

Role

Assignment menu New Batch command.

You can create Role Assignments

one by one between any Guest selection and any Host selection from the

Role Assignment menu New command.

While Role Assignments

with Windows Definitions and

Directory Services Definitions records do not

require that Guest and Host selection records have been created,

Role Assignments

with

NetOp

Definitions

and

RSA SecurID Definitions

require that Guest and Host selection records have been created.

Note: You can import a complete old version NetOp Access Server setup into to the security database by

using the AMPLUS.EXE

program.

NetOp Security Manager comes with four default

Roles

of which two can be edited. You can create additional

Roles from the Role

menu.

2.5.1.3 View and Manage Data

Security database data can be displayed in the

NetOp Security Manager Window records panel that

contains a left Selection Pane and a right

Records Pane . Click an element in the

Selection Pane to display

its records in the Records Pane

.

Note: By default, the

Selection Pane does not display the

NetOp Definitions

,

RSA SecurID Definitions

and

Directory Services Definitions

elements. Display them from the

View Menu

.

Records can be displayed as icons (Large, Small or List), but typically they are displayed in a table with

Details in columns. Details view table content matches the content of

Security Database Tables .

Records are fetched from the security database in lots, the size of which can be set in the

Program

Options

window. If the security database contains more records than are currently in the

Records Pane

, two yellow buttons will be displayed next to the

Filter and Fetching Bar Refresh button:

Click the left One more lot button with a down pointer or press C

TRL

+P

AGE

D

OWN

to fetch another lot into the

Records Pane . Click the right All remaining button with a down pointer and a line or press

A

LT

+P

AGE

D

OWN

to fetch all remaining records into the Records Pane .

Click the Refresh button to clear the

Records Pane

and fetch a new lot of records. In the

Program Options

window, you can select to refresh automatically when the

Records Pane content has been changed.

You can sort Records Pane data ascending or descending by clicking a column heading. Sorting initiates

a new fetching of records from the security database.

You can filter

Records Pane

records by specifying a filter criterion in the

Filter and Fetching Bar .

Filtering initiates a new fetching of records from the security database.

To edit a

Records Pane record, double-click it, select the record type menu Edit... command, click the

Toolbar Edit Selected command or press C

TRL

+E.

To delete a Records Pane

record, select the record type menu Delete command, click the

Toolbar Delete

Selected command or press C

TRL

+D.

Note: Other options are available in some record type menus.

37

2.5 Manage Security Database Content

2.5.1.4 Scheduled Jobs

Scheduled Job

specify temporary enabling of groups ( Windows Groups

, NetOp Guest ID Groups

and

NetOp Host ID Groups

) once or according to a weekly schedule. Create

Scheduled Job to allow Guest

connections to Hosts only in specified time intervals.

2.5.1.5 Security Log

Administrator actions from NetOp Security Manager will be logged in the security database. You can

display these loggings in the Security Log

to track when changes were made to the NetOp Security

Management setup. You can clean up the

Security Log manually from the Security Log

menu and automatically from the

Logging Options

window.

2.5.1.6 NetOp Log

NetOp modules can log their NetOp events in the security database. You can display these loggings in the

NetOp Log

. You can clean up the NetOp Log manually from the NetOp Log

menu and automatically from the

Logging Options

window.

2.5.1.7 Active Sessions

Provided that Hosts log their session events in the security database, the

Active Sessions

Records Pane

will display which sessions are currently running with logging Hosts.

Active Sessions records refresh automatically every ten seconds. You can refresh manually from the Active Sessions

menu or the Filter and Fetching Bar

Refresh button. You can clean up

Active Sessions

records automatically from the

Logging Options

window.

2.5.2 Security Settings

You can manage

Security Settings records from the

Records Menu

Security Settings submenu:

38

that contains these commands:

Role Assignment

Role

You can also manage Security Settings records from the

Selection Pane

Security Settings branch:

that includes these elements:

Role Assignments

Roles

Security Policies

2 NetOp Security Management

2.5.2.1 Role Assignment

Click the

Selection Pane

Role Assignments

element to display the

Role Assignment

Records Pane

:

It will display Role Assignments

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

Guest: Guest selection icon and name.

Host: Host selection icon and name.

Role:

Role icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records will be numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage

Role Assignments

from the Records Menu

Role Assignment menu: or from the matching Role Assignment

Records Pane context menu:

It contains these commands:

New

New Batch

Edit

Delete

39

2.5 Manage Security Database Content

Clear

Note: For a quick start, create

Role Assignments

between Windows Groups

and with

Windows Domains

from the

New Batch command.

2.5.2.1.1 New

Select the

Role Assignment

menu New... command, click the Toolbar

New Role Assignment button with a traffic light or press F2 to run the

Role Assignment Wizard to display this window:

Role Assignment Wizard

Select Guest Type

40

This wizard will create a

Role Assignment record.

Click Back to display an explanation.

Wizard windows display options to the left and specifications to the right. Suggested or completed specifications will be displayed in black text. Missing specifications will be indicated by red text.

This window selects a Guest type (suggested: Windows Group). Select a Guest type option to the left to display it in the right Guest specification after clicking Next.

If on a Windows 2000+ computer you select Windows User or Windows Group, the matching Windows

Select... window will be displayed after clicking Next. When you have selected a Windows account, the

Insert <Account type> as Guest

window will be displayed.

If you select Everybody, the

Select Host Type

window will be displayed after clicking Next.

Otherwise, this window will be displayed after clicking Next:

Insert <Account type> as Guest

2 NetOp Security Management

This window specifies a Guest selection.

If a Windows account was selected in a Windows Select... window, the disabled left drop-down box fields will display the domain and account and the right Guest specification will display the account name prefixed by its relative identifier number (RID) and the domain name.

Otherwise, enabled selection elements will be displayed to the left. Only Windows accounts or names of records that have been created in NetOp Security Manager will be available for selection. Select actively an element to specify it in the right Guest specification immediately or after clicking Next.

When you have made a valid selection, click Next to display this window:

41

2.5 Manage Security Database Content

Select Host Type

42

This window selects a Host type (suggested: Windows Group). Select a left Host type option to display it in the right Host specification after clicking Next.

Note: If Everybody was selected in the

Select Guest Type

window, Everybody will be disabled in this

window. However, if you select Everybody in this window, Everybody will be enabled in the

Select Guest

Type

window.

If on a Windows 2000+ computer you select Windows User or Windows Group, the matching Windows

Select... window will be displayed after clicking Next. When you have selected a Windows account, the

Insert <Account type> as Host

window will be displayed.

If you select Everybody, the

Insert Role Assignment

window will be displayed when you click Next.

Otherwise, this window will be displayed when you click Next:

Insert <Account type> as Host

2 NetOp Security Management

This window specifies a Host selection.

If a Windows account was selected in a Windows Select... window, the disabled left drop-down box fields will display the domain and account and the right Host specification will display the account name prefixed by its relative identifier number (RID) and the domain name.

Otherwise, enabled selection elements will be displayed to the left. Only Windows accounts or names of records that have been created in NetOp Security Manager will be available for selection. Select actively an element to specify it in the right Host specification immediately or after clicking Next.

Note: If NetOp Guest ID or NetOp Guest ID Group was selected in the

Select Guest Type

window and

NetOp Host ID Group was selected in the

Select Host Type

window, the Insert NetOp Host ID Group as

Host window will include the option Unregistered Host IDs that enables a role assignment with Host IDs for which no record exists in NetOp Security Manager. This option that is provided for compatibility with older versions NetOp Access Server is not recommended.

When you have made a valid selection, click Next to display this window:

43

2.5 Manage Security Database Content

Insert Role Assignment

44

This window specifies the Role that will apply to the created

Role Assignment .

Enter first character below and select from list []: In the field, replace * designating any characters by the first letters of a

Role name to display in the pane below only Role

names beginning with these letters.

New: Click this button to display the

NetOp Security Role

window to create a Role

.

In the pane, select a Role name to display it in the right Role specification prefixed by the Role record

number.

Finish: This button will be enabled if a valid

Role Assignment has been specified. Click it to end the wizard to create the Role Assignment record.

2 NetOp Security Management

2.5.2.1.2 New Batch

Select the Role Assignment

menu New Batch... command to display this window:

Initial Setup of Guests and Hosts

This is the first of two windows that create

Role Assignments

between multiple

Windows Groups

and with

Windows Domains

and enables editing built-in Roles

in a batch operation.

Domain []: The list of this drop-down box will contain the Windows Domains

recognized by the NetOp

Security Manager computer. Select a

Windows Domain in the list to display it in the field.

Windows Group []: The list of this drop-down box will contain the

Windows Groups

in the domain

selected in the Domain drop-down box and <Include access to domain>. Select a Windows Group to

create Role Assignments

with this

Windows Group

as Guest and Host selections. Select <Include access

to domain> to create

Role Assignments

with the

Windows Domain selected in the Domain drop-down

box as Host selection.

Note: <Include access to domain> applies to domain computers that identify themselves to NetOp

Security Server as a workstation, not as a user, see

Preferred Host Type .

Role []: The list of this drop-down box will contain the Roles

specified in the

Role

Records Pane . Select

a Role

in the list to display it in the field to apply it to the Windows Group selected in the Windows Group

drop-down box as Guest selection with all selected

Windows Groups

and

Windows Domains

as Host selection.

Add: Click this button to add a selection in the left drop-down boxes to the right pane.

Del: Select a record in the right pane and click this button to delete it.

The right pane will display records of selected

Windows Groups

and

Windows Domains

in a table with this column content:

45

2.5 Manage Security Database Content

Windows user: Group/domain icon and

Windows Group

name or Domain.

Role: The

Role

number and name for a record Windows Group as Guest selection with all Windows

Groups

and Windows Domains

in the pane as Host selection. A Domain record will have the role 0:

To Be Used as Host.

Domain: Record Windows Group domain name or Domain name.

Table controls are explained in Table Control .

Note: This wizard will create specified

Role Assignment records and create specified

Windows Group

and

Windows Domain records if they do not already exist in the security database.

Click the Next button to display this window:

Initial Setup of Roles

46

In this window, you can review or edit two of the four built-in

Roles

and replace existing Role

Assignments

by those created in the

Initial Setup of Guests and Hosts

window.

Standard Role: Click this button to display the

NetOp Security Role

window to review or edit the

Standard Role.

Unassigned Hosts’ Role: Click this button to display the

NetOp Security Role

window to review or edit

the Unassigned Hosts’ Role that will apply if no other Role is assigned between the applicable Guest

selections of a Guest and Host selections of a Host.

Clear all existing Role assignments before making these new ones: Check this box to replace existing

Role Assignments

by those created inthe

Initial Setup of Guests and Hosts

window.

Click Back to return to the

Initial Setup of Guests and Hosts

window.

Click Finish to apply selections.

2 NetOp Security Management

2.5.2.1.3 Edit

Select a

Role Assignment record and select the Role Assignment menu Edit... command, click the

Toolbar Edit Selected button, press C

TRL

+E or double-click a Role Assignment

record to display this window:

It edits a

Role Assignment record.

Guest, Host, Old Role []: These disabled fields will display the record Guest selection name, Host selection name and

Role

name.

New role []: This pane will display the names of available

Roles

. Select one to replace the record

Role

.

Record is disabled: Check this box to disable the record (default: unchecked). NetOp Security

Management will not use a disabled Role Assignment

record.

Note: NetOp Security Management will not use a

Role Assignment

record that uses a disabled Guest or

Host selection record.

2.5.2.1.4 Delete

Select Role Assignment

records and select the

Role Assignment menu Delete command, click the

Toolbar Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignment records of deleted Guest or Host selection records will be deleted.

2.5.2.1.5 Clear

Select the Role Assignment

menu Clear command to display a confirmation window to confirm deleting

all Role Assignment

records.

47

2.5 Manage Security Database Content

Caution: If no

Role Assignment

records are available, NetOp Security Management will not work.

2.5.2.2 Role

Click the

Selection Pane

Roles element to display the Role

Records Pane :

48

It will display Roles

as named icons or table records, see Toolbar

. Details view will display records in a table with this column content:

RoleName:

Role

icon and name.

Rctl: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Remote control (View).

Keyb: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Use keyboard and mouse.

Blnk: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Blank the screen.

Lckm: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Lock keyboard and mouse.

Boot: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Execute command.

Clip: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Transfer clipboard.

Send: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Send files to Host.

Recv: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Receive files from Host.

Chat: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Request chat.

Audi: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Request audio-video chat.

Prnt: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Redirect print.

RunP: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Run programs.

Mana: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Remote management

Inve: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Retrieve inventory.

Smsg: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Send message.

Mjoi: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Join multi Guest session.

Madm: Allow (checkmark)/Do not allow (red X)/Deny (red dot white X) Act as multi Guest session

Administrator.

Conf: Confirm access: No, Yes or Yes, with exception.

Description: Fixed role, Role can be modified, but not deleted or <User specified>.

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

ID: Record number (records will be numbered starting from 1).

Table controls are explained in Table Control .

Manage

Roles

from the

Records Menu

Role menu:

2 NetOp Security Management

or from the matching Roles

Records Pane

context menu:

It contains these commands:

New

Edit

Delete

49

2.5 Manage Security Database Content

2.5.2.2.1 New

Select the Role menu New... command, click the

Toolbar New Role button with a padlock or press F9 to

display this window:

NetOp Security Role

50

It specifies a

Role

record.

Name: []: Specify in the field the Role name.

Description: []: Optionally, specify in the field a description that will be displayed in the Role

Records

Pane Description column.

Allow: Check a box to allow the action to a Guest connected to a Host. Uncheck to not allow. Remote control sub-action checkboxes will be enabled only if the Remote Control (View) box is checked. If multiple

Role Assignments

apply, an action being allowed in any applicable

Role Assignment will

override this action not being allowed in other applicable

Role Assignments

.

2 NetOp Security Management

Deny: Check a box to deny the action to a Guest connected to a Host. Uncheck to not deny. Remote control sub-action checkboxes will be enabled only if the Remote Control (View) box is unchecked. If multiple

Role Assignments apply, an action being denied in any applicable Role Assignment will

overrides this action being allowed in other applicable

Role Assignments

.

Confirm Access []: Select No or Yes, unless (default: No). If you select Yes, unless, optionally check

boxes to apply exceptions. If multiple Role Assignments apply, Yes, unless in any applicable Role

Assignment will override No in other applicable Role Assignments

. Exceptions will apply only if applied in all applicable

Role Assignments

with the selection Yes, unless.

Note: View the applicable

Role of a Guest with a Host in the

Who May Remote Control Whom

(Accessible Hosts)

and

Who May Remote Control Whom (Permitted Guests)

windows.

Click OK to close the window to create the

Role record.

2.5.2.2.2 Edit

Select a

Role record and select the Role

menu Edit... command, click the

Toolbar Edit Selected button,

press C

TRL

+E or double-click a

Role

record to display its properties in the

NetOp Security Role

window to edit them.

Note: You cannot edit the built-in

Roles

Full Control and No Access.

Role Assignments

will apply the

edited properties of an edited Role

record.

2.5.2.2.3 Delete

Select Role records and select the Role

menu Delete command, click the

Toolbar Delete Selected button

or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note: You cannot delete the built-in

Roles

Full Control, No Access, Standard Role and Unassigned

Hosts’ Role.

Role Assignments

that use a deleted

Role

record will be deleted.

2.5.2.3 Security Policies

Click the

Selection Pane

Security Policies element to display the Security Policies

Records Pane

:

It will display Security Policies as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

Parameter: Security policy icon and description.

Setting: Selection (icon and) value.

Table controls are explained in

Table Control . You cannot sort records.

To manage a Security Policy, double-click its record to display the matching window as explained in these sections:

Security Server Group Name

Security Server List

Preferred Guest Type

Preferred Host Type

51

2.5 Manage Security Database Content

Logging Options

Note: To adopt Security Policy changes, NetOp Security Servers must log off from and on to the security

database, see NetOp Security Server Setup .

2.5.2.3.1 Security Server Group Name

Select this

Security Policies

record:

and click the

Toolbar Edit Selected button, press C

TRL

+E or double-click the record to display this window:

52

It specifies the security server group private Group Name and public Group ID.

Note: A similar window is displayed in the

Security Database Wizard .

Group Name (Private) []: By default, NetOp is specified in this field. Characters will display as dots or asterisks. For a working security database, you should specify another private Group Name that should be known only among NetOp Security Management administrators.

Confirm Group Name []: Re-specify in this field the private Group Name for confirmation.

Group ID (Public) []: This field will display the 32-digit hexadecimal checksum generated from the private Group Name. This is the public Group ID that must be specified on Hosts that use this security server group.

Note: From this window, you can copy the public Group ID to the clipboard to make it available to Host

users. If the private Group Name and consequently the public Group ID is changed, Hosts that use this security server group must change their specified Group ID accordingly.

2 NetOp Security Management

2.5.2.3.2 Security Server List

Select this

Security Policies

record:

and click the Toolbar

Edit Selected button, press C

TRL

+E or double-click the record to display this window:

It specifies security server group members and NetOp Access Server compatibility.

Note: A similar window is displayed in the

Security Database Wizard .

The pane will display records of the security server group NetOp Security Servers in a table with this column content:

Servers: Host icon and NetOp Security Server Host ID.

Running: Security server status: Question mark: Unknown, Checkmark: Logged on to the security database, Red dot with white X: Not logged on to the security database.

Answer Access Server 6.5 Requests: Traffic light icon and Yes if NetOp Access Server compatible,

No if not NetOp Access Server compatible.

Access Server Key: Access Server key (authentication key) of a NetOp Access Server compatible

NetOp Security Server.

Table controls are explained in

Table Control .

[] Add: The field will initially display the NetOp Security Manager computer name. Specify in the field the Host ID of a NetOp Security Server that shall be added to the group and click Add to add its record in the pane.

Remove: Select a record in the pane and click this button to remove it.

53

2.5 Manage Security Database Content

Edit: Select a record in the pane and click this button to display this window:

It enables NetOp Access Server compatibility.

Enable NetOp 6.5 Access Server compatibility: Check this box to enable NetOp Access Server compatibility.

Note: NetOp Access Server compatibility is required only if Hosts of a version lower than 7.0 must

be supported by NetOp Security Management.

Access Server Key []: Specify in this field the Access Server Key (authentication key) that this NetOp

Security Server shall use for authenticating NetOp Access Server users.

54

2 NetOp Security Management

2.5.2.3.3 Preferred Guest Type

Select this

Security Policies

record:

and click the Toolbar

Edit Selected button, press C

TRL

+E or double-click the record to display this window:

It has a

Preferred Guest Type Tab and a

Smart Card Tab

.

Preferred Guest Type Tab

This tab specifies the type of logon credentials that Hosts shall preferably request from connecting

Guests.

Note: A window with the same content is displayed in the

Security Database Wizard .

Select one of these options:

Guests Enter Windows Username and Password: Hosts shall request Windows credentials (User

Name, Password, Domain) if they can (default selection).

55

2.5 Manage Security Database Content

Guests Enter NetOp Guest ID and Password: Hosts shall request NetOp credentials (Guest ID,

Password).

Guests Enter RSA SecurID Username and PASSCODE: Hosts shall request RSA SecurID credentials (User Name, (Password), PASSCODE) if they can.

Guests Enter Directory Services Username and Password: Hosts shall request directory services credentials (User Name, Password, Directory Server) if they can.

Note: Select the option that matches your preferred NetOp Security Management setup, see

Preferred

Guest Type (wizard) and

Review Security Policies

.

Smart Card Tab

This tab specifies Guest Smart Card logon options.

56

Windows Security Management

Select one of these options:

Never log on with Smart Card: Enable only credentials logon (default selection).

Always log on with Smart Card: Enable only Smart Card logon.

2 NetOp Security Management

Allow both logon with Smart Card and credentials (name, password and domain): Enable credentials and Smart Card logon.

Directory Services

Select one of these options:

Never log on with Smart Card: Enable only credentials logon (default selection).

Always log on with Smart Card: Enable only Smart Card logon.

Allow both logon with Smart Card and credentials (name, password and server): Enable credentials and Smart Card logon.

Select one of these options:

Subject field: Retrieve the user identification from the subject field (default selection).

Subject alternative name field (must be a User Principal Name (UPN)): Retrieve the user identification from the alternative field.

Specify in the field the directory services attribute type name of the certificate field content only if different from a user object distinguished name type.

2.5.2.3.4 Preferred Host Type

Select this

Security Policies

record:

and click the Toolbar

Edit Selected button, press C

TRL

+E or double-click the record to display this window:

It specifies how Hosts shall preferably identify themselves to NetOp Security Server.

57

2.5 Manage Security Database Content

Note: A similar window is displayed in the

Security Database Wizard .

Select one of these options:

Windows User if one is logged on, otherwise Workstation: If they can, Hosts shall identify themselves as the logged on

Windows User if a user is logged on to Windows or the network on the

Host computer and identify themselves as the Host computer

Windows Workstation if no user is

logged on (default selection).

Always the Workstation: If they can, Hosts shall always identify themselves as the Host computer

Windows Workstation .

NetOp Host ID: Hosts shall identify themselves as their

NetOp Host ID .

Note: Select the option that matches your preferred NetOp Security Management setup, see

Preferred

Host Type (wizard) and

Review Security Policies .

2.5.2.3.5 Logging Options

Select one of these

Security Policies

records:

and click the

Toolbar Edit Selected button, press C

TRL

+E or double-click the record to display this window:

Logging Options

58

It specifies logging options.

2 NetOp Security Management

Clean up log entries older than [] days: Specify in this field a number (default: 7) for the days after which log records shall be deleted.

Note: Specify 0 (zero) to not clean up logs automatically.

Clean up active session entries older than [] hours: Specify in this field a number (default: 4) for the

hours after which Active Sessions

records shall be deleted.

Run Scheduler: Uncheck this box to disable scheduling including cleanup and

Scheduled Job

(default: checked).

2.5.3 Logging

You can manage Logging

records from the Records Menu

Logging submenu:

that contains these commands:

Security Log

NetOp Log

Active Sessions

You can also manage Logging records from the

Selection Pane

Logging branch:

that includes these elements:

Security Log

NetOp Log

Active Sessions

59

2.5 Manage Security Database Content

2.5.3.1 Security Log

Click the

Selection Pane

Security Log element to display the Security Log

Records Pane

:

It will display security database actions as icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

Created: Action type icon and time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user or workstation name.

Status: Checkmark and Ok (success) or red dot with white X and Err <Number> (failure).

Action: Action type description and number.

Operand: Record type icon and description (questionmark balloon and 0 if not a record).

Operator: Questionmark balloon and record number (0 if not a record).

P1: Parameter 1 (action specification).

Table controls are explained in Table Control .

Manage

Security Log records from the

Records Menu

Security Log menu: or from the matching Security Log

Records Pane

context menu:

60

Delete Older Than...: Select a

Security Log record and select this command to display a confirmation

window to confirm deleting records older than the selected record.

Clear Log: Select this command to display a confirmation window to confirm deleting all

Security Log

records.

2 NetOp Security Management

Note: The log will be cleaned up according to specified

Logging Options .

2.5.3.2 NetOp Log

Click the

Selection Pane

NetOp Log element to display the NetOp Log

Records Pane :

It will display records of NetOp events on NetOp modules that log on a NetOp Security Server, see

Security Server List

. Events can be displayed as named icons or table records, see

Toolbar . Details view

will display records in a table with this column content:

Created: NetOp log icon and time stamp in format YYYY-MM-DD HH:MM.

EventType: Event code.

Host: Logging NetOp module name.

Description: Event arguments. Will display ??? if the event has no arguments.

DtlError: Will display 0 as error logging is not implemented.

ProtocolError: Will display 0 as error logging is not implemented.

SerialNo: Logging NetOp module event number.

Note: NetOp event logging is explained in the User’s Manual Common Tools chapter NetOp Log section

and the matching NetOp Guest Help and NetOp Host Help sections.

Table controls are explained in

Table Control .

Manage

NetOp Log

records from the

Records Menu

NetOp Log

menu:

61

2.5 Manage Security Database Content

or from the matching NetOp Log

Records Pane context menu:

Delete Older Than...: Select a

NetOp Log

record and select this command to display a confirmation window to confirm deleting records older than the selected record.

Clear Log: Select this command to display a confirmation window to confirm deleting all

NetOp Log

records.

Note: The log will be cleaned up according to specified

Logging Options .

2.5.3.3 Active Sessions

Click the

Selection Pane

Active Sessions element to display the Active Sessions

Records Pane :

62

It will display Active Sessions

based on Host

NetOp Log session event records.

Note:

Active Sessions will be displayed only to the extent that Hosts log session events on a NetOp

Security Server, see Security Server List

. If Host logging is incomplete, Active Sessions records may be

inaccurate.

Active Sessions

can be displayed as icons or table records, see

Toolbar . Details view will display records

in a table with this column content:

The Details view table displays these column contents:

Guest: Session type icon and NetOp Log Guest name.

Host: NetOp Log Host name.

SessionType: Session type name.

Started: Session start time stamp in format YYYY-MM-DD HH:MM:SS

Table controls are explained in Table Control .

2 NetOp Security Management

Manage

Active Sessions records from the

Records Menu

Active Sessions menu: or from the matching Active Sessions

Records Pane context command:

Refresh: Select this command, press F5 or click the

Filter and Fetching Bar Refresh button to retrieve

fresh security database data to refresh

Active Sessions records.

Note:

Active Sessions records will be automatically refreshed every ten seconds.

2.5.4 Scheduling

You can manage Scheduling records from the

Records Menu

Scheduling

submenu: that contains this command:

• Jobs

You can also manage Scheduling

records from the Selection Pane

Scheduling branch:

that includes this element:

Scheduled Jobs

63

2.5 Manage Security Database Content

2.5.4.1 Scheduled Job

Click the

Selection Pane

Scheduled Jobs

element to display the

Scheduled Job

Records Pane :

64

It will display Scheduled Jobs

that will enable a group record temporarily within a specified period, optionally according to a weekly schedule.

Scheduled Jobs

can be displayed as icons or table records, see

Toolbar

. Details view will display records in a table with this column content:

Description: Scheduled Job icon and optionally a description.

GroupID: Group type icon and name and record number.

Domain: Domain name if a Windows group.

StartTime: Start time stamp in format YYYY-MM-DD HH:MM:SS.

EndTime: End time stamp in format YYYY-MM-DD HH:MM:SS.

Flags: Weekly schedule hexadecimal number.

ID: Record number (records will be numbered starting from 1).

Created: Creation date stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification date stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

Scheduled Job

records from the Records Menu

Scheduling menu Jobs submenu:

or from the matching Scheduled Job

Records Pane context menu:

2 NetOp Security Management

It contains these commands:

New

Details

Edit

Delete

2.5.4.1.1 New

Select the

Scheduling

> Jobs menu New... command, click the

Toolbar New Scheduled Job button with a

clock or press F10 to run the

Scheduled Job Wizard

to display this window:

Scheduled Job Wizard

Temporary Access

This wizard will create a Scheduled Job record.

Wizard windows display options to the left and specifications to the right. Suggested or completed specifications will be displayed in black text. User messages will be displayed in blue text.

This window specifies an optional Scheduled Job description and selects a group type.

Description []: Optionally, specify in this field a

Scheduled Job description that will be displayed in the

Scheduled Job

Records Pane Description column.

Select one of these options:

Windows Group: Create a Windows Group

Scheduled Job

.

65

2.5 Manage Security Database Content

Guest ID Group: Create a

NetOp Guest ID Group

Scheduled Job .

Host ID Group: Create a

NetOp Host ID Group

Scheduled Job .

If on a Windows 2000+ computer you select Windows Group, the Windows Select Group window will be displayed when you click Next. When you have selected a Windows group, the

Select <Type> Group

window will be displayed.

Otherwise, this window will be displayed when you click Next:

Select <Type> Group

66

This window specifies a group selection.

If a Windows Group was selected in a Windows Select Group window, the disabled left drop-down box fields and the right Windows Group specification will display the domain and group name.

Otherwise, a drop-down box whose list contains available security database group record names will be displayed to the left. Actively select a list name to display it in the field to specify it to the right immediately or after clicking Next.

Click Next to display this window:

Start Date and Time

2 NetOp Security Management

This window specifies a start date and time and optionally a weekly schedule.

Select one of these options:

Once on: Specify one date and time interval (default selection).

Checked weekdays starting: Enable the Every section to specify a weekly schedule in a date and time interval.

[<Date>]: The button of this drop-down box will display a calendar. Select a date in the calendar to display it in the field or edit the date in the field (default: today).

[<Time>]: Select time elements and change them with the up/down buttons or edit the time in the field

(default: 7:00:00 AM).

Every: Check weekdays to enable at the specified time on checked weekdays.

Click Next to display this window:

67

2.5 Manage Security Database Content

End Time

68

This window specifies an end date and time, if selected in a weekly schedule.

[<Date>]: The button of this drop-down box will display a calendar. Select a date in the calendar to display it in the field or edit the date in the field (default: one month from today).

[<Time>]: Select time elements and change them with the up/down buttons or edit the time in the field

(default: 6:00:00 PM).

Every: Check weekdays to disable the selected group at the specified time on checked weekday.

Note: Start and end checked weekdays must match. If your selections are valid, the Finish button will be

enabled. If a weekly schedule has been created, a bar in a lower extension of the window will display it graphically.

Finish: Click this button to create the specified

Scheduled Job record.

2.5.4.1.2 Details

Select a

Scheduled Job

record and select this command to display records of the individual Scheduled Job actions. Details view will display records in a table with this column content:

ExecuteAt: Scheduled Job icon and time stamp in format YYYY-MM-DD HH:MM:SS.

Action: Checkmark 7: Enable or red dot with white X 8: Disable.

Operand: Group type icon and group name.

Operator: Action type dependent number, typically 1.

P1: Parameter 1 (additional action specification).

2 NetOp Security Management

P2: Parameter 2 (additional action specification).

JobID:

Scheduled Job record number.

ID: Record number (records will be numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Right-click in the Records Pane

and select Back or press C

TRL

+B

ACKSPACE

to display unexpanded

Scheduled Job

records.

2.5.4.1.3 Edit

Select a

Scheduled Job record and select the Scheduled Job

menu Edit... command, click the Toolbar

Edit

Selected button, press C

TRL

+E or double-click a

Scheduled Job record to display the record properties in

the

Scheduled Job Wizard to edit them.

2.5.4.1.4 Delete

Select Scheduled Job records and select the Scheduled Job

menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

2.5.5 NetOp Definitions

You can manage NetOp Definitions records from the

Records Menu

NetOp Definitions

submenu: that contains these commands:

NetOp Guest ID

NetOp Guest ID Group

NetOp Host ID

NetOp Host ID Group

NetOp Properties

You can also manage NetOp Definitions

records from the Selection Pane

NetOp Definitions branch:

that includes these elements:

NetOp Guest IDs

NetOp Guest ID Groups

NetOp Host IDs

NetOp Host ID Groups

69

2.5 Manage Security Database Content

NetOp Properties

Note: By default, the

Selection Pane

does not display the

NetOp Definitions

branch. Display it from the

View Menu .

Using NetOp Definitions , NetOp Security Management will identify a connecting Guest by its NetOp

logon Guest ID and a connected to Host by the Host ID specified on the Host.

2.5.5.1 NetOp Guest ID

Click the

Selection Pane

NetOp Guest IDs

element to display the

NetOp Guest ID

Records Pane

:

70

It will display NetOp Guest IDs

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

UserName: NetOp Guest ID

icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

Password: Yellow key and asterisks (password specified) or white key and No Password (no password specified)

ForceChange: Checkmark (Guest user must specify a new password at next logon) or empty (New password is not required).

Callback: White phone and No callback (callback is not implemented).

ID: Record number (records will be numbered starting from 1).

PwdWrong: Number of wrong passwords in last logon attempt.

PwdNum: Number of recent passwords that cannot be reused.

PwdChanged: Last password change time stamp in format YYYY-MM-DD HH:MM:SS.

PwdUsed: Last password use time stamp in format YYYY-MM-DD HH:MM:SS.

Description: Optional description.

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control .

2 NetOp Security Management

Manage

NetOp Guest ID records from the

Records Menu

NetOp Guest ID menu: or from the matching NetOp Guest ID

Records Pane context menu:

It contains these commands:

New

Edit

Delete

Accessible Hosts

71

2.5 Manage Security Database Content

2.5.5.1.1 New

Select the NetOp Guest ID

menu New... command, click the

Toolbar New NetOp Guest ID button with a

NetOp Guest icon or press F3 to display this window:

NetOp Guest ID

72

Note: To display

Toolbar

NetOp Definitions buttons, while the

Selection Pane

displays the NetOp

Definitions branch select the

View Menu Large Toolbar or Small Toolbar command.

This window specifies a

NetOp Guest ID record. It has two tabs:

General Tab

Member Of Tab

General Tab

This tab specifies general

NetOp Guest ID record properties.

[<NetOp Guest ID name>]: If creating a

NetOp Guest ID record, replace the default NEW GUEST

ID field content by the name by which the record Guest shall identify itself. If editing a

NetOp Guest

ID record, you can edit the NetOp Guest ID name.

Description []: Optionally, specify in this field a description that will be displayed in the NetOp

Guest ID

Records Pane Details view Description column.

Callback number []: This field will be disabled as callback options are currently not implemented.

Callback Mode

No callback: This option is always selected to apply no callback.

2 NetOp Security Management

Status

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment

record that uses a disabled

Guest or Host selection record.

Password

This section specifies NetOp password properties.

Password []: If creating a

NetOp Guest ID record, this field will be empty. Optionally, specify a

password. Characters will display as dots or asterisks. If editing a

NetOp Guest ID record, this field

will typically display dots or asterisks signifying that a password is specified. You can edit the password.

Confirm []: Re-specify in this field a new password for confirmation.

Note: NetOp passwords must satisfy

NetOp Guest ID Password Properties .

Change at next logon: By default, this box will be checked to request that the Guest user changes the password at next logon after which the box will become unchecked. You can uncheck and check the box.

Illegal count []: This disabled field will display the number of unsuccessful password attempts in the last Guest logon.

History count []: This disabled field will display the number of used passwords that cannot be reused.

Last change []: This disabled field will display the last time the password was changed.

Last use []: This disabled field will display the last time the password was used.

73

2.5 Manage Security Database Content

Member Of Tab

This tab specifies the NetOp Guest ID Group records of which this

NetOp Guest ID record is a member:

74

The pane will display the names of

NetOp Guest ID Group

records of which this NetOp Guest ID

record is a member (initially none).

Add...: Click this button to display this window:

2 NetOp Security Management

It adds this

NetOp Guest ID record as a member of

NetOp Guest ID Group

records.

The pane will display the names of NetOp Guest ID Group

records of which this NetOp Guest

ID record is not a member.

Select in the pane NetOp Guest ID Group record names and click OK to close the window to

add this

NetOp Guest ID record as a member of selected

NetOp Guest ID Group records.

Remove: Select

NetOp Guest ID Group record names in the pane and click this button to remove this

NetOp Guest ID record as a member of selected

NetOp Guest ID Group records.

2.5.5.1.2 Edit

Select a

NetOp Guest ID record and select the NetOp Guest ID menu Edit... command, click the

Toolbar

Edit Selected button, press C

TRL

+E or double-click a

NetOp Guest ID record to display its properties in

the

NetOp Guest ID

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.5.1.3 Delete

Select NetOp Guest ID

records and select the

NetOp Guest ID menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignment records that use a deleted Guest or Host selection record will be deleted.

2.5.5.1.4 Accessible Hosts

Select a

NetOp Guest ID record and select the NetOp Guest ID menu Accessible Hosts... command to

display the

Who May Remote Control Whom (Accessible Hosts)

window.

75

2.5 Manage Security Database Content

2.5.5.2 NetOp Guest ID Group

Click the

Selection Pane

NetOp Guest ID Groups

element to display the

NetOp Guest ID Group

Records

Pane :

It will display NetOp Guest ID Groups

as named icons or table records, see

Toolbar . Details view will

display records in a table with this column content:

GroupName: NetOp Guest ID Group

icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

Description: Optional description.

ID: Record number (records will be numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

NetOp Guest ID Group

records from the Records Menu

NetOp Guest ID Group

menu:

76

or from the matching NetOp Guest ID Group

Records Pane context menu:

2 NetOp Security Management

It contains these commands:

New

Edit

Delete

Members

2.5.5.2.1 New

Select the NetOp Guest ID Group menu New... command, click the

Toolbar New NetOp Guest ID Group

button with a double NetOp Guest icon or press F4 to display this window:

NetOp Group (Guest ID)

Note: To display

Toolbar

NetOp Definitions buttons, while the

Selection Pane

displays the NetOp

Definitions

branch select the

View Menu Large Toolbar or Small Toolbar command.

This window specifies a

NetOp Guest ID Group record.

[<NetOp Guest ID Group name>]: If creating a

NetOp Guest ID Group record, replace the default NEW

NETOP GUEST ID GROUP field content by the desired group name. If editing a

NetOp Guest ID Group

record, you can edit the

NetOp Guest ID Group name.

Description []: Optionally, specify in this field a description that will be displayed in the

NetOp Guest ID

Group

Records Pane Details view Description column.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. NetOp Security Management will not use a

Role Assignment record that uses a disabled Guest or Host selection record.

2.5.5.2.2 Edit

Select a

NetOp Guest ID Group record and select the NetOp Guest ID Group menu Edit... command,

click the

Toolbar Edit Selected button, press C

TRL

+E or double-click a

NetOp Guest ID Group record to

display its properties in the

NetOp Group (Guest ID)

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.5.2.3 Delete

Select NetOp Guest ID Group records and select the NetOp Guest ID Group

menu Delete command, click the

Toolbar Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

77

2.5 Manage Security Database Content

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2.5.5.2.4 Members

Select a

NetOp Guest ID Group record and select the NetOp Guest ID Group menu Members... command

to display this window:

<Guest ID Group name> (members)

78

It manages

NetOp Guest ID Group

record NetOp Guest ID

record members.

The title bar will display the NetOp Guest ID Group

name.

The pane will display NetOp Guest ID Group

record NetOp Guest ID

record member icons and names.

Add: Click this button to display this window:

2 NetOp Security Management

It adds

NetOp Guest ID record members to the

NetOp Guest ID Group record.

The title bar will display the NetOp Guest ID Group name.

The pane will display icons and names of NetOp Guest ID

records that are not members of the

NetOp Guest ID Group

record.

Select in the pane

NetOp Guest ID

records and click OK to add them as members of the NetOp

Guest ID Group

record.

Remove: Select in the pane NetOp Guest ID

records and click this button to remove them as members of the

NetOp Guest ID Group record.

79

2.5 Manage Security Database Content

2.5.5.3 NetOp Host ID

Click the

Selection Pane

NetOp Host IDs element to display the NetOp Host ID

Records Pane :

It will display NetOp Host IDs

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

HostName:

NetOp Host ID icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records will be numbered starting from 1).

Description: Optional description.

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

NetOp Host ID records from the

Records Menu

NetOp Host ID

menu:

80

or from the matching NetOp Host ID

Records Pane

context menu:

2 NetOp Security Management

It contains these commands:

New

Edit

Delete

Permitted Guests

2.5.5.3.1 New

Select the NetOp Host ID

menu New... command, click the Toolbar

New NetOp Host ID button with a

NetOp Host icon or press F6 to display this window:

NetOp Host ID

Note: To display

Toolbar

NetOp Definitions buttons, while the

Selection Pane

displays the NetOp

Definitions

branch select the

View Menu Large Toolbar or Small Toolbar command.

This window specifies a

NetOp Host ID record. It has two tabs:

General Tab

Member Of Tab

General Tab

This tab specifies general NetOp Host ID

record properties.

81

2.5 Manage Security Database Content

[<NetOp Host ID name>]: If creating a

NetOp Host ID record, replace the default NEW HOST ID field content by the Host ID by which the record Host will identify itself. If editing a NetOp Host ID

record, you can edit the

NetOp Host ID

name.

Description []: Optionally, specify in this field a description that will be displayed in the NetOp

Host ID

Records Pane Details view Description column.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Member Of Tab

The functionality of this tab is similar to the functionality of the

NetOp Guest ID

window

Member Of

Tab .

2.5.5.3.2 Edit

Select a

NetOp Host ID record and select the NetOp Host ID

menu Edit... command, click the Toolbar

Edit Selected button, press C

TRL

+E or double-click a NetOp Host ID record to display its properties in

the

NetOp Host ID

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.5.3.3 Delete

Select NetOp Host ID records and select the NetOp Host ID menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignment records that use a deleted Guest or Host selection record will be deleted.

2.5.5.3.4 Permitted Guests

Select a

NetOp Host ID record and select the NetOp Host ID menu Permitted Guests... command to

display the

Who May Remote Control Whom (Permitted Guests)

window.

2.5.5.4 NetOp Host ID Group

Click the

Selection Pane

NetOp Host ID Groups element to display the NetOp Host ID Group

Records

Pane :

82

It will display NetOp Host ID Groups

as named icons or table records, see

Toolbar . Details view will

display records in a table with this column content:

GroupName: NetOp Host ID Group

icon and name.

2 NetOp Security Management

Enabled: Checkmark (enabled) or red dot with white X (disabled).

Description: Optional description.

ID: Record number (records will be numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in

Table Control .

Note: A built-in

NetOp Host ID Group named Unregistered Host IDs with ID = 0 will not be displayed in

the pane. This group that is included for NetOp Access Server compatibility enables an old version

Access Server enabled NetOp Host for which no

NetOp Host ID

record exists to use an Access Server enabled NetOp Security Server. You can create

Role Assignments

with this Host ID Group only with

NetOp Guest ID and

NetOp Guest ID Group records. You should not use this

NetOp Host ID Group for

any other purpose.

Manage

NetOp Host ID Group records from the

Records Menu

NetOp Host ID Group menu: or from the matching NetOp Host ID Group

Records Pane context menu:

It contains these commands:

New

Edit

Delete

Members

2.5.5.4.1 New

Select the NetOp Host ID Group

menu New... command, click the

Toolbar New NetOp Host ID Group

button with a double NetOp Host icon or press F7 to display the NetOp Group (Host ID) window whose functionality is similar to the functionality of the

NetOp Group (Guest ID)

window.

Note: To display

Toolbar

NetOp Definitions buttons, while the

Selection Pane

displays the NetOp

Definitions

branch select the

View Menu Large Toolbar or Small Toolbar command.

83

2.5 Manage Security Database Content

2.5.5.4.2 Edit

Select a

NetOp Host ID Group record and select the NetOp Host ID Group menu Edit... command, click

the Toolbar

Edit Selected button, press C

TRL

+E or double-click a

NetOp Host ID Group

record to display

its properties in the NetOp Group (Host ID) window that is similar to the

NetOp Group (Guest ID)

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.5.4.3 Delete

Select NetOp Host ID Group records and select the NetOp Host ID Group

menu Delete command, click the

Toolbar Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2.5.5.4.4 Members

Select a

NetOp Host ID Group record and select the NetOp Host ID Group menu Members... command to

display the <Host ID Group name> (members) window whose functionality is similar to the functionality

of the

<Guest ID Group name> (members)

window.

2.5.5.5 NetOp Properties

Click the

Selection Pane

NetOp Properties

element to display the

NetOp Properties

Records Pane :

It will display NetOp Properties

as named icons or table records, see Toolbar

. Details view will display records in a table with this column content:

Property: Key icon and property description.

Setting: Property value.

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control . You cannot sort records.

84

2 NetOp Security Management

Manage

NetOp Properties

records from the Records Menu

NetOp Properties submenu: or from the matching NetOp Properties

Records Pane context command:

Select this command, click the

Toolbar Edit Selected button, press C

TRL

+E or double-click any

NetOp

Properties record to display this window:

NetOp Guest ID Password Properties

It specifies NetOp password properties.

NetOp password syntax

Minimum password length (0-16) []: Specify in the field a number in the range for the minimum number of characters in the password (default: 0).

Password history length (0-10) []: Specify in the field a number in the range for the number of recent passwords that cannot be reused (default: 0).

85

2.5 Manage Security Database Content

Must begin and end with a character and include a digit: Check this box (default: unchecked) to require that the password begins and ends with a letter character and includes a numeral character.

Note: If password syntax requirements are increased, current passwords that do not satisfy the increased

requirements will remain valid until changed.

NetOp password lifetime

Password lifetime (0-99 days, 0=infinite) []: Specify in the field a number in the range for the maximum number of days the password can be used before it must be changed (default: 0).

Lock accounts if not used for (0-99 days, 0=infinite) []: Specify in the field a number in the range for the number of days after which a

NetOp Guest ID record will be disabled if not used (default: 0).

Lock accounts after password failures (0-10, 0=never) []: Specify in the field a number in the range for the number of unsuccessful password attempts after which the

NetOp Guest ID record will be disabled

(default: 0).

2.5.6 Windows Definitions

You can manage

Windows Definitions records from the

Records Menu

Windows Definitions submenu:

that contains these commands:

Windows User

Windows Group

Windows Workstation

Windows Workstation Group

Windows Domain

You can also manage Windows Definitions

records from the Selection Pane

Windows Definitions

branch:

86

that includes these elements:

Windows Users

Windows Groups

Windows Workstations

Windows Workstation Groups

Windows Domains

2 NetOp Security Management

Note: Using

Windows Definitions , NetOp Security Management will identify a connecting Guest by its

NetOp logon user name and a connected to Host by its Windows logon user name if it identifies itself as a user or by its computer name if it identifies itself as a workstation, see

Preferred Host Type

.

2.5.6.1 Windows User

Click the

Selection Pane

Windows Users

element to display the

Windows User

Records Pane :

It will display Windows Users

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

RID:

Windows User icon and Windows relative identifier number.

UserName:

Windows User name.

Domain:

Windows Domain name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records will be numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage

Windows User records from the

Records Menu

Windows User

submenu:

87

2.5 Manage Security Database Content

or from the matching Windows User

Records Pane

context menu:

It contains these commands:

New

Edit

Delete

Accessible Hosts

Permitted Guests

Note: To create

Role Assignments

with Windows domain users, records do not need to exist in the

Windows User

Records Pane

if the NetOp Security Manager computer is connected to the domain network.

2.5.6.1.1 New

Select the Windows User menu New... command to create Windows User

records.

If NetOp Security Manager runs on a Windows 2000+ computer, the Windows Select User window will

be displayed to select a user to create a Windows User record.

If NetOp Security Manager runs on another Windows computer, this window will be displayed:

88

It creates

Windows User

records.

2 NetOp Security Management

Domain []: The list of this drop-down box will contain the names of Windows Domains

recognized by the NetOp Security Manager computer. Select a name in the list to display it in the field.

Username []: The list of this drop-down box will contain the names of users in the

Windows Domain

specified in the Domain drop-down box field. Select a name in the list to display it in the field.

Record is disabled: Check this box to disable created records (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Insert Selected: Click this button to create a

Windows User record of the selected user.

Insert All Users: Click this button to create

Windows User

records of all users in the Windows Domain

specified in the Domain drop-down box field.

2.5.6.1.2 Edit

Select a

Windows User record and select the Windows User

menu Edit... command, click the

Toolbar

Edit Selected button, press C

TRL

+E or double-click a

Windows User record to display this window:

It enables editing the properties of the selected Windows User record.

Domain []: This disabled field will display the

Windows User record Domain column value.

Username []: This disabled field will display the Windows User record UserName column value.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

2.5.6.1.3 Delete

Select Windows User

records and select the

Windows User

menu Delete command, click the Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

89

2.5 Manage Security Database Content

2.5.6.1.4 Accessible Hosts

Select a

Windows User ,

NetOp Guest ID

,

RSA SecurID User

or

Directory Services User

record and select the matching menu Accessible Hosts... command to display this window:

Who May Remote Control Whom (Accessible Hosts)

90

Note: To view the

Role Assignments

and applicable

Role

rights of an individual record for which Role

Assignments

were created only with a group record, create the individual record manually.

This window will display the

Role Assignments

of an individual Guest record (

Windows User ,

NetOp

Guest ID

,

RSA SecurID User

or

Directory Services User

) and its applicable Role rights with any

individual Host record (

Windows User ,

Windows Workstation

or

NetOp Host ID ) with which

Role

Assignments

exist in the security database.

The left pane will display a tree structure with checkmarked named branches of the individual Guest

record and the groups of which it is a member. A [+] button indicates that Role Assignments

exist in the branch. Click a [+] button, press the right arrow key or double-click the name to expand a branch. Click a

[-] button, press the left arrow key or double-click the name to collapse a branch. Move the selection with the up/down arrow keys.

You can expand groups into their individual Host records. A fully expanded branch will display icons and names of individual Host records with which

Role Assignments

exist in the security database.

Select an individual Host record to display in the right pane the applicable

Role rights of the selected

Guest record with this Host record. Right pane icons and abbreviations are explained in

Role

.

2 NetOp Security Management

2.5.6.1.5 Permitted Guests

Select a

Windows User ,

Windows Workstation

or

NetOp Host ID

record and select the matching menu

Permitted Guests... command to display this window:

Who May Remote Control Whom (Permitted Guests)

Note: To view the

Role Assignments

and applicable

Role

rights of an individual record for which Role

Assignments

were created only with a group record, create the individual record manually.

This window will display the

Role Assignments

of an individual Host record (

Windows User ,

Windows

Workstation

or

NetOp Host ID ) and the applicable

Role rights of any individual Guest record (

Windows

User ,

NetOp Guest ID ,

RSA SecurID User or

Directory Services User ) with which

Role Assignments

exist in the security database.

The left pane will display a tree structure with checkmarked named branches of the individual Host record and the groups of which it is a member. A [+] button indicates that

Role Assignments

exist in the branch. Click a [+] button, press the right arrow key or double-click the name to expand a branch. Click a

[-] button, press the left arrow key or double-click the name to collapse a branch. Move the selection with the up/down arrow keys.

You can expand groups into their individual Guest records. A fully expanded branch will display icons and names of individual Guest records with which

Role Assignments

exist.

Select an individual Guest record to display in the right pane the applicable Role rights of this Guest

record with the selected Host record. Right pane icons and abbreviations are explained in

Role .

91

2.5 Manage Security Database Content

2.5.6.2 Windows Group

Click the

Selection Pane

Windows Groups

element to display the

Windows Group

Records Pane :

It will display Windows Groups

as named icons or table records, see Toolbar

. Details view will display records in a table with this column content:

RID:

Windows Group

icon and Windows relative identifier number.

GroupName: Windows Group name.

Domain:

Windows Domain name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

CreatedBy: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

Windows Group records from the

Records Menu

Windows Group submenu:

92

or from the matching Windows Group

Records Pane context menu:

2 NetOp Security Management

It contains these commands:

New

Edit

Delete

Note: To create

Role Assignments

with Windows domain groups, records do not need to exist in the

Windows Group

Records Pane if the NetOp Security Manager computer is connected to the domain

network.

2.5.6.2.1 New

Select the Windows Group menu New... command to create Windows Group records.

If NetOp Security Manager runs on a Windows 2000+ computer, the Windows Select Group window will be displayed to select a user group to create a

Windows Group record.

If NetOp Security Manager runs on another Windows computer, this window will be displayed:

It creates

Windows Group records.

Domain []: The list of this drop-down box will contain the names of Windows Domains

recognized by the NetOp Security Manager computer. Select a name in the list to display it in the field.

Group []: The list of this drop-down box will contain the names of groups in the

Windows Domain

specified in the Domain drop-down box field. Select a user group name in the list to display it in the field.

Record is disabled: Check this box to disable created records (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Insert Selected: Click this button to create a

Windows Group

record of the selected user group.

Insert All Groups: Click this button to create

Windows Group

records of all groups in the domain specified in the Domain drop-down box field.

93

2.5 Manage Security Database Content

2.5.6.2.2 Edit

Select a Windows Group record and select the Windows Group menu Edit... command, click the

Toolbar

Edit Selected button, press C

TRL

+E or double-click a Windows Group record to display this window:

It enables editing the properties of the selected

Windows Group

record.

Domain []: This disabled field will display the

Windows Group record Domain column value.

Group []: This disabled field will display the Windows Group record GroupName column value.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. NetOp Security Management will not

use a Role Assignment

record that uses a disabled Guest or Host selection record.

2.5.6.2.3 Delete

Select Windows Group records and select the Windows Group

menu Delete command to display a confirmation window to confirm deleting records.

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

94

2 NetOp Security Management

2.5.6.3 Windows Workstation

Click the

Selection Pane

Windows Workstations element to display the Windows Workstation

Records

Pane :

It will display Windows Workstations

as named icons or table records, see

Toolbar . Details view will

display records in a table with this column content:

ComputerName:

Windows Workstation icon and Windows computer name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modified by: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage

Windows Workstation records from the

Records Menu

Windows Workstation submenu: or from the matching Windows Workstation

Records Pane context menu:

95

2.5 Manage Security Database Content

It contains these commands:

New

Edit

Delete

Permitted Guests

Note: To create

Role Assignments

with Windows domain computers, records do not need to exist in the

Windows Workstations

Records Pane if the NetOp Security Manager computer is connected to the

domain network.

2.5.6.3.1 New

Select the Windows Workstation menu New... command to create Windows Workstation records.

If NetOp Security Manager runs on a Windows 2000+ computer, the Windows Select Computer window will be displayed to select a computer to create a

Windows Workstation record.

If NetOp Security Manager runs on another Windows computer, this window will be displayed:

96

It creates

Windows Workstation records.

Domain []: The list of this drop-down box will contain the names of Windows Domains

recognized by the NetOp Security Manager computer. Select a name in the list to display it in the field.

Workstation []: The list of this drop-down box will contain the names of computers in the Windows

Domain specified in the Domain drop-down box field. Select a name in the list to display it in the field.

Record is disabled: Check this box to disable created records (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Insert Selected: Click this button to create a

Windows Workstation record of the selected computer.

Insert All: Click this button to close the window to create

Windows Workstation records of all computers

in the domain specified in the Domain drop-down box field.

2 NetOp Security Management

2.5.6.3.2 Edit

Select a

Windows Workstation record and select the Windows Workstation menu Edit... command, click

the Toolbar

Edit Selected button, press C

TRL

+E or double-click a

Windows Workstation

record to display this window:

It enables editing the properties of the selected Windows Workstation record.

Domain []: This disabled field will display the

Windows Workstation record Domain column value.

Workstation []: This disabled field will display the Windows Workstation record ComputerName column

value.

Member of []: This disabled pane will display the

Windows Workstation Group records of which the

selected

Windows Workstation record is a member.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

2.5.6.3.3 Delete

Select Windows Workstation records and select the Windows Workstation

menu Delete command to display a confirmation window to confirm deleting records.

Note:

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2.5.6.3.4 Permitted Guests

Select a

Windows Workstation record and select the Windows Workstation menu Permitted Guests...

command to display the

Who May Remote Control Whom (Permitted Guests)

window.

97

2.5 Manage Security Database Content

2.5.6.4 Windows Workstation Group

Click the

Selection Pane

Windows Workstation Groups element to display the Windows Workstation

Group

Records Pane

:

It will display Windows Workstation Groups

as named icons or table records, see Toolbar

. Details view will display records in a table with this column content:

GroupName: Windows Workstation Group

icon and name.

Domain:

Windows Domain name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modified by: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

Windows Workstation Group records from the

Records Menu

Windows Workstation Group

submenu:

98

2 NetOp Security Management

or from the matching Windows Workstation Group

Records Pane context menu:

It contains these commands:

New

Edit

Delete

Members

Note: To create

Role Assignments

with Windows domain computer groups, records do not need to exist

in the Windows Workstation Group

Records Pane if the NetOp Security Manager computer is connected

to the domain network. However,

Windows Workstation Group records will initially have no

Windows

Workstation

record

Members .

2.5.6.4.1 New

Select the Windows Workstation Group menu New... command to create Windows Workstation Group

records.

If NetOp Security Manager runs on a Windows 2000+ computer, the Windows Select Group window will be displayed to select a computer group to create a

Windows Workstation Group

record.

If NetOp Security Manager runs on another Windows computer, this window will be displayed:

It creates

Windows Workstation Group records.

Domain []: The list of this drop-down box will contain the names of Windows Domains

recognized by the NetOp Security Manager computer. Select a name in the list to display it in the field.

99

2.5 Manage Security Database Content

Group []: The list of this drop-down box will contain the names of all groups in the

Windows Domain

specified in the Domain drop-down box field. Select a group name in the list to display it in the field.

Record is disabled: Check this box to disable created records (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Insert Selected: Click this button to create a

Windows Workstation Group

record of the selected group.

Insert All Groups: Click this button to create

Windows Workstation Group

records of all groups in the domain specified in the Domain drop-down box field.

Note: A

Windows Workstation Group

record will initially have no

Windows Workstation record

members. You can add members from the

Members

command.

2.5.6.4.2 Edit

Select a

Windows Workstation Group record and select the Windows Workstation Group menu Edit...

command, click the Toolbar

Edit Selected button, press C

TRL

+E or double-click a

Windows Workstation

Group

record to display this window::

100

It enables editing the properties of the selected

Windows Workstation Group record.

Domain []: This disabled field will display the

Windows Workstation Group record Domain column

value.

Group []: This disabled field will display the Windows Workstation Group

record GroupName column value.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. NetOp Security Management will not

use a Role Assignment

record that uses a disabled Guest or Host selection record.

2.5.6.4.3 Delete

Select Windows Workstation Group records and select the Windows Workstation Group menu Delete

command to display a confirmation window to confirm deleting them.

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2 NetOp Security Management

2.5.6.4.4 Members

Select a

Windows Workstation Group record and select the Windows Workstation Group menu

Members... command to display this window:

It manages

Windows Workstation Group record

Windows Workstation

record members.

The title bar will display the selected

Windows Workstation Group

record group name and domain.

The pane will display Windows Workstation

record members identified by their computer name and domain.

101

2.5 Manage Security Database Content

Add: Click this button to display this window:

102

It adds domain computers as members of the selected

Windows Workstation Group

record.

The title bar will display the selected Windows Workstation Group record group name and domain.

The left pane will displays icons and names of domains recognized by the NetOp Security Manager computer. Select a domain to display its computers in the right pane.

Select domain computers and click OK to close the window to add selected computers as members of the

Windows Workstation Group record.

Note: If

Windows Workstation

records of computers added as members of a

Windows Workstation

Group do not exist in the security database, they will be created.

Remove: Select

Windows Workstation records in the pane and click this button to remove them as

members of the selected

Windows Workstation Group

record.

2 NetOp Security Management

2.5.6.5 Windows Domain

Click the

Selection Pane

Windows Domains element to display the Windows Domain

Records Pane

:

It will display Windows Domains

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

DomainName: Windows Domain icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modified by: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage Domain records from the Records Menu

Windows Domain submenu: or from the matching Windows Domain

Records Pane context menu:

It contains these commands:

103

2.5 Manage Security Database Content

New

Edit

Delete

Note: To create

Role Assignments

with Windows domains, records do not need to exist in the

Windows

Domain

Records Pane if the NetOp Security Manager computer is connected to the domain network.

2.5.6.5.1 New

Select the Windows Domain menu New... command to display this window:

104

It creates

Windows Domain records.

Domain []: The list of this drop-down box will contain the names of

Windows Domains

recognized by the NetOp Security Manager computer. Select one to display it in the drop-down box field.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

Insert Selected: Click this button to create a

Windows Domain

record of the selected domain.

Insert All Domains: Click this button to create

Windows Domain

records of all domains in the drop-down box list.

2 NetOp Security Management

2.5.6.5.2 Edit

Select a

Windows Domain record and select the Windows Domain menu Edit... command, click the

Toolbar Edit Selected button, press C

TRL

+E or double-click a Windows Domain record to display this

window:

It enables editing the properties of the selected Windows Domain record.

Domain []: This disabled field will display the selected

Windows Domain record DomainName column

value.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled domain

Windows Workstation records will remain enabled. NetOp Security

Management will not use a

Role Assignment record that uses a disabled Guest or Host selection

record.

2.5.6.5.3 Delete

Select Windows Domain records and select the Windows Domain

menu Delete command to display a confirmation window to confirm deleting them.

Note: Domain

Windows Workstation records will not be deleted.

Role Assignments

that use a deleted

Guest or Host selection record will be deleted.

2.5.7 RSA SecurID Definitions

Note: RSA SecurID authenticates a user by a user name and PASSCODE that combines a personal

identification number (PIN) and a token number that is read from a token. The combination of a remembered PIN and the frequently changing token number makes the PASSCODE practically unbreakable. Consequently, RSA SecurID authentication is very secure.

You can manage RSA SecurID Definitions records from the

Records Menu

RSA SecurID Definitions

submenu:

105

2.5 Manage Security Database Content

that contains these commands:

RSA SecurID User

RSA SecurID Group

RSA SecurID Properties

You can also manage RSA SecurID Definitions

records from the Selection Pane

RSA SecurID

Definitions branch:

that includes these elements:

RSA SecurID Users

RSA SecurID Groups

RSA SecurID Properties

2.5.7.1 RSA SecurID User

Click the

Selection Pane

RSA SecurID Users

element to display the

RSA SecurID User

Records Pane :

106

It will display

RSA SecurID Users

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

UserName: RSA SecurID User icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modified by: Modifier Windows user name.

Table controls are explained in Table Control .

2 NetOp Security Management

Manage

RSA SecurID User records from the

Records Menu

RSA SecurID User

submenu:

or from the matching RSA SecurID User

Records Pane

context menu:

It contains these commands:

New

Edit

Delete

Accessible Hosts

2.5.7.1.1 New

Select the RSA SecurID User menu New... command to display this window:

RSA SecurID User

It creates or edits an

RSA SecurID User record.

107

2.5 Manage Security Database Content

Name []: Specify in this field the name by which the Guest user will identify itself.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

2.5.7.1.2 Edit

Select an

RSA SecurID User record and select the RSA SecurID User menu Edit... command, click the

Toolbar

Edit Selected button, press C

TRL

+E or double-click a

RSA SecurID User record to display its

properties in the

RSA SecurID User

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.7.1.3 Delete

Select RSA SecurID User

records and select the

RSA SecurID User menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignment records that use a deleted Guest or Host selection record will be deleted.

2.5.7.1.4 Accessible Hosts

Select an

RSA SecurID User

record and select this command to display the

Who May Remote Control

Whom (Accessible Hosts)

window.

2.5.7.2 RSA SecurID Group

Click the

Selection Pane

RSA SecurID Groups element to display the RSA SecurID Group

Records Pane

:

108

It will display RSA SecurID Groups

as named icons or table records, see

Toolbar . Details view will

display records in a table with this column content:

The Details view table displays these column contents:

GroupName: RSA SecurID Group icon and name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modified by: Modifier Windows user name.

2 NetOp Security Management

Table controls are explained in

Table Control .

Note: A built-in

RSA SecurID Group

named All RSA SecurID Users with ID = 0 will not be displayed in the pane.

Manage

RSA SecurID Group

records from the Records Menu

RSA SecurID Group submenu: or from the matching RSA SecurID Group

Records Pane context menu:

It contains these commands:

New

Edit

Delete

Members

Note: Initially, an

RSA SecurID Group

record has no

RSA SecurID User record members. Add members

from the

Members

command.

109

2.5 Manage Security Database Content

2.5.7.2.1 New

Select the RSA SecurID Group menu New... command to display this window:

RSA SecurID Group

110

It creates or edits an

RSA SecurID Group record.

Group []: Specify in this field the

RSA SecurID Group record name.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. NetOp Security Management will not

use a Role Assignment

record that uses a disabled Guest or Host selection record.

2.5.7.2.2 Edit

Select an

RSA SecurID Group record and select the RSA SecurID Group

menu Edit... command, click

the Toolbar

Edit Selected button, press C

TRL

+E or double-click an

RSA SecurID Group record to display

its properties in the

RSA SecurID Group

window to edit them.

Note:

Role Assignments

will apply the edited properties of an edited Guest or Host selection record.

2.5.7.2.3 Delete

Select RSA SecurID Group records and select the RSA SecurID Group menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2 NetOp Security Management

2.5.7.2.4 Members

Select a

RSA SecurID Group record and select the RSA SecurID Group menu Members... command to

display this window:

It manages

RSA SecurID Group record

RSA SecurID User record members.

The title bar will display the selected

RSA SecurID Group record group name.

The pane will display RSA SecurID User

record members identified by their name.

111

2.5 Manage Security Database Content

Add: Click this button to display this window:

112

It adds RSA SecurID User record members to the

RSA SecurID Group record.

The title bar will display the RSA SecurID Group name.

The pane will display icons and names of RSA SecurID User

records that are not members of the

RSA SecurID Group record.

Select in the pane

RSA SecurID User

records and click OK to add them as members of the RSA

SecurID Group record.

Remove: Select in the pane

RSA SecurID User

records and click this button to remove them as members

of the RSA SecurID Group

record.

2.5.7.3 RSA SecurID Properties

Click the

Selection Pane

RSA SecurID Properties element to display the RSA SecurID Properties

Records Pane :

2 NetOp Security Management

It will display one RSA SecurID Property as a named icon or a table record, see

Toolbar . Details view

will display one record in a table with this column content:

Property: RSA SecurID Property icon and Use shadow NetOp password.

Setting: 0 (disabled) or 1 (enabled).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

Modified by: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage the RSA SecurID Property record from the Records Menu

RSA SecurID Properties submenu: or from the matching RSA SecurID Properties

Records Pane context command:

Select this command, click the

Toolbar Edit Selected button, press C

TRL

+E or double-click the RSA

SecurID Property record to display this window:

Enable NetOp Password Checking for RSA SecurID Users: Leave this box checked to request a

NetOp password in addition to the RSA SecurID user name and PASSCODE from a connecting

Guest to apply triple-factor security (default: checked).

Note: To apply triple factor security authentication, create for each

RSA SecurID User

record a shadow

NetOp Guest ID record with the

RSA SecurID User record name to apply the

NetOp Guest ID password

for additional RSA SecurID authentication security.

113

2.5 Manage Security Database Content

2.5.8 Directory Services Definitions

You can manage

Directory Services Definitions

records from the Records Menu

Directory Services

Definitions submenu:

that contains these commands:

Directory Services Users

Directory Services Groups

Directory Service

You can also manage Directory Services Definitions records from the

Selection Pane

Directory Services

Definitions branch:

that contains these elements:

Directory Services Users

Directory Services Groups

Directory Service

114

2 NetOp Security Management

2.5.8.1 Directory Services User

Click the

Selection Pane

Directory Services Users

element to display the

Directory Services User

Records Pane :

It will display Directory Services Users

as named icons or table records, see Toolbar

. Details view will display records in a table with this column content:

DN:

Directory Services User

icon and distinguished name.

Service:

Directory Service name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

Modified by: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage

Directory Services User

records from the Records Menu

Directory Services User submenu: or from the matching Directory Services User

Records Pane context menu:

It contains these commands:

New

115

2.5 Manage Security Database Content

Edit

Delete

Accessible Hosts

Note: To create

Role Assignments

with directory services users, records do not need to exist in the

Directory Services Users

Records Pane if the directory service is specified in the

Directory Service

Records Pane and is available.

2.5.8.1.1 New

Select the Directory Services User menu New... command to display this window:

116

It creates a

Directory Services User

record.

The pane will display users in available

Directory Services

. Select a user and click OK to create a

Directory Services User record.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

2 NetOp Security Management

2.5.8.1.2 Edit

Select a

Directory Services User record and select the Directory Services User menu Edit... command,

click the

Toolbar Edit Selected button, press C

TRL

+E or double-click a

Directory Services User

record to display this window:

It enables editing the properties of the selected Directory Services User record.

Service []: This disabled field will display the

Directory Services User record

Directory Service .

Name []: This disabled field will display the

Directory Services User record distinguished name.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

2.5.8.1.3 Delete

Select Directory Services User records and select the Directory Services User menu Delete command,

click the

Toolbar Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note:

Role Assignment records that use a deleted Guest or Host selection record will be deleted.

2.5.8.1.4 Accessible Hosts

Select a

Directory Services User

record and select this command to display the

Who May Remote Control

Whom (Accessible Hosts)

window.

117

2.5 Manage Security Database Content

2.5.8.2 Directory Services Group

Click the

Selection Pane

Directory Services Groups element to display the Directory Services Group

Records Pane :

It will display Directory Services Groups

as named icons or table records, see

Toolbar . Details view will

display records in a table with this column content:

DN:

Directory Services Group icon and distinguished name.

Service:

Directory Service name.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

ID: Record number (records are numbered starting from 1).

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

Modified by: Modifier Windows user name.

Table controls are explained in Table Control .

Manage

Directory Services Group

records from the

Records Menu

Directory Services Group submenu: or from the matching Directory Services Group

Records Pane context menu:

118

It contains these commands:

2 NetOp Security Management

New

Edit

Delete

Note: To create

Role Assignments

with directory services groups, records do not need to exist in the

Directory Services Groups Records Pane

if the directory service is specified in the

Directory Service

Records Pane and is available.

2.5.8.2.1 New

Select the Directory Services Group menu New... command to display this window:

It creates a

Directory Services Group record.

The pane will display groups in available

Directory Services

. Select a group and click OK to create a

Directory Services Group

record.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not use a

Role Assignment record that uses a disabled

Guest or Host selection record.

119

2.5 Manage Security Database Content

2.5.8.2.2 Edit

Select a

Directory Services Group record and select the Directory Services Group menu Edit... command,

click the

Toolbar Edit Selected button, press C

TRL

+E or double-click a

Directory Services Group

record to display this window:

120

It enables editing the properties of the selected

Directory Services Group record.

Service []: This disabled field displays the

Directory Services Group record

Directory Service

.

Name []: This disabled field displays the

Directory Services Group

record distinguished name.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. NetOp Security Management will not

use a Role Assignment

record that uses a disabled Guest or Host selection record.

2.5.8.2.3 Delete

Select Directory Services Group

records and select the

Directory Services Group

menu Delete command, click the

Toolbar Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

Note: Group member records will not be deleted.

Role Assignments

that use a deleted Guest or Host selection record will be deleted.

2.5.8.3 Directory Service

Click the

Selection Pane

Directory Services

element to display the

Directory Service

Records Pane :

2 NetOp Security Management

It will display Directory Services

as named icons or table records, see

Toolbar . Details view will display

records in a table with this column content:

ID: Record number (records are numbered starting from 1).

Service Name: Directory Service

name.

DnsName:

Directory Service DNS name or IP address.

Enabled: Checkmark (enabled) or red dot with white X (disabled).

Port: TCP/IP port number.

SSL: Checkmark (use secure connection) or red X (do not use secure connection).

BaseDN: Base distinguished name of directory service.

UserDN: Searching user distinguished name.

Password: Searching user password displayed as asterisks.

UserSearchFilter: User search filter.

UserAttribFilter: User attribute filter.

UserBrowseFilter: User browse filter.

GroupSearchFilter: Group search filter.

GroupAttribFilter: Group attribute filter.

GroupBrowseFilter: Group browse filter.

OuSearchFilter: Organizational unit search filter.

Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

Created by: Creator Windows user name.

Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

Modified by: Modifier Windows user name.

Table controls are explained in

Table Control .

Manage

Directory Service records from the

Records Menu

Directory Service submenu: or from the matching Directory Service

Records Pane context menu:

It contains these commands:

New

121

2.5 Manage Security Database Content

Edit

Delete

2.5.8.3.1 New

Select the Directory Service menu New... command to run the

Directory Service Wizard to create a

Directory Service

record. This window will be displayed:

Directory Service Wizard

Locate

122

It specifies the directory service connection.

Address []: Specify in this field the Directory Service

computer DNS name or IP address.

TCP/IP port number []: Specify in this field 389 for a standard connection or 686 for a secure connection

(default: 389).

Use a Secure Connection: Check this box to use a secure connection.

Base DN []: Specify in this field the distinguished name from which a search shall start.

Test: Click this button to test the connection to display a test result message.

Click Next to display this window:

Credentials

2 NetOp Security Management

It specifies logon credentials.

Anonymous bind: Check this box to disable the other fields to log on without credentials.

Note: If you log on without credentials, you can typically not search a directory service for user and

group information.

User DN []: Specify in this field the distinguished name by which NetOp Security Management shall search for user and group information.

Password []: Specify in this field the matching password. Characters will display as dots or asterisks.

Confirm []: Re-specify in this field the password for confirmation.

Test: Click this button to test logon to display a test result message.

Click Next to display this window:

123

2.5 Manage Security Database Content

Filters

It specifies filters that facilitate the search for user and group information.

Click the Apply Default Values for Specific Service button to display this window:

124

The drop-down box list contains names of commonly used directory service types. Select a name in the list to display it in the field (default: Microsoft Active Directory). Click OK to close the window

to display the default filters of the selected directory service type in the Filters

window fields.

If selecting a directory service type does not generate usable filters, specify or modify filters:

User search filter []: User object class.

User attribute []: User logon name attribute.

User browse filter []: User and organizational unit object classes.

Group search filter []: Group object class.

Group member attribute []: Group member attribute.

Group browse filter []: Group and organizational unit object classes.

OU search filter []: Organizational unit object class.

Click Next to display this window:

Service Name

2 NetOp Security Management

It specifies the Directory Service record name and status.

Name []: Specify in this field the name that shall identify the

Directory Service

record.

Record is disabled: Check this box to disable the record (default: unchecked).

Note: NetOp Security Management will not search a

Directory Service

record whose record is disabled.

Finish: Click this button to end the

Directory Service Wizard to create the

Directory Service record.

125

2.5 Manage Security Database Content

2.5.8.3.2 Edit

Select a

Directory Service

record and select the

Directory Service

menu Edit... command, click the

Toolbar

Edit Selected button, press C

TRL

+E or double-click a

Directory Service record to display this

window:

126

This window has four tabs that match

Directory Service Wizard

windows. Edit the tab content to edit the

Directory Service

record.

Note: Searches will apply the edited properties of a

Directory Service

record.

2.5.8.3.3 Delete

Select Directory Service records and select the Directory Service menu Delete command, click the

Toolbar

Delete Selected button or press C

TRL

+D to display a confirmation window to confirm deleting them.

2.6 Security Database Tables

NetOp Security Manager creates these security database tables:

DWBATH: Scheduled Job

DWCONN: Active Sessions

DWDOMN: Windows Domain

DWDONE: Security Log

DWEVNT: NetOp Log

DWGRUH: NetOp Host ID Group

DWGRUP: NetOp Guest ID Group

DWHOGR: NetOp Host ID Group Members

DWHOST: NetOp Host ID

DWLDAPGRP: Directory Service Group

DWLDAPPROP: Directory Service Properties

DWLDAPSERV: Directory Service

DWLDAPUSR: Directory Service User

DWMAIN: Role Assignment

DWNTGR: Windows Group

DWNTUS: Windows User

DWPOLI: Security Policies

DWPROP: General NetOp Properties

DWROLE: Role

DWRSAGRP: RSA SecurID Group

DWRSAPROP: RSA SecurID Properties

DWRSAUSR: RSA SecurID User

DWRSGM: RSA SecurID Group Members

DWSERV: NetOp Security Servers

DWTODO: Scheduled Actions

DWUSER: NetOp Guest ID

DWUSGR: NetOp Guest ID Group Members

DWWKGM: Windows Workstation Group Members

DWWKSG: Widows Workstation Group

DWWKST: Windows Workstation

2 NetOp Security Management

127

2.6 Security Database Tables

2.6.1 DWBATH: Scheduled Job

Security Database Tables

store Scheduled Job data in this table that has this key structure:

Key

ID

Description

Category

GroupID

Domain

StartTime

EndTime

Flags

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Char (64)

Integer

Explanation

Record number (PRIMARY KEY)

Optional description

Group type number

Integer Record number in group table

Char (254) Domain name (if applicable)

Char (20)

Char(20)

Start time stamp in format YYYY-MM-DD HH:MM:SS

End time stamp in format YYYY-MM-DD HH:MM:SS

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Weekly settings number

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.2 DWCONN: Active Sessions

Security Database Tables store

Active Sessions

data in this table that has this key structure:

Key

Guest

Host

SessionType

Started

Format Explanation

Char (254) Log record arguments

Char (254) Logging NetOp module name

Integer Session type number

Char (20) Start time stamp in format YYYY-MM-DD HH:MM:SS

2.6.3 DWDOMN: Windows Domain

Security Database Tables store

Windows Domain data in this table that has this key structure:

Key

ID

DomainName

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Domain name

Integer 0 = Disabled, 1 = Enabled

Char (20)

Char (64)

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.4 DWDONE: Security Log

Security Database Tables store

Security Log data in this table that has this key structure:

Key

Created

CreatedBy

Status

Action

Operand

Operator

P1

ID

Format

Char (20)

Char (64)

Integer

Explanation

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator computer or Windows user name

Action result number (0 = OK, 1=Error)

Integer

Integer

Action type number

Action executed on number

Integer Action executed by number

Char (254) Parameter 1 (additional action specification)

Integer Record number (PRIMARY KEY)

128

2 NetOp Security Management

2.6.5 DWEVNT: NetOp Log

Security Database Tables

store NetOp Log

data in this table that has this key structure:

Key

ID

Created

EventType

SerialNo

DtlError

ProtocolError

Host

Description

Format

Integer

Char (20)

Char (10)

Explanation

Record number (PRIMARY KEY)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Log record event code

Integer

Integer

Integer

Char(32)

Log record event number of each logging NetOp module

DTL error number (0 = no error)

Protocol error number (0 = no error)

Logging NetOp module name

Char (160) Log record arguments

2.6.6 DWGRUH: NetOp Host ID Group

Security Database Tables

store NetOp Host ID Group

data in this table that has this key structure:

Key

ID

GroupName

Description

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Char (32)

Char (64)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number (PRIMARY KEY)

NetOp Host ID group name (UNIQUE)

Optional description

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.7 DWGRUP: NetOp Guest ID Group

Security Database Tables

store NetOp Guest ID Group data in this table that has this key structure:

Key

ID

GroupName

Description

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Char (32)

Char (64)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number (PRIMARY KEY)

NetOp Guest ID group name (UNIQUE)

Optional description

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.8 DWHOGR: NetOp Host ID Group Members

Security Database Tables

store NetOp Host ID Group

NetOp Host ID

member data in this table that has this key structure:

Key

HostID

GrpId

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number in NetOp Host ID table (PRIMARY KEY)

Record number in NetOp Host ID Group table (PRIMARY KEY)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

129

2.6 Security Database Tables

2.6.9 DWHOST: NetOp Host ID

Security Database Tables store

NetOp Host ID data in this table that has this key structure:

Key

ID

HostName

Description

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Char (32)

Char (64)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number (PRIMARY KEY)

Netop Host ID name (UNIQUE)

Optional description

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.10 DWLDAPGRP: Directory Service Group

Security Database Tables store

Directory Services Group data in this table that has this key structure:

Key

ID

DN

Service

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Distinguished name (UNIQUE)

Integer Record number in service table

Integer

Char (20)

Char (64)

Char (20)

Char (64)

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.11 DWLDAPPROP: Directory Service Properties

Security Database Tables store

Directory Service properties data in this table that has this key structure:

Key

Property

Setting

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Parameter value

Char (20) Creation time stamp in format YYYY-MM-DD HH:MM:SS

Char (64)

Char (20)

Char (64)

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.12 DWLDAPSERV: Directory Service

Security Database Tables store

Directory Service data in this table that has this key structure:

Key

ID

ServiceName

DnsName

Port

SSL

BaseDN

UserDN

Format

Integer

Integer

Integer

Password

Enabled

Char (16)

Integer

UserSearchFilter Char (60)

Explanation

Record number (PRIMARY KEY)

Char (32) Alias name for the service (UNIQUE)

Char (254) Domain Name System

IP port number for the SSL connection

0 = Disabled, 1 = Enabled

Char (254) Base distinguished name

Char (254) Distinguished name for user object used for searching

Password for user object used for searching

Anonymous bind 0 = Disabled, 1 = Enabled

Filter to limit search for user objects

130

2 NetOp Security Management

UserAttribFilter Char (60) Attribute that holds the user name

UserBrowseFilter Char (200) Filter to limit search for user objects and container objects

GroupSearchFilter Char (60)

GroupAttribFilter Char (60)

Filter to limit search for group objects

Attribute that holds the group name

GroupBrowseFilter Char (200) Filter to limit search for group objects and container objects

OuSearchFilter Char (60) Filter to limit search for container objects

Created

CreatedBy

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modified

ModifiedBy

Char (20)

Char (64)

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.13 DWLDAPUSR: Directory Service User

Security Database Tables

store Directory Services User data in this table that has this key structure:

Key

ID

DN

Service

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Distinguished name (UNIQUE)

Integer Record number in service table

Integer

Char (20)

Char (64)

Char (20)

Char (64)

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.14 DWMAIN: Role Assignment

Security Database Tables

store Role Assignment

data in this table that has this key structure:

Key

ID

GuestID

GuestType

HostID

HostType

RoleID

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Integer

Integer

Integer

Integer

Integer

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number (UNIQUE)

Record number in Guest selection table (PRIMARY KEY)

Guest selection type number (PRIMARY KEY)

Record number in Host selection table (PRIMARY KEY)

Host selection type number (PRIMARY KEY)

Record number in Roles table

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

131

2.6 Security Database Tables

2.6.15 DWNTGR: Windows Group

Security Database Tables store

Windows Group data in this table that has this key structure:

Key

ID

RID

GroupName

Domain

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Integer Domain RID number (UNIQUE)

Char (254) Windows group name

Char (254) Domain name (UNIQUE)

Integer 0 = Disabled, 1 = Enabled

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Char (20)

Char (64)

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.16 DWNTUS: Windows User

Security Database Tables store

Windows User data in this table that has this key structure:

Key

ID

RID

UserName

Domain

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Integer Domain RID number (UNIQUE)

Char (254) Windows user name

Char (254) Domain name (UNIQUE)

Integer 0 = Disabled, 1 = Enabled

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Char (20)

Char (64)

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.17 DWPOLI: Security Policies

Security Database Tables store

Security Policies

data in this table that has this key structure:

Key

Parameter

Setting

Created

CreatedBy

Modified

ModifiedBy

Format

Char (32)

Char (32)

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Parameter name (PRIMARY KEY)

Parameter value

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.18 DWPROP: General NetOp Properties

Security Database Tables store general NetOp properties data in this table that has this key structure:

Key

Property

Setting

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Parameter name (PRIMARY KEY)

Char (254) Parameter value

Char (20) Creation time stamp in format YYYY-MM-DD HH:MM:SS

Char (64)

Char (20)

Char (64)

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

132

2 NetOp Security Management

2.6.19 DWROLE: Role

Security Database Tables

store Role data in this table that has this key structure:

Clip

Send

Recv

Prnt

Chat

Audi

RunP

Conf

Key

ID

RoleName

Rctl

Keyb

Blnk

Lckm

Boot

Description

Created

CreatedBy

Modified

ModifiedBy

Mana

Inve

Smsg

Mjoi

Madm

Integer

Integer

Integer

Integer

Integer

Integer

Integer

Integer

Format

Integer

Char (32)

Integer

Integer

Integer

Integer

Integer

Char (64)

Char (20)

Char (64)

Char (20)

Char (64)

Integer

Integer

Integer

Integer

Integer

Explanation

Record number (PRIMARY KEY)

Role name (UNIQUE)

Remote control value: 0 = Do not allow, 1 = Allow, 2 = Deny

Use keyboard and mouse value: 0 = Do not allow, 1 = Allow, 2 = Deny

Blank screen value: 0 = Do not allow, 1 = Allow, 2 = Deny

Lock keyboard value: 0 = Do not allow, 1 = Allow, 2 = Deny

Restart Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Transfer clipboard value: 0 = Do not allow, 1 = Allow, 2 = Deny

Send files to Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Receive files from Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Redirect print value: 0 = Do not allow, 1 = Allow, 2 = Deny

Request chat value: 0 = Do not allow, 1 = Allow, 2 = Deny

Request audio chat value: 0 = Do not allow, 1 = Allow, 2 = Deny

Run program value: 0 = Do not allow, 1 = Allow, 2 = Deny

Value for confirm: 0 = no, 1 = always, 2 = logged on

Optional description

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

Remote management value: 0 = Do not allow, 1 = Allow, 2 = Deny

Inventory scan value: 0 = Do not allow, 1 = Allow, 2 = Deny

Send message value: 0 = Do not allow, 1 = Allow, 2 = Deny

Join multi Guest session value: 0 = Do not allow, 1 = Allow, 2 = Deny

Act as multi Guest session Administrator value: 0 = Do not allow, 1 = Allow, 2

= Deny

2.6.20 DWRSAGRP: RSA SecurID Group

Security Database Tables

store RSA SecurID Group data in this table that has this key structure:

Key

ID

GroupName

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Group name (UNIQUE)

Integer 0 = Disabled, 1 = Enabled

Char (20)

Char (64)

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

133

2.6 Security Database Tables

2.6.21 DWRSAPROP: RSA SecurID Properties

Security Database Tables store

RSA SecurID Properties

data in this table that has this key structure:

Key

Property

Setting

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Parameter value

Char (20) Creation time stamp in format YYYY-MM-DD HH:MM:SS

Char (64)

Char (20)

Char (64)

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.22 DWRSAUSR: RSA SecurID User

Security Database Tables store

RSA SecurID User

data in this table that has this key structure:

Key

ID

UserName

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) User name (UNIQUE)

Integer 0 = Disabled, 1 = Enabled

Char (20)

Char (64)

Char (20)

Char (64)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.23 DWRSGM: RSA SecurID Group Members

Security Database Tables store

RSA SecurID Group

RSA SecurID User member data in this table that

has this key structure:

Key

UserID

GroupID

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number in RSA SecurID Users table (PRIMARY KEY)

Record number in RSA SecurID Groups table (PRIMARY KEY)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.24 DWSERV: NetOp Security Servers

Security Database Tables store

Security Server List

data in this table that has this key structure:

Key

ServerName

ServerType

ASkey

IsRunning

Created

CreatedBy

Modified

ModifiedBy

Format Explanation

Char (254) Server name (PRIMARY KEY)

Integer 0 = Security Server only, 1 = Access Server compatible, 999 = Security Server group

Char (32)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Access Server key (if applicable)

0 = not running, 1 = running

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

134

2 NetOp Security Management

2.6.25 DWTODO: Scheduled Actions

Security Database Tables

store scheduled actions data in this table that has this key structure:

Key

ID

JobID

ExecuteAt

Action

Operand

Operator

P1

P2

Created

CreatedBy

Format

Integer

Integer

Char (20)

Explanation

Record number (PRIMARY KEY)

Record number of the scheduled job that the action belongs to

Execute time stamp in format YYYY-MM-DD HH:MM:SS

Integer

Integer

Action type number

Record number in group table

Integer Action executed by number

Char (254) Parameter 1 (additional action specification)

Char (254) Parameter 2 (additional action specification)

Char (20) Creation time stamp in format YYYY-MM-DD HH:MM:SS

Char (64) Creator Windows user name

2.6.26 DWUSER: NetOp Guest ID

Security Database Tables

store NetOp Guest ID

data in this table that has this key structure:

Key

ID

UserName

Description

Enabled

Password

PwdUsed

PwdChanged

PwdWrong

PwdNum

Pwd0

Pwd1

Pwd2

Pwd3

Pwd4

Pwd5

Pwd6

Pwd7

Pwd8

Pwd9

ForceChange

Callback

CBmode

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Char (32)

Char (64)

Integer

Char (32)

Char (20)

Char (20)

Integer

Integer

Char (32)

Char (32)

Char (32)

Char (32)

Char (32)

Char (32)

Explanation

Record number (PRIMARY KEY)

NetOp Guest ID name (UNIQUE)

Optional description

0 = Disabled, 1 = Enabled

Checksum of password

Password last use time stamp in format YYYY-MM-DD HH:MM:SS

Password last change time stamp in format YYYY-MM-DD HH:MM:SS

Number of wrong passwords entered

Number of recent passwords that cannot be used

Old password checksum

Old password checksum

Old password checksum

Old password checksum

Old password checksum

Old password checksum

Char (32)

Char (32)

Char (32)

Char (32)

Old password checksum

Old password checksum

Old password checksum

Old password checksum

Integer 0 = password change not required, 1 = password change required

Char (254) Fixed callback phone number

Integer

Char (20)

Callback mode: 0 = No, 1 = Fixed, 2 = Roving

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Char (64)

Char (20)

Char (64)

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

135

2.6 Security Database Tables

2.6.27 DWUSGR: NetOp Guest ID Group Members

Security Database Tables store

NetOp Guest ID Group

NetOp Guest ID

member data in this table that has this key structure:

Key

UsrID

GrpId

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number in NetOp Guest IDs table (PRIMARY KEY)

Record number in NetOp Guest ID Groups table (PRIMARY KEY)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.28 DWWKGM: Windows Workstation Group Members

Security Database Tables store

Windows Workstation Group

Windows Workstation

member data in this table that has this key structure:

Key

WkstID

GrpId

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Integer

Char (20)

Char (64)

Char (20)

Char (64)

Explanation

Record number in Workstations table (PRIMARY KEY)

Record number in Workstation Groups table (PRIMARY KEY)

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.29 DWWKSG: Widows Workstation Group

Security Database Tables store

Windows Workstation Group data in this table that has this key structure:

Key

ID

GroupName

Domain

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Windows group name

Char (254) Domain name (UNIQUE)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

2.6.30 DWWKST: Windows Workstation

Security Database Tables store

Scheduled Job data in this table that has this key structure:

Key

ID

ComputerName

Domain

Enabled

Created

CreatedBy

Modified

ModifiedBy

Format

Integer

Explanation

Record number (PRIMARY KEY)

Char (254) Workstation name (UNIQUE)

Char (254) Domain name (UNIQUE)

Integer

Char (20)

Char (64)

Char (20)

Char (64)

0 = Disabled, 1 = Enabled

Creation time stamp in format YYYY-MM-DD HH:MM:SS

Creator Windows user name

Modification time stamp in format YYYY-MM-DD HH:MM:SS

Modifier Windows user name

136

2 NetOp Security Management

2.7 NetOp Security Server Setup

You can install NetOp Security Server from the NetOp Remote Control CD, see the User’s Manual

Installation chapter or the matching NetOp Guest Help or NetOp Host Help system section.

Note: To run NetOp Security Server with a local test database, install NetOp Security Manager and

NetOp Security Server on the same computer. To run NetOp Security Server with a working security database, for fault tolerance and load balancing install NetOp Security Server preferably on multiple network server computers that run continuously.

NetOp Security Server is a NetOp Host with security server capabilities. Set up NetOp Security Server as a Host just like NetOp Host, see the User’s Manual NetOp Host chapter or the matching NetOp Host

Help system section.

Note: The NetOp Security Server program file NSSW32.EXE will reside in the directory where NetOp

Security Server is installed.

To load NetOp Security Server, select Start > All Programs > NetOp Remote Control> Security Server.

Select the Tools menu Security Server Setup command to display this window:

This window specifies security database logon.

ODBC Setup

Fields will be disabled when logged on to a security database.

Data Source Name (DSN): [] [...]: Specify in this field the path, if applicable, and DSN of the security database that you want to log on to, or click the [...] button to display the Windows Select Data Source window to select a DSN, see

Load NetOp Security Manager

.

User ID: []: Specify in this field the security database logon user name. The local test database does not require a user name.

Password: []: Specify in this field the security database logon password. The local test database does not require a password.

[Logon.../Logoff...]: Click this button to log on to/log off from the security database.

Information

Status: The security database logon status will be displayed. Running means logged on to the security database.

137

2.7 NetOp Security Server Setup

Security Server Group ID: The 32-digit hexadecimal Group ID will be displayed when NetOp Security

Server is logged on to the security database, see

Security Server Group Name .

Note: You cannot copy the Group ID from this window but from the

Security Server Group Name

window.

2.7.1 Security Server Tab

The NetOp Security Server window tab panel contains an additional Security Server tab:

It displays the security server and group status.

Security Server Status []: This disabled field will display the security server security database logon status.

The pane will display records of group security servers in a table with this column content:

Name: Security server Host ID.

Started: Security database logon date and time.

Status: Security database logon status description.

Table controls are explained in Table Control .

Note: On this tab, Security Server running means that NetOp Security Server is logged on to the security

database. It has no relation to the NetOp Security Server communication status that is displayed in the title bar and on the General tab.

138

2 NetOp Security Management

2.7.2 Run As Tab

If NetOp Security Server runs on a computer on which no user is logged on, which is typically the case with server computers, it will have no rights to query a domain controller for Windows user and group information. To achieve these rights, NetOp Security Server must run as a Windows account with these rights.

Select the Tools menu Program Options command or click the matching Toolbar button to display the

Program Options window. Select the Run As tab:

This tab enables running NetOp Security Server as a specified Windows account.

Enable: Check this box to enable the fields below (default: unchecked).

User name: []: Specify in this field a Windows user account name.

Password: []: Specify in this field the matching password.

Domain: []: Specify in this field the matching domain.

Automatically change to random password every week: Check the box to randomly change the password immediately and on a weekly basis to automatically satisfy a password change policy.

Caution: Do not check this box if the specified Windows user account name is used by a person,

because the person will not know the randomly generated password. Typically, create a Windows user account exclusively for this purpose.

139

2.8 Use NetOp Security Management

2.7.3 Communication Setup

NetOp Hosts can request security roles for connecting Guests by networking communication devices

(TCP/IP, IPX or NetBIOS).

To respond to such requests, communication profiles that match the communication profiles used by requesting Hosts must be enabled on NetOp Security Servers.

In a typical setup, the TCP/IP communication profile that initially is enabled will satisfy this demand.

Manage NetOp Security Server communication profiles from the Tools menu Communication Profiles command or the matching toolbar button.

2.8 Use NetOp Security Management

This main section includes these sections:

Prerequisites

Maintenance

Security

Database Systems

Additional Tools

2.8.1 Prerequisites

To use NetOp Security Management, this must be in place:

1.

A security database must be configured to specify among other things a private

Security Server

Group Name

that generates a public Group ID.

2.

At least one NetOp Security Server must be in the

Security Server List and if also NetOp Access

Server enabled Hosts shall be serviced, at least one NetOp Security Server in the group must be

Access Server enabled.

3.

Role Assignments

for all relevant Guests with all Hosts that use NetOp Security Server must exist in the security database.

4.

If using Windows Definitions , NetOp Security Servers with no user logged on to the computer must

run as a Windows user account, see

Run As Tab

.

5.

NetOp Security Server must be logged on to the security database, see NetOp Security Server Setup .

6.

NetOp Security Server communication status must be Running using communication profiles that match the communication profiles used by the Hosts using it, see

Communication Setup

.

7.

Hosts must select Use NetOp Security Server and specify the Group ID specified in the security database, see

Security Server Group Name .

When this is in place, NetOp Security Management can run unattended to service security role requests from Hosts.

2.8.2 Maintenance

When installing a new NetOp Remote Control version or build, follow this update instruction:

1.

Unload all NetOp Security Managers and security server group NetOp Security Servers.

2.

Reinstall all NetOp Security Managers and NetOp Security Servers without loading them.

3.

Load one NetOp Security Manager to automatically update security database tables.

4.

Load and start all NetOp Security Servers.

Note: Do not enable scheduled Web Update on NetOp Security Servers.

All cooperating NetOp Security Managers and NetOp Security Servers should use the same version and build to avoid database conflicts.

140

2 NetOp Security Management

Administrators should frequently test NetOp Security Management performance to see if any settings need to be adjusted.

From time to time, administrators must work with NetOp Security Manager to manage Scheduled Jobs

and adjust Role Assignments

with organizational changes.

2.8.3 Security

NetOp Security Servers should be adequately protected against unauthorized direct and remote access.

The security database must also be adequately protected. Advanced database systems typically have their own security schemes.

NetOp Security Servers generally need only read access to the

Security Database Tables . However, all

NetOp Security Servers must have write access to the DWDONE Security Log and DWEVNT

NetOp Log

tables to log events and to the DWUSER

NetOp Guest ID table to apply password changes.

NetOp Security Management administrators need rights to change the content of

Security Database

Tables , in particular the right to delete records from the DWDONE

Security Log and DWEVNT

NetOp

Log

tables to clean up logs.

2.8.4 Database Systems

NetOp Security Management has been tested only with a limited range of database systems. Therefore, it may be that administrators will experience problems if implementing NetOp Security Management with a database system with which it was not tested.

Although NetOp’s responsibility ends with the ODBC interface, we are interested in learning about difficulties in implementing NetOp Security Management with different database systems so that we can assist users encountering similar problems.

2.8.5 Additional Tools

NetOp Security Server program files include these additional tools:

AMPLUS.EXE

AMPLUS.ZIP

NETOPLOG.ZIP

2.8.5.1 AMPLUS.EXE

AMPLUS.EXE can import a NetOp Access Server configuration into a security database.

From the NetOp Access Server Configuration window Main Setup window, you can export Guests, Hosts and Access Profiles into these comma separated values configuration files:

HOSTS.TXT

<Host ID>,<Comment>,<Host ID Group>

GUESTS.TXT

<Guest ID>,<Comment>,<Guest ID Group>,<Password>,<Administrator Y/N>,

<Enabled Y/N>, <ForceChange Y/N>

PROFILES.TXT <Guest ID Group>,<Host ID Group>,<Rctl Y/N>,<Keyb Y/N>,<Lckm Y/N>,<Boot Y/N>,

<Blnk Y/N>,<Prnt Y/N>,<Clip Y/N>,<Chat Y/N>,<Audi Y/N>,<Send Y/N>,<Recv Y/N>,

<Conf Y/N/L>,<RunP Y/N>,<Mana Y/N>,<Inve Y/N>,<Smsg Y/N>,<Mjoi Y/N>,

<Madm Y/N>

AMPLUS.EXE can import NetOp Definitions structured like this into the security database by using this

command syntax:

AMPLUS -F <Import file>

Specify the import file like this:

LOGON <ODBC data source name> <User name> <Password>

IMPORT

LOGOFF

EXIT

Save the import file as e.g. AMPLUS.IMP.

Place the import file and the GUEST.TXT, HOST.TXT and PROFILES.TXT configuration files in the

NetOp Security Server program directory where AMPLUS.EXE resides and run this command:

141

2.8 Use NetOp Security Management

AMPLUS -F AMPLUS.IMP

This will import the

NetOp Definitions

into the security database.

2.8.5.2 AMPLUS.ZIP

NetOp Security Server and NetOp Security Manager use the same interface to the database.

AMPLUS.ZIP contains the C++ source for use with this API.

2.8.5.3 NETOPLOG.ZIP

NETOPLOG.ZIP contains tools for creating your own NetOp logging DLL.

142

3 NetOp Gateway

143

3.1 Summary

3.1 Summary

This chapter explains NetOp Gateway that is a NetOp Host that can route NetOp communication between different communication devices. It contains these sections:

NetOp Gateway Functionality

NetOp Gateway Setup

Use NetOp Gateway

3.2 NetOp Gateway Functionality

NetOp Gateway can route NetOp communication receiving it using one enabled communication device and sending it using other enabled communication devices. In this way, NetOp Gateway can as an intermediary enable communication between NetOp modules that use mutually incompatible communication devices.

NetOp Gateway functionality categorizes communication devices into two groups:

• Networking communication devices enable one-to-multiple communication among multiple network computer NetOp modules by analogy with communication among multiple persons in a meeting. NetOp Remote Control supports the networking communication devices TCP/IP, IPX,

NetBIOS and Terminal Server.

• Point-to-point communication devices enable one-to-one communication between two computer

NetOp modules by analogy with communication between two persons by telephone. NetOp Remote

Control supports the point-to-point communication devices ISDN (CAPI), Windows modem, Serial,

Infrared (IrDA), TCP/IP (TCP) and TCP/IP (TCP IPv6).

NetOp Gateway must run on a network computer to enable communication between network computer

NetOp modules that use networking communication devices and NetOp modules on other computers.

NetOp Gateway treats networking communication devices as inside communication devices and point-topoint communication devices as outside communication devices, even if point-to-point communication devices are used inside the network.

These are the available routing scenarios:

Incoming and Outgoing

Outgoing to Incoming

Networking to Networking

Disabled: Incoming to Outgoing

3.2.1 Incoming and Outgoing

NetOp Gateway is typically used for routing communication between network computer NetOp modules that use networking communication and other computer NetOp modules that use point-to-point communication.

144

NetOp Gateway distinguishes between incoming communication (point-to-point to networking) and outgoing communication (networking to point-to-point) and can enable each communication direction or both for each communication profile that uses a point-to-point communication device.

3 NetOp Gateway

3.2.2 Outgoing to Incoming

Different network NetOp Gateways communicating between them by a point-to-point communication device can route communication between network computer NetOp modules on their networks that use networking communication devices.

This setup is typically used between geographically separated corporate entities that communicate through a private line or across the Internet using point-to-point communication.

3.2.3 Networking to Networking

NetOp Gateway can route communication between network computer NetOp modules that use mutually incompatible networking communication devices.

A typical example is the communication between a terminal server client NetOp module and a network computer NetOp module through a NetOp Gateway on the terminal server console, see

NetOp

Communication (TSE) .

3.2.4 Disabled: Incoming to Outgoing

The routing from one point-to-point communication device to another point-to-point communication device through one NetOp Gateway or through two NetOp Gateways on the same network is intentionally disabled as it would in some cases cause an uncontrolled propagation of network communication, a so-called broadcast storm.

3.3 NetOp Gateway Setup

You can install NetOp Gateway from the NetOp Remote Control CD, see the User’s Manual Installation chapter or the matching NetOp Guest Help or NetOp Host Help system section.

NetOp Gateway is a NetOp Host that can route NetOp communication between different communication devices. Set up NetOp Gateway as a Host just like NetOp Host, see the User’s Manual NetOp Host chapter or the matching NetOp Host Help system section.

Note: The NetOp Gateway program file NGWW32.EXE will reside in the directory where NetOp

Gateway is installed.

To load NetOp Gateway, select Start > All Programs > NetOp Remote Control> Gateway.

The setup of NetOp Gateway communication and security is explained in these sections:

Communication Setup

Security Setup

3.3.1 Communication Setup

NetOp Gateway communicates with other NetOp modules through communication hardware connected to the NetOp Gateway computer.

To service network computer NetOp modules, the NetOp Gateway computer must have at least one network connection.

To service NetOp modules on computers that communicate by other hardware such as modems, the

NetOp Gateway computer must have matching hardware connected to it.

Large networks with the need for multiple external point-to-point connections will for fault tolerance and load balancing typically have multiple NetOp Gateways, each with different communication hardware connected to it.

145

3.3 NetOp Gateway Setup

To enable NetOp Gateway Functionality

, select the Tools menu Communication Profiles command or click the matching Toolbar button to display the Communication Profile Setup window:

Notice that unlike the matching NetOp Host window, next to enabled communication profiles this

window displays NetOp Net Numbers

.

To enable NetOp modules to use NetOp Gateway for routing communication, communication profiles that match the communication profiles used by NetOp modules must be enabled on NetOp Gateway.

To create a communication profile, click New. To review or edit a communication profile, select it in the pane and click Edit. In both cases, this window will be displayed:

146

3 NetOp Gateway

The upper and lower sections of this window are identical to the matching sections in the general

Communication Profile Edit window, see the User’s Manual Common Tools chapter Communication

Device section or the matching NetOp Guest Help or NetOp Host Help section.

The middle Gateway settings section is unique to NetOp Gateway.

Gateway settings

Device group: []: This field will be disabled if a networking communication device is selected in the

Communication information section Communication device drop-down box or if Incoming connections

only is selected in the Connection direction section. Otherwise, it will be enabled displaying the communication profile

Device Group name, initially GATEWAY. You can edit the Device Group

name to indicate the properties of an outgoing point-to-point communication profile to NetOp module users, see

Device Group (maximum 10 characters).

NetOp Net (10..127): []: If you are creating a communication profile, this field will be empty. If you are

editing a communication profile, the field will contain a number. You can specify a NetOp Net Number in the range. If you leave the field empty, a random NetOp Net Number in the range not used by another

communication profile will be assigned. The rules that apply to assigning

NetOp Net Numbers

are explained in

NetOp Net Number

.

Connection Direction

This section will be disabled if a networking communication device is selected in the Communication

information section Communication device drop-down box.

Select one of the options:

Incoming and outgoing connections: Allow

Incoming and Outgoing

connections (default selection).

Note: This option will be disabled with the communication devices TCP/IP (TCP) and TCP/IP (TCP

IPv6).

Incoming connections only: Allow only incoming connections (default selection with the communication devices TCP/IP (TCP) and TCP/IP (TCP IPv6))

Outgoing connections only: Allow only outgoing connections.

3.3.1.1 Device Group

Specify a

Device Group

name to identify outgoing communication profiles with the same functionality on network NetOp Gateways to guide network users that want to connect through an outgoing network

NetOp Gateway. Specify a name of up to 10 characters that uniquely identifies communication profile properties.

Example

Multiple NetOp Gateways on a network have functionally identical analog modems connected.

Administrators decide that the communication profiles of these modems shall form a

Device Group

named Analog. NetOp Gateways shall assign the

Device Group name Analog to the communication

profile of these modems. Network users that select the

Device Group named Analog will be connected to

an analog modem available on any network NetOp Gateway:

3.3.1.2 NetOp Net Number

NetOp uses NetOp Net Numbers

to distinguish different NetOp Gateway communication profiles from each other. With multiple NetOp Gateways on a network, these rules apply:

147

3.3 NetOp Gateway Setup

1.

The

NetOp Net Number assigned to any networking communication profile that uses a particular

communication device must be the same on all network NetOp Gateways.

2.

The

NetOp Net Number assigned to any point-to-point communication profile on any network

NetOp Gateway must be unique among all NetOp Gateways and different from the

NetOp Net

Number assigned to any networking communication profile.

If the

NetOp Net Numbers

assigned manually or automatically do not satisfy these rules, they must be changed to satisfy the rules.

Example

Network administrators have decided on these networking NetOp Net Numbers

:

• 100: TCP/IP

• 101: IPX

• 102: NetBIOS

All network NetOp Gateways must use these

NetOp Net Numbers

and any point-to-point communication profile available on any network NetOp Gateway must use a unique

NetOp Net Number

different from these numbers.

Note: The NetOp Gateway window Communication tab has an additional Net column that displays the

NetOp Net Numbers

of enabled communication profiles.

3.3.2 Security Setup

NetOp Gateway security protects the network against unauthorized intrusion through an incoming

Gateway. This applies typically to an outside NetOp Guest that connects to start a session or execute an action with a network NetOp Host, but it applies also to an outside NetOp Host that requests help from a network NetOp Guest.

148

3 NetOp Gateway

To set up NetOp Gateway security, select the Tools menu Guest Access Security command or click the matching Toolbar button to display the Guest Access Security window. On NetOp Gateway, this window has an additional Gateway Access Privileges tab:

It specifies Gateway security options.

Gateway access method

The drop-down box list contains the options:

Grant all Guests Default Access Privileges

Grant Each Guest Individual Access Privileges using NetOp Authentication

Grant Each Guest Individual Access Privileges using Windows Security Management

Select an option in the list to display it in the field. Each selection will display different content in the sections below.

149

3.3 NetOp Gateway Setup

3.3.2.1 Grant all Guests Default Access Privileges

Select this option in the NetOp Gateway Guest Access Security window Gateway Access Privileges tab

Guest access method drop-down box to display this tab content:

150

This selection will route connections based on a common password, if specified.

Allow Guest to

Be routed via the Gateway: This box is disabled and checked to always allow routing if the correct password is specified.

Password

Password: []: Specify in this field a password of up to 16 characters to apply password protection

(default: empty). Characters will display as dots or asterisks.

Confirm password: []: Re-specify the password in this field for confirmation.

Note: Clear both fields to not apply password protection (default selection).

Call back

Select one of these options:

No call back: Do not apply call back (default selection).

3 NetOp Gateway

Call back to: []: Specify in the field a telephone number or IP address to make NetOp Gateway disconnect and connect to the specified telephone number or IP address when a NetOp module connects.

Roving call back: Request from a connecting NetOp module its computer telephone number or IP address. When received, NetOp Gateway will disconnect and reconnect to the received telephone number or IP address.

Note: Call back options are explained in more detail in the User’s Manual NetOp Host chapter Guest

Access Security section and in the matching NetOp Host Help system section.

When a NetOp module connects through a NetOp Gateway that uses Grant all Guests Default Access

Privileges , if NetOp Gateway specifies a password it will request a password. If the correct password is

specified, NetOp Gateway will route the connection.

3.3.2.2 Grant Each Guest Individual Access Privileges using NetOp Authentication

Select this option in the NetOp Gateway Guest Access Security window Gateway Access Privileges tab

Guest access method drop-down box to display this tab content:

This selection will route connections based on individual NetOp credentials.

The pane will display Security Role

folders that can contain

Guest Profile accounts. Initially, the pane

will display the Allow routing security role folder that will be empty. In the image above, a

Guest Profile

account has been added for illustration. Double-click a

Security Role folder to close (collapse) or open

151

3.3 NetOp Gateway Setup

(expand) it. You can move

Guest Profile accounts up and down, also between

Security Role folders, by

drag and drop.

If you select a Security Role

folder, the Allow Guest to section will be displayed to the right, see Grant all

Guests Default Access Privileges . It will always contain a disabled checked box labeled Be routed via the

Gateway.

If you select a

Guest Profile

account, the

Password and Call back sections will be displayed to the right.

Right-click in the pane to display this context menu:

Note: Add security role will be included only if a

Security Role folder is selected.

Add security role: Select this command or click the matching button below to display this window:

Security Role

It specifies a security role.

Name of Security Role

Name of Security role: []: Specify in the field the

Security Role name.

Allow Guest to

This section contains a disabled checked box labeled Be routed via the Gateway.

Note: You can create a

Security Role with a different name, bu it will have the same properties as the Allow routing Security Role

.

Add Guest: Select this command or click the matching button below to display this window:

152

3 NetOp Gateway

Guest Profile

It creates a

Guest Profile account in the selected

Security Role folder.

Guest name

Guest ID: []: Specify in this field the name by which the NetOp module will identify itself to the

Gateway.

Password

See

Grant all Guests Default Access Privileges .

Delete: Select a

Security Role

folder or a Guest Profile account and select this command or click the

matching button below to display a confirmation window to confirm delete it.

Caution: Deleting a

Security Role

folder will delete all Guest Profile accounts in it.

Rename: Select a

Security Role

folder or a Guest Profile

account and select this command to display this window:

Rename security role/Guest: []: You can edit the name in the field.

When a NetOp module connects through a NetOp Gateway that uses

Grant Each Guest Individual Access

Privileges using NetOp Authentication , NetOp Gateway will request NetOp logon credentials (Guest ID

and password). If specified credentials match the credentials of a NetOp Gateway

Guest Profile

account,

NetOp Gateway will route the connection.

153

3.3 NetOp Gateway Setup

3.3.2.3 Grant Each Guest Individual Access Privileges using Windows Security

Management

Select this option in the NetOp Gateway Guest Access Security window Gateway Access Privileges tab

Guest access method drop-down box to display this tab content:

154

This selection will route connections based on individual Windows credentials.

The pane will display

Security Role folders that can contain Windows user and Windows group accounts.

Initially, the pane will display the Allow routing security role folder that will be empty. In the image

above, a Windows user account has been added for illustration. Double-click a Security Role folder to

close (collapse) or open (expand) it. You can move Windows accounts up and down, also between

Security Role folders, by drag and drop.

If you select a Security Role

folder, the Allow Guest to section will be displayed to the right, see Grant all

Guests Default Access Privileges . It will always contain a disabled checked box labeled Be routed via the

Gateway.

If you select a Windows account, the Domain, RAS (Windows NT+ only) and Call back sections and the

Windows User Manager button (Windows NT+ only) will be displayed to the right.

3 NetOp Gateway

Right-click in the pane to display this context menu:

Note: Add security role and Rename will be included only if a

Security Role folder is selected.

Add security role: Select this command or click the matching button below to display the

Security Role

window, see

Grant Each Guest Individual Access Privileges using NetOp Authentication

.

Add User: Select this command or click the matching button below to display on a Windows 2000+ computer the Windows Select Users window to select Windows users to create accounts of them in the selected

Security Role folder.

On a Windows NT or 9X computer, this window will be displayed:

Which domain is the account in: []: The drop-down box list will display the names of Windows domains recognized by the NetOp Gateway computer. Select one in the list to display it in the field.

Select the account to add: []: The drop-down box list will contain the names of Windows users in the Windows domain selected above. Select one in the list to display it in the field.

Click OK to add the selected Windows user account to the selected Security Role

folder.

Add Group: Select this command or click the matching button below to display on a Windows 2000+ computer the Windows Select Groups window to select Windows users to create accounts of them in the selected

Security Role folder.

On a Windows NT or 9X computer, the Choose account window explained above displaying Windows groups instead of Windows users will be displayed to add a Windows group account.

Delete: Select a

Security Role folder or a Windows account and select this command or click the

matching button below to display a confirmation window to confirm deleting itdelete it.

Caution: Deleting a

Security Role folder will delete all Windows accounts in it.

Rename: Select a

Security Role folder and select this command to display the Rename window, see

Grant

Each Guest Individual Access Privileges using NetOp Authentication

.

Domain

This section will display the domain of the selected Windows account.

RAS

This section will be included only if NetOp Gateway is running on a Windows NT+ operating system.

155

3.4 Use NetOp Gateway

Get call back information from Windows NT Remote Access Service (RAS): Check the box (default: unchecked) to use call back information stored in Windows NT Remote Access Service (default: unchecked).

Call Back

This section will be included only if the box in the RAS section above is unchecked. See

Grant all Guests

Default Access Privileges .

Windows User Manager: This button will be included only if the Gateway is running on a Windows NT+ operating system. Click this button to display the Windows user manager window according to the administrator rights of the user logged on to Windows on the NetOp Gateway computer to manage users and groups.

When a NetOp module connects through a NetOp Gateway that uses

Grant Each Guest Individual Access

Privileges using Windows Security Management , NetOp Gateway will request Windows logon

credentials (user name, password and domain). NetOp Gateway will query Windows Security

Management for credentials validation and group membership information. If validated credentials match a NetOp Gateway Windows account, NetOp Gateway will route the connection.

3.4 Use NetOp Gateway

NetOp Gateway communication setup is straightforward with one NetOp Gateway. Name Device Groups

to guide network users in selecting the right communication device for their outgoing connections.

With multiple NetOp Gateways in a network, pay attention to selecting the right

NetOp Net Numbers

.

NetOp Gateway Security Setup is similar to setting up NetOp Host Guest Access Security.

The NetOp Gateway window tab panel has an additional Routing tab:

156

It will display current connections through the NetOp Gateway.

Its pane will contain records of connections in a table with this column content:

Time: Event icon and connection started time stamp (date and time).

User Name: Windows or network logon name of connecting user (if enabled).

Status: Connection status description.

Communication Profile: Name of used point-to-point communication profile.

Table controls are explained in Table Control .

NetOp Gateway can support one incoming/outgoing connection for each enabled point-to-point communication profile.

3 NetOp Gateway

Each modem or infrared link can support one connection.

Each network card can support one IP address and multiple port numbers. You can enable multiple TCP/

IP (TCP) and TCP/IP (TCP IPv6) communication profiles that use different port numbers at the same time.

If the network is protected by a perimeter firewall, NetOp Gateways should be installed in the firewall demilitarized zone (DMZ), see

Gateways and Firewalls

.

3.4.1 Gateways and Firewalls

Networks are typically protected by perimeter firewalls. NetOp Gateways must be installed correctly to not compromise firewall security. Typically, NetOp Gateway should be installed in the so-called demilitarized zone (DMZ) of the firewall as illustrated in the example below:

The outside Guest computer with IP address 192.168.0.1 listens on receive port 1234.

The Gateway computer is installed in the DMZ with two IP addresses, 192.168.16.3 listening on receive port 5678 with communication devices TCP/IP (TCP) or TCP/IP, and 192.168.20.4 listening on receive port 6789 with communication device TCP/IP.

The inside Host computer with IP address 192.168.20.5 listens on receive port 7890.

Firewall Rules

Referring to the above setup, these firewall rules must be implemented:

1.

Routing shall be allowed between 192.168.0.1:1234 and 192.168.16.3:5678 using TCP/IP (TCP) or

TCP/IP.

2.

Routing shall be allowed between 192.168.20.4:6789 and 192.168.20.5:7890 using TCP/IP.

Setup Suggestions

Implement rule 1 on the firewall and test it by remote controlling the Gateway from the Guest.

Implement rule 2 on the firewall, load a Guest on the Gateway computer and test rule 2 by remote controlling the Host from the Gateway computer Guest.

Reload the Gateway on the Gateway computer and enable it. Then test both connections by remote controlling the Host from the Guest.

If the Guest uses TCP/IP, enable the relevant TCP/IP communication profile at loading and connect using the communication profile <Any initialized communication> to request that the Gateway routes the communication to all enabled networking communication profiles.

If the Guest uses TCP/IP (TCP), connect using the relevant TCP/IP (TCP) communication profile.

Final check: Stop the Gateway and check that remote control of the Host from the Guest is no longer possible.

157

3.4 Use NetOp Gateway

158

4 NetOp Name Management

159

4.1 Summary

4.1 Summary

This chapter explains NetOp Name Management that enables connecting to NetOp modules by NetOp names across large segmented networks including the Internet. NetOp Name Management uses NetOp

Name Server that can resolve NetOp names into IP addresses. This chapter contains these sections:

NetOp Name Management Functionality

NetOp Name Server Setup

Use NetOp Name Management

4.2 NetOp Name Management Functionality

Connecting to a NetOp module across large segmented networks is typically complex, requiring connecting by the remote computer IP address or specifying the remote computer IP address in the IP

Broadcast List. However, the remote computer IP address may change.

NetOp Name Management eliminates these complexities to enable connecting by any name that is enabled on a NetOp module, such as:

• Computer IP address

• Host ID, if specified

• Host computer user Windows or network logon name, if enabled

• Guest ID, if specified

• Guest help service name (help provider name), if enabled

• NetOp School class name

• NetOp School Student name

NetOp Name Management uses NetOp Name Server that stores enabled names of NetOp modules that currently use it in a continuously updated name database.

NetOp Name Management works like this:

160

1.

Specify remote module name: The local NetOp module user will select a TCP/IP communication profile that uses NetOp Name Server and specify a remote NetOp module name.

2.

Send remote module name: When connecting, the local NetOp module will send the remote NetOp module name to NetOp Name Server.

3.

Return remote module IP address: NetOp Name Server will search its name database for the remote

NetOp module name. If found, NetOp Name Server will return the matching IP address.

4.

Connect by remote module IP address: The local NetOp module will connect by the retuned IP address.

The local NetOp module user will typically experience that the desired connection is achieved because

TCP/IP can connect by IP address across any IP network including the Internet.

If NetOp Name Server finds multiple matches for the specified remote NetOp module name in its name database, it will return them to the local NetOp module to enable its user to select one of them. This applies to NetOp Guest connecting to or browsing for Hosts and NetOp Host requesting help.

4 NetOp Name Management

NetOp Name Server will keep its name database current by requesting that NetOp modules that use it refresh their stored names frequently, which will happen automatically. Names that are not refreshed will be deleted.

To enable privacy, NetOp modules can store their names in a private name space that is identified by a character string Name Space ID. Only NetOp modules that specify the same Name Space ID can connect by using NetOp Name Server.

NetOp offers on the Internet a NetOp Name Management service that is available for free to all NetOp users.

You can buy NetOp Name Server to run NetOp Name Management on your private network.

4.3 NetOp Name Server Setup

You can install NetOp Name Server from the NetOp Remote Control CD, see the User’s Manual

Installation chapter or the matching NetOp Guest Help or NetOp Host Help system section.

NetOp Name Server is a NetOp Host that can resolve enabled NetOp module names into IP addresses.

Set up NetOp Gateway as a Host just like NetOp Host, see the User’s Manual NetOp Host chapter or the matching NetOp Host Help system section.

Note: The NetOp Name Server program file NNSW32.EXE will reside in the directory where NetOp

Name Server is installed.

To load NetOp Name Server, select Start > All Programs > NetOp Remote Control> Name Server.

161

4.3 NetOp Name Server Setup

4.3.1 Name Service Setup

To set up the NetOp Name Server name service, select the Tools menu Program Options command to display the Program Options window. Select the NetOp Name Server tab:

162

It specifies NetOp Name Server options.

Make this Host a NetOp Name Server: Leave this box checked to enable the name service functionality and enable the commands below (default: checked).

Client refresh rate: [] Minutes: Specify in this field a number in the range 1 to 99 to request that NetOp modules that use this NetOp Name Server connect to refresh their names stored in the name database every <number> minutes (default: 5).

Server life time: [] Minute(s): Specify in this field a number in the range 1 to 99 to delete stored names that have not been refreshed within the last <number> minutes (default: 6).

Note: These settings will ensure that the name database is always updated except for changes within the

last Server life time number of minutes if the Server life time value is slightly larger than the Client

refresh rate value.

Clear database upon startup: Leave this box checked to clear the name database when NetOp Name

Server communication is restarted (default: checked).

Note: The NetOp Name Server name database uses a NetOp proprietary storage mechanism. You cannot

access the name database.

4 NetOp Name Management

4.3.2 Communication Setup

The NetOp Name Server name service works by communication with NetOp modules using the TCP/IP communication device.

To service NetOp modules, communication profiles that use the TCP/IP communication device must be enabled. If NetOp modules use different TCP/IP communication profiles, create matching communication profiles, see the User’s Manual NetOp Host chapter Host Tools section Communication

Profiles section or the matching NetOp Host Help system section.

To enable NetOp Name Server communication, Start NetOp Name Server to display Running in the

NetOp Name Server window title bar, in the tab panel General tab Status field and in the tooltip of the

NetOp Name Server button in the notification area in the lower right corner of the screen.

4.4 Use NetOp Name Management

When set up and started, NetOp Name Server can operate unattended.

For fault tolerance and load balancing, it is customary and recommended to use dual NetOp Name

Servers.

You can check NetOp Name Management performance on the NetOp Name Server window tab panel

Name Server tab:

It displays name service properties.

Name Server status []: This disabled field will display Running if the Program Options window NetOp

Name Server tab Make this Host a NetOp Name Server box is checked and Stopped if unchecked.

Note: On this tab, Running means that the name service is enabled. It has no relation to the NetOp Name

Server communication status, see Communication Setup .

Number of registered names []: This disabled field will display the number of names stored in the name database.

This number gives an indication of NetOp Name Management performance. It should vary when NetOp modules that use NetOp Name Management start and stop communication. Dual NetOp Name Servers should display approximately the same number. If one NetOp Name Server is restarted clearing the name database, the name count should increase from zero and stabilize after the time set for Client refresh rate.

163

4.4 Use NetOp Name Management

Each NetOp module that uses NetOp Name Server may account for multiple names. Guest names include

Guest ID and help service names. Host names include Host ID and Host computer Windows or network logon user name. IP addresses do not count as names.

NetOp modules that use NetOp Name Management specify the use of NetOp Name Server in the

Advanced TCP/IP Configuration window that is a subwindow of the TCP/IP Communication Profile Edit window. They specify the Name Space ID on the Program Options window Host Name tab, see the

User’s Manual or the NetOp Guest Help or NetOp Host Help systems.

If NetOp modules that use NetOp Name Server cannot connect to NetOp modules on remote network segments, check that at both ends:

1.

the same NetOp Name Servers are specified to be used,

2.

the same Name Space ID is specified and

3.

communication profiles match, also with NetOp Name Servers.

Note: Certain firewall setups can cause problems, see the documentation on the Advanced TCP/IP

Configuration window.

164

5 Advanced Tools

165

5.1 Summary

5.1 Summary

This chapter explains advanced tools for NetOp Remote Control running on Windows operating systems.

It contains these sections:

Silent Install

NetOp Deployment Utility

NetOp Remote Control in Terminal Server Environments

NetOp Guest ActiveX Component

NetOp Scripting ActiveX Control

NetOp Remote Control Processes and Windows Security .

5.2 Silent Install

Silent Install enables a user with installation privileges to install and set up NetOp Remote Control modules on a local computer by a single command.

You can install NetOp Remote Control interactively by the Windows Installer and traditional

InstallShield methods and set up NetOp Guest and NetOp Host and extended Hosts interactively, see the

User’s Manual Installation, NetOp Guest and NetOp Host chapters.

Correspondingly, these Silent Install

methods are available:

Silent Install (Windows Installer)

Silent Install (Traditional InstallShield)

5.2.1 Silent Install (Windows Installer)

Silent Install (Windows Installer) uses administrator customized Windows Installer installation files that

will control application installation and setup.

You can customize NetOp Windows Installer installation files in NetOp Transform Editor

.

To install silently, customized Windows Installer installation files must be available in a directory.

This will enable a user with installation privileges on the local computer to install and set up a NetOp module by a single command.

This section contains these sections:

NetOp Transform Editor

Run Silent Install (Windows Installer)

5.2.1.1 NetOp Transform Editor

NetOp Transform Editor enables a user with administrator privileges to create customized Windows

Installer files.

This section includes these sections:

Install NetOp Transform Editor

NetOp Transform Editor Window

Title Bar

Tab Panel

MSI Tab

Properties Tab

Features Tab

Configuration Tab

Files Tab

166

5 Advanced Tools

INI Settings Tab

Registry Tab

Shortcut Tab

Build Tab

5.2.1.1.1 Install NetOp Transform Editor

In the NetOp Remote Control CD menu, select NetOp Transform Editor or in the \NTE\EN directory run

(double-click) the TransformEditor.msi file to display this window:

167

5.2 Silent Install

Click Next to display this window:

168

Folder: [] [Browse] [Disk Cost]: This field displays the directory in which NetOp Transform Editor

will be installed (default: C:\Program Files\Danware Data\NetOp Transform Editor\). Click Browse to display the Browse for Folder window to select a directory to display its path in the field. Click Disk Cost to display the NetOp Transform Editor Disk Space window that will display the

NetOp Transform Editor

disk space demands and available disk space.

Select one of these options:

Everyone: A user logged on by any credentials can run NetOp Transform Editor .

Just me: Only a user logged on by your credentials can run

NetOp Transform Editor (default

selection).

Click Next to display this window:

5 Advanced Tools

Click Next to start installation. When installation has completed, this window will be displayed:

169

5.2 Silent Install

Click Close to end installation.

5.2.1.1.2 NetOp Transform Editor Window

To load NetOp Transform Editor , select the Start > All Programs > NetOp Remote Control > Transform

Editor command or in the directory in which

NetOp Transform Editor

was installed run (double-click)

transformeditor.exe to display this window:

170

It contains these elements:

Title Bar

Tab Panel

and these buttons along the bottom border:

Build: This button will be enabled when customizations have been specified on the other tabs. Click it to create customized Windows Installer files according to tab specifications.

Note: After building, the

MSI Tab specified Output Folder will contain the original msi file and if

retrieved from a directory that contains a setup.exe file also this file, an mst transform file and if files have

been replaced on the Files Tab possibly also an msp patch file. Any __temp... files will be removed when

NetOp Transform Editor is unloaded.

Back: Click this button to display the

Tab Panel

tab to the left of the displayed tab.

Next: Click this button to display the

Tab Panel

tab to the right of the displayed tab.

Exit: Click this button or select a

Window Control Close control to close the

NetOp Transform Editor

Window to unload

NetOp Transform Editor .

5.2.1.1.3 Title Bar

This is the

NetOp Transform Editor Window title bar:

Title bar window controls are explained in

Window Control .

5.2.1.1.4 Tab Panel

This is the

NetOp Transform Editor Window

tab panel:

5 Advanced Tools

It contains these tabs:

MSI Tab

Properties Tab

Features Tab

Configuration Tab

Files Tab

INI Settings Tab

Registry Tab

Shortcut Tab

Build Tab

171

5.2 Silent Install

5.2.1.1.5 MSI Tab

This is the

NetOp Transform Editor Window

MSI Tab :

It specifies the Windows Installer package msi file that is being customized and the directory in which customized Windows Installer files will be saved.

Original MSI file [] Open: Click Open to display an Open MSI File window like a Windows Open window to open an msi file in

NetOp Transform Editor

to display its path and name in the field.

Output folder [] Open: Click Open to display a Browse for Folder window to select the directory in which customized Windows Installer installation files shall be saved to display its path in the field.

Note: To prepare

Silent Install (Windows Installer)

, select the directory from which users shall be able to install or an intermediary computer directory, e.g. an NTE Output directory on the desktop.

To prepare NetOp Deployment Utility

Deployed Module Setup (Windows Installer) , select the directory

specified in the Media Import Section (1)

Directory to download to field.

Until you have specified a valid msi file and a valid output folder, you cannot display the contents of any other tab.

172

5.2.1.1.6 Properties Tab

This is the

NetOp Transform Editor Window

Properties Tab :

5 Advanced Tools

It specifies the public properties of customized Windows Installer files.

It contains records of public properties in a table with these column contents:

Property: Property name.

Value: Property value.

Description: Optionally, a property description.

Table controls are explained in

Table Control .

NetOp Remote Control Windows Installer specifies many properties of which some are Windows

Installer properties and others whose names start with DW_ are NetOp properties. Private (uneditable) properties cannot be displayed in the table. The value options of the public (editable) properties that are displayed initially are explained in this table. Default values are marked with an asterisk.

Property

ALLUSERS

ARPHELPLINK

ARPPRODUCTICON

Value Options

<None>: No value will remove the ALLUSERS property from the table.

Only the installing user can run the application.

1*: A user without administrator privileges cannot install the application. If installed by a user with administrator privileges, all computer users can run the application.

2: If installed by a user without administrator privileges, only the installing user can run the application. If installed by a user with administrator privileges, all computer users can run the application.

Specify the Internet address for technical support.

http://support.netop.com* is the Support for NetOp Remote Control

Internet address.

Must specify the foreign key to the Windows Installer icon table, which is the primary icon for the Windows Installer package. icohostmain.exe is the NetOp Host and extended Host foreign key. icoguest32.exe is the

NetOp Guest foreign key. icostudents.exe is the NetOp Student foreign key. icoteacher.exe is the NetOp Teacher foreign key.

173

5.2 Silent Install

DW_ALLOW_XP_FIREWALL

DW_LAUNCH_NETOP

DW_LICENSE_RHST_SN

DW_LICENSE_RGST_SN

DW_LICENSE_RSES_SN

DW_LICENSE_RNMS_SN

DW_LICENSE_RGWS_SN

DW_LICENSE_SCLS_SN

DW_LICENSE_SSTD_SN

DW_LICENSE_STCH_SN

DW_REMOVE_SETTINGS

DW_RESTART_SERVICE

INSTALLLEVEL

PRIMARYFOLDER

<None>: Will disable NetOp communication through the computer

Windows Firewall.

1*: Will enable NetOp communication through the computer Windows

Firewall.

<None>: Will not load the NetOp module after installation.

1*: Will load the NetOp module after installation.

Specify the NetOp Remote Control Host license number (none*).

Specify the NetOp Remote Control Guest license number (none*).

Specify the NetOp Remote Control Security Server license number

(none*).

Specify the NetOp Name Server license number (none*).

Specify the NetOp Gateway license number (none*).

Specify the NetOp School Class Server license number (none*).

Specify the NetOp School Student license number (none*).

Specify the NetOp School Teacher license number (none*).

<None>: Will not remove installed NetOp configuration files when reinstalling.

1*: Will remove installed NetOp configuration files when reinstalling.

<None>: Will not restart the NetOp Host service after installation.

1*: Will restart the NetOp Host service after installation to enable any installed or updated NetOp Host.

Installable features can be assigned a level from 0 to 32767. A number in the range 1 to 32767 will make features with a lower number except 0 available for installation. 100* is the normal level for a Typical installation.

Must be the key name of a directory that exists in the Windows Installer directory table. TARGETDIR* will typically specify the directory recommended by the manufacturer.

Note: Other properties of which records may be displayed in the table without a description are not

editable.

Edit: Select a record and click this button to display this window:

174

Property: The property name is displayed.

Value []: In this field, you can edit the property value.

Description []: In this field, you can edit the property description.

Add: Click this button to display this window:

5 Advanced Tools

Property []: In this field, specify the property name.

Value []: In this field, specify the property value.

Description []: In this field, you can specify a property description.

5.2.1.1.7 Features Tab

This is the

NetOp Transform Editor Window

Features Tab :

It specifies the application features that will be installed from the customized Windows Installer files.

The left pane contains a tree structure of available application features. Select a feature to highlight it to display a description in the right pane.

Initially, feature boxes will be checked according to the

Properties Tab INSTALLLEVEL value. Check/

uncheck boxes to install/not install features.

175

5.2 Silent Install

Edit: Click this button to display this window:

In this window, you can edit the feature title and description.

5.2.1.1.8 Configuration Tab

This is the

NetOp Transform Editor Window

Configuration Tab :

176

It enables replacing the

MSI Tab

specified Original MSI file configuration files by the user configuration files of a set up application to install from customized Windows Installer files with this setup.

Configuration program [] [Run]: The field of this drop-down box will display the path of the program

file of a computer application that matches the MSI Tab specified Original MSI file. The drop-down box

list may contain the paths of multiple matching computer applications. If no matching application is installed on the computer, the field will be empty. To replace configuration files, a matching application must be installed on the computer. Click Run to run the application whose path is displayed in the field to set it up like you want applications installed from customized Windows Installer files to be set up.

Note: NetOp module setup will be written to user configuration files when unloaded. Remember to

unload the configuration program to write its setup to its user configuration files.

Configuration files [] [Browse] []: This field will display the path of the default NetOp Host user configuration files directory C:\Documents and Settings\All Users\Application Data\Danware

Data\NetOp Remote Control\Host. If this directory contains configuration files that match the application whose program file path is displayed in the Configuration Program drop-down box field, configuration file records will be displayed in the table below. If not, click Browse to display the Browse for Folder window to select the directory that contains the user configuration files of the application whose program file path is displayed in the Configuration Program drop-down box field.

Note: NetOp configuration files are explained in the User’s Manual Common Tools chapter NetOp

Configuration Files section and in the matching NetOp Guest Help and NetOp Host Help sections.

5 Advanced Tools

The table below will display configuration file records with these column contents:

File Name: Checkbox (default: unchecked) and configuration file name. Check/uncheck the box to replace/not replace the file.

Install Path: Will display the configuration file path if the File Name record box is checked.

Table controls are explained in

Table Control .

5.2.1.1.9 Files Tab

This is the

NetOp Transform Editor Window

Files Tab :

It enables replacing the

MSI Tab specified Original MSI file files other than configuration files by files in

a specified computer location.

It specifies

MSI Tab specified Original MSI file default installed files other than configuration files in a

table with these column contents:

File Name: Checkbox (default: unchecked) and file name. Check/uncheck the box to replace/not replace the file by the file whose path is specified in the Source Path column cell to the right.

Source Path: Must display the source path of a replacement file, see Browse below.

Table controls are explained in

Table Control .

Browse: Select a record and click this button to display a New Source Path for <File name> window like a Windows Open window to open a replacement file to display its path in the Source Path column cell.

Note: While other customizations will be written to a mst transform file, file replacements will typically

be written to a msp patch file.

177

5.2 Silent Install

5.2.1.1.10 INI Settings Tab

This is the

NetOp Transform Editor Window

INI Settings Tab :

It enables adding INI file settings other than NETOP.INI file [INSTALL] section keys.

Initially, it will display records of keys other than [INSTALL] section keys in the computer NETOP.INI file in a table with these column contents:

File Name: Unchecked box and INI file name. Check the box to add the key.

Dir. Property: INI file path.

Section: INI file section name.

Key: INI file key name.

Value: INI file key value.

Table controls are explained in Table Control .

Edit: Select a record and click this button to display this window:

178

In the fields, you can edit the section name, key name and key value.

Add: Click this button to display this window:

5 Advanced Tools

In the fields, you can specify the properties of an added INI file setting.

Note: The NETOP.INI file is explained in the User’s Manual Common Tools chapter NETOP.INI

section and in the matching NetOp Guest Help and NetOp Host Help sections.

5.2.1.1.11 Registry Tab

This is the

NetOp Transform Editor Window

Registry Tab :

It specifies the registry settings that will be created when installing.

Initially, it will display records of the registry settings in the

MSI Tab specified Original MSI file in a

table with these column contents:

Registry: Checkbox (default checked) and registry setting name. Uncheck/check the box to not add/ add the setting.

Root: Key path specification number of levels from the registry root level.

Key: Key path.

Name: Key property name unless (Default).

179

5.2 Silent Install

Value: Key property value, if any.

Component: Application component that uses this registry setting.

Table controls are explained in Table Control .

Edit: Select a record and click this button to display this window:

In the fields, you can edit the registry setting name, root level, key path, key property name and key property value and in the drop-down box select the application component.

Add: Click this button to display this window:

180

5 Advanced Tools

In the fields, specify a registry setting name, root level, key path, key property name and key property value and in the drop-down box select an application component to add a registry setting.

Caution: Changing registry settings can lead to unpredictable results.

5.2.1.1.12 Shortcut Tab

This is the

NetOp Transform Editor Window

Shortcut Tab :

It specifies the program folder shortcuts that will be replaced when installing.

Initially, it will display records of the

MSI Tab specified Original MSI file shortcuts in a table with these

column contents:

Name: Checkbox (default checked) and shortcut name. Uncheck/check the box to not replace/ replace the shortcut.

Feature: Name of the feature that will be loaded by the shortcut.

Table controls are explained in

Table Control .

Edit: Select a record and click this button to display this window:

In this window, you can edit the shortcut name.

181

5.2 Silent Install

5.2.1.1.13 Build Tab

This is the

NetOp Transform Editor Window

Build Tab :

182

It will display a textual account of a build process.

Initially, the pane will be empty. Click the Build button below to create customized Windows Installer files in the

MSI Tab

specified Output Folder according to your tab specifications to display a textual account of the build process in the pane.

Note: After building, the

MSI Tab specified Output Folder will contain the original msi file and if

retrieved from a directory that contains a setup.exe file also this file, an mst transform file and if files have

been replaced on the Files Tab possibly also an msp patch file. Any __temp... files will be removed when

NetOp Transform Editor is unloaded.

Click the Copy button to copy the textual account to the clipboard.

5.2.1.2 Run Silent Install (Windows Installer)

To run Silent Install (Windows Installer)

from a directory that contains

NetOp Transform Editor

output files, from a command prompt or in the Run window execute this command:

<Directory path>:\msiexec /i <Application.msi>

TRANSFORMS=<Application.mst> PATCH=”<Full path>\<Application.msp>”

This command will install and set up the application as specified in

NetOp Transform Editor displaying

normal installation windows.

Note: The

PATCH

statement requires the full path to the

<application.msp>

file or an equivalent environment variable. If there is no

<application.msp>

file, omit the

PATCH

statement.

You can add these optional parameters to the command in any order:

Parameter

/quiet

/l* <Log file name>

Function

Quiet mode, no user interaction.

Creates an installation log in <Log file name>.

Note: To display the full range of msiexec parameters, run the command msiexec.

Example:

<Directory path>:\msiexec /i NetOpRemoteControlHost_UK.msi

TRANSFORMS=NetOpRemoteControlHost_UK.mst

PATCH="%CD%\NetOpRemoteControlHost_UK.msp” /quiet /l* setup.log

This command will install and set up NetOp Remote Control Host from NetOp Transform Editor output

files in quiet mode logging the installation in a setup.log file.

5 Advanced Tools

Note: The

%CD%

environment variable is not available in older Windows versions.

5.2.2 Silent Install (Traditional InstallShield)

Silent Install (Traditional InstallShield) uses traditional InstallShield installation files and an

administrator prepared

SETUP.ISS

file that controls installation and setup.

To install silently, these files must be available in the same directory:

• Traditional InstallShield installation files.

• A

SETUP.ISS

file.

• Files for copying as specified in the

SETUP.ISS

file

[COPY FILES] Section

.

This will enable a user with installation privileges on the local computer to install and set up applications by a single command.

This section contains these sections:

SETUP.ISS

Run Silent Install (Traditional InstallShield)

5.2.2.1 SETUP.ISS

To install NetOp Remote Control by Silent Install (Traditional InstallShield)

, a NetOp Remote Control

SETUP.ISS

file must be prepared.

SETUP.ISS

is a plain text file in a fixed format with sections that contain keys. Keys specify the values of

predefined installation and setup parameters.

You can create a NetOp Remote Control

SETUP.ISS

from scratch in a text editor like Notepad.

However, you can typically save considerable time by using the

NetOp Deployment Utility

Deployed

Module Setup (Traditional InstallShield)

NetOp Deployment Template

window. Subsequently, you can

edit the SETUP.ISS

file to fine-tune it to suit your preferences.

The NetOp Remote Control

SETUP.ISS

file sections are explained in these sections:

First Three Sections

[INSTALL] Section

[HOST] Section

[COPY FILES] Section

5.2.2.1.1 First Three Sections

These are the first three NetOp Remote Control SETUP.ISS

file sections:

[InstallSHIELD Silent]

Version=5.10.000

File=Response File

[Application]

Name=NetOp Remote Control

Version=6.00.00

Company=Danware Data A/S

[DlgOrder]

Count=0

They specify installation program settings. They must appear exactly as shown and should not be changed.

If you create a SETUP.ISS

file from the

NetOp Deployment Utility

Deployed Module Setup (Traditional

InstallShield)

NetOp Deployment Template

window, its first three sections will appear as required.

183

5.2 Silent Install

5.2.2.1.2 [INSTALL] Section

The NetOp Remote Control

SETUP.ISS

file

[INSTALL] Section must contain certain required keys and

can contain additional optional keys.

If you create a SETUP.ISS

file from the

NetOp Deployment Utility

Deployed Module Setup (Traditional

InstallShield)

NetOp Deployment Template

window, the

[INSTALL] Section will contain keys specified

on the General Tab

.

Keys, value options and their effects are explained in the table below. Default key values that will apply if an optional key is not included are marked with an asterisk:

Required/

Optional

Key

Required

HOSTFILES=

Values Effect

Optional

HOSTSERIALNR=

0

1

<Valid license number>

NetOp Host shall not be installed.

NetOp Host shall be installed.

If HOSTFILES=0, NetOp Host will not be installed.

If HOSTFILES=1, NetOp Host will be installed. The partly masked license number will be displayed in the About NetOp Remote

Control Host window.

NetOp Host will not be installed.

Required

GUESTFILES=

Optional

GUESTSERIALNR=

0

1

<No or invalid license number>*

<Valid license number>

NetOp Guest shall not be installed.

NetOp Guest shall be installed.

If GUESTFILES=0, NetOp Guest will not be installed.

If GUESTFILES=1, NetOp Guest will be installed. The partly masked license number will be displayed in the About NetOp Remote

ControlGuest window.

NetOp Guest will not be installed.

Required

UPDATE_INST=

<No or invalid license number>*

0

Optional

DIRECTORY=

1

<Path>

<No value>*

Installed NetOp configuration files will not be replaced.

Installed NetOp configuration files will be replaced.

Program files will be installed in <Path>.

<Path> will replace any existing NETOP.INI file [INSTALL] section DIRECTORY= key value.

Program files will be installed in:

If a NETOP.INI file exists, in its [INSTALL] section DIRECTORY= key directory.

If no NETOP.INI file exists, in C:\Program

Files\Danware Data\NetOp Remote Control.

This path will become the NETOP.INI file

[INSTALL]

section DIRECTORY= key value.

184

5 Advanced Tools

Optional

FOLDER=

<Folder name>

<No value>*

A Start\Programs\<Folder name> folder will be created. <Folder name> will replace any existing NETOP.INI file [INSTALL] section

FOLDER=

key value.

If a NETOP.INI file [INSTALL] section

FOLDER=

key folder exists, it will be used.

Required

Required

Required

Required

Required

Optional

Optional

Optional

LICENSEDTO=

CONFIGURE_HOST=

HIDE_PROGRESS=

UNINSTALL_INST=

BOOT=

DONT_CREATE_PROGRAM_FOLDER=

DONT_SHOW_PROGRAM_FOLDER=

WF_ENABLE_APP=

0

1

<3 or more characters>

<No or invalid value>

If no NETOP.INI file [INSTALL] section

FOLDER=

key folder exists, a NetOp Remote

Control folder will be created. NetOp Remote

Control will become the NETOP.INI file

[INSTALL]

section FOLDER= key value.

The value will be displayed in the About NetOp

Remote Control... window.

Installation will fail.

0

1

0

1

0

1

2

0*

1

0

1*

0

1*

Default NetOp Host setup will be applied.

[HOST] Section Netop Host setup will be

applied.

Installation and setup windows will be displayed.

Installation and setup windows will not be displayed.

Existing installation will not be uninstalled.

Existing installation will be uninstalled.

Computer will not restart after installation.

Computer will restart after installation if needed.

Computer will restart after installation.

Program commands will be created in the

FOLDER=

key folder.

No program commands will be created in the

FOLDER=

key folder.

FOLDER=

key folder program shortcuts will be displayed after installation.

FOLDER=

key folder program shortcuts will not be displayed after installation.

Incoming NetOp connections through

Windows Firewall will be disabled.

Incoming NetOp connections through

Windows Firewall will be enabled.

5.2.2.1.3 [HOST] Section

If in the NetOp Remote Control SETUP.ISS

file

[INSTALL] Section

CONFIGURE_HOST=1, silently installed NetOp Host will be configured as specified in the

[HOST] Section .

If you create a SETUP.ISS

file from the

NetOp Deployment Utility

Deployed Module Setup (Traditional

InstallShield)

NetOp Deployment Template

window, the

[HOST] Section

will contain keys specified on

tabs other than the General Tab

and the

Copy Files Tab .

Note: Instead of specifying NetOp Host configuration details in the

[HOST] Section , you may prefer this

procedure:

1.

Set up a “master” NetOp Host exactly like you want silently installed NetOp Hosts to be set up.

185

5.2 Silent Install

2.

Copy all of its Documents and Settings\All Users\Application Data\Danware Data\NetOp Remote

Control\Host directory files with the extension ndb to the directory from which to install silently.

3.

In the [COPY FILES] Section , specify copying all ndb files. This will set up silently installed NetOp

Hosts like the “master” NetOp Host.

All

[HOST] Section keys are optional. Keys, value options and their effects are explained in the table

below. Default key values that apply if a key is not specified are marked with an asterisk:

Key

AFTER_CON_BALLON_TIP_ENABLE=

AFTER_CON_DISP_MSG=

AFTER_CON_DISP_MSG_TIMEOUT=

AFTER_CON_MSG_PW_ENABLE=

ALLOW_MULTI_GUEST=

ASK_FOR_MODEM=

AUTHENTICATION_ADDR=

AUTHENTICATION_KEY=

COMPROF=

DEF_CALL_BACK=

DEF_CALL_BACK_NUMBER=

Values

0*

1

0*

1

0* - 9999

0*

1

0*

1

0*

1

Effect

Host will not display a notification area NetOp Host button balloon tip if Guests have been connected.

Host will display a notification area NetOp Host button balloon tip if Guests have been connected.

Host will not display the History List window if

Guests have been connected.

Host will display the History List window if Guests have been connected to the Host.

If AFTER_CON_DISP_MSG=1, the History List window will be displayed for the specified number of seconds (0: until the Host is unloaded).

Host will not request a password to close the

History List window.

Host will request the

ON_AFTER_MSG_PASSWORD=

password to close the History List window.

Host will not allow multiple Guest connections at the same time.

Host will allow multiple Guest connections at the same time.

Host will not create a Windows Modem communication profile when loaded for the first time.

Host will create a Windows Modem communication profile when the Host is loaded for the first time.

Host will authenticate connecting Guest by using

<NetOp Access Server name>.

<NetOp Access

Server name>

(none*)

<Characters>

(none*)

<Communication profile> (none*)

0*

1

2

<Telephone number> (none*)

Host will be authenticated on NetOp Access Server or authenticate Guest side enabled Guests by

<Characters>.

Host will communicate by <Communication profile>.

If GUEST_ACCESS_METHOD=0, Host will not apply callback.

If GUEST_ACCESS_METHOD=0, Host will apply callback to a fixed telephone number.

If GUEST_ACCESS_METHOD=0, Host will apply roving callback.

If GUEST_ACCESS_METHOD=0 and

DEF_CALL_BACK=1

, Host will call back to

<Telephone number>.

186

5 Advanced Tools

DEF_CONFIRM_ACCESS=

Note: Values are hexadecimal numbers that will be added to form a single number that specifies the confirm access setting.

0x00000000 and other invalid values will enable the default value.

DEF_PASSWORD=

DISABLE_FT_BEFORE_LOGIN=

DURING_CON_ANIMATE_ICON=

DURING_CON_DISP_GUEST_NAME=

DURING_CON_PLAY_INT=

DURING_CON_PLAY_SOUND=

ENABLE_FULL_DUPLEX=

ENABLE_USER_NAME=

ENCRYPT_ENABLE_TYPES=

Note: Values are hexadecimal numbers that will be added to form a single number that specifies which encryption types are enabled. 0x00000000 and other invalid values will enable the default value.

ENVIRONMENT_VAR=

FILE_TRANSFER_STATUS=

0x00000001*

0x00000002

0x00000004

0x00000008

0x00000010

<Password>

(none*)

0*

1

0*

1

0

1*

10*-59

0*

1

0

1*

0

1*

0x00000001*

0x00000004*

0x00000008*

0x00000010*

0x00000020*

0x00000040*

0x00000080*

<Environment variable> (none*)

0*

1

If GUEST_ACCESS_METHOD=0, Guest access will not depend on Host computer user confirmation.

If GUEST_ACCESS_METOD=0, Guest access will depend on Host computer user confirmation unless a selected option below applies.

Host computer is locked.

No user is logged on to the Host computer.

Guest user is logged on to the Host computer.

If GUEST_ACCESS_METHOD=0, Host will request

<Password> from connecting Guests.

Host will enable NetOp file transfer if no user is logged on to the Host computer.

Host will disable NetOp file transfer if no user is logged on to the Host computer.

Host computer notification area NetOp Host button will not be animated during Guest connection.

Host computer notification area NetOp Host button will be animated during Guest connection.

NetOp Host window title bar will not display the name of a connected Guest.

NetOp Host window title bar will display the name of a connected Guest.

If DURING_CON_PLAY_SOUND=1, the sound will play at specified number of seconds intervals.

Host will not play a sound during Guest connection.

Host will play a sound during Guest connection.

Host computer full duplex audio will be disabled.

Host computer full duplex audio will be enabled.

Host will not respond to communication to the

Windows or network logon user name.

Host will respond to communication to the

Windows or network logon user name.

Host will enable NetOp 6.x/5.x compatible encryption.

Host will enable no encryption.

Host will enable Data Integrity encryption.

Host will enable Keyboard encryption.

Host will enable Data Integrity and Keyboard encryption.

Host will enable High encryption.

Host will enable Very High encryption.

If NAMING=2, <Environment variable> will determine the Host ID.

Host will not display the File Transfer Status window when a Guest starts a file transfer session.

Host will display the File Transfer Status window when a Guest starts a file transfer session.

187

5.2 Silent Install

GUEST_ACCESS_METHOD=

GW_DEF_CALL_BACK=

0*

1

2

3

4

5

0*

1

2

Host will grant all Guests default access privileges.

Host will grant Guests individual NetOp access privileges.

Host will grant Guests individual Windows access privileges.

Host will use version 6.5- NetOp Access Server

Guest side authentication.

Host will use NetOp Security Server or version 6.5-

NetOp Access Server Host side authentication.

Host will grant Guests individual directory services access privileges.

If Gateway GUEST_ACCESS_METHOD=0,

Gateway will not apply callback.

If Gateway GUEST_ACCESS_METHOD=0,

Gateway will apply callback to a fixed telephone number.

If Gateway GUEST_ACCESS_METHOD=0,

Gateway will apply roving callback.

GW_DEF_CALL_BACK_NUMBER=

GW_DEF_PASSWORD=

HANGUP_ACTION=

HR_COMPROF=

HR_ENABLE_HELP_SERVICE=

<Telephone number> (none*)

<Password>

(none*)

0*

1

2

3

<Communication profile> (none*)

0

If Gateway GUEST_ACCESS_METHOD=0 and

GW_DEF_CALL_BACK=1

, Gateway will call back to <Telephone number>.

If Gateway GUEST_ACCESS_METHOD=0,

Gateway will request <Password> from connecting

Guests.

Host status will be Running after disconnect.

Host computer will be locked after disconnect.

Host computer user will be logged off from

Windows or the network after disconnect.

Host computer will restart after disconnect.

If HR_USE_WHAT_COMPROF=1, Host will request help by <Communication profile>.

Host cannot request help from a help service (help provider).

1*

HR_ENABLE_SERVICE_TICKETS=

0*

1

HR_HELP_PROVIDER=

HR_ICON_TO_TRAY=

HR_LOGIN_DOMAIN=

HR_LOGIN_NAME=

HR_LOGIN_PASSWORD=

<Help provider name> (none*)

0*

Host can request help from a help service (help provider).

Host cannot request help by a service ticket.

Host can request help by a service ticket.

If HR_ENABLE_HELP_SERVICE=1, Host will request help from <Help provider name>.

Host will not display a notification area Netop Help

Request button.

1

<Domain>

(none*)

Host will display a notification area Netop Help

Request button.

Host will log on to a help request routing NetOp

Gateway by <Domain>.

<Name> (none*) Host will log on to a help request routing NetOp

Gateway by <Name>.

<Password>

(none*)

Host will log on to a help request routing NetOp

Gateway by <Password>.

188

HR_PHONE_NUMBER=

HR_PROBLEM_DESCR=

HR_TIMEOUT=

HR_USE_WHAT_COMPROF=

ILLEGAL_PASSWORD_ACTION=

LG_EVENTLOG=

LG_FILE_NAME=

LG_FLUSH_TO_DISK=

LG_LOCALLY=

LG_ON_SERVER=

LG_ON_SNMP=

LG_SERVER_NAME=

LOAD_WITH_WINDOWS=

5 Advanced Tools

<Telephone number> (none*)

<Text> (none*) Host will specify <Text> as its problem description when requesting help.

0*-60 A Host help request will automatically be cancelled after the specified number of minutes (0: not until the Host stops communicating).

0*

If Host will request help by a communication profile that uses a point-to-point communication device, it will connect to <Telephone number>.

1

Host will request help by enabled communication profiles.

Host will request help by the HR_COMPROF= communication profile.

0*

1

Host will disconnect if the

MAX_ILLEGAL_PASSWORDS=

number of Guest connect attempts is exceeded.

Host will reject further connect attempts if the

MAX_ILLEGAL_PASSWORDS=

number of Guest connect attempts is exceeded.

2

0*

1

<file path and name>

(NETOP.LOG*)

0

Host computer will restart if the

MAX_ILLEGAL_PASSWORDS=

number of Guest connect attempts is exceeded.

Host will not log NetOp events in the Host computer Windows Event Log.

Host will log selected NetOp events (default: none selected) in the Host computer Windows Event Log.

If LG_LOCALLY=1, Host NetOp events will be logged in <file path and name>.

1*

0*

1

0*

1

If LG_LOCALLY=1, Host NetOp events will be written to file when the Host is unloaded.

If LG_LOCALLY=1, Host NetOp events will be written to file immediately.

Host will not log NetOp events in the

LG_FILE_NAME=

file.

Host will log selected NetOp events (default: none selected) in the LG_FILE_NAME= file.

Host will not log NetOp events on the

LG_SERVER_NAME=

NetOp server.

Host will log selected NetOp events (default: none selected) on the LG_SERVER_NAME= NetOp server.

0*

1

<NetOp server name> (none*)

0

1*

Host will not log NetOp events by SNMP messages.

Host will log selected NetOp events (default: none selected) by SNMP messages.

If LG_ON_SERVER=1, Host NetOp events will be logged on <NetOp server name>.

Host will not load when Windows starts on the computer.

Host will load when Windows starts on the computer.

189

5.2 Silent Install

MAC_ADDR_CHECK=

MAINT_PASSWORD=

MAX_ILLEGAL_PASSWORDS=

MIN_AT_STARTUP=

MIN_ON_CONNECTION=

NAME=

NAMING=

NNS_NAME_SPACE=

NSS_GROUP_ID=

ON_AFTER_MSG_PASSWORD=

ON_CON_BALLON_TIP_ENABLE=

ON_CON_DISP_MSG=

ON_CON_DISP_MSG_TIMEOUT=

ON_CON_MSG_PASSWORD=

ON_CON_MSG_PW_ENABLE=

0*

1

<Password>

(none*)

0-3*-100

0*

1

Host will not check connecting Guest IP or MAC addresses.

Host will allow access only to Guests whose IP or

MAC address is in the MACLIST.NDB NetOp configuration file.

Host will apply the <Password> maintenance password.

Host will allow the specified number of connct attempts to each connecting Guest (0: unlimited).

Host will display the NetOp Host window when loaded.

Host will display the notification area NetOp Host button when loaded.

0*

1

<Name> (none*) If NAMING=1, Host ID will be <Name>.

1 Host ID will be the NAME= value.

2

4*

<Characters>

(PUBLIC*)

<Group ID>

(none*)

Host ID will be determined by the

ENVIRONMENT_VAR=

value.

Host ID will be the Host computer Windows name.

Using a TCP/IP communication profile that uses

NetOp Name Server, Host will use the

<Characters> name space.

If GUEST_ACCESS_METHOD=4, Host will identify the used NetOp Security Server group by a

32-digit hexadecimal <Group ID>.

<Password>

(none*)

A displayed NetOp Host will not be minimized into a notification area NetOp Host button when a Guest connects.

A displayed NetOp Host will be minimized into a notification area NetOp Host button when a Guest connects.

0*

1

0*

If AFTER_CON_MSG_PW_ENABLE=1, Host will request <Password> to close the History List window.

Host will not display a balloon tip from the notification area NetOp Host button when a Guest connects.

Host will display a balloon tip from the notification area NetOp Host button when a Guest connects.

Host will not display the Connection List window when a Guest connects.

1

0 - 6* - 9999

<Password>

(none*)

0*

1

Host will display the Connection List window when a Guest connects.

If ON_CON_DISP_MSG=1, the Connection List window will be displayed for the specified number of seconds (0: until the Host is unloaded).

If ON_CON_MSG_PW_ENABLE=1, Host will request <Password> to close the Connection List window.

Host will not request a password to close the

Connection List window.

Host will request the ON_CON_MSG_PASSWORD= password to close the Connection List window.

190

ON_CON_PLAY_SOUND=

PCT_FILES=

PCT_GUEST_ACCESS=

PCT_OTHER_CONF=

PCT_PROGRAM_EXIT=

PREFIX_WITH_WORKGROUP=

PUBLIC_HOST_NAME=

SC_CERT_ATTRIBUTE=

SC_LOGIN_DS_MATCH_FIELD=

SC_LOGIN_DS_OPTIONS=

SC_LOGIN_NT_OPTIONS=

SEND_KEEP_ALIVE=

SILENCE_LEVEL=

1

0*

1

1

0*

1

2

0*

1

0

1*

<Attribute>

(none*)

0*

0*

1

2

0*

1

0-57*-60

1

0*

2

4

0*

1

1*

0*

5 Advanced Tools

Host will not play a sound when a Guest connects.

Host will play a sound when a Guest connects.

Host configuration files will be protected only by the MAINT_PASSWORD= password.

Host configuration files will be protected if the Host is connected.

Host configuration files will be protected if the Host is connected or communicating.

Host Guest Access Security Tools menu command and toolbar button will not be protected by a

MAINT_PASSWORD=

password.

Host Guest Access Security Tools menu command and toolbar button will be protected by a

MAINT_PASSWORD=

password.

Host other configuration Tools menu commands and toolbar buttons will not be protected by a

MAINT_PASSWORD=

password.

Host other configuration Tools menu commands and toolbar buttons will be protected by a

MAINT_PASSWORD=

password.

Unloading Host and stopping Host communication will not be protected by a MAINT_PASSWORD= password.

Unloading Host and stopping Host communication will be protected by a MAINT_PASSWORD= password.

If NAMING=4, the Host computer name will not be prefixed by the workgroup or domain name.

If NAMING=4, the Host computer name will be prefixed by the workgroup or domain name.

Host will not respond to broadcast communication.

Host will respond to broadcast communication.

Host will identify a Smart Card connecting Guest user by the specified directory services attribute.

Host will identify a Smart Card connecting Guest user from subject field contents.

Host will identify a Smart Card connecting Guest user from alternate subject field contents.

Host will allow only directory services logon.

Host will allow only Smart Card logon.

Host will allow directory services and Smart Card logon.

Host will allow only Windows logon.

Host will allow only Smart Card logon.

Host will allow Windows and Smart Card logon.

While connected, Host will not send keep alive data packets.

While connected, Host will send keep alive data packets.

Host will send audio data only if the sound input level is higher than the specified number value.

191

5.2 Silent Install

SOUND_HOLD=

SR_ENABLE=

SR_PATH_NAME=

STEALTH_MODE=

TO_ACTIVITY=

TO_AUTHENTICATION=

TO_CONFIRM_ACCESS=

TOP_MOST_WINDOW=

UI_TOOL_BAR_POS=

WAIT_FOR_CALL=

WINDOWS_NAME_SEP=

0-17*-20 Host will hold on to sending audio data for a period after the sound input level has dropped below the

SILENCE_LEVEL=

value. The specified number will determine this period.

0*

1

Host will disable session recording.

Host will enable session recording.

<Path> (none*) If SR_ENABLE=1, Host session recordings will be saved in the <Path> directory.

0*

1

<Number>

(0*-65535)

<Number>

(0*-65535)

Host will load visible to the user.

Host will load invisible to the user.

Host will disconnect if there has been no Guest keyboard or mouse activity for <Number> seconds

(0: no disconnect).

Host will disconnect if Guest has not been authenticated within <Number> seconds (0: no disconnect).

<Number>

(0*-65535)

0*

1

0*

1

2

3

4

Host will disconnect if Host user has not confirmed

Guest access within <Number> seconds (0: no disconnect).

NetOp Host window will not be top most during connection.

NetOp Host window will be top most during connection.

NetOp Host window toolbar will be below the menu bar.

NetOp Host window toolbar will be along the left window border.

NetOp Host window toolbar will be along the right window border.

NetOp Host window toolbar will be above the status bar.

NetOp Host window toolbar will be outside the window.

0

1*

Host will not start communicating when loaded.

Host will start communicating when loaded.

<Character> ( \*) If NAMING=4, Host workgroup or domain and computer name will be separated by <Character>.

5.2.2.1.4 [COPY FILES] Section

The NetOp Remote Control

SETUP.ISS

file can contain a [COPY FILES] Section that can contain copy

commands that will execute after installing NetOp Remote Control applying

[INSTALL] Section and

[HOST] Section

keys.

If you create a SETUP.ISS

file from the

NetOp Deployment Utility

Deployed Module Setup (Traditional

InstallShield)

NetOp Deployment Template

window, the

[COPY FILES] Section will contain copy

commands specified on the

Copy Files Tab

.

You can manually edit the [COPY FILES] Section

contents. Section contents must meet these syntax requirements:

[COPY_FILES]

COPY_COUNT=<Number of copy commands>

COPY1=<Source path\file 1> <Destination path\file 1>

COPY2=<Source path\file 2> <Destination path\file 2>

192

5 Advanced Tools

.

.

If the source file resides with the SETUP.EXE file in the directory from which NetOp Remote Control shall be installed silently and the destination file shall reside in the directory in which NetOp Remote

Control shall be installed, a path specification is not required. Otherwise, a full path specification is required.

You can use file masks with wildcard characters replacing file name characters instead of file names to copy multiple files with common name characteristics.

If a source specification contains spaces, it must be enclosed by double quotation marks.

A destination specification must contain a path specification, a file specification, or both. A path specification only must end with a backslash (\).

If the source or destination specification is invalid, the copy command will be ignored and an error message will be recorded in the INSTALL.LOG file, see

Run Silent Install (Traditional InstallShield) .

Example

[COPY_FILES]

COPY_COUNT=2

COPY1=*.ndb *.ndb

COPY2=”My Document.doc” C:\Documents\

COPY1

will copy all files with the extension ndb that reside with the SETUP.EXE file in the directory from which NetOp Remote Control shall be installed silently to the directory in which NetOp Remote

Control will be installed. This is the typical command for copying all NetOp configuration files, see the

User’s Manual Common Tools chapter NetOp Configuration Files section or the matching NetOp Guest

Help or NetOp Host Help system section.

COPY2

will copy the file my document.doc that resides with the SETUP.EXE file in the directory from which NetOp Remote Control shall be installed silently to the directory C:\Documents.

Note:

[COPY FILES] Section copy commands will execute after

[HOST] Section Host configuration specifications. [HOST] Section

Host configuration specifications will be overwritten by

[COPY FILES]

Section copied ndb NetOp configuration files Host configuration specifications.

5.2.2.2 Run Silent Install (Traditional InstallShield)

To run Silent Install (Traditional InstallShield) on a networked computer from a network directory, from

a command prompt or in the Run window execute this command:

<Network directory path>:\setup -s

This simple command requires that NetOp Remote Control installation files including SETUP.EXE and the

SETUP.ISS

file reside in the network directory. If this is not the case,

Additional Command Line

Switches

will be required.

You can also run

Silent Install (Traditional InstallShield) from local computer media with the NetOp

Remote Control installation files typically residing on the NetOp Remote Control CD and the

SETUP.ISS

file residing on removable media. This also requires

Additional Command Line Switches .

5.2.2.2.1 Log Files

Actions executed during

Silent Install (Traditional InstallShield)

will be logged in the InstallSHIELD

Silent installation program setup logging SETUP.LOG file and the installation logging INSTALL.LOG file. They are plain text files that can be opened in a text editor like Windows Notepad.

By default, they are saved in the directory that contains the SETUP.EXE file. Using

Additional Command

Line Switches , you can save them in a different directory.

If

Silent Install (Traditional InstallShield) fails, review these log files to see what went wrong, see also

Troubleshoot Deployment Progress

.

5.2.2.2.2 Additional Command Line Switches

With

Silent Install (Traditional InstallShield) , you can use these

Additional Command Line Switches :

193

5.3 NetOp Deployment Utility

-K<path\response file>

If you use the -F1 switch explained below to specify an alternate location and name of the

SETUP.ISS

file, this -K switch must be the very first switch in the command line.

-L<path>

This -L switch can specify an alternate location of the INSTALL.LOG file, see

Log Files . It must be

specified before the following switches.

-S

This -S switch will cause SETUP.EXE to run a silent installation.

-SMS

This -SMS switch whose letters must be uppercase will prevent a network connection and SETUP.EXE from closing before the installation is complete.

-F<path\compiled script>

This -F switch can specify an alternate location and name of the SETUP.INS compiled script file. Unless the compiled script file (*.INS) resides in the same directory as SETUP.EXE, you must the full path to the compiled script file. _SETUP.DLL must reside in the same directory as the *.INS file. For example, setup -ftest.ins

will launch SETUP.EXE using TEST.INS instead of SETUP.INS.

-F1<path\response file>

This -F1 switch can specify an alternate location and name of the SETUP.ISS file. If you use the -F1 switch, you must also use the -K switch explained above. If you use the -F switch, the -F1 switch must be specified after the -F switch.

-F2<path\log file>

This -F2 switch can specify an alternate location and name of the SETUP.LOG file, see

Log Files

. If you use the -F switch, the -F2 switch must be specified after the -F switch.

5.3 NetOp Deployment Utility

NetOp Deployment Utility (NDU) enables remote installation and setup of NetOp Remote Control modules.

NDU is a separate program that is licensed with NetOp Remote Control. Its current version is included on the NetOp Remote Control CD. You can download all available versions from the NetOp

KnowledgeBase , select Download Products > NetOp Deployment Utility.

NDU versions 6.5 to 8.0 can deploy using traditional InstallShield installation files. You can deploy one

NetOp Host or extended Host module and/or one NetOp Guest module to multiple remote computers. In

the

NetOp Deployment Template

window, you can specify installation and most NetOp Host setup details

and include remaining setup details by configuration file copy commands to create a

SETUP.ISS

file that

controls remote installation and setup.

NDU version 9.0 can also deploy using customized Windows Installer installation files. You can deploy

one NetOp module at a time to multiple remote computers. In NetOp Transform Editor , you can

customize an original Windows Installer msi file to specify all available NetOp Remote Control module remote installation and setup details.

Using NT Remote Service , NDU can deploy to networked computers that use the operating systems

Windows Server 2003, XP, 2000 or NT 4.

Using NetOp Scripting , NDU can deploy to Windows computers that run NetOp Host version 6.0 or

higher.

This section includes these sections:

Install NDU

Load NDU

NDU Window

Media Import

194

5 Advanced Tools

Deployed Module Setup

Deployment Method

Deploy

Deployment Tips

5.3.1 Install NDU

Note: To enable full functionality, install NDU on a Windows Server 2003, XP, 2000 or NT 4 computer

on which NetOp Guest is installed.

Select the NetOp Remote Control CD menu Other Installation Options > NetOp Deployment Utility command or run the NetOp KnowledgeBase Download Products > NetOp Deployment Utility >

<Version number> > <Build number> > ndufull*.exe self-extracting file to install NetOp Deployment

Utility.

Accept installing MS Data Access to enable retrieving the names of remote computers from a database.

By default, NDU will be installed in C:\Program Files\NetOp Deployment Utility and a NetOp

Deployment Utility program folder with a NetOp Deployment Utility command will be created, but you can select another directory and program folder.

5.3.2 Load NDU

To load NDU, click Start > All Programs > NetOp Deployment Utility > NetOp Deployment Utility or run ndu.exe to display this window:

195

5.3 NetOp Deployment Utility

Note: When NDU loads, it will attempt to load NetOp Guest if not loaded. If NetOp Guest cannot load, a

message will inform you that NetOp Guest must be loaded to deploy by

NetOp Scripting .

To unload NDU, select the File Menu Exit command or a

Window Control

Close control.

5.3.3 NDU Window

The NDU window contains these elements:

Title Bar

Menu Bar

Media Import Section (1)

Deployment Setup Section (2)

Deploy Section (3)

5.3.3.1 Title Bar

This is the

NDU Window title bar:

It will display the NDU program version and build number.

Title bar window controls are explained in

Window Control .

5.3.3.2 Menu Bar

This is the

NDU Window menu bar:

Menu and toolbar controls are explained in Menu and Toolbar Control .

It contains these menus:

File Menu

Help Menu

5.3.3.2.1 File Menu

This is the

NDU Window File menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

196

Scan for Hosts: Select this command to display this window:

5 Advanced Tools

This netopbrw.exe network browse utility can display which NetOp modules on the NDU computer network respond to a browse by a TCP/IP communication profile, which can be useful before

starting deployment by NetOp Scripting .

In the upper boxes and fields, you can specify up to five IP address ranges that shall be scanned for responding NetOp modules. Initially, a Range A example will be specified.

Scan for NetOp modules on UDP/IP port []: This field will initially display the default NetOp port number 6502. You can edit the field contents.

Maximum scan duration in seconds []: This field will initially display 3 to consider only responses received within 3 seconds. You can edit the field contents.

Maximum number of computers to scan []: This field will initially be empty. You can specify a number in the field.

List individual computers: Check this box to make the scan result display responding NetOp modules in a table with these column contents:

Type: Guest, Host or Gateway.

Station ID: NetOp module computer IP address.

Name: NetOp module name.

Verbose: Check this box to include scan information.

Close: Click this button to close the window.

Scan: Click this button to execute the scan specified in the window.

197

5.3 NetOp Deployment Utility

View: Click this button to display the scan result like this:

Note: Communicating NetOp Hosts that are set up to not respond to broadcasts will not respond, see

the User’s Manual NetOp Host chapter Host Tools section Program Options section Host Name

Tab section or the matching NetOp Host Help section.

Change Download URL: Select this command to display this window:

Set Download URL

198

This window specifies a NetOp installation files download URL.

http://: []: Specify in this field a URL (default: deployment.netop.com).

Last URL: Click this button to specify in the field the URL that was specified when the window was displayed.

Danware URL: Click this button to specify in the field the NetOp manufacturer deployment URL.

Install Newest Version of NDU: Select this command to download and install the most recent version and build of ndufull*.exe from the NetOp manufacturer website.

Exit: Select this command or a Window Control

Close control to unload NDU.

5 Advanced Tools

5.3.3.2.2 Help Menu

This is the

NDU Window Help menu:

Menu and toolbar controls are explained in Menu and Toolbar Control .

Contents: Select this command or press F1 to open the NDU Help system that contains the same NDU information as this

NetOp Deployment Utility manual section. Its left section contains a graphical table

of contents.

About NDU: Select this command or press C

TRL

+A to display this window:

About NetOp Deployment Utility

This window displays the NDU version and build number.

5.3.3.3 Media Import Section (1)

This is the

NDU Window media import section:

It is numbered 1 because

Media Import is the first deployment step.

199

5.3 NetOp Deployment Utility

5.3.3.4 Deployment Setup Section (2)

This is the

NDU Window deployment setup section:

It is numbered 2 because deployment setup is the second deployment step. It specifies to the left

Deployed Module Setup

and to the right Deployment Method

.

5.3.3.5 Deploy Section (3)

This is the

NDU Window deploy section:

It is numbered 3 because Deploy is the third deployment step.

5.3.4 Media Import

First, in the Media Import Section (1) :

200

you must import the installation files from which to install NetOp Remote Control modules on remote computers.

The top line will specify the URL specified in the

Set Download URL

window.

Click the globe/computer button to switch between enabling the CD button to copy installation files from a directory and enabling the flag buttons to download flag language installation files from the URL specified above.

Before importing, check that the Directory to download to field specifies the desired deployment media directory, by default C:\Program Files\NetOp Deployment Utility\Media. You can edit the field contents.

5 Advanced Tools

To copy installation files from a directory to the deployment media directory, click the CD button. If there is no CD in the CD drive, you will be prompted to insert one. To copy installation files from a local or network directory, click OK without inserting a CD. This window will be displayed:

The upper right drive drop-down box field will display the CD drive or another computer drive.

Select a drive in the drop-down box list to display it in the field.

The left pane will display the directories of the drive in the drive drop-down box field. Double-click a directory folder to select and expand it to display its file contents in the lower right pane.

If a NetOp Remote Control CD is in the CD drive, click NRC > WINDOWS > INSTALL.WI >

<Language abbreviation> to display Windows Installer installation files in the lower right pane.

Click NRC > WINDOWS > INSTALL > <Language abbreviation> to display traditional

InstallShield installation files in the lower right pane.

Note: With NDU version 9.00 or newer, you can deploy from Windows Installer or traditional

InstallShield installation files. With older NDU versions, you can deploy only from traditional

InstallShield installation files.

Files are copied to <Deployment media directory> informs you that the files listed in the lower right pane will be imported to the deployment media directory specified in the Directory to download to field.

Clean up all old files in the Media directory first: Leave this box checked to delete all files in the deployment media directory before importing files into it (default: checked).

201

5.3 NetOp Deployment Utility

To download NetOp installation files from the URL specified above to the deployment media directory, click the enabled flag button of the desired language to display this window:

202

Click the button of the version you want to deploy.

Note: To avoid incompatibility problems, we recommend that you deploy each NetOp Remote

Control version with the matching NDU version. The NDU version is displayed in the

About NetOp

Deployment Utility

window.

If you click 9.00 or higher, this window will be displayed:

Note: With NDU version 9.00 or newer, you can deploy from Windows Installer or traditional

InstallShield installation files. With older NDU versions, you can deploy only from traditional

InstallShield installation files.

Select one of these options:

Download MSI []: Download the Windows Installer msi package of the NetOp module displayed in the drop-down box field (default selection, default: NetOp Remote Control Host).

Download InstallShield: Download traditional InstallShield installation files.

When download starts, this window will be displayed:

NetOp Remote Control Setup Wizard

5 Advanced Tools

Advanced: Check this box to check for updated installation files on the NetOp manufacturer website to download the most recently updated files.

203

5.3 NetOp Deployment Utility

Click Next to display this window:

204

Select one of these options:

All NetOp Remote Control modules: Download all traditional InstallShield NetOp Remote

Control installation files (default selection).

Guest module: Download only NetOp Guest installation files.

Host modules: Download only NetOp Host and extended Host installation files.

Minimal Host (no help system or advanced features): Download only minimal Host installation files.

Click Next to execute download and display this window:

5 Advanced Tools

Click Finish to close the NetOp Remote Control Setup wizard.

5.3.5 Deployed Module Setup

NDU uses different deployed module setup methods if you deploy from Windows Installer or traditional

InstallShield installation files as explained in these sections:

Deployed Module Setup (Windows Installer)

Deployed Module Setup (Traditional InstallShield)

5.3.5.1 Deployed Module Setup (Windows Installer)

To deploy from Windows Installer installation files, you must create customized Windows Installer files

in the Media Import Section (1)

Directory to download to field specified media directory.

Currently, NDU cannot handle remote Windows Installer installation of multiple NetOp modules at the same time. Therefore, as a first step clean up the media directory to contain only the setup.exe file and one NetOp module msi file.

Then, load NetOp Transform Editor to create customized Windows Installer files from the remaining msi

file.

In NetOp Transform Editor

on the MSI Tab , open the media directory remaining msi file as the Original

MSI file and open the media directory as the Output folder.

On the

Properties Tab , you must specify the msi file module license number. All other

NetOp Transform

Editor Window

customization options are also available to you.

Building in the

NetOp Transform Editor Window will add an mst file and possibly an msp file to the

media directory to make the media directory customized Windows Installer files ready for deployment execution.

5.3.5.2 Deployed Module Setup (Traditional InstallShield)

To deploy from traditional InstallShield installation files, you must specify deployed module setup in a

SETUP.ISS

file.

205

5.3 NetOp Deployment Utility

In the NDU Window

Deployment Setup Section (2) Template section, click Configure to display this

window:

NetOp Deployment Template

206

This window creates or edits a

SETUP.ISS

file in the deployment media directory, see

Media Import .

Its title bar displays the name of the template on which the initial window content is based, see

Manage

Templates

. Window controls are explained in Window Control .

It contains these tabs:

General Tab

Security Tab

Callback Tab

Startup Tab

Hostname Tab

Options Tab

Audio Tab

Copy Files Tab

Help Request Tab

Maintenance Tab

Notify Tab

Logging Tab

5 Advanced Tools

Slow Network Tab

Encryption Tab

Misc Tab

Windows Firewall Configuration Tab

Each tab specifies deployed NetOp module setup details.

Note: Instead of specifying NetOp Host setup details on tabs, you may prefer this procedure:

1.

Set up a NetOp Host exactly like deployed NetOp Hosts shall be set up.

2.

Copy all of its Documents and Settings\All Users\Application Data\Danware Data\NetOp Remote

Control\Host directory files with the extension ndb to the deployment media directory.

3.

In the Copy Files Tab

Select File Type for Copy

window, select All NDB files. In this case,

specifications on other tabs except the

General Tab will become overwritten by copied configuration

file specifications.

4.

On the

General Tab

, specify general deployment and remote computer installation settings.

Click OK to save a created or edited deployment media directory

SETUP.ISS

file closing the window or

click Apply to save without closing the window.

Template management is explained in

Manage Templates .

Viewing and editing the

SETUP.ISS

file is explained in Review and Edit SETUP.ISS

.

5.3.5.2.1 General Tab

This is the

NetOp Deployment Template

window General tab:

207

5.3 NetOp Deployment Utility

It specifies general deployment and remote computer installation settings.

Host License [], Guest License []: Check boxes to install NetOp Host or extended Host and/or

NetOp Guest on remote computers and specify license numbers in checked box fields (default: only Host

License checked).

Note: Checkbox settings refer to the

SETUP.ISS

file [INSTALL] Section

HOSTFILES= and

GUESTFILES= keys and field contents refer to the SETUP.ISS

file

[INSTALL] Section

HOSTSERIALNR= and GUESTSERIALNR= keys. At least one box must be checked and valid license numbers must be specified in checked box fields.

Licensed to []: Specify in the field the licensee name by at least three characters (default: ?).

Note: Field contents refer to the

SETUP.ISS

file

[INSTALL] Section

required LICENSEDTO= key.

Most Recent Directory [] and Group []: Leave the box checked to install deployed modules in the remote computer directory in which NetOp Remote Control was most recently installed. If NetOp

Remote Control was not installed before, install deployed modules in C:\Program Files\Danware

Data\NetOp Remote Control\<Module name>.

Also, create deployed module commands in the remote computer program folder that contains

NetOp Remote Control program commands. If no such program folder exists, create a NetOp

Remote Control program folder.

If the box is checked, the disabled fields will display the NDU computer applicable values (default: checked). Uncheck the box to enable the fields. Specify in the fields what shall apply on remote computers.

Note: Field contents refer to the

SETUP.ISS

file [INSTALL] Section

DIRECTORY= and

FOLDER= keys.

Use repository [] Upload: Check the box to enable the field and the Upload button (default: unchecked). If checked, specify in the field a remote computer network repository directory path to install on remote computers from repository installation files. Click Upload to display this window:

208

Click Upload to copy the deployment media directory contents to the specified repository directory.

Click Cancel to cancel a copying in progress. Click Close to close the window.

Note: The checkbox setting and field contents do not refer to any

SETUP.ISS

file keys. Use a

repository to facilitate deployment to a distant remote computer network. The repository directory path specification must enable the NDU computer as well as remote computers to connect to the repository directory. Upload to the repository when the deployment media directory contents have been verified to be complete.

5 Advanced Tools

Invisible Installation on Remote Computers: Leave this box checked to not display installation windows on remote computers (default: checked). Uncheck to display installation windows.

Note: The checkbox setting refers to the

SETUP.ISS

file

[INSTALL] Section HIDE_PROGRESS=

key.

Make new, clean installations on the remote computers: Check this box to remove any remote computer installation of deployed NetOp modules before installing (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[INSTALL] Section UPDATE_INST=

key. This setting is unimportant unless you will deploy version 6.5.

Configure Hosts as in this Dialog: Leave this box checked to install NetOp configuration files according to the settings in this window (default: checked). If unchecked, default NetOp configuration files will be installed.

Note: The checkbox setting refers to the

SETUP.ISS

file

[INSTALL] Section

CONFIGURE_HOST= key.

Prompt for username and password: Check this box to prompt for a user name, password and domain if deploying by

NT Remote Service

, see Deploy (default: unchecked).

Note: The checkbox setting does not refer to any

SETUP.ISS

file key.

[Boot if needed]: This drop-down box has the options Never boot after install, Boot if needed (default selection) and Always boot after install. To apply an option, select it in the list to display it in the field.

Note: The drop-down box selection refers to the

SETUP.ISS

file

[INSTALL] Section BOOT= key.

Show this dialog at startup: Check this box to display the

NetOp Deployment Template

window

when NDU is loaded (default: unchecked).

Note: The checkbox setting does not refer to any

SETUP.ISS

file key.

209

5.3 NetOp Deployment Utility

5.3.5.2.2 Security Tab

This is the

NetOp Deployment Template

window Security tab:

210

It specifies deployed NetOp Host Guest access security.

Encrypt passwords (uncheck to deploy NetOp 6.5 Hosts): Leave this box checked if deploying version 7.0 or higher. Uncheck if deploying version 6.5.

Note: The checkbox setting does not refer to any

SETUP.ISS

file key.

The upper drop-down box has these options:

Grant All Guests Default Privileges (default selection)

Individual Privileges, NetOp Authentication

Individual Privileges, Windows Security Management

Use NetOp Security Server

Use 6.5 Access Server Guest Side Authentication

Use 6.5 Access Server Host Side Authentication

Use a Directory Service (req files secur_ds.ndb and dirserv.ndb)

Select an option to apply it to deployed NetOp Hosts.

Note: The drop-down box selection refers to the

SETUP.ISS

file

[HOST] Section

GUEST_ACCESS_METHOD= key. Each selection will display different tab contents below the upper drop down box as explained in the sections referred to above.

5 Advanced Tools

Grant All Guests Default Privileges

The

NetOp Deployment Template

window Security Tab

will display these contents if

Grant All Guests

Default Privileges

is selected in the upper drop-down box:

Guest Access Password [] and Confirm Password []: Check the box to request a password from

Guests that connect to deployed Hosts (default: unchecked). Specify the password in the upper field and re-specify it in the lower field for confirmation.

Note: The checkbox setting and field contents refer to the

SETUP.ISS

file

[HOST] Section

DEF_PASSWORD= key.

MAC/IP Address Check: Check this box to apply MAC/IP address check.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

MAC_ADDR_CHECK= key. To deploy a MAC/IP address list, create it on a NetOp Host and copy its Documents and

Settings\All Users\Application Data\Danware Data\NetOp Remote Control\Host\maclist.ndb file to

the deployment media directory. On the Copy Files Tab

, specify copying the maclist.ndb file to remote computers.

On max wrong passwords []: This drop-down box has the options Disconnect (default selection), Disable

Host and Restart Windows. To apply an option, select it in the list to display it in the field.

Note: The drop-down box selection refers to the

SETUP.ISS

file

[HOST] Section

ILLEGAL_PASSWORD_ACTION= key.

Max number of wrong passwords []: The slider position determines the maximum number of wrong passwords, each tick representing 10 (default: 3).

211

5.3 NetOp Deployment Utility

Note: The slider position refers to the

SETUP.ISS

file [HOST] Section MAX_ILLEGAL_PASSWORDS=

key.

Individual Privileges, NetOp Authentication

The

NetOp Deployment Template

window Security Tab will display these contents if

Individual

Privileges, NetOp Authentication is selected in the upper drop-down box:

212

To deploy NetOp individual Guest access privileges, create desired privileges on a NetOp Host and copy its Documents and Settings\All Users\Application Data\Danware Data\NetOp Remote

Control\Host\security.ndb file to the deployment media directory. In the

Copy Files Tab

Select File Type for Copy

window select NetOp security setup.

5 Advanced Tools

Individual Privileges, Windows Security Management

The

NetOp Deployment Template

window Security Tab

will display these contents if

Individual

Privileges, Windows Security Management is selected in the upper drop-down box:

To deploy Windows individual Guest access privileges, create desired privileges on a NetOp Host and copy its Documents and Settings\All Users\Application Data\Danware Data\NetOp Remote

Control\Host\secur_NT.ndb file to the deployment media directory. In the

Copy Files Tab

Select File

Type for Copy

window select NT security setup.

213

5.3 NetOp Deployment Utility

Use NetOp Security Server

The

NetOp Deployment Template

window

Security Tab

will display these contents if Use NetOp Security

Server is selected in the upper drop-down box:

214

Security Server Group ID []: Specify in this field the applicable Security Server Group ID.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section NSS_GROUP_ID= key.

5 Advanced Tools

Use 6.5 Access Server Guest Side Authentication

The

NetOp Deployment Template

window Security Tab

will display these contents if

Use 6.5 Access

Server Guest Side Authentication is selected in the upper drop-down box:

Access Server Key []: Specify in this field the applicable Access Server key (authentication key).

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section

AUTHENTICATION_KEY= key.

215

5.3 NetOp Deployment Utility

Use 6.5 Access Server Host Side Authentication

The

NetOp Deployment Template

window Security Tab will display these contents if

Use 6.5 Access

Server Host Side Authentication is selected in the upper drop-down box:

216

Access Server Key []: Specify in this field the applicable Access Server key (authentication key).

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section AUTHENTICATION_KEY= key.

Access Server Host ID []: Specify in this field the applicable NetOp Access Server Host ID.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section AUTHENTICATION_ADDR= key.

5 Advanced Tools

Use a Directory Service (req files secur_ds.ndb and dirserv.ndb)

The

NetOp Deployment Template

window Security Tab

will display these contents if

Use a Directory

Service (req files secur_ds.ndb and dirserv.ndb)

is selected in the upper drop-down box:

To deploy directory services individual Guest access privileges, create desired privileges on a NetOp

Host and copy its Documents and Settings\All Users\Application Data\Danware Data\NetOp Remote

Control\Host\secur_DS.ndb and dirserv.ndb files to the deployment media directory. In the

Copy Files

Tab

Select File Type for Copy window select Directory services.

217

5.3 NetOp Deployment Utility

5.3.5.2.3 Callback Tab

This is the

NetOp Deployment Template

window Callback tab:

218

If deployed NetOp Hosts shall use Grant All Guests Default Privileges , specify callback on this tab.

Select one of these options:

Roving Callback (Guest selects number to call back dynamically)

Do not call back (default selection)

Call back to number below

Note: The option selection refers to the

SETUP.ISS

file

[HOST] Section DEF_CALL_BACK= key.

Telephone number []: If you selected Call back to number below, specify in this field the telephone number that deployed Hosts shall call back to.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section DEF_CALL_BACK_NUMBER= key.

5.3.5.2.4 Startup Tab

This is the

NetOp Deployment Template

window Startup tab:

5 Advanced Tools

It specifies deployed NetOp Host startup.

Load Host at Windows startup (run as service): Leave this box checked to load deployed Hosts when Windows starts on the computer (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

LOAD_WITH_WINDOWS= key.

Wait for call at program startup: Leave this box checked to start deployed Host communication when the Host is loaded (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

WAIT_FOR_CALL= key.

Configure modem on first load: Check this box to create a Windows modem communication profile when deployed Hosts are loaded for the first time (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ASK_FOR_MODEM= key.

Let the Host always be the top most window: Check this box to make deployed Hosts’ NetOp Host window become top most when a NetOp Guest connects (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section TOP_MOST_WINDOW=

key.

219

5.3 NetOp Deployment Utility

Host visibility mode []: This drop-down box has these options:

Visible: Display the NetOp Host window when deployed NetOp Hosts are loaded (default selection).

In Tray: Display deployed NetOp Hosts as a button in the screen lower right corner notification area when loaded.

Invisible: Hide deployed NetOp Hosts when loaded (stealth mode).

To apply an option, select it in the list to display it in the field.

Note: The drop-down box selection refers to the

SETUP.ISS

file

[HOST] Section MIN_AT_STARTUP=

and STEALTH_MODE= keys.

Active communication profile []: The drop-down box list contains these communication profile names that match initial communication profiles:

• HTTP

• Infrared

• Internet

• Internet (TCP)

• IPX

• ISDN (CAPI)

• LAN (TCP)

• NetBIOS

TCP/IP (default selection)

• TCP/IP (TCP IPv6)

Select a name in the list to display it in the field or specify a name in the field to enable this communication profile when deployed Host communication starts.

Note: The drop-down box field contents refer to the

SETUP.ISS

file

[HOST] Section COMPROF= key.

List names are default communication profile names. To deploy a communication profile setup, create it on a NetOp Host and copy its Documents and Settings\All Users\Application Data\Danware Data\NetOp

Remote Control\Host\comprof.ndb file to the deployment media directory. In the

Copy Files Tab

Select

File Type for Copy

window, select Communication profiles.

220

5.3.5.2.5 Hostname Tab

This is the

NetOp Deployment Template

window Hostname tab:

5 Advanced Tools

It specifies the basis upon which deployed NetOp Hosts are named.

Select one of these options:

Enter name or leave name field blank: Display a field to specify a deployed Host name.

Note: Field contents refer to the

SETUP.ISS

file [HOST] Section

NAME= key. Do not select this option if multiple deployed network NetOp Hosts shall be able to communicate at the same time.

NetOp will not allow multiple network NetOp Hosts with the same name to communicate at the same time.

Use environment variable: Display a field to specify an environment variable that determines deployed Host names.

Note: Field contents refer to the

SETUP.ISS

file [HOST] Section

ENVIRONMENT_VAR= key.

Selecting this option with the USERNAME environment variable can cause problems. If multiple network NetOp Hosts load before a user is logged on to the computer, their name will be

%USERNAME% until reloaded by a user. NetOp will not allow multiple network NetOp Hosts with the same name to communicate at the same time.

Use Windows computer name: Name deployed Hosts by their Windows computer name (default selection). This is the recommended naming selection for deploying NetOp Host to multiple network computers. It will also apply if another option is selected but inactive because no name or environment variable was specified.

221

5.3 NetOp Deployment Utility

Note: The option selection refers to the

SETUP.ISS

file

[HOST] Section NAMING= key.

Prefix name with workgroup name using separator: Check this box to prefix deployed Hosts’ name by their workgroup or domain name.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

PREFIX_WITH_WORKGROUP= key.

If the box is checked, a field will display the default backslash separator character (\). You can replace the default backslash separator character by another character.

Note: Field contents refer to the

SETUP.ISS

file [HOST] Section WINDOWS_NAME_SEP= key.

5.3.5.2.6 Options Tab

This is the

NetOp Deployment Template

window Options tab:

222

This tab selects various deployed NetOp Host options.

On hangup []: The drop-down box contains these disconnect action options:

No operation (default selection)

• Lock computer (NT/2000 and NetOp 7.0 only)

• Log off

• Restart

Select an option in the list to display it in the field.

5 Advanced Tools

Note: The drop-down box selection refers to the

SETUP.ISS

file

[HOST] Section HANGUP_ACTION=

key.

Minimize Host on connection with Guest: Leave this box checked to minimize deployed Hosts’ window into a lower right screen corner notification area button when a Guest connects (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

MIN_ON_CONNECTION= key.

Send keep alive messages: Check this box to make deployed Hosts send small data packets to a connected Guest to change the Host status if the connection has been lost (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

SEND_KEEP_ALIVE= key.

Hostname is public: Leave this box checked to make deployed Hosts respond to broadcasts (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section PUBLIC_HOST_NAME=

key.

Show file transfer status: Check this box to make deployed Hosts display the File Transfer Status window when a Guest starts a file transfer session (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

FILE_TRANSFER_STATUS= key.

Protect configuration files when connected and running: Check this box to disable access to deployed Hosts’ configuration files and Tools menu commands if communicating (default: unchecked).

Protect configuration files only when connected: Check this box to disable access to deployed

Hosts’ configuration files and Tools menu commands if connected (default: unchecked).

Note: Checkbox settings refer to the

SETUP.ISS

file

[HOST] Section PCT_FILES= key.

Disable file transfer before local login: Check this box to disable file transfer with deployed Hosts if no user is logged on to the Host computer (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

DISABLE_FT_BEFORE_LOGIN= key.

Enable username: Leave this box checked to enable the name of a user logged on to a deployed Host computer (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ENABLE_USER_NAME= key.

Allow multiple simultaneous Guest sessions: Check this box to enable multiple Guest connections to each deployed Host (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ALLOW_MULTI_GUEST= key.

223

5.3 NetOp Deployment Utility

5.3.5.2.7 Audio Tab

This is the

NetOp Deployment Template

window Audio tab:

224

It specifies deployed Host audio settings.

Enable full-duplex audio: Check this box to enable sending and receiving audio data at the same time on deployed Hosts (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ENABLE_FULL_DUPLEX= key.

Silence level []: Drag the slider in the range 0 to 60 to set the deployed Host computer sound input level below which no audio data shall be sent (default: 57).

Note: The slider setting refers to the

SETUP.ISS

file

[HOST] Section SILENCE_LEVEL= key.

Line hold []: Drag the slider in the range 0 to 20 to set the period in which deployed Hostsshall continue sending audio data after the sound input level has dropped below the Silence level (default: 17).

Note: The slider setting refers to the

SETUP.ISS

file

[HOST] Section SOUND_HOLD= key.

5.3.5.2.8 Copy Files Tab

This is the

NetOp Deployment Template

window Copy Files tab:

5 Advanced Tools

It specifies deployment file copy commands.

The pane will display copy commands that shall execute after installation and setup on remote computers.

225

5.3 NetOp Deployment Utility

New: Click this button to display this window:

Select File Type for Copy

226

Select Specific remote file to specify in the

Copy Files Tab pane a template copy command that you

can edit from the Edit command.

Select any other option to specify in the

Copy Files Tab pane a command that will copy one or

multiple NetOp configuration files in the deployment media directory to the remote computer directory in which NetOp Host is installed to replace any matching NetOp configuration file.

Edit: Select a copy command in the pane and click this button to display this window:

5 Advanced Tools

You can edit the copy command in the field. Observe the syntax rules explained in [COPY FILES]

Section

.

Delete: Select a copy command in the pane and click this button to delete it.

Note: Copy commands in the pane will be included in the

SETUP.ISS

file

[COPY FILES] Section . Copy

commands will execute after remote computer NetOp Host installation and NetOp configuration files modification by

NetOp Deployment Template

window tab settings. Copied NetOp configuration file settings will overwrite

NetOp Deployment Template

window tab settings.

5.3.5.2.9 Help Request Tab

This is the

NetOp Deployment Template

window Help Request tab:

It specifies deployed Host help request settings.

Use specific communication profile []: Check the box to make deployed Hosts request help by the communication profile displayed in the drop-down box field (default: unchecked). If unchecked, deployed Hosts will request help by enabled communication profiles.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

HR_USE_WHAT_COMPROF= key.

The drop-down box list contains these communication profile names that match initial communication profiles:

• HTTP

• Infrared

• Internet

227

5.3 NetOp Deployment Utility

• Internet (TCP)

• IPX

• ISDN (CAPI)

• LAN (TCP)

• NetBIOS

TCP/IP (default selection)

• TCP/IP (TCP IPv6)

Select a name in the list to display it in the field or specify a name in the field to make deployed

Hosts request help by this communication profile.

Note: The drop-down box field contents refer to the

SETUP.ISS

file

[HOST] Section

HR_COMPROF= key. List communication profile names refer to default communication profile

names. You can deploy a communication profile setup, see Startup Tab .

Name of Help Provider []: Specify in this field a help provider name (Guest: help service name) to make deployed Hosts always request help from this help provider. If unspecified, deployed Host users can select among responding help providers.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_HELP_PROVIDER= key.

Help Provider's phone number []: If a communication profile that uses a point-to-point communication device is enabled in the Use specific communication profile drop-down box field above, you must specify the applicable help providing Guest telephone number or IP address in this field.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_PHONE_NUMBER= key.

Problem description []: Specify in this field a general help request problem description. If unspecified, deployed Host users can specify a problem description with each help request.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_PROBLEM_DESCR= key.

Timeout in minutes (0=infinite) []: To automatically cancel deployed Host help requests if not responded to within a reasonable time, set the help request timeout by the position of the slider in the range 0-60 minutes. The default 0 position will cancel the help request when the deployed Host stops communicating.

Note: The slider position refers to the

SETUP.ISS

file [HOST] Section HR_TIMEOUT= key.

Username []: To automatically log deployed Hosts on to a help request routing NetOp Gateway, specify in the field a NetOp Gateway recognized user name.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_LOGIN_NAME= key.

Domain []: To automatically log deployed Hosts on to a help request routing NetOp Gateway, specify in the field a NetOp Gateway recognized domain name.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_LOGIN_DOMAIN= key.

Password and confirmation - Enter password twice [] []: To automatically log deployed Hosts on to a help request routing NetOp Gateway, specify in the fields a NetOp Gateway recognized password.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section HR_LOGIN_PASSWORD= key.

Show help request icon in task bar: Check this box to place a NetOp Help Request button in the deployed Host computer screen lower right corner netification area to enable stealth mode Host users to request help (default: unchecked).

228

5 Advanced Tools

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

HR_ICON_TO_TRAY= key.

5.3.5.2.10 Maintenance Tab

This is the

NetOp Deployment Template

window Maintenance tab:

It specifies deployed Host maintenance password settings.

Maintenance Password [] Confirm Maintenance Password []: Check this box to enable deployed

Host maintenance password protection and enable both fields (default: unchecked). Specify the maintenance password in both fields.

Note: The checkbox setting and field contents refer to the

SETUP.ISS

file

[HOST] Section

MAINT_PASSWORD= key.

Maintenance Password Required for Changing Access Security: Check this box to protect the deployed Host Tools menu Guest Access Security command by the maintenance password (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section PCT_GUEST_ACCESS=

key.

Maintenance Password Required for Changing Other Configuration: Check this box to protect deployed Host Tools menu other configuration commands by the maintenance password (default: unchecked).

229

5.3 NetOp Deployment Utility

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

PCT_OTHER_CONF= key.

Maintenance Password Required for Unload and Stop: Check this box to protect unloading and stopping deployed Hosts by the maintenance password (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section PCT_PROGRAM_EXIT=

key.

5.3.5.2.11 Notify Tab

This is the

NetOp Deployment Template

window Notify tab:

230

It specifies deployed Host connection notification settings.

On connection

Play sound: Check this box to play a sound on deployed Hosts when a Guest connects (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ON_CON_PLAY_SOUND= key.

Display Connection List for [] seconds (0 = infinite): Check this box to display the Connection List window on deployed Hosts when a Guest connects (default: unchecked). The Connection List window will remain displayed for the number of seconds specified in the field (default: 6).

5 Advanced Tools

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ON_CON_DISP_MSG= key. The field refers to the

SETUP.ISS

file

[HOST] Section ON_CON_DISP_MSG_TIMEOUT=

key.

Password []: Check this box to protect closing the deployed Host Connection List window by a password (default: unchecked). Specify the password in the field.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ON_CON_MSG_PW_ENABLE= key. Field contents refer to the SETUP.ISS

file

[HOST] Section

ON_CON_MSG_PASSWORD= key.

Display balloon tip: Check this box to display a balloon tip from the deployed Host computer notification area NetOp Host button when a Guest connects (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

ON_CON_BALLON_TIP_ENABLE= key.

During connection

Play sound with interval in seconds (10-60) []: Check this box to play a sound on deployed Hosts during connection at an interval specified by the position of the slider in the range 10-60 seconds

(default: unchecked, 10 seconds).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

DURING_CON_PLAY_SOUND= key. The slider position refers to the

SETUP.ISS

file

[HOST]

Section

DURING_CON_PLAY_INT= key.

Display Guest name in title bar if possible: Check this box to display in the deployed Host window title bar the name by which the Guest identifies itself (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

DURING_CON_DISP_GUEST_NAME= key.

Animate icon: Check this box to animate the deployed Host computer notification area NetOp Host button icon if a Guest is connected (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

DURING_CON_ANIMATE_ICON= key.

After connection

Display History List for [] seconds (0 = infinite): Check this box to display the History List window on deployed Hosts if a Guest has been connected (default: unchecked). The History List window will remain displayed for the number of seconds specified in the field (default: 0, i.e. until the Host is unloaded).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

AFTER_CON_DISP_MSG= key. The field refers to the SETUP.ISS

file

[HOST] Section

AFTER_CON_DISP_MSG_TIMEOUT= key.

Password []: Check this box to protect closing the deployed Host History List window by a password (default: unchecked). Specify the password in the field.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

AFTER_CON_MSG_PW_ENABLE= key. Field contents refer to the SETUP.ISS

file

[HOST]

Section

ON_AFTER_MSG_PASSWORD= key.

Display balloon tip: Check this box to display a balloon tip from the deployed Host computer notification area NetOp Host button if a Guest has been connected (default: unchecked).

231

5.3 NetOp Deployment Utility

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

AFTER_CON_BALLON_TIP_ENABLE= key.

5.3.5.2.12 Logging Tab

This is the

NetOp Deployment Template

window Logging tab:

232

It specifies deployed Host logging settings.

Log locally

Log to file []: Check the box to log deployed Host NetOp events in a local computer log file

(default: unchecked). To log in a file other than C:\Documents and Settings\All Users\Application

Data\Danware Data\Netop Remote Control\Host\Netop.LOG, specify the log file path and name in the field.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

LG_LOCALLY= key.

Field contents refer to the

SETUP.ISS

file

[HOST] Section LG_FILE_NAME= key. By default, no

NetOp events are selected to be logged. To deploy a NetOp log setup, create a log setup on a NetOp

Host and copy its C:\Documents and Settings\All Users\Application Data\Danware Data\Netop

Remote Control\Host\nhstconf.ndb file to the deployment media directory. In the Copy Files Tab

Select File Type for Copy

window select General Host setup.

Write to file for each log entry: By default, selected NetOp events will be written to the log file immediately. Uncheck this box to write events to the log file when deployed Hosts are unloaded

(default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

LG_FLUSH_TO_DISK= key.

5 Advanced Tools

Log to NetOp Log or Security Server

Server’s Host ID []: Check the box to log deployed Host NetOp events on a NetOp server (default: unchecked). If checked and unless the option Use NetOp Security Server is selected in the

Security

Tab upper drop-down box, specify in the field the Host ID of the NetOp server on which to log.

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

LG_ON_SERVER= key.

Field contents refer to the

SETUP.ISS

file

[HOST] Section LG_SERVER_NAME= key. By default,

no NetOp events are selected to be logged. To deploy a NetOp log setup, create a log setup on a

NetOp Host and copy its C:\Documents and Settings\All Users\Application Data\Danware

Data\Netop Remote Control\Host\nhstconf.ndb file to the deployment media directory. In the Copy

Files Tab

Select File Type for Copy window select General Host setup.

Log to Windows Event Log

Log to Windows Event Log: Check this box to log deployed Host NetOp events in the Windows event log of the local computer (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file

[HOST] Section

LG_EVENTLOG= key.

By default, no NetOp events are selected to be logged. To deploy a NetOp log setup, create a log setup on a NetOp Host and copy its C:\Documents and Settings\All Users\Application

Data\Danware Data\Netop Remote Control\Host\nhstconf.ndb file to the deployment media directory. In the

Copy Files Tab

Select File Type for Copy window select General Host setup.

Log to SNMP

Log to SNMP: Check this box to log deployed Host NetOp events in a management information system by sending SNMP messages (default: unchecked).

Note: The checkbox setting refers to the

SETUP.ISS

file [HOST] Section

LG_ON_SNMP= key. To deploy a NetOp log setup, create a log setup on a NetOp Host and copy its C:\Documents and

Settings\All Users\Application Data\Danware Data\Netop Remote Control\Host\nhstconf.ndb file to

the deployment media directory. In the Copy Files Tab

Select File Type for Copy window select

General Host setup.

233

5.3 NetOp Deployment Utility

5.3.5.2.13 Slow Network Tab

This is the

NetOp Deployment Template

window Slow Network tab:

234

It specifies deployment waiting time.

Maximum seconds to wait before starting deployment process to next computer []: Edit the number in the field to adjust the waiting time (default: 20).

Note: Field contents do not refer to any

SETUP.ISS

file key.

5.3.5.2.14 Encryption Tab

This is the

NetOp Deployment Template

window Encryption tab:

5 Advanced Tools

It specifies deployed Host encryption settings.

Allow encryption types

NetOp 5.x/6.x compatibility: Leave this box checked to enable older NetOp Remote Control versions compatible encryption (default: checked).

None: Leave this box checked to enable session uniqueness only encryption (default: checked).

Data Integrity: Leave this box checked to enable data integrity encryption (default: checked).

Keyboard: Leave this box checked to enable keyboard encryption (default: checked).

Data Integrity and Keyboard: Leave this box checked to enable data integrity and keyboard encryption (default: checked).

High: Leave this box checked to enable high level encryption (default: checked).

Very High: Leave this box checked to enable very high level encryption (default: checked).

Note: Checkbox settings refer to the

SETUP.ISS

file

[HOST] Section

ENCRYPT_ENABLE_TYPES= key. At least one encryption type must be allowed on both of a

Guest and a Host to enable communication between them.

235

5.3 NetOp Deployment Utility

5.3.5.2.15 Windows Firewall Configuration Tab

This is the

NetOp Deployment Template

window Windows Firewall Configuration tab:

236

It specifies NetOp communication through a Windows firewall.

Allow NetOp to accept incoming network connections: Leave this box checked to enable incoming

NetOp communication through deployed computer Windows firewalls (default: checked).

Note: The checkbox setting refers to the

SETUP.ISS

file [INSTALL] Section

WF_ENABLE_APP= key.

5.3.5.2.16 Misc Tab

This is the

NetOp Deployment Template

window Misc tab:

5 Advanced Tools

It specifies miscellaneous deployed Host settings.

Enable session recording: Check this box to enable session recording on deployed Hosts (default: unchecked).

Note: The checkbox setting refer to the

SETUP.ISS

file [HOST] Section

SR_ENABLE= key.

Recording folder []: Specify in this field the deployed Host recording files directory path.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section

SR_PATH_NAME= key.

Confirm access timeout (seconds, 0=infinite) []: Specify in this field a number in the range 0-65535 to disconnect a Guest connecting to a deployed Host if the Host computer user has not confirmed access within the specified number of seconds (default: 0). The default value 0 will not disconnect the Guest.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section

TO_CONFIRM_ACCESS= key.

Authentication timeout (seconds, 0=infinite) []: Specify in the field a number in the range 0-65535 to disconnect a Guest connecting to a deployed Host if not authenticated within the specified number of seconds (default: 0). The default value 0 will not disconnect the Guest.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section

TO_AUTHENTICATION= key.

237

5.3 NetOp Deployment Utility

Activity timeout (seconds, 0=infinite) []: Specify in the field a number in the range 0-65535 to disconnect a Guest connected to a deployed Host if there has been no Guest keyboard or mouse activity within the specified number of seconds (default: 0). The default value 0 will not disconnect the Guest.

Note: Field contents refer to the

SETUP.ISS

file

[HOST] Section TO_ACTIVITY= key.

5.3.5.2.17 Confirm Access Tab

This is the

NetOp Deployment Template

window Confirm Access tab:

238

If deployed NetOp Hosts shall use Grant All Guests Default Privileges , specify confirm access settings

on this tab.

Select one of these options:

No: Guest access to deployed Host computers will not depend on Host computer user confirmation

(default selection).

Yes, except when: Guest access to deployed Host computers will depend on Host computer user confirmation unless an option checked below applies.

Computer locked: The Host computer user cannot confirm if the Host computer is locked

(default: unchecked).

No user logged on: The Host computer user cannot confirm if no user is logged on to the Host computer (default: unchecked).

Guest user logged on: A user that is logged on to the Guest computer and the Host computer at the same time should not be restrained by Host computer user confirmation.

Note: Selections refer to the

SETUP.ISS

file

[HOST] Section

DEF_CONFIRM_ACCESS= key.

5 Advanced Tools

5.3.5.2.18 Review and Edit SETUP.ISS

Click the

NDU Window

Template section Edit button to display the contents of the deployment media

directory

SETUP.ISS

file:

You can review and edit the deployment media directory SETUP.ISS

file content in this window.

Click the Notepad button to display the file content in a Windows Notepad window. Specify the startup command of another available text editor in the field to change the button label accordingly to use that text editor.

239

5.3 NetOp Deployment Utility

5.3.5.2.19 Manage Templates

In the NDU Window

Template section, click Save As… to save the deployment media directory

SETUP.ISS

file as a template to display this window:

240

It manages templates.

New Template []: Specify in this field a template name or check the Overwite box and select a name in the Existing Templates pane to display it in the field.

Existing Templates []: This pane will display the names of saved templates (initially only Default

Settings). Names will be disabled if the Overwrite box is unchecked. If the Overwrite box is checked, click an existing template name to display it in the New Template field.

Overwrite: Check this box to enable the Existing Templates pane template names and the Delete button (default: unchecked).

OK: Click this button to close the window to save the deployment media directory SETUP.ISS

file as a template by the name specified in the New Template field. If the name in the New Template field matches an Existing Templates pane name, this saved template will be overwritten.

Caution: To retain the original Default Settings template, do not overwrite it.

Delete: This button will be enabled if the Overwrite box is checked. Select a template name in the

Existing Templates pane and click this button to display a confirmation window to confirm deleting the selected template.

Note: Templates are saved in the deploying computer Windows registry under the key

HKEY_CURRENT_USER\Software\Danware Data A/S\NetOp Deployment Utility. The names of saved templates will be included in the template selection drop-down box list above the Template section.

Select a list name to display it in the field to display its contents in the

NetOp Deployment Template

window when clicking the Configure button.

5.3.6 Deployment Method

The NDU Window

Deployment Setup Section (2)

:

5 Advanced Tools

offers in its right

Deployment Method drop-down box two deployment methods:

NT Remote Service

NetOp Scripting

Note:

NetOp Scripting will be available only if NetOp Guest is loaded on the NDU computer.

5.3.6.1 NT Remote Service

NT Remote Service employs Windows NT technology to deploy to remote computers. You can deploy

only to networked Windows Server 2003/XP/2000/NT computers on which the deploying computer user has the rights to log on locally and log on as a service. Deployment will run only if a NetOp module version 6.5 or higher is installed on the deploying computer. No NetOp module needs to be installed on remote computers.

Select NT Remote Service

to display these contents in the Selection of remote computers section below:

Select one of these options:

Single NT Workstation []: Specify in the field the computer name or address of one Windows Server

2003, XP, 2000 or NT workstation to deploy to this computer (default selection).

241

5.3 NetOp Deployment Utility

ODBC DSN <ODBC data source name> [...]: This selection will display a specified ODBC data source name (Unknown if no source is specified) and an [...] options button. Click the options button to display this window:

Select ODBC Data Source

242

It specifies the ODBC data source locations of remote computer names and deployment responses.

ODBC Data Source Name []: The list of this drop-down box will contain ODBC data sources recognized by the deploying computer. Click Rescan to refresh the list. Click Define to display the

Windows ODBC Data Source Administrator window to specify data sources. Select actively a data source in the list to display it in the field to enable the Table Name drop-down box below (default:

(None)).

Table Name []: The list of this drop-down box will contain the names of tables in the data source selected in the ODBC Data Source Name drop-down box. Select actively the table that contains the desired remote computer names to enable the Hostname Column and Response Column drop-down boxes (default: empty).

Hostname Column []: The list of this drop-down box will contain the names of columns in the table selected in the Table Name drop-down box. Select actively a column to display its contents in the right pane (default: empty).

Response Column []: The list of this drop-down box will contain None and the names of columns in the table selected in the Table Name drop-down box. Select None to not display deployment result messages in a column. Select actively a column to display in it a deployment result message for each remote computer in the Hostname Column (default: empty).

Note: Current contents of Response Column fields will be overwritten by result messages.

OK: Click this button to close the window to apply selections to display the selected data source name in the

NDU Window

Deployment Setup Section (2) Selection of remote computers section.

Note: More detailed explanations are given in the

Remote Computers in a Text File ,

Remote

Computers in an Excel Range

,

Remote Computers in an Access Table

and

Remote Computers in a

Database Table

sections. An illustrated explanation is given in the NetOp KnowledgeBase

Documentation > NetOp Deployment Utility and ODBC article.

5 Advanced Tools

Target Group <Target group name> [...]: This selection will display a specified target group name

(default: DefaultGroup) and an [...] options button. Click the options button to display this window:

Target Group

It specifies target group computers.

Its title bar will display the name of the selected target group (default: DefaultGroup).

Select target group []: The list of this drop-down box will contain DefaultGroup and the names of created target groups. Create, save and delete target groups by the right upper Target group buttons

New, Save, Save As and Delete. Target groups will be stored in the NDU computer registry under the key HKEY_CURRENT_USER\Software\Danware Data A/S\NetOp Deployment Utility.

Select domain []: The list of this drop-down box will contain the names of domains recognized by the NDU computer.

Computers in selected domain []: This pane will display the names of running computers in the domain selected in the Select Domain drop-down box. You cannot select computers that display a gray no entry icon and Win 95/98/Me for deployment.

Rescan: Click this button to refresh the list of running computers in the selected domain.

Computers in selected target group []: This pane will display computers in the target group whose name is displayed in the Select target group drop-down box field. Add computers to or remove computers from the selected target group by the right lower Computer buttons Add, Add all, Remove and Remove all buttons.

Close: Click this button to close the window to apply selections to display the selected target group name in the

NDU Window

Deployment Setup Section (2) Selection of remote computers section.

5.3.6.2 NetOp Scripting

NetOp Scripting employs NetOp Remote Control technology to deploy to remote computers. You can deploy to remote Windows Server 2003, XP, 2000, NT, ME, 98 and 95 computers that run NetOp Host or extended Host version 6.0 or higher. An NDU compatible version of NetOp Guest must be loaded on the

NDU computer.

243

5.3 NetOp Deployment Utility

Select NetOp Scripting

to display these contents in the Selection of remote computers section below:

All Phonebook files in this folder [...]: Select this option and click the [...] options button to display this window:

Select Phonebook Directory

244

It specifies NetOp Guest phonebook files.

The list of the upper right drop-down box will contain the designations of NDU computer drives.

The left pane will display a selected drive directory tree, typically opening the NetOp Guest PhBook directory. The right pane will display phonebook records in the open directory.

Click OK to select the phonebook records in the right pane for deployment and close the window.

The

NDU Window

Deployment Setup Section (2) Selection of remote computers section field will

display the path of the selected directory.

To change your selection, click the [...] options button to display the

Select Phonebook Directory

window.

5 Advanced Tools

5.3.7 Deploy

In the

NDU Window

Deploy Section (3) , click More to expand the

NDU Window downwards:

Directory for Log Files []: This disabled field will display the path of the deployment Log directory that will be next to the

Media Import Section (1) deployment media directory.

The pane below will display deployment setup actions in expandable sections. Click [+] buttons to expand and [-] buttons to collapse sections.

If NetOp Guest was loaded when NDU was loaded, a section will display NetOp Guest status.

If you selected NetOp Scripting

, a section will display script status. Script settings are explained in the

User’s Manual NetOp Guest chapter Session Tools section Global Settings section Global Settings in the

Script File section. You cannot change NDU script settings.

Before deploying, verify that media files including installation files and other required files such as the

SETUP.ISS

file and files selected for copying are located in the deployment media directory specified in

the

Media Import Section (1) . The left disabled Configure First button will become enabled and display

Deploy when NDU recognizes this to be in order.

Click Deploy to start deploying.

245

5.3 NetOp Deployment Utility

If you selected

NT Remote Service

and on the NetOp Deployment Template

window

General Tab

checked the Prompt for Username and Password box, this window will be displayed:

It specifies deployment Windows logon user credentials.

Username []: Specify in this field a Windows user name that has the right to log on locally and as a service on selected remote computers (default: Administrator).

Password []: Specify in this field the matching Windows password (default: empty).

Domain []: Specify in this field the matching domain name (default: empty).

Click Cancel to cancel deployment.

246

If you selected NetOp Scripting

, this window will be displayed:

5 Advanced Tools

It reminds you of important conditions for executing

NetOp Scripting

deployment successfully.

Click Cancel to cancel deployment.

247

5.3 NetOp Deployment Utility

When deployment starts executing, this window will be displayed:

Session Status

248

The pane will display records of remote computers to which deployment has been started. Initially, records will display an installation icon.

If deployment fails before media files have been copied to the remote computer, the installation icon will be replaced by a red no entry icon.

When media files have been copied to the remote computer, the installation icon will be replaced by a yellow hourglass icon that indicates that installation is running on the remote computer.

If installation fails on the remote computer, the yellow hourglass icon will be replaced by a gray cross icon.

If installation succeeds on the remote computer, the yellow hourglass icon will be replaced by a happy face icon.

These

Session Status

window controls are available:

Close: Click this button to close the

Session Status

window permanently after a warning.

Break: Click this button to stop deployment to computers to which media files have not been copied.

Running installations on remote computers cannot be stopped.

NDU checks progress at intervals to update icons.

Pause: Click this button to pause checking.

Restart: Click this button to restart checking.

5 Advanced Tools

Check frequency: Drag the slider to set the checking interval between 1 and 30 seconds.

To reduce bandwidth consumption, select a long checking interval and pause checking.

Buttons of unavailable actions will be disabled.

5.3.7.1 What Happens During Deployment?

Starting deployment, NDU will copy media files to selected remote computers to display

Session Status

window <Remote computer name> records with an installation icon.

If

NT Remote Service was selected, NDU will create a NETOPUSH directory in the remote computer

remote administration ADMIN$ directory, typically in the path C:\WINDOWS\NETOPUSH. If

NetOp

Scripting was selected, the NDU script will connect to NetOp Host on the remote computer and create a

NETOPUSH directory in the path C:\TEMP\NETOPUSH. NDU will copy media files to the NETOPUSH directory.

The

Session Status

window pane <Remote computer name> record will indicate deployment failure at

this point by a red no entry icon. Click the <Remote computer name> record at any time from its installation icon is displayed until its result icon is displayed to open the Local Log for <Remote

computer name>. The

Local Log

for <Remote computer name> will be saved as <Remote computer

name>.LOG in the Log directory, see

Deploy .

If deployment proceeds, the NOWUTIL.EXE file copied to the remote computer NETOPUSH directory will execute to unload any loaded NetOp module. Then, the SETUP.EXE file copied to the remote computer NETOPUSH directory will execute to install specified NetOp modules.

The

Session Status

window pane <Remote computer name> record will indicate installation in progress

by the yellow hourglass icon.

When installation has ended, the remote computer will be cleaned up. The installation log files

INSTALL.LOG and SETUP.LOG will be combined with the deployment log file PUSH.LOG and setup files (SETUP.ISS or <NetOp module>.mst) into one NETOPUSH.LOG file that will be sent to the NDU

computer where it will be saved as <Remote computer name>.RLG in the Log directory, see Deploy

.

The

Session Status

window pane <Remote computer name> record will indicate the reception of a

NETOPUSH.LOG file by a happy face icon if remote installation was successful or a gray cross icon if remote installation failed. Click the <Remote computer name> record when its result icon has been displayed to open the

Remote Log

for <Remote computer name>.

5.3.7.2 Troubleshoot Deployment Progress

To troubleshoot deployment progress, see what happens in the

Session Status

window and read generated

log files.

If selected remote computer records display incompletely in the

Session Status

window pane or their

installation icons do not change into other icons after waiting for some time, NDU has probably problems

in connecting to remote computers. This wil typically be the case if when using NetOp Scripting an

unanswered NetOp Guest dialog such as a logon window is displayed. Clicking the last remote computer record in the pane to display its local log may give a clue to the problem.

249

5.3 NetOp Deployment Utility

If a remote computer record displays a red no entry icon, click the record to display the local log file contents:

Local Log

250

The local log will display clear text statements of the actions executed by the deploying computer to make the remote computer ready to install NetOp Remote Control. Search near the end of the log for statements that indicate the problem that deployment has encountered, typically denied access.

5 Advanced Tools

If a remote computer record displays a gray cross icon, click the record to display the remote log file contents:

Remote Log

A complete remote log will contain these sections:

INSTALL.LOG: Records install actions.

SETUP.LOG: Records setup initialization.

PUSH.LOG: Records deployment actions.

SETUP.ISS/<Installed NetOp module>.mst: Records setup details.

The error that made installation fail can be found in any of these sections. For instance, an invalid license number statement will appear in the end if the INSTALL.LOG.

251

5.3 NetOp Deployment Utility

5.3.8 Deployment Tips

This section contains tips for special deployment situations. It includes these sections:

5.3.8.1 Deploy from a Remote Controlled Computer

You can deploy from a remote controlled Windows Server 2003/XP/2000/NT computer that runs NDU.

The computer must run NetOp Host to be remote controlled and if using

NetOp Scripting

also NetOp

Guest to run the deployment. NetOp Host and Guest can run on a computer at the same time only if in the

NETOP.INI file [COEXISTENCE] section COEXIST=2, see the User’s Manual Common Tools chapter

NETOP.INI section [COEXISTENCE] Section section or the matching NetOp Guest Help or NetOp Host

Help system section..

5.3.8.2 Deploy Setup Details not Included in NetOp Deployment Template

The

NetOp Deployment Template

window enables specifying most NetOp Host setup details. However, several NetOp Host setup details as well as extended NetOp Host and NetOp Guest setup details cannot

be specified in the

NetOp Deployment Template

window.

NetOp module setup is written to configuration files, see the User’s Manual Common Tools chapter

NetOp Configuration Files section or the matching NetOp Guest Help or NetOp Host Help system section.

To deploy setup details that are not included in the

NetOp Deployment Template

window, set up the

NetOp module you want to deploy as desired and copy its configuration files to the NDU deployment media directory, see

Media Import . On the

Copy Files Tab , specify copying these configuration files to

remote computers.

5.3.8.3 WININET.DLL

For NDU to access the Internet, the application extension wininet.dll must reside in the System 32 directory. This will typically be the case if a Microsoft Internet product is installed on the NDU computer.

If not, you may lack wininet.dll. You can download the version of wininet.dll that matches the NDU computer operating system from Microsoft.

5.3.8.4 Deploy Other Programs than NetOp

NDU was designed for deploying NetOp Host. You can also deploy NetOp Security Server, NetOp

Gateway, NetOp Name Server and NetOp Guest with NDU.

In most cases, NDU will also work with other programs that install with traditional InstallShield or

Windows Installer in a similar fashion, but success is not guaranteed and we do not provide technical support for the deployment of other programs.

Place installation and setup files in the deployment media directory and deploy like deploying a NetOp program.

The

Session Status

window may not display the same icons as when deploying a NetOp program because other programs do not return the same messages. To troubleshoot deployment, read the log files.

5.3.8.5 Remote Computers in a Text File

The NT Remote Service

ODBC DSN option can work with a plain text file:

1.

In a text editor, e.g. Notepad, type the name of each remote computer on a new line followed by a

T

AB

and an additional word, e.g. Response. Save the text file with a name.

2.

In the

NDU Window

, select NT Remote Service , select ODBC DSN and click the options button to

display the NetOp Deployment - Select ODBC Data Source window.

3.

Click Define to open the Windows ODBC Data Source Administrator. Select the System DSN tab.

4.

Click Add to display the Create New Data Source window. Select Microsoft Text Driver and click

Finish to close the window.

5.

In the ODBC Text Setup window, in the Data Source Name field specify a name, e.g. Text.

6.

In the Database section, uncheck Use current directory to enable the Select Directory button. Click it to display the Select Directory window.

7.

Select the directory that contains the text file that contains the list of remote computers to display its path after Directory:. Click Options>> to expand the window downwards.

252

5 Advanced Tools

8.

Click Define Format to display the Define Text Format window. Select in its upper left scrolling pane the text file that contains the list of remote computers.

9.

In the Format drop-down box, select Tab Delimited and click Guess. If the Columns section pane displays F1 (highlighted) and F2, the Data Type drop-down box field displays Char, the Name field displays F1 and the Width field displays 255, everything is fine. Define Text Format defined two columns that it named F1 (left) and F2 (right). The width of each column is limited to 255 characters.

10. Click OK to return to the ODBC Text Setup window.

11. Click OK to return to the ODBC Data Source Administrator window.

12. Click OK to return to the NetOp Deployment - Select ODBC Data Source window.

13. Click Rescan to scan for new data sources.

14. In the ODBC Data Source Name drop-down box list, select the name of the newly created text data source to display it in the field.

15. In the Table Name drop-down box list, select the name of the text file that contains remote computer names to display it in in the field.

16. In the Hostname Column drop-down box list, select F1 to display it in the field and display the remote computer names in the pane to the right.

17. In the Response Column drop-down box list, select F2 to display it in the field.

18. Click OK to apply your ODBC DSN selections to close the window and display the data source name in the

NDU Window Selection of remote computers section ODBC DSN field.

After deployment, result messages will be written to the Response Column cells.

5.3.8.6 Remote Computers in an Excel Range

The NT Remote Service ODBC DSN option can work with a Microsoft Excel range:

1.

Remote computer names must be available in a contiguous Excel column list.The cells in the column to the right must be empty or without important contents, as deployment result messages will be written in them. One heading cell must be available above each column. You can specify column headings in these cells, e.g. Hostname to the left and Response to the right.

2.

Name this range including heading cells (Insert > Name > Define) to enable ODBC to recognize it as a table.

3.

In the

NDU Window

, select NT Remote Service , select ODBC DSN and click the Options button to

display the NetOp Deployment - Select ODBC Data Source window.

4.

Click Define to open the Windows ODBC Data Source Administrator. Select the System DSN tab.

5.

Click Add to display the Create New Data Source window. Select Microsoft Excel Driver and click

Finish to close the window.

6.

In the ODBC Microsoft Excel Setup window, in the Data Source Name field specify a name, e.g.

Excel.

7.

In the Database section click Select Workbook to display the Select Workbook window.

8.

Select the Excel file that contains the named range to display its name in the Database Name field and click OK to close the window.

9.

The ODBC Microsoft Excel Setup window Database section will display the Excel file path after

Workbook:. Click OK to close the window.

10. The ODBC Data Source Administrator window System DSN tab pane will include the created data source. Click OK to close the window.

11. In the NetOp Deployment - Select ODBC Data Source window, click Rescan to scan for new data sources.

12. In the ODBC Data Source Name drop-down box list, select the name of the newly created Excel data source to display it in the field.

253

5.3 NetOp Deployment Utility

13. In the Table Name drop-down box list, select the name of the Excel file range that contains remote computer names to display it in in the field.

14. In the Hostname Column drop-down box list, select the remote computer list column heading (F1 if the heading cell is empty) to display it in the field and display the remote computer names in the pane to the right.

15. In the Response Column drop-down box list, select the response column heading (F2 if the heading cell is empty) to display it in the field.

16. Click OK to apply your ODBC DSN selections to close the window and display the data source name in the

NDU Window Selection of remote computers section ODBC DSN field.

5.3.8.7 Remote Computers in an Access Table

The NT Remote Service

ODBC DSN option can work with a Microsoft Access table:

1.

Remote computer names must be available in a Microsoft Access table column. Another table column must be empty or without important contents to enable writing result messages in it.

2.

In the

NDU Window

, select NT Remote Service , select ODBC DSN and click the Options button to

display the NetOp Deployment - Select ODBC Data Source window.

3.

Click Define to open the Windows ODBC Data Source Administrator. Select the System DSN tab.

4.

Click Add to display the Create New Data Source window. Select Microsoft Access Driver and click

Finish to close the window.

5.

In the ODBC Microsoft Access Setup window, in the Data Source Name field specify a name, e.g.

Access.

6.

In the Database section, click Select to display the Select Database window.

7.

Select the Access file that contains the remote computers table to display its name in the Database

Name field and click OK to close the window.

8.

The ODBC Microsoft Access Setup window Database section will display the Access file path after

Database:. Click OK to close the window.

9.

The ODBC Data Source Administrator window System DSN tab pane will include the created data source. Click OK to close the window.

10. In the NetOp Deployment - Select ODBC Data Source window, click Rescan to scan for new data sources.

11. In the ODBC Data Source Name drop-down box list, select the name of the newly created Access data source to display it in the field.

12. In the Table Name drop-down box list, select the name of the remote computers table to display it in in the field.

13. In the Hostname Column drop-down box list, select the remote computer list column heading to display it in the field and display the remote computer names in the pane to the right.

14. In the Response Column drop-down box list, select the result message column heading to display it in the field.

15. Click OK to apply your ODBC DSN selections to close the window and display the data source name in the

NDU Window Selection of remote computers section ODBC DSN field.

5.3.8.8 Remote Computers in a Database Table

The NT Remote Service

ODBC DSN option can work with a database table. The procedure is similar to

Remote Computers in an Access Table .

5.3.8.9 Using a Repository

When running NDU across long or slow communication lines to several computers on a remote LAN, it may be advisable to use a repository residing on the remote LAN to reduce traffic on the long or slow communication line to speed up the copying of files, see

General Tab .

254

5 Advanced Tools

5.3.8.10 Installation Rights with NT Remote Service

The installation of NetOp on remote computers using NT Remote Service requires that the user performing the installation have the rights on all selected remote computers to log on locally and log on as a service.

By default, the NDU remote installation is performed by the user logged on to the deploying computer, or more specifically by the account identified by the user’s logon username, password and domain. If this account does not have the required rights on the remote computers, another account having those rights can be selected for the installation:

Alternative 1:

On the NDU template

General Tab check the box Prompt for username and password. When clicking the

Deploy button, the Change account for Session window will display, see

Deploy

. Typically, the specification of the logon credentials of an administrator account having the required rights in the remote domain will be used. Clicking OK in this window issues the following DOS command to all selected remote computers:

NET USE \\<remote computer name>\ADMIN$ <password>

/USER:<domain>\<username>

- that will establish connections.

Alternative 2:

On the NDU template General Tab do not check the box Prompt for username and password. Before

clicking the Deploy button, establish connections to the remote computer ADMIN$ directories individually by using the NET USE command shown in Alternative 1.

Alternative 3:

If deploying from a Windows 2000+ computer, when starting NDU from the program folder, hold down the S

HIFT

key and right-click the NDU program icon. In the displayed menu, click Run As… and enter account details in the dialog box before opening NDU. On the NDU template General tab do not check the box Prompt for username and password. This alternative has the same effect as Alternative 1.

When the Deploy button has been clicked, connections to the remote computers’ ADMIN$ directory with the specified user account will be established.

This account must exist individually or as a member of a local group on the remote computers and have the rights to log on locally and log on as a service. These rights are found in Windows NT 4.0 in

Programs\Administrative Tools (Common)\User Manager\Policies\User Rights (check Advanced), and in

Windows 2000+ in Control Panel\Administrative Tools\Local Security Policy\Local Policies\User Rights

Assignment. Remember that after changing user rights, you must log off and log on to make the new user rights apply.

If established by NDU, the connection is closed after installation, and the entered information is not saved anywhere. If established individually, remember to close the connections with the DOS command:

NET USE \\<remote computer name>\ADMIN$ /DELETE.

What connections are open can be checked with the DOS command NET USE.

5.3.8.11 Deploying to Different Domains

When deploying to remote computers in different domains requiring different user accounts for connection and installation, remote computers should be grouped into each their NDU session requiring the same user account. The change of account is easily accomplished using Alternative 1 in

Installation

Rights with NT Remote Service .

255

5.4 NetOp Remote Control in Terminal Server Environments

5.4 NetOp Remote Control in Terminal Server Environments

A terminal server environment (TSE) includes the terminal server console and client sessions that run on the terminal server.

You can use NetOp Remote Control between TSE elements, between a TSE element and a network computer and between TSE elements on different terminal servers.

This section includes these sections:

Installation (TSE)

Use (TSE)

5.4.1 Installation (TSE)

Install NetOp Remote Control on a terminal server from the Control Panel utility Add or Remove

Programs. To avoid problems, any already installed NetOp modules should be unloaded during installation.

You can install NetOp Guest, NetOp Host and NetOp Gateway. If client session NetOp modules shall be enabled to communicate with NetOp modules outside the TSE, you must install NetOp Gateway.

You cannot install NetOp Security Server or NetOp Name Server on a terminal server.

5.4.2 Use (TSE)

Using NetOp Remote Control in a TSE works in most respects like using NetOp Remote Control between network computers.

However, there are important differences because TSE elements reside on the same computer and share the same computer resources.

This section includes these sections:

NetOp Naming (TSE)

NetOp Communication (TSE)

Module Functionality (TSE)

Computer Resources (TSE)

5.4.2.1 NetOp Naming (TSE)

In a TSE, the terminal server console and client sessions share the terminal server computer name and network address. Therefore, NetOp modules in a TSE, or at least NetOp modules in client sessions, should not be identified by these names.

On the other hand, each client session is identified by a unique user name. Hosts will not be allowed to become running, unless they are identified by a unique name. Consequently, a Host in a TSE should not be named with its Windows computer name (the NetOp default selection that is generally recommended in a network installation), but with a name defined by an environment variable such as USERNAME or a specified name.

Host naming is selected in the Tools menu Program Options command/window Host Name tab, see

User’s Manual, Host Name Tab.

Also, take care to assign different names to Guests in a TSE. If one inside Guest is connected to an outside Host and another inside Guest in the same TSE identified by the same name tries to connect to the same Host, the return communication from the outside Host may get mixed up and the connected Guest may experience a lost connection (Error 5).

Guest naming is selected in the Tools menu Program Options command/window Login tab Guest ID section, see the User’s Manual, Login Tab.

5.4.2.2 NetOp Communication (TSE)

NetOp modules communicate inside a TSE by using a NetOp proprietary Terminal Server communication device that is available only to NetOp modules installed on a terminal server, see User’s

Manual, Terminal Server. NetOp modules inside a TSE can communicate with NetOp modules in a

256

5 Advanced Tools

network outside the TSE, in some cases by using a NetOp Gateway running on the terminal server console (a TSE Gateway).

Inside a TSE, NetOp modules communicate using the Terminal Server communication profile that must be selected on Guests and must be enabled on Hosts.

Connecting from an outside NetOp module to an inside NetOp module must pass through a NetOp

Gateway running on the terminal server console, see Installation (TSE) .

5.4.2.2.1 TSE Gateway Setup

On the NetOp Gateway running on the terminal server console (TSE Gateway), enable at least one communication profile using the Terminal Server communication device for inside communication and enable communication profiles using other communication devices for outside communication.

IP broadcast list considerations may apply, see

IP Broadcast List Considerations .

Stopping a TSE Gateway will cause connections between inside NetOp modules and outside NetOp modules established through the TSE Gateway to be lost.

5.4.2.2.2 Connecting into a TSE

An outside NetOp module must connect to an inside NetOp module by using a communication profile matching one of the outside communication profiles enabled on the TSE Gateway.

If connecting from the outside network of the terminal server, on a connecting Guest enable at loading one or more networking communication profiles matching the ouside networking communication profiles enabled on the TSE Gateway, see the User’s Manual Communication Profiles. Use the communication profile <Any initialized communication> to request that the TSE Gateway routes the communication to its other enabled networking communication profiles including communication profiles using the

Terminal Server communication device, see the User’s Manual, Host Section, subsection “Special case:

Connecting to a Host on the Guest network through a NetOp Gateway”.

If connecting from the outside network of the terminal server, on a connecting Host requesting help select

Use current Host communication profile(s), see the User’s Manual, Help Request Tab.

The inside NetOp module must have a Terminal Server communication profile enabled.

IP Broadcast List Considerations may apply.

5.4.2.2.3 Connecting out of a TSE

Two alternative methods are available:

1. Using an outside communication profile (not using a TSE Gateway):

Connect by using a communication profile matching a communication profile that is enabled on the outside NetOp module.

Note: If another NetOp module inside the same TSE connects to or browses for the same NetOp module

outside the TSE using the same communication profile, return communication into the TSE may get mixed up and the connection may be lost. Avoid this by using different communication profiles, if possible.

If using a communication profile using the TCP/IP (UDP) communication device, specify the Receive

Port number 0 (zero), see User’s Manual, Advanced TCP/IP Configuration, to make the terminal server allocate a receive port number for return communication to the connecting NetOp module.

2. Using an inside communication profile (using the TSE Gateway):

To connect to a NetOp module on the outside network of the terminal server, enable a communication profile using the Terminal Server communication device and connect using the communication profile

<Any initialized communication> to request that the TSE Gateway routes the communication to other enabled networking communication profiles. One of the communication profiles enabled on the TSE

Gateway must match one of the communication profiles that are enabled on the outside NetOp module.

IP Broadcast List Considerations may apply.

To connect to a NetOp module by a point-to-point connection from the TSE Gateway, use a communication profile using the Gateway (User’s Manual) communication device.

257

5.4 NetOp Remote Control in Terminal Server Environments

5.4.2.2.4 Connecting between TSEs

Connecting between TSEs combines the requirements of

Connecting into a TSE

and

Connecting out of a

TSE .

Note: The communication between two NetOp Gateways in a network is intentionally disabled, as this

would in some cases cause an uncontrolled propagation of network communication, a so-called broadcast storm.

Note: Consequently, connecting method 2 of

Connecting out of a TSE

, is unavailable for connecting between TSEs, and one has to live with the drawbacks of connecting method 1.

IP Broadcast List Considerations

may apply.

5.4.2.2.5 IP Broadcast List Considerations

Some NetOp operations such as browsing for Hosts and browsing for help providers use broadcasting.

Network broadcasting by default reaches only the local part of the network, which also applies to communication between NetOp modules on a terminal server and NetOp modules in a network. For broadcast communication to succeed if TCP/IP (UDP) communication is used, the IP address of the terminal server must be in the IP broadcast list of the TCP/IP (UDP) communication profile used by remote network NetOp modules. Also, the IP address of remote network NetOp modules must be in the

IP broadcast list of the TCP/IP (UDP) communication profile used by inside NetOp modules and the TSE

Gateway, see User’s Manual, IP Broadcast List.

5.4.2.3 Module Functionality (TSE)

NetOp configuration files of terminal server users are stored in user profile directoriesand are applied to

NetOp modules run in client sessions by users, see the User’s Manual Common Tools chapter NetOp

Configuration Files section or the matching NetOp Guest Help or NetOp Host Help system section.

The Host has mostly the same functionality as in a network setup. However, certain functions are different with a terminal server client Host, partly due to technical limitations and partly in order to avoid undesirable effects.

Blank Display

Blank Display cannot be implemented the NetOp way in a TSE. Consequently, the Blank Display command does not work on an inside Host.

Restart Host PC

Executing the command Restart Host PC would restart the entire terminal server if it were implemented like in a network, which would in most cases be most undesirable. Therefore, this menu command and button in the remote control window is disabled.

Other Host settings may in a network cause the Host PC to restart, namely:

1. In the Tools menu Guest Access Security command/window Guest Policy Tab (User’s Manual)

Password section selecting Restart Windows.

2. In the Tools menu Guest Access Security command/window Guest Policy Tab (User’s Manual)

Disconnect section selecting Restart Windows.

Both of these settings on an inside TSE Host will cause the client user to be logged off from the terminal server.

Remote Printing

Remote printing features available in a network setup make little sense in a TSE and are not implemented.

5.4.2.4 Computer Resources (TSE)

All TSE terminals share the same computer resources, namely the computer resources of the terminal server. Consequently, all the computer resources of the terminal server are available to all TSE terminals, limited only by restrictions applied to the individual user logged on to the terminal server.

258

5 Advanced Tools

This applies to files, installed programs and peripherals such as outside connections and printers. This must be carefully considered, particularly in connection with setting maintenance password and Guest access security for different NetOp modules in the TSE.

259

5.5 NetOp Guest ActiveX Component

5.5 NetOp Guest ActiveX Component

NetOp Guest ActiveX component enables remote control of a computer that runs NetOp Host from a

NetOp Guest component that is embedded in a file.

This section includes these sections:

Requirements (ActiveX)

How to Use NetOp Guest ActiveX Component

NetOpX Connect

NetOpX Properties

NetOpX Remote Control

Programmer Information

5.5.1 Requirements (ActiveX)

To run NetOp Guest ActiveX component on a computer that uses a Microsoft Windows operating system, these system requirements apply:

Computer

Intel 80486 processor or higher, or 100% compatible.

Memory

32 MB.

Platform

Windows operating system with Internet Explorer 4.01 or later.

5.5.2 How to Use NetOp Guest ActiveX Component

Before using NetOp Guest ActiveX component, read the README.TXT file that resides in the root directory of the NetOp Remote Control CD. This file contains important general information and may contain update information that was not available when this manual was last edited.

The NetOp Remote Control CD contains in its NRC\ACTIVEX directory the file NetOpX.cab that contains NetOp Guest ActiveX component.

To use NetOp Guest ActiveX component, it must be embedded in a graphical area in a file that can be displayed in a container application. Users with ActiveX programming skills will be able to embed

NetOp Guest ActiveX Component in a file based on the included Programmer Information .

The NetOp Remote Control CD contains in its NRC\ACTIVEX directory in addition to the NetOpX.cab file the netopx.htm file that demonstrates NetOp Guest ActiveX component embedded in a file. Doubleclick netopx.htm to display this window:

260

NetOpX Demonstration window

5 Advanced Tools

NetOp Guest ActiveX component is embedded in the gray area.

Click in the gray area to display the

NetOpX Connect

.

Right-click in the gray area to display the

NetOpX Properties

.

261

5.5 NetOp Guest ActiveX Component

5.5.3 NetOpX Connect

Click in the NetOpX Demonstration window gray area to display this window:

262

This window connects to NetOp Host.

IP address or computer name []: Specify in this field the NetOp Host computer IP address or name. To connect through another port than the NetOp Remote Control default port number 6502, add the port number after a colon, e.g. 192.168.20.51:1234.

Via NetOp Gateway []: To connect through a NetOp Gateway, check the box and specify the NetOp

Gateway computer IP address in the field (default: unchecked).

Click OK to typically display a logon window in which you must specify the credentials demanded by the

Host to access to the Host computer.

After logon, the

NetOpX Demonstration window

gray area will be replaced by a NetOp Host computer screen image. This is a remote control display, see the User’s Manual NetOp Guest chapter Guest

Sessions section Remote Control section Remote Control Display section or the matching NetOp Guest

Help system section.

Properties: Click this button to display the

NetOpX Properties .

5 Advanced Tools

5.5.4 NetOpX Properties

Right-click in the NetOpX Demonstration window gray area or click the Properties button in other

NetOpX windows to display this window:

This window contains these tabs:

Keys Tab

Graphics Tab

Connection Tab

Name Server Tab

263

5.5 NetOp Guest ActiveX Component

5.5.4.1 Keys Tab

This is the

NetOpX Properties

window Keys tab:

264

It specifies remote control keystroke combinations according to this explanation:

To invoke Press this locally

Remote Control Dialog

Ctrl Alt [End]: This keystroke combination will display the

NetOpX

Remote Control window. You can edit the keystroke combination by unchecking

boxes and selecting another option in the drop-down box.

Ctrl-Alt-Del

Ctrl Alt [F7]: This keystroke combination will send the keystroke combination C

TRL

+A

LT

+D

EL

to the Host computer. You can edit the keystroke combination by unchecking boxes and selecting another option in the drop-down box.

Ctrl-Esc

Ctrl Alt [F8]: This keystroke combination will send the keystroke combination C

TRL

+E

SC

to the Host computer. You can edit the keystroke combination by unchecking boxes and selecting another option in the drop-down box.

Alt-Tab

Ctrl Alt [F9]: This keystroke combination will send the keystroke combination A

LT

+T

AB

to the Host computer. You can edit the keystroke combination by unchecking boxes and selecting another option in the drop-down box.

The disabled fields to the right display the key scan code of the last key in each keystroke combination.

Select Other in a drop-down box to enable the field to specify a key scan code in it.

The effect of sending keystroke combinations to the Host computer is explained in the User’s Manual

NetOp Guest chapter Guest Sessions section Remote Control section and in the matching NetOp Guest

Help system section.

5.5.4.2 Graphics Tab

This is the

NetOpX Properties window Graphics tab:

5 Advanced Tools

It specifies Host screen image display properties.

Transfer Host screen as bitmap: Check this box to transfer the Host screen image as bitmap, see the

User’s Manual NetOp Guest chapter Session Tools section Connection Properties section

Compression/Encryption Tab section or the matching NetOp Guest Help system section (default: unchecked).

Stretch screen image to fit window: Check this box to resize the Host screen image to fit within a window specified by the container application (default: unchecked). If unchecked, a full scale image section will be displayed in a specified window.

[] Scroll position X: Specify a number in the field to display the Host screen image scrolled that number of pixels to the left in a window specified by the container application (default: 0).

[] Scroll position Y: Specify a number in the field to display the Host screen image scrolled that number of pixels up in a window specified by the container application (default: 0).

Note: Microsoft Internet Explorer, the container application of the

NetOpX Demonstration window

, specifies no window.

265

5.5 NetOp Guest ActiveX Component

5.5.4.3 Connection Tab

This is the

NetOpX Properties

window Connection tab:

It specifies connection properties.

Remote keyboard (send all keystrokes): Leave this box checked to send all keystrokes except

C

TRL

+A

LT

+D

EL

to the Host computer (default: checked). Uncheck to not send keystrokes replaced by other keystrokes on the

Keys Tab

.

Lock keyboard and mouse on Host: Check this box to disable the Host computer keyboard and mouse during connection (default: unchecked).

Blank screen on Host: Check this box to make the Host screen turn black to the Host computer user during connection (default: unchecked).

Use TCP instead of UDP: Check this box to communicate by TCP/IP (TCP) instead of TCP/IP

(default: unchecked).

HTTP headers: Check this box to add HTTP headers to data packets to facilitate passing firewalls

(default: unchecked).

[] Host address: This disabled field will display the connected Host address.

[] IP port number: This disabled field will display the used TCP/IP port number (default: 6502).

266

5.5.4.4 Name Server Tab

This is the

NetOpX Properties window Name Server tab:

5 Advanced Tools

It specifies the optional use of NetOp Name Management .

Name Space ID []: Specify in this field the applicable Name Space ID (default: empty).

Primary Address []: Specify in this field the primary NetOp Name Server address (default: empty).

Secondary Address []: Specify in this field the secondary NetOp Name Server address (default: empty).

5.5.5 NetOpX Remote Control

Click in the remote control display and press the

NetOpX Properties

window

Keys Tab Remote Control

Dialog keystroke combination (default: C

TRL

+A

LT

+E

ND

) to display this window:

Disconnect from NetOp Host: Click this button to disconnect.

Properties: Click this button to display the

NetOpX Properties

window.

Write Log: Click this button to save a communication log named NETOPX.LOG in the current directory of the container application, see the User’s Manual NetOp Guest chapter Guest Tools section Debug

Trace section or the matching NetOp Guest Help system section.

267

5.5 NetOp Guest ActiveX Component

5.5.6 Programmer Information

This section includes these sections:

NetOpX Methods and their Return Codes

NetOpX Events

NetOpX Properties

NetOpX Messages and their Numbers

5.5.6.1 NetOpX Methods and their Return Codes

long Connect(BSTR address)

OK, trying to connect

Already connected

0

1 long ConnectNameServers()

OK, connected

Empty string as name space ID is invalid

Timeout searching for name server(s)

Found name server(s), but error connecting long Hangup()

No return codes

0

1

2

3

Void

OK long SendDomainUsernamePassword(BSTR Domain, BSTR Username, BSTR

Password)

0

OK long SendPassword(BSTR Password)

0

OK long SendUsernamePassword(BSTR Username, BSTR Password)

0

268

5 Advanced Tools

5.5.6.2 NetOpX Events

All parameters named DealtWith should be returned as TRUE (not zero) if you want to override

NetOpX's own event handling.

Event

OnResize(long width, long height)

OnHangup()

OnScroll(long x, long y)

OnConnect()

OnBusy(long* DealtWith)

OnCommunicationError(long* DealtWith)

OnConnectFailed(long* DealtWith)

OnLoginFailed(long* DealtWith)

OnDisplayMessageBox(long MessageNo, long*

DealtWith)

OnShowMessage(long MessageNo, long*

DealtWith)

OnEditProperties(long* DealtWith)

OnSpecialKey(long* DealtWith)

OnEnterPassword(long Retrying, long*

DealtWith)

OnEnterUsernamePassword(long Retrying, long* DealtWith)

OnEnterDomainUsernamePassword(long

Retrying, long* DealtWith)

OnEnterConnectInfo(long* DealtWith)

DebugInfo(BSTR info)

OnConnectNameServerFailed(long code, long* DealtWith)

Explanation

Fired when host resolution changes and on connection.

Parameters are host screen size in pixels.

Fired when disconnecting.

Dummy. Never fired.

Fired on successful connection.

Fired on unsuccessful connection due to busy host.

Fired when communication error occurs.

Fired on unsuccessful connection due to unknown reason.

Fired on invalid username or passwords used for login.

Fired before NetOpX puts up a modal messagebox.

Messages are listed below.

Fired before NetOpX puts up a non-modal messagebox.

Messages are listed below.

Fired before NetOpX puts up its properties dialog.

Fired before NetOpX puts up its remote control dialog.

Fired when NetOpX wants a password in the "Grant all

Guests Default Privileges" state. Connection method

SendPassword() with a password as parameter.

Fired when NetOpX wants a password in the "NetOp

Authentication" state. Connection method

SendUsernamePassword() with a password as parameter

Fired when NetOpX wants a password in the "Windows

Authentication" state. Connection method

SendDomainUsernamePassword() with a password as parameter

Fired before NetOpX puts up its connect dialog.

Connection method Connect() with a computername or an

IP address as parameter.

Fired in miscellaneous situations. Varies with versions and builds.

Fired when the name server connection fails.

OnConnectNameServer()

Fired when the name server connection succeeds.

269

5.5 NetOp Guest ActiveX Component

5.5.6.3 NetOpX Properties

Type Name

boolean isConnected

BSTR hostAddress boolean stretchScreenToFitWindow long long

scrollPositionX

scrollPositionY long portNumber boolean lockKeyboard boolean blankScreen

BSTR gatewayAddress long keySpecial boolean ctrlSpecial boolean altSpecial long keyCtrlAltDel boolean altCtrlAltDel boolean ctrlCtrlAltDel boolean bitmapMode boolean altCtrlEsc boolean ctrlCtrlEsc long keyCtrlEsc boolean altAltTab boolean ctrlAltTab long keyAltTab boolean remoteKeyboard long commProfile

BSTR nnsNameSpace

BSTR nnsPrimaryNameServer

BSTR nnsAlternateNameServer

5.5.6.4 NetOpX Messages and their Numbers

NetOpX Message

Error opening net

Error closing net

Error browsing on net

Connection failed

Could not listen

Error sending record

Error receiving record

Hook reports error

Hook could not initialize

No Hook object

Could not allocate memory for small grab bitmap

Could not allocate memory for large grab bitmap

The Host user clicked the Deny Access button

Illegal password

Too many illegal passwords entered

Password is too long. Max is 16 characters

Guest username is too long. Max is 32 characters

12

13

14

15

8

9

10

11

16

17

6

7

4

5

2

3

Number

1

270

5 Advanced Tools

Error allocating communication memory

Switch to NetOp authentication or update Host

Cancelling ...

Communication error

Waiting for Host user to confirm access

Host found. Establishing connection ...

Session established with host ...

Session established with gateway ...

Cancelled

Old Host detected. Not all functions supported

Trying to find host ...

Trying to find gateway ...

Could not find host

Could not find gateway

Found host ...

Found gateway ...

Establishing session with host ...

Establishing session with gateway ...

Timeout establishing session

Host is busy

Found non-gateway

No dispatch reply from host

No dispatch reply from gateway

Dispatch reply error

Authenticating with host ...

Authenticating with gateway ...

Exchanging information ...

Initializing graphics ...

Direct connection failed

No host responds

Hanging up ...

Session ended by host

Could not find network

Network found ...

No access to closed user group

46

47

48

49

42

43

44

45

50

51

52

38

39

40

41

34

35

36

37

30

31

32

33

26

27

28

29

22

23

24

25

18

19

20

21

5.6 NetOp Scripting ActiveX Control

The object control extension NFMSCRPT.OCX is installed in your Windows system32 directory when you install a NetOp Guest. It allows you to access the Guest's scripting capabilities from any programming or scripting tool that supports ActiveX automation.

A commonly used tool is Microsoft Visual Basic (VB). The OCX is tested with VB, and examples in this section are written mostly in VB. An example of a VBscript using an excerpt of the commands available is:

Rc = Script.Initialize()

Rc = Script.Call("MyDesktop")

Rc = Script.IncludeSubdirectories(True)

Rc = Script.Synchronize("c:\MyDocuments\*.*", "c:\MyDocuments\*.*")

Rc = Script.Hangup()

271

5.6 NetOp Scripting ActiveX Control

Rc = Script.Uninitialize()

Scripts as simple as this are more easily created and executed with the script editor in the NetOp Guest program. Say, however, that you wish to retry all or parts of your operations repeatedly until they have all succeeded, you must make a more complex algorithm that this editor is not designed for. With

NFMSCRPT.OCX you can improve the above script to for example:

Rc = Script.Initialize()

CallAgain:

Rc = Script.Call("MyDesktop")

Rc = Script.IncludeSubdirectories(True)

RcSync = Script.Synchronize("c:\MyDocuments\*.*",

"c:\MyDocuments\*.*")

Rc = Script.Hangup() if (RcSync<>0) Then

WriteLog ("Failed. Trying again in 30 seconds")

WaitSeconds(30)

GoTo CallAgain:

End If

Rc = Script.Uninitialize()

This section includes these sections:

Creation and Deletion

Startguest, Initialize and Uninitialize

Connect and Disconnect

Transferring Files

Examples

Reference

5.6.1 Creation and Deletion

An NFMscript object is created and eventually destroyed with the means of the programming tool. With

VB, you can use the visual way by right-clicking the object toolbar (the one on the left side), and choose

Components. A dialog with all available OCXs appears. Check the box with Danware NetOp File

Manager Script, and click OK. A script icon will be added to your toolbar. Click this icon, then click the location in the form where you want the NFM script object placed, and drag it out. The default visual representation is a tree view showing commands as they execute, so even though the control initially shows up blank, it may be an idea to give it a reasonable size.

Assume you have named your NFMScript object Script. Script.ClearLog() can be used to clear the treeview log window. If you do not want any visual feedback, you can make the script invisible. You can also choose another reporting mode than ReportLog().

Set Script.Visible = False

Rc = Script.ReportSilent()

Rc = Script.ReportStatus()

Rc = Script.ReportLog()

The OCX can handle any number of simultaneous NFMscript objects, but the NetOp Guest will limit you to a maximum of 10 active objects at a time. The 11th and all further objects can be created but will always return error codes from all methods.

5.6.2 Startguest, Initialize and Uninitialize

NFMSCRPT.OCX is only another way of wrapping up the NetOp Guest. Therefore, the NetOp Guest program has to be running when the OCX executes. The simplest way is to start it manually before starting the program or script you are writing using NFMSCRPT.OCX.

272

5 Advanced Tools

You may, however, want to hide the NetOp Guest program and consider it an invisible service that is needed to run with your application. If you wish that, you can call the StartGuest() function.

In VB you would typically do that in the Form_Load() function for your initial form:

Sub Form_Load()

Dim Rc As Long

Again:

Rc = Script.StartGuest(True) if (Rc < -12 Or Rc > -11) Then

MsgBox("Can’t start NetOp Guest, please exit Host")

GoTo Again

End If

End

If NetOp is installed and is working properly, the most likely reason for not being able to start the Guest program is that the Host is running. You must manually stop the Host. When the Guest has started, you can send commands to it from any NFMscript object you have created. The first command any object should send is the Initialize command that creates connection between the object and the Guest. This will typically happen as a reaction to the click of a button.

Sub Button_Click()

Rc = Script.Initialize() if (Rc <> 0) Then

MsgBox("No connect. Is NetOp Guest Running?")

GoTo EndButtonClick

End If

'<... do your stuff...>

Rc = Script.Uninitialize()

EndButtonClick:

End

One reason Initialize might fail and return nonzero might be that the Guest program could not start. It is good practice to call Uninitialize() when you are returning from your subroutine. This way you will free the connection to the Guest to be used for others. If you forget Uninitialize(), it will be done implicitly for you if you call Initialize() again, but you will be blocking 1 out of 10 connections to your Guest in the meanwhile.

Uninitialize() returns 0 on success and a nonzero code on error. You need not take any specific action, if an error is returned. When your application exits, it is good practice to call FreeGuest() that will do all needed clean up. Your program will work OK without a call to FreeGuest(), but you will be relying on the program exit to clean everything up.

Note: If you are writing a script for browser use (e.g. Internet Explorer), do not call FreeGuest(), as you

are not the one to decide when Internet Explorer exits.

Sub StopButton_Click()

Rc = Script.FreeGuest()

Stop

End

Summary

StartGuest() may be called once at program start, no matter how many NFMscript objects you wish to create. FreeGuest should be called on exit, and never in browser scripts. Initialize() must be called before any other command. The one exception is StartGuest().

After Uninitialize(), no other commands but FreeGuest() will succeed until the next Initialize(). You can have any number of Initialize()..Uninitialize() sessions on the same object.

273

5.6 NetOp Scripting ActiveX Control

5.6.3 Connect and Disconnect

The next thing you have to do is to connect to a NetOp Host program running on another computer. The

Call() command will establish this connection for you. If it fails, it will return a nonzero error code. If it succeeds, it will return 0. The argument to Call() is a string that is the name of the NetOp phonebook

(.DWC) file. In this file is stored the name of a computer and the parameters for how to connect to it. The phonebook files are the ones shown in the NetOp Guest program Phonebook tab. Say you have a phonebook file named Venus.dwc:

Sub Button_Click()

Rc = Script.Initialize()

Rc = Script.Call("Venus") if (Rc <> 0) Then

MsgBox("Venus not responding")

GoTo EndButtonClick

End If

'<... do your stuff...>

Rc = Script.Hangup()

Rc = Script.Uninitialize()

EndButtonClick:

End

It is good practice to call Hangup() before you make your next Call(). If you happen to make a new Call() before Hangup(), on the first one it will be hung up automatically. One good reason not to omit calling

Hangup is to save money on your telephone bill. You can make as many Call()s and Hangup()s you want on the same object.

Please be aware that the argument to Call() is NOT the name of the computer you wish to connect to. It is the name of a phonebook file. As such files often reside in the NetOp phonebook directory, you need not specify a path if you have the file there. As the NetOp default for phonebook filename extension is

.DWC, you need neither pass that, so the three calls below do the same, but the two last are independent of where NetOp is installed.

Script.Call("C:\program files\netop remote control\phbook\venus.dwc")

Script.Call("venus.dwc")

Script.Call("venus")

Script.Call("*")

The fourth call does not know which phonebook file it wants to use. The "*" parameter will cause a file selection box to pop up, where the end user can select a *.DWC file in the phonebook directory.

Traversing the Phonebook

If you want a control that makes the phonebook files available, other than the independent popup file selection box made with Script.Call("*"), you can traverse the phonebook directory like for example below, where a combo box is used:

Sub Combo1_Dropdown()

Dim More As Boolean

More = Script.PhonebookSetFirst()

Do While (More)

Combo1.Add(Script.PhonebookGetName())

More = Script.PhonebookGetName()

Loop

End Sub

Sub Combo1_Click()

Script.Call(Combo1.Value)

274

5 Advanced Tools

Script.Hangup()

End Sub

If you wish to traverse only a subset of all your phonebook connections, place the ones you want to expose in a subfolder named for example offices, using the Phonebook tab control in the NetOp Guest program, then use:

Script.PhonebookSetSubfolderFirst("offices")

Summary

Call() must be called to connect to a Host. After a successful Call(), you can execute other commands.

Do Call("*") to enable dynamic selection.

When done with the Host, call Hangup(). After a Hangup(), no commands that need Host access will succeed.

You can have any number of Call()..Hangup() connections on the same object.

5.6.4 Transferring Files

After a Call() and before a Hangup(), you can call the file transfer commands that are:

Script.CopyFromHost (RemoteFileFilter, LocalDirectory)

Script.CopyToHost (LocalFileFilter, RemoteDirectory)

Script.CloneFromHost (RemoteDirectory, LocalDirectory)

Script.CloneToHost (LocalDirectory, RemoteDirectory)

Script.Synchronize (LocalDirectory, RemoteDirectory)

Script.SynchronizeOneway (LocalDirectory, RemoteDirectory, Direction)

Remote indicates files on the remote computer where the NetOp Host program runs, Local is the machine where your NFMscript application and the NetOp Guest run.

File filters must be legal Windows file filters like C:\winnt\*.exe. The name of one single file like

C:\config.sys is also a legal file filter. Blanks are allowed in names. The functionality of these commands is explained in the User’s Manual, Script Tab.

The dialogs of NetOp are not shown during the execution of the commands, unless the command needs its end user to take a decision, for example whether a file should be overwritten or not. But if you call for example CopyToHost() on a very large file via a slow telephone line, your application is not locked. In your script program:

• All events are still processed, so any button can be pressed

• Progress of commands can be caught and monitored

• Cancelling commands is built-in, and can even be customized

Important

The methods in an NFMscript object are not re-entrant. In order to keep your application alive and responsive, all messages are processed while the method waits for NetOp to finish processing the method.

This makes it possible for you to call the same method again while the first call you made has not returned yet. Such a call will not work correctly, but return a busy code. It is your application's responsibility to ensure that methods in the NFMscript objects are not re-entered into. One very useful exception to this rule is the three cancel methods.

Cancel

If you have chosen to have your NFMscript visible in your application, your end user can press the escape key in the script log window. This fires the internal OnCancel() event. The built-in action on that event is that a message box pops up with an option of four actions:

Continue (Action 0)

Cancel Command (Action 1)

Cancel Call (Action 2)

Cancel Script (Action 3)

275

5.6 NetOp Scripting ActiveX Control

Selecting Continue will cause the script to continue as if nothing has happened. In fact, NetOp Guest is never notified.

All three other NFMscript cancel replies will send a Cancel() command to NetOp. NetOp will as promptly as possible cancel the last command it received from your script, and that script function will return with an error. What will happen next is different for each of the three cancel replies.

Selecting Cancel Command will cause the next script command to be issued to NetOp. Only one single script command is cancelled. Cancel Command should be used when for instance one large irrelevant file blocks a useful transfer of many files.

Selecting Cancel Call will cause all further script commands to be ignored until the next Hangup command. All commands from the current command until the next Hangup command will simply return successfully without doing anything. Cancel Call addresses the situation where you for instance picked the wrong computer to connect to.

Cancel Script works the same way, but until the next Uninitialize command. It should be used when you want to stop everything and evaluate what to do next.

If you want your own interface for cancelling, you can use the three equivalent cancel commands from the script interface. Since all events are still being processed during the execution of a command like

CopyToHost(), all buttons will respond at any time. From your own cancel button, call:

Script.CancelCommand() or

Script.CancelCall() or

Script.CancelScript()

For instance like this, if you designed a button named CancelButton :

Sub CancelButton_Click()

Script.CancelCall()

End Sub

If you want to use the internal cancel event but construct your own actions on that event, fill in the

OnCancel() event that the OCX will fire on your script application before putting up its message box.

You can for instance do like the following to make the user dialog less complex by allowing only

CancelScript:

Private Sub Script_OnCancel(Action As Long) rc = MsgBox("Cancel?", vbYesNo)

If rc = vbYes Then Action = 3

If rc = vbNo Then Action = 0

End Sub

In the parameter Action, you return 0 for Continue, 1 for Cancel Command, 2 for Cancel Call and 3 for

Cancel Script. Action will arrive to you with a value of -1. If you do not change that value, the built-in message box above will pop up, otherwise not.

Adding an Option Dialog

In parallel with OnCancel(), you will find OnRbuttonDown(). A difference is that this event has no default action. It only does what you program. The parameter is available to allow for future extensions.

For forwards compatibility, return a zero for no action.

Private Sub Script_OnRbuttonDown(Action As Long) rc = MsgBox("Include Subdirectories", vbYesNo)

If rc = vbYes Then Script.SetIncludeSubdir(True)

If rc = vbNo Then Script.SetIncludeSubdir(False)

Action = 0

End Sub

Monitoring Progress

You can at any time query the progress of a script command. It is however your application’s responsibility to find a suitable place in your code to do it from. The NFMscript exposes the function:

276

5 Advanced Tools

Script.GetProgress()

- that returns a percentage between 0 and 100. To use this from VB, instance a timer and a progress bar.

You can for instance get the progress bar from one of the Microsoft common controls OCXs:

Sub Button_Click() rc = Script.Call(..)

Timer1.Interval = 500 rc = CopyToHost(....)

Timer1.interval = 0

Script.Hangup()

End Sub

Sub Timer1_Timer()

ProgressBar1.Value = Script.GetProgress()

EndSub

Settings

NetOp Scripting has many parameters for the file transfer commands. All of these have been made available as methods named Set<NameOfItem>() in the OCX.They are:

SetOverwriteReadonly(BOOL YesNo)

SetOverwriteHidden(BOOL YesNo)

SetOverwriteSystem(BOOL YesNo)

SetOverwriteExisting(BOOL YesNo)

SetRetriesOnTransferError(long Retries)

SetRetriesOnConnectError(long Retries)

SetDeltaFileTransfer(BOOL YesNo)

SetCrashRecovery(BOOL YesNo)

SetCompression(long Level)

SetConnected(BOOL conn)

SetIncludeEmptyDir(BOOL YesNo)

SetIncludeSubDir(BOOL YesNo)

SetIncludeHiddenAndSystem(BOOL YesNo)

SetIncludeOnlyNewer(BOOL YesNo, DATE DateTime)

SetIncludeOnlyExisting(BOOL YesNo)

You may ask why these are methods and not properties, since all they seem to do is to set the value of a variable. The reason is that some of them must be implemented as sending real commands to NetOp, while others just set a value to be used as an option for another command. For consistency, all settings are implemented as methods.

Execute

Many methods in NFMSCRPT.OCX correspond to commands in the NetOp Script command language.

This is the syntax you see in the NetOp Guest’s script editor dialog and also in the OCX log window. If you want, you can send commands directly in that command language using:

Rc = Script.Execute(String Command),

The purpose of this OCX is however to relieve you of the burden of a lot of string formatting and event handling, so this entry is only published as an extra service for unforeseen circumstances.

5.6.5 Examples

In the NetOp installation directory, you will find a file named EXAMPLES.ZIP. Unzip this file to get the source code and executables for the examples Hello World Script, Visit all Hosts Script and Keep

Synchronized Script.

277

5.6 NetOp Scripting ActiveX Control

Hello World Script

HelloWorldScript.exe is the simplest possible example. When you press the Start button, it will copy a file to a Host computer. The Visual Basic project HelloWorldScript.vbp is included.

Private Sub Command1_Click()

Dim Rc As Long

Rc = HelloScript.Initialize

Rc = HelloScript.Call("*")

'Move some arbitrary file across. This one is always there

Rc = HelloScript.CopyToHost(HelloScript.GetInstallDir() +

"\netop.fac", "c:\*.*")

Rc = HelloScript.Hangup

Rc = HelloScript.Uninitialize

End Sub

Private Sub ExitButton_Click()

HelloScript.FreeGuest

Stop

End Sub

Private Sub Form_Load()

HelloScript.StartGuest (True)

End Sub

Visit all Hosts Script

This example has more features. In the beginning, we declare a logical variable, and we start the NetOp

Guest when the program starts up. Next, we cycle through the available phonebook files in the phonebook root directory and write their names in the log. Our intention is to visit all of these hosts one by one.

Dim More As Boolean

Private Sub Form_Load()

Script.StartGuest True

More = Script.PhonebookSetFirst

Do While More

Script.WriteLog "Will visit " + Script.PhonebookGetFilename

Loop

More = Script.PhonebookSetNext

End Sub

There is a button labelled Start Visit. When this button is clicked, we show a dialog in which we will show what we are doing with the Host while executing a CopyToHost() operation. When we are finished, we stop the dialog and hide it:

Private Sub StartButton_Click()

StartButton.Enabled = False

StopButton.Enabled = True

Script.Initialize

More = Script.PhonebookSetFirst

Do While More rc = Script.Call(Script.PhonebookGetFilename)

VisitDialog.Show

Script.CopyToHost Script.GetInstallDir + "\netop.fac", "c:\*.*"

278

5 Advanced Tools

VisitDialog.Animation1.AutoPlay = False

VisitDialog.Timer1.Interval = 0

Script.Hangup

VisitDialog.Hide

More = Script.PhonebookSetNext

Loop

StopButton.Enabled = False

StartButton.Enabled = True

Script.Uninitialize

End Sub

The dialog shows the .AVI file with the filecopy animation that also explorer does. The dialog has a timer that updates a progress bar:

Private Sub Form_Load()

Caption = VisitForm.Script.PhonebookGetFilename

Timer1.Interval = 100

Animation1.Open "d:\netop\v60\filecopy.avi"

Animation1.AutoPlay = True

End Sub

Private Sub CancelButton_Click()

VisitForm.Script.CancelCall

Hide

End Sub

Private Sub Timer1_Timer()

ProgressBar1.Value = VisitForm.Script.GetProgress

ProgressBar1.Refresh

End Sub

Keep Synchronized Script

This is an example showing timing and repetition using the Wait…() functions.

Initially, the Guest is started, and the initial parameters for the interface and the internal variables are set:

Dim Rc As Long

Dim TryAgain As Boolean

Private Sub Form_Load()

Script.StartGuest (True)

TryAgain = True

StartTime.Value = Now

StartDate.Value = Today

End Sub

In the following section, the WaitUntil() function holds execution until the date and time are entered into the Microsoft DTPicker controls StartDate and StartTime. Call(“*”) leaves it up to the end user to pick a phonebook file in a FileDialog, then Synchronize() synchronizes the contents of two directories. If the interface’s checkbox is checked, the program will try to repeat the Call() and Synchronize() periodically, until you actively stop it. While inactive, the program will hide itself.

Private Sub StartButton_Click()

Rc = Script.Initialize

Rc = Script.WaitUntil(StartDate.Value, StartTime.Value)

Again:

279

5.6 NetOp Scripting ActiveX Control

Rc = Script.Call("*")

If (Rc <> 0) Then GoTo Done

Rc = Script.Synchronize("C:\reports\*.*", "c:\reports\*.*")

If (Rc <> 0) Then MsgBox ("This example assumes a directory

C:\REPORTS")

Rc = Script.Hangup

If (Repeat.Value = Checked And TryAgain) Then

If (MsgBox("Now sleep: " + CStr(Interval.Value), vbOKCancel) _

= vbCancel) Then GoTo Done

KeepInSyncForm.Hide

Script.Wait (Interval.Value)

KeepInSyncForm.Show

GoTo Again

End If

Done:

Rc = Script.Uninitialize

End Sub

The button labelled Stop will cancel the repeating cycles:

Private Sub StopButton_Click()

Script.CancelScript

TryAgain = False

End Sub

The button labelled Clear will clear the log. This can be useful if it becomes very long.

Private Sub ClearButton_Click()

Script.ClearLog

Script.WriteLog ("Ready")

End Sub

The Exit button will free the guest and stop the program.

Private Sub ExitButton_Click()

Script.FreeGuest

Stop

End Sub

If you hold down the right mouse button, you can clear the log.

Private Sub Script_OnRbuttonDown(Action As Long)

If (MsgBox(“Clear Log?”, vbYesNo) = vbYes) Then

ClearButton_Click

Action = 0

End If

End Sub

280

5 Advanced Tools

5.6.6 Reference

The following table explains all the API methods.

Note: All NFMscript methods that return a Long, return zero for success (Unless otherwise specified).

Method

Call (Filename As

String) As Long

CancelCall () As

Long

CancelCommand ()

As Long

CancelScript () As

Long

Description

Call a phonebook entry. See also Hangup() and CancelCall(). If Initialize() was not called, it will be called implicitly. That will in turn call StartGuest() if the Guest is not already running.

If another Call() is currently active, it will be hung up. If you want two simultaneous Call()s, you must use two NFMscript objects.

Cancel the Call() that is currently active. Typically called asynchronously from a separate button. The current method (e.g. CopyFromHost) will be cancelled and return an error code.

All following methods will return immediately with no error, until your program executes the next Hangup() or Call() method.

Cancel the method call that is currently active. Typically called asynchronously from a separate button. The current method (e.g. CopyFromHost) will be cancelled and return an error code. All following methods will execute as if nothing had happened.

Cancel the Call() that is currently active. Typically called asynchronously from a separate button. The current method (e.g. CopyFromHost) will be cancelled and return an error code.

All following methods will return immediately with no error, until your program executes the next Uninitialize() or Initialize() method.

Clears the script object's log window.

ClearLog () As

Long

CloneFromHost

(RemoteDir As

String, LocalDir As

String) As Long

Clones the RemoteDir directory to the LocalDir directory. A Call() must be open to the computer with the RemoteDir.

RemoteDir

A directory on the remote computer where the NetOp Host runs. Must end with "\*.*".

LocalDir

CloneToHost

(LocalDir As

String, RemoteDir

As String) As Long

A directory on the local computer where the NetOp Guest runs. Must end with "\*.*".

Clones the LocalDir directory to the RemoteDir directory. A Call() must be open to the computer with the RemoteDir.

LocalDir

A directory on the local computer where the NetOp Guest runs. Must end with "\*.*".

RemoteDir

CopyFromHost

(RemoteFilter As

String, LocalDir As

String) As Long

A directory on the remote computer where the NetOp Host runs. Must end with "\*.*".

Clones the files matching RemoteFilter to the LocalDir directory. A Call() must be open to the computer with the RemoteFilter.

Remote Filter

A valid file filter on the remote computer where the NetOp Host runs. An example could be

"C:\DATA\*.XLS".

Local Dir

A directory on the local computer where the NetOp Guest runs. Must end with "\*.*".

281

5.6 NetOp Scripting ActiveX Control

CopyToHost

(LocalFilter As

String, RemoteDir

As String) As Long

Clones the files matching LocalFilter to the RemoteDir directory. A Call() must be open to the computer with the RemoteDir.

Local Filter

A valid file filter on the local computer where the NetOp Guest runs. An example could be

"C:\DATA\*.XLS".

RemoteDir

DirGetName () As

String

DirSetFirst

(Directory As

String) As Boolean

A directory on the remote computer where the NetOp Host runs. Must end with "\*.*".

Returns the name of the current subdirectory from DirSetFirst/Next().

Initializes the directory search entries, so that the next call to DirGetName() will return the name of the first subdirectory of "Directory" on the remote computer. A Call() must be open to the remote computer. If there are no such subdirectories, the return value is False. On success, the return value is True.

Directory

DirSetNext () As

Boolean

A directory on the currently Call()ed remote computer.

Advances to the next directory search entry, so that the next call to DirGetName() will return the name of the next subdirectory. If there are no more subdirectories, the return value is

False. On success, the return value is True.

Returns the name of the current disk drive from DriveSetFirst/Next(). DriveGetName ()

As String

DriveSetFirst () As

Boolean

DriveSetNext () As

Boolean

Execute (Command as String) As Long

Initializes the disk drive entries, so that the next call to DriveGetName() will return the name of the first disk drive on the remote computer that you currently have made a Call() to. If there are no disk drives, the return value is False. On success, the return value is True.

Advances to the next disk drive entry, so that the next call to DriveGetName() will return the name of the next disk drive. If there are no more drives, the return value is False. On success, the return value is True.

Execute a script editor command. The format of these commands resemble the NFMscript methods, and are explained in the User’s Manual section 4.6.3.2.5, “Commands in the script”.

Command

FileGetAccessed ()

As Date

FilGetArchive () as

Boolean

FileGetCreated ()

As Date

FileGetHidden ()

As Boolean

FileGetModified ()

As Date

FileGetName () As

Date

FileGetReadonly ()

As Boolean

FileGetSize () As

Long

FileGetSystem ()

As Boolean

The command to execute.

Returns the last access date for the file selected with FileGetFirst/Next().

Returns the archive flag for the file selected with FileGetFirst/Next().

Returns the create date for the file selected with FileGetFirst/Next()

Returns the hidden flag for the file selected with FileGetFirst/Next()

Returns the modified date for the file selected with FileGetFirst/Next()

Returns the name of the file selected with FileGetFirst/Next()

Returns the readonly flag for the file selected with FileGetFirst/Next()

Returns the size of the file selected with FileGetFirst/Next(). If the size is above 2GB, -1 will be returned.

Returns the system flag for the file selected with FileGetFirst/Next()

282

5 Advanced Tools

FileSetFirst

(FileFilter As

String) As Boolean

Initializes the file entries, so that the next call to FileGet…() will return a property of the first file on a remote computer matching the given file filter. If there are no entries, the return value is False. On success, the return value is True. There must be an open Call () on the remote computer.

File Filter

FileSetNext () As

Boolean

FreeGuest () As

Long

GetInstallDir () As

String

GetPhonebookDir

() As String

GetProgress () As

Long

A legal file filter on the remote computer, e.g. "C:\*.*".

Advances to the next file entry, so that the next call to FileGet… () will return the name of the next remote file. If there are no more files, the return value is False. On success, the return value is True.

Frees connection to NetOp Guest DLLs and does other clean up. Not mandatory, but it is good practice to call this before your application exits. Do not use this method in conjunction with browser scripts.

Returns the NetOp install directory on the local computer where the NetOp Guest program runs.

Returns the phonebook directory. The NETOP.INI PHONEBOOKPATH and DATAPATH settings are respected.

Get the progress of the current method. Typically only useful with Copy, Clone and

Synchronize methods. Returns the percentage 0-100 where 100 means done. Useful if you place it in a timer and feed the result into a progress bar.

Hangup () As Long Disconnect the current Call().

Initialize () As

Long

Initializes a session with a NetOp Guest. Check that the return code is 0 (zero) before calling other methods. See also Uninitialize(). If the NetOp Guest is not already running,

StartGuest() will be called implicitly.

PhonebookGetFilen ame () As String

PhonebookSetFirst

() As Boolean

Returns the name of the current phonebook file. If there are none, the string returned is "No

Phonebook Entries or Error".

Initializes the phonebook entries, so that the next call to PhonebookGetFilename() will return the name of the first phonebook file. If there are no entries, the return value is False. On success, the return value is True.

PhonebookSetNext

() As Boolean

PhonebookSetSubf olderFirst (Folder

As String) As

Boolean

RunLocal

(Command As

String) As Long

Advances to the next phonebook entry, so that the next call to PhonebookGetFilename() will return the name of the next phonebook file. If there are no more files, the return value is

False. On success, the return value is True. Can be used with both PhonebookSetFirst() and

PhonebookSetSubfolderFirst().

Initializes the phonebook entries, so that the next call to PhonebookGetFilename() will return the name of the first phonebook file in a specific subdirectory of the phonebook directory. If there are no entries, the return value is False. On success, the return value is True.

Runs an operating system executable file with parameters on your local computer.

Command

RunRemote

(Command As

String) As Long

The name of a BAT, COM or EXE file. If you want to use shell commands, you must give the name of the shell executable. For NT and Win95 it is "cmd.exe", so you can use "cmd /c dir c:\*.*" or "cmd /k rename autoexec.bat autoexec.old".

Runs an operating system executable file with parameters on a remote computer. A Call() must be open to that computer. Please note that the outcome of this depends on the setup of the remote computer environment, and is 100% independent of your local computer.

Command

The name of a BAT, COM or EXE file. If you want to use shell commands, you must give the name of the shell executable. For Windows it is "cmd.exe", so you can use "cmd /c dir c:\*.*" or "cmd /k rename autoexec.bat autoexec.old".

283

5.6 NetOp Scripting ActiveX Control

SetCompression

(Level As Long) As

Long

Set the compression level.

Level

SetCrashRecovery

(YesNo As

Boolean) As Long

An integer number. 0 means no compression, >0 means compression

Instructs NetOp whether to apply crash recovery. If a call() is interrupted, a partial file can be kept on the target disk. Only useful if Delta File Transfer is on, so this method will implicitly set Delta File Transfer to True.

YesNo

SetDeltaFileTransfe r (YesNo As

Boolean) As Long

If True, partial files will be kept on the target disk, and Delta File Transfer will be set, so the valid part does not need to be retransmitted when you come back. If False, partial files will be cleaned up automatically if the connection is lost.

Instructs NetOp whether to apply the Delta File Transfer method for minimizing the amount of data transfer. True is also set by SetCrashRecovery(True), but not cleared by

SetCrashRecovery(False).

YesNo

SetIncludeEmptyDi r (YesNo As

Boolean) As Long

If True, Delta File Transfer will be applied when feasible. If False, all file transfers will unconditionally transfer all bytes in all files.

Instructs NetOp whether to include empty directories in file transfer operations.

YesNo

SetIncludeHiddenA ndSystem (YesNo

As Boolean) As

Long

SetIncludeOnlyExis ting (YesNo As

Boolean) As Long

If True, empty directories are included. If False, they are not included.

Instructs NetOp whether to include hidden and system files in file transfer operations.

YesNo

If True, hidden and system files are included. If False, they are not included.

Instructs NetOp whether to include only files that already exist with the same name on the target computer in file transfer operations.

YesNo

If True, only files that already exist with the same name on the target computer are transferred. If False, all files are transferred.

Allows you to set a limit to how old files you want to include in file transfer operations.

SetIncludeOnlyNe wer (YesNo As

Boolean, Date As

Date) As Long

YesNo

If True, only files that are newer than Date are transferred. If False, all files are transferred.

SetIncludeSubDir

(YesNo As

Boolean) As Long

Date

Files with a modify date older than this will be excluded if YesNo is True.

Instructs NetOp whether to include subdirectories of the directories/file filters given as source in file transfer operations.

SetOverwriteExisti ng (YesNo As

Boolean) As Long

YesNo

If True, subdirectories will be included. If False, subdirectories will be excluded.

Set the action you want when trying to overwrite existing files.

YesNo

If True, existing files will be overwritten without warning. If False, existing files will cause a prompt in a dialog.

284

5 Advanced Tools

SetOverwriteHidde n (YesNo As

Boolean) As Long

Set the action you want when trying to overwrite hidden files.

YesNo

SetOverwriteReado nly (YesNo As

Boolean) As Long

If True, hidden files will be overwritten without warning. If False, hidden files will cause a prompt in a dialog.

Set the action you wish when trying to overwrite readonly files.

YesNo

SetOverwriteSyste m (YesNo As

Boolean) As Long

If True, readonly files will be overwritten without warning. If False, readonly files will cause a prompt in a dialog.

Set the action you wish when trying to overwrite system files.

YesNo

SetReportLog () As

None

SetReportSilent ()

As None

SetRetriesOnConne ctError (Retries As

Long) As Long

If True, system files will be overwritten without warning. If False, system files will cause a prompt in a dialog.

Make the logging of events in the object's log window be the default treeview representation.

Disable the logging of events in the object's log window.

Set the number of times you want the file call method to automatically retry making the connection before returning.

Retries

SetRetriesOnTransf erError (Retries As

Long) As Long

An integer number between 0 and 9 inclusive.

Set the number of times you want the file transfer method to automatically retry an operation before returning.

Retries

StartGuest

(Minimized As

Boolean) As Long

An integer number between 0 and 9 inclusive.

Starts the NetOp Guest executable. If it is already started, StartGuest() will just return with no error. If NetOp Host is running, StartGuest() will return an error code.

Minimized

If True, the Guest will be attempted started up minimized.

Return Codes -11 and -12 mean success.

-11: Started OK.

Synchronize

(LocalDir As

String, RemoteDir

As String) As Long

-12: Already started.

Synchronizes two directories. A Call() must be open to the remote computer.

LocalDir

A directory on the local computer where the NetOp Guest runs. Must end with "\*.*".

RemoteDir

A directory on the remote computer where the NetOp Host runs. Must end with "\*.*".

285

5.6 NetOp Scripting ActiveX Control

SynchronizeOneWa y (SourceDir As

String, TargetDir

As String, ToHost

As Boolean) As

Long

Synchronizes two directories, but moves files one way only. A Call() must be open to the remote computer.

SourceDir

The directory from where the files originate. It can be local or remote depending on ToHost.

Must end with "\*.*".

Uninitialize () As

Long

Wait (Period As

Date) As Long

TargetDir

The directory to which the files are moved. It can be local or remote depending on ToHost.

Must end with "\*.*".

ToHost

If True, files are moved only from Guest to Host. If False, files are moved only from Host to

Guest.

Uninitializes a session with a NetOp Guest. After Uninitialize(), Initialize() must be called before calling other methods. Uninitialize is not mandatory, but good practice.

Waits a number of hours, minutes and seconds and then returns.

Period

The number of hours, minutes and seconds that you want the method to wait before returning.

Use WaitSeconds() to specify the period as seconds.

WaitSeconds

(Period As Long)

As Long

Note: If using AM-PM time notation, 12:00:01 AM will cause a wait of 1 second, not 12 hours and 1 second.

Waits a number of seconds and then returns.

Period

WaitUntil (Date As

Date, Time As

Date) As Long

The number of seconds that you want the method to wait before returning.

Waits until a specified local date and time and then returns. For use with the Microsoft

DTPicker object, this method has two parameters, one for date and one for time.

Date

The date you want the method to wait until before returning. If this variable has a time part, it will be ignored.

Time

WaitUntilAnyDay

(Time As Date) As

Long

The time of the above date when the method shall return. If this variable has a date part, it will be ignored.

Waits until the next occurrence of a specified local time and then returns. This method is intended for applications that repeat an operation at the same time every day.

Time

WriteLog (Text As

String) As Long

The time of any date when the method will return. If this variable has a date part, it will be ignored.

Writes a text in the script object's log window, if it is in the default SetReportLog() status.

Text

A string that shall be appended to the current treeview item in the log.

286

5 Advanced Tools

5.7 NetOp Remote Control Processes and Windows Security

The following sections explain the Windows access rights and privileges granted to the various NetOp processes. This information is not related to the use of Windows user names and passwords to control access to NetOp Hosts (see the User’s Manual, Guest Access Security).

This section includes these sections:

Overview

Main Host Processes

NetOp Helper Service

NetOpActivity Local Group

5.7.1 Overview

NetOp Remote Control processes can be grouped in 3 categories by the security context in which they run, that is the Windows access token assigned to the processes.

This section includes these sections:

Main Host Processes

NetOp User Programs

NetOp Helper Service

5.7.1.1 Main Host Processes

Main Host processes include the Host or extended Host executable program (NHSTW32.EXE etc.) and some of the internal utility programs run by them.

Because NetOp Remote Control is a remote control product rather than a traditional server service, these processes and Guest induced operations such as file transfer are performed in a context nearly identical to the context of the logged on user, rather than in a context derived from the identity (if any) stated when establishing the connection.

For more details, see

Main Host Processes .

5.7.1.2 NetOp User Programs

NetOp User Programs include the NetOp Guest (NGSTW32.EXE), The NetOp Security Manager

(AMCONFIG.EXE), The NetOp Installation programs (SETUP.EXE and NDU.EXE) etc.

These are ordinary user programs running in the security context of the logged on user. They are not treated any different than e.g. NOTEPAD.EXE.

5.7.1.3 NetOp Helper Service

NetOp Helper Service includes only NHOSTSVC.EXE, and only some of its running instances (some other running instances of NHOSTSVC.EXE run as Host Processes or NetOp User programs).

The NetOp Helper Service is the only NetOp process running in the privileged LocalSystem context and performs selected privileged operations on behalf of NetOp.

For more details, see

NetOp Helper Service

.

5.7.2 Main Host Processes

This section includes these sections:

Normal Operation

Replacing the Local Security Context

Disabling Main Host Processes Security

5.7.2.1 Normal Operation

The Main Host processes include the Host or extended Host executable program (NHSTW32.EXE,

NSSW32.EXE, NGWW32.EXE or NNSW32.EXE), utility programs run by the Host (NLDRW32.EXE,

NUTIL32B.EXE, VITAWRAP.EXE, some instances of NHOSTSVC.EXE and RUNDLL32.EXE), and

287

5.7 NetOp Remote Control Processes and Windows Security

in some rare situations the Guest or Student programs (NGSTW32.EXE or NSTDW32.EXE). Programs launched with the Run Program feature may also run as Main Host Processes.

These processes form the bulk of the Host functionality of NetOp Remote Control. They run in the security context of the interactively logged on user, but modified so the access token also lists membership of the NetOpActivity Local Group, which exists for that sole purpose (see also section 4.9.4,

“NetOpActivity Local Group”). This extra group membership applies only to operations on the same computer. Network operations and a few other system operations will ignore it.

When no user is logged on, or the logged on user cannot be determined, the Main Host Processes run in a synthesized local security context defined as follows:

User ID

Groups

Privileges

Anonymous logon (S-1-5-7) (Windows NT or 2000) or Local Service (S-1-5-19) (Windows XP or later).

NetOpActivity, EveryOne (S-1-1-0), INTERACTIVE (S-1-5-4), Users (S-1-5-32-545, Windows

2000 and later only), S-1-5-1333028174-1801727600-1093862016-1001, S-1-5-1333028174-

1801727600-1093862016-1024 and S-1-5-1333028174-1801727600-1093862018-1024

SeChangeNotifyPrivilege (Traverse folders) and SeShutdownPrivilege (allows reboot or shutdown through NetOp).

Default owner

NetOpActivity, in a few cases Anonymous logon (S-1-5-7)

Default group

NetOpActivity

Default ACL

Network credentials

LocalSystem – Full Access, NetOpActivity – Full Access

None

Depending on system configuration, NetOp may be running in this local context all the time and impersonate the logged on user, or it may run as the logged on user and impersonate the local context.

5.7.2.2 Replacing the Local Security Context

The local security context , described above, may be replaced by an actual local or domain account by using the ‘run as’ feature, see NetOp Security Server Setup.

5.7.2.3 Disabling Main Host Processes Security

In some cases, NetOp may refuse to function as it should because overzealous security settings do not grant some needed permission to neither EveryOne, INTERACTIVE nor NetOpActivity. To diagnose if this is the cause of a problem, the security restrictions on the Main Host Processes can be temporarily disabled.

In the Windows Registry, find the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetOp Host for NT Service\SecurityLevel

Change the following value from 0 to 1

LowLevel = 1

When this has been done and the NetOp Helper service has subsequently restarted, the Main Host

Processes will run with full LocalSystem rights and privileges rather than in the restricted context described above. This gives no network access rights. Also if the Host program is started manually by a user, it may arbitrarily choose to run as either LocalSystem or that user. To make it run as LocalSystem, enable the option to “Load at Windows Startup”, then restart the NetOp Helper Service.

Changing this setting requires administrative privileges and creates an obvious security hole, so it should be returned to its default value of 0 as soon as the true cause of a problem has been identified and resolved. The typical resolution of problems needing this setting is to grant the NetOpActivity local group read access to some file, directory or registry key needed by Windows itself to perform some task requested by NetOp. Please inform NetOp technical support about any specific accesses needed so we can update the list of accesses granted automatically (see

NetOpActivity Local Group ).

5.7.3 NetOp Helper Service

This relatively small service has been carefully written for extra high security. It is the only component of a running NetOp Remote Control installation, which runs in the powerful LocalSystem context. The sole purpose and functionality of the NetOp Helper Service is to perform selected privileged operations on behalf of the other NetOp processes, so these larger processes can be run with safer, more restricted privileges. It is designed to resist attempts to use it for any other purpose.

288

5 Advanced Tools

The NetOp Helper Service must be configured to run under the LocalSystem account with permission to interact with the desktop. Any other configuration will probably fail or actually reduce overall security.

Several of the tasks performed by the NetOp Helper Service are permitted only for the LocalSystem account and have no administrative option to grant similar permission to a dedicated service account.

The NetOp Helper Service is located entirely in the program file NHOSTSVC.EXE, but not all processes running this program file are part of the NetOp Helper Service or run in LocalSystem context.

Additionally, the NetOp Helper Service sometimes runs sub-tasks using RUNDLL32.EXE from the system32 directory, but only some of these run with with local system privilleges.

Notice that the bulk of NetOp Remote Control runs in a different, much more restricted context, see

Main

Host Processes .

Note: Most of the file size of NHOSTSVC.EXE is mainly error and log messages, not code.

This section includes this section:

Using the NetOp Helper Service to reload NetOp Host

5.7.3.1 Using the NetOp Helper Service to reload NetOp Host

If you stop the NetOp Helper Service using the Windows Control Panel, NT Server Manager, Microsoft

Management Console or other administration tools, the service will automatically terminate the main

Host or extended Host programs, before the service itself stops. This action is logged in the Windows

Application Event Log.

If you start or restart the NetOp Helper Service using the same tools, it will redo any actions it normally performs at system boot. Stopping and then immediately restarting the NetOp Helper Service is thus a useful way to reload the NetOp Host or extended Host remotely or through a batch file such as:

NET STOP “NetOp Host for NT Service”

NET START ”NetOp Host for NT Service”

Notice that the registry name of the NetOp Helper Service is “NetOp Host for NT Service” for compatibility with batch files written for previous versions of NetOp.

5.7.4 NetOpActivity Local Group

During installation of a Host or extended Host, the setup program creates a security local group called

“NetOpActivity”. The purpose of this group is that it can be granted any permissions needed by the main

Host or extended Host processes without granting those permissions to the users who are logged on to the machine.

Notice: The NetOpActivity local group intentionally has no members and must stay that way to maintain system security and integrity. Some administrators have been confused by its name and thought that adding users to this group was a way to control whom may use NetOp on the machine. It is not, these tasks are performed using the Guest Access Privileges dialog (see the User’s Manual, Guest Access

Privileges Tab). If you wish to define Guest Access Privileges in terms of Windows Security group memberships (a recommended practice), you should define new groups for this purpose or reuse existing groups such as “Administrators” or “Atlanta Help Desk”.

When the main Host or extended Host process is launched, the NetOp Helper Service automatically tries to grant NetOpActivity the permissions needed by the Host or extended Host to run and function properly. Danware staff continually revises the precise list of such permissions, based on user feedback and changes in the way user systems are typically configured by default.

Note: Snapshots of the current list are published from time to time in our online knowledge database.

Additionally, version 8.0 of the NetOp Helper Service logs the name of each persistently ACL-adjusted object to the Windows Event Log - if and when it is changed.

289

5.7 NetOp Remote Control Processes and Windows Security

290

6 Other Operating Systems

291

6.1 Summary

6.1 Summary

This chapter explains the particulars of NetOp Remote Control installed on computers that run on other operating systems than Windows.

Note: The User’s Manual explains the functionality of NetOp Remote Control installed on computers

that run on Windows operating systems. Functionalities that are identical with Windows and other operating systems are explained in the User’s Manual. This chapter explains only functionalities that are different with other operating systems.

This chapter contains these sections:

Linux

Solaris

Mac

OS/2

DOS

6.2 Linux

NetOp Remote Control (Linux) includes NetOp Guest (Linux)

and

NetOp Host (Linux) .

NetOp Guest (Linux) can remote control an transfer files with a computer that runs NetOp Host using the

TCP/IP and TCP/IP (TCP) communication devices.

NetOp Host (Linux)

enables remote control and file transfer from and typed text chat with NetOp Guest using the TCP/IP, TCP/IP (TCP) and Serial (modem) communication devices.

This section includes these sections:

Installation (Linux)

NetOp Guest (Linux)

NetOp Host (Linux)

6.2.1 Installation (Linux)

This section includes these sections:

Install (Linux)

Uninstall (Linux)

6.2.1.1 Install (Linux)

Check on the NetOp Requirements website that your computer meets the requirements for running NetOp

Remote Control (Linux).

Note: Installing NetOp Remote Control (Linux) requires that the user logged on to the computer has

system user privileges.

Insert the NetOp Remote Control CD into the CD drive of your computer to display this window:

292

6 Other Operating Systems

Click Yes to display the NetOp Remote Control CD root directory linux.html file NetOp Remote Control

(Linux) installation and startup instructions.

Read the NetOp Remote Control CD root directory ReadMe_EN.txt file General and Linux sections that contain important general information and may include update information that was not available when the documentation was last edited. The ReadMe file will be available on your computer when NetOp

Remote Control (Linux) has been installed. Updated builds may include an updated ReadMe file that will replace an older ReadMe file.

You will install NetOp Remote Control (Linux) from these files in the NetOp Remote Control CD /NRC/

LINUX directory:

NetOpGuest-<Version number>-<Build number>.i386.rpm (used with Red Hat and SuSE)

NetOpGuest-<Version number>-<Build number>.i386.tar.gz (used with other systems)

NetOpHost-<Version number>-<Build number>.i386.rpm (used with Red Hat and SuSE)

NetOpHost-<Version number>-<Build number>.i386.tar.gz (used with other systems)

In a terminal window, execute these commands: su -

This command will install with system user privileges.

cd /mnt/cdrom/NRC/LINUX

This command will specify the file location on the NetOp Remote Control CD. With SuSE, specify media

instead of mnt

.

perl install.pl

This command will start the interactive installation script.

Select to install NetOp Guest and/or NetOp Host.

If selected, NetOp Guest will be installed first. Confirm to read the license agreement.

If selected, NetOp Host will be installed next. Confirm to read the license agreement. Accept the license agreement. Specify the NetOp Host license number.

Note: On a Trial Version NetOp Remote Control CD, trial version license numbers are specified in the

license.dat file.

When the NetOp Host license number has been approved, NetOp Host will load and start to enable communication, see

NetOp Host (Linux)

.

Note: The ReadMe file specifies which files will been installed.

6.2.1.2 Uninstall (Linux)

NetOp Guest

If installed with rpm (RedHat/SuSE), in a terminal window execute these commands: rpm -e NetOpGuest rm -rf /etc/NetOpGuest

If installed without rpm (Other), in a terminal window execute these commands: rm -f /usr/bin/NetOpGuest rm -f /usr/bin/dtlspy rm -rf /etc/NetOpGuest

NetOp Host

If installed with rpm (RedHat/SuSE), in a terminal window execute these commands: rpm -e NetOpHost rm -rf /etc/NetOpHost

If installed without rpm (Other), in a terminal window execute these commands:

293

6.2 Linux

perl /etc/NetOpHost/cfg/uninstall.pl

rm -rf /etc/NetOpHost

6.2.2 NetOp Guest (Linux)

NetOp Guest (Linux)

is a client type program. It can connect to a remote computer NetOp Host server type program to access resources on the NetOp Host computer.

This section includes these sections:

Load and Unload NetOp Guest (Linux)

NetOp Guest (Linux) Functionality

6.2.2.1 Load and Unload NetOp Guest (Linux)

To load NetOp Guest (Linux)

, in a terminal window execute this command:

NetOpGuest to display this window on the graphical screen:

NetOp Guest (Linux)

294

Note: The

NetOpGuest

command assumes that the NetOpGuest program file resides in the /usr/bin directory. If NetOpGuest resides in another directory, precede the command by the full directory path.

If NetOp Guest (Linux)

is loaded for the first time, the user will be prompted to specify the NetOp Guest license number.

Note: On the Trial Version NetOp Remote Control CD, trial version license numbers are specified in the

license.dat file. The user that loads NetOp Guest for the first time must have the privileges to create a

LICENSE file in the /etc/NetOpGuest directory.

6 Other Operating Systems

If

NetOp Guest (Linux) is loaded to display the

NetOp Guest (Linux)

window, it can connect to a remote

computer NetOp Host.

To unload NetOp Guest (Linux)

, select the

NetOp Guest (Linux)

window File menu Exit command or a

Window Control

Close element.

6.2.2.2 NetOp Guest (Linux) Functionality

The

NetOp Guest (Linux)

window contains the same elements as the NetOp Guest (Windows) window, but NetOp Guest (Linux)

has only some of the NetOp Guest (Windows) functionalities. Non-functional window elements will be permanently disabled to display gray text and/or icons.

NetOp Guest (Linux)

can remote control an transfer files with a computer that runs NetOp Host using the

TCP/IP and TCP/IP (TCP) communication devices.

Note: To connect by another port number than the NetOp default 6502, add the port number to the Host

name or address after a colon, e.g. 192.168.100.1:1234.

Press the F1 key or select the Help menu Contents command to display this window:

It displays the

NetOp Guest (Linux) NetOp Guest Help system that contains all of the NetOp Guest Help

(Windows) main sections plus an Other Operating Systems main section that has the same contents as this manual chapter. Select a left Contents tab expanding graphical table of contents element or Index tab keyword to display the matching topic in the right pane. We recommend that you start by reading the

NetOp Guest section Connect Guide and Host Security Guide sections.

If you encounter problems that you cannot resolve by using NetOp Guest Help, try the NetOp

KnowledgeBase . If that does not provide a solution, submit a support request to NetOp Support .

295

6.2 Linux

6.2.3 NetOp Host (Linux)

NetOp Host (Linux)

is a server type program that runs in a daemon. It enables a remote computer NetOp

Guest to connect to it to access resources on its computer.

NetOp Host (Linux)

includes these programs:

NetOp Host Daemon (Linux)

NetOp Host Daemon (Linux)

will start and stop with the computer operating system. A user with system user privileges can

Start and Stop NetOp Host Daemon (Linux) .

NetOp Host Program (Linux)

NetOp Host Program (Linux) will load and typically start when NetOp Host Daemon (Linux)

is loaded. If started, communication will be enabled to enable NetOp Guest to connect. A user can

start, stop and set up NetOp Host Program (Linux) from the

NetOp Host (Linux)

window, see NetOp

Host (Linux) Functionality .

• NetOp Host GUI (Linux)

NetOp Host GUI (Linux)

displays the

NetOp Host (Linux)

window. It will typically not load to display the

NetOp Host (Linux)

window when NetOp Host Program (Linux)

is loaded. A user can load and unload

NetOp Host GUI (Linux)

to Display and Hide the NetOp Host Window (Linux)

.

This section includes these sections:

Start and Stop NetOp Host Daemon (Linux)

Display and Hide the NetOp Host Window (Linux)

NetOp Host (Linux) Functionality

NetOp Host Manager

6.2.3.1 Start and Stop NetOp Host Daemon (Linux)

NetOp Host Daemon (Linux) will start and stop with the computer operating system. A user with system

user privileges can start, check and stop

NetOp Host Daemon (Linux) with these terminal window

commands:

/etc/init.d/NetOpHostd start

This command will start NetOp Host Daemon (Linux) and load NetOp Host Program (Linux)

.

/etc/init.d/NetOpHostd status

This command will return a statement of whether NetOp Host Daemon (Linux) is running or not.

/etc/init.d/NetOpHostd stop

This command will unload NetOp Host Program (Linux) and stop NetOp Host Daemon (Linux)

.

Note: You can control the loaded

NetOp Host Program (Linux) communication status from the

NetOp

Host Manager window

Host Computer section and from the

NetOp Host (Linux)

window.

296

6 Other Operating Systems

6.2.3.2 Display and Hide the NetOp Host Window (Linux)

NetOp Host GUI (Linux) will typically not load when NetOp Host Program (Linux)

is loaded.

If

NetOp Host Program (Linux)

is loaded, execute this command in a terminal window:

NetOpHostGUI to display this window on the graphical screen:

NetOp Host (Linux)

Note: The

NetOpHostGUI

command assumes that the NetOpHostGUI program file resides in the /usr/

bin directory. If NetOpHostGUI resides in another directory, precede the command by the full directory path.

To unload NetOp Host GUI (Linux) to hide the

NetOp Host (Linux)

window, select the

NetOp Host

(Linux)

window File menu Exit command or a Window Control Close element.

6.2.3.3 NetOp Host (Linux) Functionality

The

NetOp Host (Linux)

window contains many of the elements of the NetOp Host (Windows) window,

but NetOp Host (Linux)

has only some of the NetOp Host (Windows) functionalities and some of these are organized differently.

NetOp Host (Linux) enables remote control and file transfer from and typed text chat with NetOp Guest

using the TCP/IP, TCP/IP (TCP) and Serial (modem) communication devices.

Unlike

NetOp Guest (Linux) , no help system is available from the

NetOp Host (Linux)

window.

Explanations on functionalities that match NetOp Host (Windows) functionalities are available in the

NetOp Host chapter of the the User’s Manual that is available as a PDF file on the NetOp Remote

Control CD.

297

6.2 Linux

To change the setup of NetOp Host Program (Linux)

, click the

NetOp Host (Linux)

window toolbar

Options button or select the Tools menu Options command to display this window:

NetOp Host Configuration - Login

Username []: Specify in this field your Linux logon user name.

Note: To change the

NetOp Host Program (Linux)

setup, the user must have the privileges to edit the

/etc/NetOpHost/NetOpHost.xml file.

Password []: Specify in this field your Linux logon password.

Click OK to display the

NetOp Host Manager window.

If you encounter problems that you cannot resolve by using this manual or the User’s Manual, try the

NetOp KnowledgeBase . If that does not provide a solution, submit a support request to NetOp Support .

298

6 Other Operating Systems

6.2.3.4 NetOp Host Manager

Click OK in the

NetOp Host Configuration - Login

window to display this window:

It manages NetOp Host setup.

Window controls are explained in

Window Control

.

NetOp Host Manager has three panes:

• An upper left

Selection Pane selects in a tree structure a setup element.

• An upper right

Attributes Pane edits the attributes of the selected setup element.

• A lower

Messages Pane can display messages from the system to the user.

Note: To ensure that setup changes have been applied, restart NetOp Host after setup changes.

6.2.3.4.1 Selection Pane

This is the

NetOp Host Manager selection pane:

299

6.2 Linux

It displays the tree structure of NetOp Host setup elements.

Click a setup element to select and highlight it. Press U

P

or D

OWN

arrow keys to move up or down in the tree structure. Press P

AGE

U

P

or P

AGE

D

OWN

keys to move to the top or bottom of the tree structure. Press the R

IGHT

arrow key or click a [+] button to expand an expandable setup element. Press the L

EFT

arrow key or click a [-] button to collapse a collapsible setup element.

If a selected setup element has attributes, they will be displayed in the upper right

Attributes Pane .

Local configuration expands into these setup elements:

Host Computer

Address Lists

Guest Users

6.2.3.4.2 Attributes Pane

This is the

NetOp Host Manager attributes pane:

It will contain records of the attributes of a setup element selected in the Selection Pane in a table with

these column contents:

Attribute: Name of attribute.

Value: Value of attribute.

Table controls are explained in Table Control .

300

6 Other Operating Systems

Double-click or right-click an attribute record to display an Edit <Type> Attribute window:

Edit <Type> Attribute windows edit attributes. They can contain checkboxes to enable/disable, dropdown boxes to select among options and fields to specify character strings according to a specified range.

The OK button becomes enabled when changed specifications are valid.

Note: When you create a setup element, a random <Name> value will typically be assigned to it. Edit it

to specify a useful <Name> value.

6.2.3.4.3 Messages Pane

This is the

NetOp Host Manager messages pane:

This pane can display system messages that you should observe.

Note: Before you click OK to apply setup changes, check that you have observed all messages in this

pane.

301

6.2 Linux

6.2.3.4.4 Host Computer

The NetOp Host Manager Selection Pane HostComputer branch:

302

expands into these setup elements:

Note: In the following explanations, setup element attributes are displayed in tables. The default attribute

value is marked with an asterisk (*).

General: Expands into:

Startup: This setup element has this attribute:

Attribute

Start at boot

Value

Enabled*/Disabled

Note: If enabled, communication will start when NetOp Host program is loaded to make

NetOp Host available for connection. If disabled, communication will not start when NetOp

Host program is loaded. You can Start, Stop and Restart communication from NetOp Host window toolbar action buttons and Action menu commands, see the User’s Manual NetOp

Host chapter NetOp Host Window section Toolbar section Action Buttons section and Menu

Bar section Action Menu section.

Communication:Expands into:

• Profiles

Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

Note: Serial is included only with Linux.

Tcp: Select this command to create in a branch below Profiles a Tcp - <Name> communication profile that uses the TCP/IP (TCP) communication device, see the User’s Manual Common

Tools chapter Communication Device section TCP/IP (TCP) section.

6 Other Operating Systems

Tcp - <Name>: This setup element has these attributes:

Attribute

Enable

Name

Receiveport

Sendport

Value

Enabled*/Disabled

<String of characters> (random characters*)

<Receive port number> (6502*)

<Send port number> (6502*)

Note: Initially, a Tcp - TCP communication profile with default attribute values will be

available. You can create multiple Tcp - <Name> communication profiles. A Tcp -

<Name> communication profile will be available to NetOp Host if Enabled.

Right-click this setup element to display this context command:

Delete: Select this command to delete the selected Tcp - <Name> communication profile.

Udp: Select this command to create in a branch below Profiles a Udp - <Name> communication profile that uses the TCP/IP communication device, see the User’s Manual

Common Tools chapter Communication Device section TCP/IP section:

Udp - <Name>: This setup element has these attributes:

Attribute

Enable

Ignore port information from Name Server

Maximum Transmission Unit (MTU)

Name

Override port information from Name Server with port

Primary Name Server

Value

Enabled*/Disabled

Enabled/Disabled*

<Number of bytes> (2600*)

<String of characters> (random characters*)

<Port number> (6502*)

Receiveport

Secondary Name Server

Sendport

Use NetOp Name Server

<NetOp Name Server DNS name or IP address> (nns1.netop.com*)

<Receive port number> (6502*)

<NetOp Name Server DNS name or IP address> (nns2.netop.dk*)

<Send port number> (6502*)

Enabled/Disabled*

Note: Initially, a Udp - TCP/IP communication profile with default attribute values will

be available. You can create multiple Udp - <Name> communication profiles. A Udp -

<Name> communication profile will be available to NetOp Host if Enabled.

Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

New > Broadcastlist: Select this command to create in a new branch below Udp -

<Name> a Broadcastlist - <Name> broadcast list, see the User’s Manual Common Tools chapter Communication Device section TCP/IP section TCP/IP Communication Profile

Edit section IP Broadcast List section:

Broadcastlist - <Name>: This setup element has this attribute:

Attribute

Broadcastlist name

Value

<Available Addresslist name> (random characters*)

303

6.2 Linux

Note: The Broadcastlist name

<Available Addresslist name> value must be the

Name value of an available Address Lists Addresslist setup element. Initially, a

Broadcastlist - My list broadcast list is available. You can create multiple

Broadcastlist - <Name> elements under each Udp - <Name> communication profile.

Delete: Select this command to delete the selected Udp - <Name> communication profile.

Serial: This command is available only with Linux. Select it to create in a new branch below

Profiles a Serial - <Name> communication profile that uses the Serial communication device, see the User’s Manual Common Tools chapter Communication Device section Serial section:

Serial - <Name>: This setup element has these attributes:

Attribute

Data Rate

Definition

Dial Type

Enable

Flow Control

Name

Null Modem

Serial Port

Wait before Callback

Value

<Bits per second> (38400*)

<Available Modem name> (none*)

Tone*/Pulse

Enabled/Disabled*

RTS/CTS*/None/Modem’s preferred

<String of characters> (random characters*)

Disabled*

<Serial port name> (COM 1*)

<Seconds> (10*)

Note: Serial - <Name> is available only with Linux. The Definition <Available Modem

name> value must be the Name value of an available Modem setup element, see below.

Initially, a Serial - My modem communication profile with default attribute values will be available. You can create multiple Serial - <Name> communication profiles. A Serial -

<Name> communication profile will be available to NetOp Host if Enabled. This NetOp

Host (Linux) version does not support Null Modem and callback.

Right-click this setup element to display this context command:

Delete: Select this command to delete the selected Modem - <Name> modem definition.

• Modem definitions

Note: Modem definitions are available only with Linux.

Right-click this setup element to display this context menu:

New > Modem: Select this command to create in a new branch below Modem definitions a

Modem - <Name> modem definition, see the User’s Manual Common Tools chapter Modem

Database and Dialog section Modem Database section Modem Configuration section:

304

6 Other Operating Systems

Modem - <Name>: This setup element has these attributes:

Attribute

Answer

Dial

Hang up

Value

<Answer AT command> (ATS0=1*)

<Dial AT command> (ATD?D*)

<Hang up AT command> (ATH0S0=0*)

Ignore carrier signal Enabled/Disabled*

Max data rate

<Bits per second> (38400*)

Name

RTS/CTS

<String of characters> (random characters*)

Enabled*/Disabled

Send

Setup1

Setup2

<Send AT command> (none*)

<Setup1 AT command> (AT&F*)

<Setup2 AT command> (AT&C1&D2S10=20*)

Note: Modem - <Name> is available only with Linux. Initially, a Modem - Hayes modem

definition with default attribute values will be available. You can create multiple Modem -

<Name> modem definitions.

Right-click this setup element to display this context command:

Delete: Select this command to delete the selected Modem - <Name> modem definition.

Import > Modem: Select this command to display the Choose a file to open window that will display xml files in the /etc/NetOpHost directory. Select modems.xml to display this window:

The modems.xml file contains NetOp created modem definitions named by modem trade names. Select in the pane a modem trade name and click OK to create in a new branch below

Modem Definitions a Modem - <Name> modem definition.

Note: modems.xml is the NetOp Host (Linux) version of the NetOp Host (Windows) modem

database, see the User’s Manual Common Tools chapter Modem Database and Dialog section

Modem Database section.

305

6.2 Linux

Hostname: Expands into:

NetOp Name Server: This setup element has this attribute:

Attribute

Name Space ID

Value

<String of characters> (PUBLIC*)

Note: Specifies a private name space in the NetOp Name Server name database, see the User’s

Manual NetOp Host chapter Host Tools section Program Options section Host Name Tab

section.

Naming: This setup element has these attributes:

Attribute

Hostname

Naming mode

Value

<String of characters> (none*)

Computername*/Enter or leave blank

Note: Specifies the Host ID by which NetOp Host will identify itself, see the User’s Manual

NetOp Host chapter Host Tools section Program Options section Host Name Tab section. If for

Naming mode you select Enter or leave blank, the Hostname value will be the Host ID.

Host Security: Expands into:

Maintenance: This setup element has these attributes:

Attribute

All other configuration

Guest access security

Old password

Password

Program exit and ‘Stop Host’

Value

Enabled*/Disabled

Enabled*/Disabled

<Asterisks> (none*)

<Asterisks> (none*)

Enabled*/Disabled

Note: If a Maintenance password is specified, it will protect actions for which it is enabled, see

the User’s Manual NetOp Host chapter Host Tools section Maintenance Password section.

Initially, no Maintenance password is specified.

6.2.3.4.5 Address Lists

The NetOp Host Manager Selection Pane Addresslists branch:

includes these setup elements:

Note: In the following explanations, setup element attributes are displayed in tables. The default attribute

value is marked with an asterisk (*).

• Addresslists

Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

New > Addresslist: Select this command to create in a new branch below Addresslists an Addresslist

- <Name> address list.

306

6 Other Operating Systems

Addresslist - <Name>: This setup element has this attribute:

Attribute

Name

Value

<String of characters> (random characters*)

Note: Initially, an Addresslist - My list address list is available. You can create multiple

Addresslist - <Name> elements.

Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

New > Address: Select this command to create in a new branch under the selected Addresslist -

<Name> address list an Address - <Name> address.

Address - <Name>: This setup element has these attributes:

Attribute Value

Name

<String of characters> (random characters*)

Type IP address*/MAC address/DNS address

Note: Initially, an Address - <Random characters> address is available. You can create

multiple Address - <Name> addresses under each Addresslist - <Name> address list. An

Address - <Name> address whose Name format does not satisfy the selected Type format requirements will not work.

Right-click this setup element to display this context command:

Delete: Select this command to delete the selected Address - <Name> address.

Delete: Select this command to delete the selected Addresslist - <Name> address list.

Note: Address - <Name> addresses in a deleted Addresslist - <Name> address list will be

deleted.

6.2.3.4.6 Guest Users

The NetOp Host Manager Selection Pane Guest users branch:

expands into these setup elements:

Note: In the following explanations, setup element attributes are displayed in tables. The default attribute

value is marked with an asterisk (*).

307

6.2 Linux

Guest Security: This setup element has this attribute:

Attribute Value

Mode System authentication*/NetOp authentication/Security Server authentication

Select which Guest Security Mode shall be applied to all connecting NetOp Guests:

• System authentication will authenticate each connecting NetOp Guest individually by NetOp

Host computer user management and assign an individual NetOp Host Manager specified role to each authenticated and NetOp Host Manager specified user.

• NetOp authentication will authenticate all connecting NetOp Guests by a common NetOp Host

Manager specified NetOp password and assign a common NetOp Host Manager specified role to all authenticated NetOp Guests.

• Security Server authentication will authenticate each connecting NetOp Guest individually by

NetOp Security Server controlled account management and assign an individual NetOp

Security Server specified role to each authenticated account.

Guest Security expands into these setup elements:

Security Server authentication: Expands into:

Security Server: This setup element has this attribute:

Attribute Value

Security Server Group ID <32-digit hexadecimal number> (NetOp default*)

Note: Get the applicable Security Server Group ID from a NetOp Security Server

administrator. NetOp Security Server will make NetOp Host request its Preferred Guest

Type

credentials from connecting NetOp Guests. A connecting Guest must specify requested type credentials to be assigned the matching NetOp Security Server specified role.

Roles: Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

New > Role: Select this command to create in a new branch below Roles a Role - <Name> role.

Role - <Name>: This setup element has these attributes:

Attribute

Audio chat

Blank screen

Boot

Chat

Confirm Access

Lock keyboard and mouse

Name

Receive files from Host

Redirect print

Remote control (view)

Run programs

Send files to Host

Transfer clipboard

Use keyboard and mouse

Value

Enabled*/Disabled (not available)

Enabled*/Disabled (not available)

Enabled*/Disabled

Enabled*/Disabled

Never*/Always/Only when logged in

Enabled*/Disabled (not available)

<String of characters> (random characters*)

Enabled*/Disabled

Enabled*/Disabled (not available)

Enabled*/Disabled

Enabled*/Disabled (not available)

Enabled*/Disabled

Enabled*/Disabled (not available)

Enabled/*Disabled

Note: Actions marked “(not available)” are not available in this NetOp Host (other

operating systems) version. Initially, a Role - Full Access role with default attribute values

308

6 Other Operating Systems

will be available. You can create multiple Role - <Name> roles. Role actions are explained in the User’s Manual NetOp Host chapter Host Tools section Guest Access

Security section Guest Access Privileges Tab section Grant All Guests Default Access

Privileges section.

Right-click this setup element to display this context command:

Delete: Select this command to delete the selected Role - <Name> role.

System authentication: Right-click (Mac: C

TRL

+click) this setup element to display this context menu:

New > User: Select this command to create in a new branch below System authentication a

User - <Name> user account.

User - <Name>: This setup element has these attributes:

Attribute Value

Name

<String of characters> (random characters*)

Role

<Available Role name> (none*)

Note: The Role <Available Role name> value must be the Name value of an available

Role setup element, see above. Initially, a User - root user with default attribute values will be available. You can create multiple User - <Name> users. A connecting Guest must specify an available User - <Name> Name value and the matching system specified password to be assigned the matching Role value.

NetOp authentication: This setup element has these attributes:

Attribute Value

Password

<String of characters> (random characters*)

Role

<Available Role name> (Full access*)

Note: The Role <Available Role name> value must be the Name value of an available Role

setup element, see above. Initially, a Password value of random characters and the Role value

Full access is specified. Change the Password and Role values to suit your preferences including no password. If a password is specified, a connecting Guest must specify the

Password value to be assigned the Role value. If no password is specified, a connecting Guest will be assigned the Role value without specifying a password.

309

6.3 Solaris

6.3 Solaris

NetOp Remote Control (Solaris) includes

NetOp Guest (Solaris) and

NetOp Host (Solaris) .

NetOp Guest (Solaris) can remote control an transfer files with a computer that runs NetOp Host using

the TCP/IP and TCP/IP (TCP) communication devices.

NetOp Host (Solaris) enables remote control and file transfer from and typed text chat with NetOp Guest

using the TCP/IP and TCP/IP (TCP) communication devices.

This section includes these sections:

Installation (Solaris)

NetOp Guest (Solaris)

NetOp Host (Solaris)

6.3.1 Installation (Solaris)

This section includes these sections:

Install (Solaris)

Uninstall (Solaris)

6.3.1.1 Install (Solaris)

Check on the NetOp Requirements website that your computer meets the requirements for running NetOp

Remote Control (Solaris).

Note: Installing NetOp Remote Control (Solaris) requires that the user logged on to the computer has

system user privileges.

Insert the NetOp Remote Control CD into the CD drive of your computer.

Read the NetOp Remote Control CD root directory ReadMe_EN.txt file General and Solaris sections that contain important general information and may include update information that was not available when the documentation was last edited. The ReadMe file will be available on your computer when NetOp

Remote Control (Solaris) has been installed. Updated builds may include an updated ReadMe file that will replace an older ReadMe file.

The NetOp Remote Control CD root directory Solaris.txt file contains NetOp Remote Control (Solaris) installation and startup instructions.

You will install NetOp Remote Control (Solaris) from these files in the NetOp Remote Control CD /NRC/

SOLARIS directory:

NetOpGuest-<Version number>-<Build number>.SunOS.tar.gz

NetOpHost-<Version number>-<Build number>.SunOS.tar.gz

In a terminal window, execute these commands: su -

This command will install with system user privileges.

cd /cdrom/NRC/SOLARIS

This command will specify the file location on the NetOp Remote Control CD.

perl install.pl

This command will start the interactive installation script.

Select to install NetOp Guest and/or NetOp Host.

If selected, NetOp Guest will be installed first. Confirm to read the license agreement.

If selected, NetOp Host will be installed next. Confirm to read the license agreement. Accept the license agreement. Specify the NetOp Host license number.

310

6 Other Operating Systems

Note: On a Trial Version NetOp Remote Control CD, trial version license numbers are specified in the

license.dat file.

When the NetOp Host license number has been approved, NetOp Host will load and start to enable communication, see

NetOp Host (Solaris) .

Note: The ReadMe file specifies which files will been installed.

6.3.1.2 Uninstall (Solaris)

NetOp Guest

In a terminal window, execute these commands: rm -f /usr/bin/NetOpGuest rm -f /usr/bin/dtlspy rm -rf /etc/NetOpGuest

NetOp Host

In a terminal window, execute these commands: perl /etc/NetOpHost/cfg/uninstall.pl

rm -rf /etc/NetOpHost

6.3.2 NetOp Guest (Solaris)

NetOp Guest is a client type program. It can connect to a remote computer NetOp Host server type program to access resources on the NetOp Host computer.

This section includes these sections:

Load and Unload NetOp Guest (Solaris)

NetOp Guest (Solaris) Functionality

311

6.3 Solaris

6.3.2.1 Load and Unload NetOp Guest (Solaris)

To load NetOp Guest (Solaris)

, in a terminal window execute this command:

NetOpGuest to display this window on the graphical screen:

NetOp Guest (Solaris)

312

Note: The

NetOpGuest

command assumes that the NetOpGuest program file resides in the /usr/bin directory. If NetOpGuest resides in another directory, precede the command by the full directory path.

If NetOp Guest (Solaris) is loaded for the first time, the user will be prompted to specify the NetOp Guest

license number.

Note: On a Trial Version NetOp Remote Control CD, license numbers are specified in the license.dat

file. The user that loads NetOp Guest for the first time must have the privileges to create a LICENSE file in the /etc/NetOpGuest directory.

When NetOp Guest (Solaris)

is loaded to display the

NetOp Guest (Solaris)

window, it can connect to a

remote computer NetOp Host.

To unload NetOp Guest (Solaris)

, select the

NetOp Guest (Solaris)

window File menu Exit command or a

Window Control

Close element.

6.3.2.2 NetOp Guest (Solaris) Functionality

The

NetOp Guest (Solaris)

window contains the same elements as the NetOp Guest (Windows) window,

but

NetOp Guest (Solaris)

has only some of the NetOp Guest (Windows) functionalities. Non-functional window elements will be permanently disabled to display gray text and/or icons.

6 Other Operating Systems

NetOp Guest (Solaris) can remote control an transfer files with a computer that runs NetOp Host using

the TCP/IP and TCP/IP (TCP) communication devices.

Note: To connect by another port number than the NetOp default 6502, add the port number to the Host

name or address after a colon, e.g. 192.168.100.1:1234.

Press the F1 key or select the Help menu Contents command to display this window:

It displays the NetOp Guest (Solaris) NetOp Guest Help system that contains all of the NetOp Guest Help

(Windows) main sections plus an Other Operating Systems main section that has the same contents as this manual chapter. Select a left Contents tab expanding graphical table of contents element or Index tab keyword to display the matching topic in the right pane. We recommend that you start by reading the

NetOp Guest section Connect Guide and Host Security Guide sections.

If you encounter problems that you cannot resolve by using NetOp Guest Help, try the NetOp

KnowledgeBase . If that does not provide a solution, submit a support request to NetOp Support .

6.3.3 NetOp Host (Solaris)

NetOp Host (Solaris)

is a server type program that runs in a daemon. It enables a remote computer NetOp

Guest to connect to it to access resources on its computer.

NetOp Host (Solaris) includes these programs:

NetOp Host Daemon (Solaris)

NetOp Host Daemon (Solaris) will start and stop with the computer operating system. A user with

system user privileges can

Start and Stop NetOp Host Daemon (Solaris) .

313

6.3 Solaris

NetOp Host Program (Solaris)

NetOp Host Program (Solaris)

will load and typically start when NetOp Host Daemon (Solaris) is

loaded. If started, NetOp Host communication will be enabled to enable NetOp Guest to connect. A user can start, stop and set up

NetOp Host Program (Solaris) from the

NetOp Host (Solaris)

window, see

NetOp Host (Solaris) Functionality .

NetOp Host GUI (Solaris)

NetOp Host GUI (Solaris) displays the

NetOp Host (Solaris)

window. It will typically not load to

display the

NetOp Host (Solaris)

window when

NetOp Host Program (Solaris)

is loaded. A user can load and unload

NetOp Host GUI (Solaris) to

Display and Hide the NetOp Host Window (Solaris) .

This section includes these sections:

Start and Stop NetOp Host Daemon (Solaris)

Display and Hide the NetOp Host Window (Solaris)

NetOp Host (Solaris) Functionality

6.3.3.1 Start and Stop NetOp Host Daemon (Solaris)

NetOp Host Daemon (Solaris) will start and stop with the computer operating system. A user with system

user privileges can start, check and stop

NetOp Host Daemon (Solaris) with these terminal window

commands:

/etc/init.d/NetOpHostd start

This command will start NetOp Host Daemon (Solaris) and load

NetOp Host Program (Solaris) .

/etc/init.d/NetOpHostd status

This command will return a statement of whether NetOp Host Daemon (Solaris)

is running or not.

/etc/init.d/NetOpHostd stop

This command will unload NetOp Host Program (Solaris) and stop

NetOp Host Daemon (Solaris) .

Note: You can control the loaded

NetOp Host Program (Solaris)

communication status from the

NetOp

Host Manager window

Host Computer section and from the

NetOp Host (Solaris)

window.

314

6 Other Operating Systems

6.3.3.2 Display and Hide the NetOp Host Window (Solaris)

NetOp Host GUI (Solaris)

will typically not load when

NetOp Host Program (Solaris) is loaded.

If

NetOp Host Program (Solaris) is loaded, execute this command in a terminal window:

NetOpHostGUI to display this window on the graphical screen:

NetOp Host (Solaris)

Note: The

NetOpHostGUI

command assumes that the NetOpHostGUI program file resides in the /usr/

bin directory. If NetOpHostGUI resides in another directory, precede the command by the full directory path.

To unload NetOp Host GUI (Solaris) to hide the

NetOp Host (Solaris)

window, select the

NetOp Host

(Solaris)

window File menu Exit command or a

Window Control Close element.

6.3.3.3 NetOp Host (Solaris) Functionality

The

NetOp Host (Solaris)

window contains many of the elements of the NetOp Host (Windows) window,

but NetOp Host (Solaris) has only some of the NetOp Host (Windows) functionalities and some of these

are organized differently.

NetOp Host (Solaris) enables remote control and file transfer from and typed text chat with NetOp Guest

using the TCP/IP and TCP/IP (TCP) communication devices.

Unlike

NetOp Guest (Solaris)

, no help system is available from the

NetOp Host (Solaris)

window.

Explanations on functionalities that match NetOp Host (Windows) functionalities are available in the

NetOp Host chapter of the User’s Manual that is available as a PDF file on the NetOp Remote Control

CD.

315

6.3 Solaris

To change the setup of NetOp Host Program (Solaris)

, click the

NetOp Host (Solaris)

window toolbar

Options button or select the Tools menu Options command to display this window:

Username []: Specify in this field your Solaris logon user name.

Note: To change the

NetOp Host Program (Solaris) setup, the user must have the privileges to edit the

/etc/NetOpHost/NetOpHost.xml file.

Password []: Specify in this field your Solaris logon password.

316

Click OK to display this window:

6 Other Operating Systems

This window is explained in

NetOp Host Manager

.

If you encounter problems that you cannot resolve by using this manual or the User’s Manual, try the

NetOp KnowledgeBase . If that does not provide a solution, submit a support request to NetOp Support .

317

6.4 Mac

6.4 Mac

NetOp Remote Control (Mac) includes

NetOp Host (Mac) .

NetOp Host (Mac) enables remote control and file transfer from and typed text chat with NetOp Guest

using the TCP/IP and TCP/IP (TCP) communication devices.

This section includes these sections:

Installation (Mac)

NetOp Host (Mac)

6.4.1 Installation (Mac)

This section includes these sections:

Install (Mac)

Uninstall (Mac)

6.4.1.1 Install (Mac)

Check on the NetOp Requirements website that your computer meets the requirements for running NetOp

Remote Control (Mac).

Note: Installing NetOp Remote Control (Mac) for use outside the current computer session requires that

the user logged on to the computer has administrator rights.

Insert the NetOp Remote Control CD into the CD drive of your computer.

Read the NetOp Remote Control CD root directory ReadMe_EN.txt file General and Mac sections that contain important general information and may include update information that was not available when the documentation was last edited. The ReadMe file will be available on your computer when NetOp

Remote Control (Mac) has been installed. Updated builds may include an updated ReadMe file that will replace an older ReadMe file.

The NetOp Remote Control CD root directory Mac.txt file contains NetOp Remote Control (Mac) installation and startup instructions.

You will install NetOp Remote Control (Mac) from these files in the NetOp Remote Control CD /NRC/

MAC directory:

/10_1/netophost101.pkg.sit for MAC OS X 10.1

/10_2/netophost.pkg.sit for MAC OS X 10.2

/10_3/netophost.pkg.sit for MAC OS X 10.3

Run the file that matches your computer operating system to install the netophost.pkg file, typically on the desktop.

Run the netophost.pkg file to display the Install NetOp Host window that will guide you through installation. Accept the license agreement. Specify the licensee name and NetOp Host license number.

Note: On a Trial Version NetOp Remote Control CD, trial version license numbers are specified in the

license.txt file.

When the NetOp Host license number has been approved, NetOp Host will load and start to enable communication, see

NetOp Host (Mac)

.

Note: The ReadMe file specifies which files have been installed.

6.4.1.2 Uninstall (Mac)

In the Applications/NetOpHost directory, run the netophost_uninstall.pkg file to display the Uninstall

NetOp Host window that will guide you through uninstallation that runs like an installation.

Note: Uninstalling a general use installation requires that the user logged on to the computer has

administrator rights.

318

6 Other Operating Systems

6.4.2 NetOp Host (Mac)

NetOp Host (Mac) is a server type program that runs in a daemon. It enables a remote computer NetOp

Guest to connect to it and access resources on its computer.

NetOp Host (Mac) includes these programs:

NetOp Host Daemon (Mac)

NetOp Host Daemon (Mac) will start and stop with the computer operating system. A user with

system user privileges can

Start and Stop NetOp Host Daemon (Mac) .

NetOp Host Program (Mac)

NetOp Host Program (Mac) will load and typically start when NetOp Host Daemon (Mac)

is loaded.

If started, NetOp Host communication will be enabled to enable NetOp Guest to connect. A user can start, stop and set up

NetOp Host Program (Mac) from the

NetOp Host (Mac)

window, see NetOp

Host (Mac) Functionality .

• NetOp Host GUI (Mac)

NetOp Host GUI (Mac) displays the

NetOp Host (Mac)

window. It will typically not load to display

the

NetOp Host (Mac)

window when

NetOp Host Program (Mac) is loaded. A user can load and

unload

NetOp Host GUI (Mac) to

Display and Hide the NetOp Host (Mac) window .

This section includes these sections:

Start and Stop NetOp Host Daemon (Mac)

Display and Hide the NetOp Host (Mac) window

NetOp Host (Mac) Functionality

6.4.2.1 Start and Stop NetOp Host Daemon (Mac)

NetOp Host Daemon (Mac) will start and stop with the computer operating system. A user with

administrator rights can start, stop and restart

NetOp Host Daemon (Mac)

with these terminal window commands:

SystemStarter start NetOpHost

This command will start NetOp Host Daemon (Mac) and load NetOp Host Program (Mac) .

SystemStarter stop NetOpHost

This command will unload NetOp Host Program (Mac)

and stop

NetOp Host Daemon (Mac) .

SystemStarter restart NetOpHost

This command will unload NetOp Host Program (Mac)

, stop and start

NetOp Host Daemon (Mac) and load NetOp Host Program (Mac) .

Note: You can control the loaded

NetOp Host Program (Mac)

communication status from the NetOp

Host Manager

window Host Computer

section and from the

NetOp Host (Mac)

window.

319

6.4 Mac

6.4.2.2 Display and Hide the NetOp Host (Mac) window

NetOp Host GUI (Mac) will typically not load when NetOp Host Program (Mac) is loaded.

If NetOp Host Program (Mac)

is loaded, select Applications/NetOpHost/NetOpHostGUI to display this window:

NetOp Host (Mac)

320

Note: A NetOpHostGUI shortcut will typically be available on the desktop.

To unload NetOp Host GUI (Mac) to hide the

NetOp Host (Mac)

window, quit the NetOpHostGUI

application.

6.4.2.3 NetOp Host (Mac) Functionality

The

NetOp Host (Mac)

window contains many of the elements of the NetOp Host (Windows) window, but

NetOp Host (Mac) has only some of the NetOp Host (Windows) functionalities and some of these are

organized differently.

NetOp Host (Mac) enables remote control and file transfer from and typed text chat with NetOp Guest

using the TCP/IP and TCP/IP (TCP) communication devices.

No help system is available from the

NetOp Host (Mac)

window. Explanations on functionalities that match NetOp Host (Windows) functionalities are available in the NetOp Host chapter of the User’s

Manual that is available as a PDF file on the NetOp Remote Control CD.

6 Other Operating Systems

To change the setup of

NetOp Host Program (Mac)

, click the

NetOp Host (Mac)

window toolbar Options

button or select the Tools menu Options command to display this window:

Username []: Specify in the field your Mac logon user name.

Note: To change the

NetOp Host Program (Mac)

setup, the user must have the privileges to edit the /etc/

NetOpHost/NetOpHost.xml file.

Password []: Specify in the field your Mac logon password.

Click OK to display this window:

This window is explained in

NetOp Host Manager

.

If you encounter problems that you cannot resolve by using this manual or the User’s Manual, try the

NetOp KnowledgeBase . If that does not provide a solution, submit a support request to NetOp Support .

321

6.5 OS/2

6.5 OS/2

NetOp Remote Control (OS/2) includes

NetOp Host (OS/2) .

NetOp Host (OS/2) enables remote control and file transfer from and chat with a computer that runs

NetOp Guest. A NetOp Host (OS/2) user can request help from a NetOp Guest that offers help services.

The TCP/IP (UDP), TCP/IP (TCP), IPX, NetBIOS, ISDN (CAPI), Serial and APPC communication devices are available.

This section includes these sections:

Installation (OS/2)

NetOp Host (OS/2)

6.5.1 Installation (OS/2)

This section includes these sections:

Install (OS/2)

Install from Another Computer (OS/2)

Silent Install (OS/2)

Set Up NetOp Hosts Identically (OS/2)

Uninstall (OS/2)

6.5.1.1 Install (OS/2)

Check on the NetOp Requirements website that your computer meets the requirements for running NetOp

Remote Control (OS/2).

Note: Installing NetOp Remote Control (OS/2) requires that the user logged on to the computer has

administrator rights.

Insert the NetOp Remote Control CD into the CD drive of your computer.

Read the NetOp Remote Control CD root directory ReadMe_EN.txt file General and OS/2 sections that contain important general information and may include update information that was not available when the documentation was last edited. The ReadMe file will be available on your computer when NetOp

Remote Control (OS/2) has been installed. Updated builds may include an updated ReadMe file that will replace an older ReadMe file.

The NetOp Remote Control CD root directory OS2.txt file contains NetOp Remote Control (OS/2) installation and startup instructions.

In the NetOp Remote Control CD /NRC/OS2/EN directory, run (double-click) the SETUP.EXE file to display the Select Install Components window. Specify the destination directory. Specify the licensee name and NetOp Host license number.

Note: On a Trial Version NetOp Remote Control CD, trial version license numbers are specified in the

license.txt file.

Select startup options to start installation. When installation has completed, you will typically be prompted to reboot the computer to load and start NetOp Host to enable communication, see

NetOp Host

(OS/2)

.

Note: The ReadMe file specifies which files have been installed.

6.5.1.2 Install from Another Computer (OS/2)

You can install

NetOp Host (OS/2)

from an OS/2 computer on which

NetOp Host (OS/2)

is installed.

Copy the contents of the directory in which NetOp Host is installed.

Add this statement to the CONFIG.SYS file:

DEVICE=<Path>\NHOST2.SYS

322

6 Other Operating Systems

where <Path> is the path to the directory to which the NetOp Host files were copied.

To enable full screen WIN-OS/2 support, add this statement to the CONFIG.SYS file:

DEVICE=<Path>\NHOST2W.SYS

Restart OS/2 to implement the system file changes and enable NetOp Host.

6.5.1.3 Silent Install (OS/2)

Silent Install (OS/2) enables non-interactive NetOp Host (OS/2)

installations from a network drive.

Copy the contents of the NetOp Remote Control CD /NRC/OS2/EN directory to a network drive and make one interactive installation from it. This will write the license information to the network drive.

Install silently from the network drive by this command:

<Network drive letter>: SETUP S P=<Path> [L[=<Number>]] [B]

This command contains these elements:

Element Explanation

<Network drive letter> The letter assigned to the network directory that contains the NetOp Remote Control CD

/NRC/OS2/EN directory files.

SETUP

S

P=<Path>

[L[=<Number>]]

[B]

Install command.

Specifies that the installation shall run and complete without user intervention.

Specifies the computer path in which NetOp Host shall be installed.

This optional switch will load NetOp Host optionally <Number> seconds after OS/2 has started.

This optional switch will restart OS/2 after installation.

Example

N: SETUP S P=C:\NETOP L B

Explanation: From the network drive N, install NetOp Host silently in the path C:\NETOP to load NetOp

Host after OS/2 has started and restart OS/2.

6.5.1.4 Set Up NetOp Hosts Identically (OS/2)

To set up multiple NetOp Host (OS/2) identically, create the desired setup on a NetOp Host, reload it and

copy its NHOST2.CFG configuration file to other NetOp Hosts to replace their NHOST2.CFG files.

NHOST2.CFG resides in the directory in which NetOp Host is installed. It will be saved when NetOp

Host is unloaded to save any setup changes.

Note: Some communication devices require that each Host has a unique Host ID. If no Host ID is

specified, the Host will be identified by its computer IP address (TCP/IP) or MAC address (other communication devices).

6.5.1.5 Uninstall (OS/2)

To uninstall NetOp Host (OS/2) , delete the directory in which NetOp Host is installed and remove any

matching CONFIG.SYS file statements.

6.5.2 NetOp Host (OS/2)

NetOp Host (OS/2)

enables a remote computer NetOp Guest to connect to it to access resources on its computer.

This section includes these sections:

Load and unload NetOp Host (OS/2)

NetOp Host (OS/2) Functionality

NetOp Host (OS/2) Tools

323

6.5 OS/2

6.5.2.1 Load and unload NetOp Host (OS/2)

After a typical installation,

NetOp Host (OS/2)

will load and start when OS/2 starts to display this window:

Host

If this window is displayed in front of the Host window:

324

click the

Host

window toolbar rightmost Communication Profiles button to display the Communication

Profile Setup window, see Communication Profiles (OS/2) . Check boxes to select communication

profiles for enabling. Click the

Host

window toolbar leftmost Start button to enable selected

communication profiles.

If the

Host

window title bar displays Running, a remote computer NetOp Guest can connect to NetOp

Host (OS/2) .

If NetOp Host is not loaded, you can load it in different ways:

From a Desktop Folder or Icon

A typical NetOp Host installation will create a NetOp desktop folder that will contain the NHOST2.EXE file typically as an icon:

Double-click this icon to load NetOp Host. You can create a shadow of this icon on the desktop.

From a Directory

Run (double-click) the NHOST2.EXE file in the directory in which NetOp Host is installed to load NetOp

Host.

6 Other Operating Systems

From a Command

In a command window, specify this command:

<NetOp directory path>nhost2 to load NetOp Host.

You can add these switches to the nhost2

command (leave a space before each switch):

Switch

L[:<Number>]

Function

C:<Communication profile name> Select <Communication profile name> in addition to other selected communication profiles.

Enable selected communication profiles, optionally with a delay of <Number> seconds.

R

R:<Host ID>

GA+, GA-

Unload NetOp Host.

Replace the current Host ID by <Host ID>.

GA+: Notify a connecting NetOp Guest of the MAC/IP address of the currently connected NetOp Guest (default action).

GA-: Do not notify a connecting NetOp Guest of the MAC/IP address of the currently connected NetOp Guest.

FRAMES:<Number>

SLEEP:<Number>

STEALTH

Grab <Number> Host screen image sections at a time to transfer the Host image to the Guest (default: 20)

Wait <Number> milliseconds between each grabbing of frames (default: 10)

Hide the Host window while NetOp Host is loaded, see

Program Options (OS/

2)

.

Examples:

NHOST2 -L

Explanation: Load NetOp Host and start it enabling selected communication profiles.

NHOST2 -L:20 -R:JOHN

Explanation: Load NetOp Host and start it enabling selected communication profiles with a 20 seconds delay replacing the current Host ID by JOHN.

Win-OS/2 Full Screen Support

NetOp Host supports remote control of the full screen Windows 3.1 user interface if NHOST2W.EXE is loaded.

A typical NetOp Host installation will add this C:\CONFIG.SYS statement:

DEVICE=C:\NETOP\NHOST2W.SYS

You can load NHOST2W.EXE manually or add it to the

RUN=

line in your Win-OS/2 WIN.INI file, for example:

RUN=<NetOp directory path>\NHOST2W.EXE

These options will automatically load NHOST2W.EXE when you start the program manager in a full screen Win-OS/2 session.

Unload

To unload NetOp Host, select the

Host

window File menu Exit command or a

Window Control Close

element.

6.5.2.2 NetOp Host (OS/2) Functionality

NetOp Host (OS/2)

has the same functionality as the NetOp for OS/2 version 6.5 Host that lacks the newer features of NetOp Host (Windows).

The

Host

window resembles the NetOp Host (Windows) window. It contains most of the NetOp Host

(Windows) window elements that typically have the same functionality. See the User’s Manual NetOp

Host chapter for explanations.

Compared to NetOp Host (Windows),

NetOp Host (OS/2) tools are more limited and organized

differently, see NetOp Host (OS/2) Tools .

325

6.5 OS/2

6.5.2.3 NetOp Host (OS/2) Tools

The

Host

window Tools menu:

contains these commands:

Program Options...: Select this command to display the

Program Options

window.

Help Request Options...: Select this command to display the

Help Request Options

window.

Guest Access Security...: Select this command to display the

Guest Access Security

window.

Maintenance Password...: Select this command to display the

Maintenance Password

window.

Log Setup...: Select this command to display the

Log Setup

window.

Communication Profiles...: Select this command to display the

Communication Profile Setup

window.

Modem Database...: Select this command to display the

Modem

window.

Note: Setup changes will be written to the NHOST2.CFG file that resides in the directory in which NetOp

Host is installed. NHOST2.CFG will be saved when NetOp Host is unloaded. When NetOp Host is loaded, NHOST2.CFG will be read to re-establish the setup applied when NetOp Host was last unloaded.

If NHOST2.CFG is write protected, setup changes cannot be written to it and will therefore not be retained.

326

6 Other Operating Systems

6.5.2.3.1 Program Options (OS/2)

Select the

Host

window Tools menu Program Options command or click the toolbar tool buttons

Program Options button to display this window:

Program Options

Startup

Wait for connection at program startup, delay [] sec.: Leave this box checked to start NetOp Host when loaded, see also the User’s Manual NetOp Host chapter Host Tools section Program Options section General Tab section (default: checked). Optionally, specify in the field a number up to 999 to delay start by that number of seconds (default: 0). If a delay is specified, the Host window title bar will display the delay countdown.

Note: A delay can be useful to allow time to open the Modem Dialog window before

communication starts.

Minimize Host at program startup: Check this box to minimize the Host window into its icon or record while loaded, see also the User’s Manual NetOp Host chapter Host Tools section Program

Options section General Tab section (default: unchecked). To restore the Host window, doubleclick its minimized object or click its OS/2 Minimized Window Viewer command.

Stealth mode (hide Host when started): Check this box to hide the Host window while loaded, see also the User’s Manual NetOp Host chapter Host Tools section Program Options section General

Tab section (default: unchecked). To restore the Host window, run the SHOWHOST.EXE program that resides in the directory in which NetOp Host is installed.

Printer Redirection

LPT 1: []/LPT 2: []/LPT 3: []: The drop-down box lists contain these options:

Local: Print on the local printer only (default selection).

Remote: Print on the local printer of the connected NetOp Guest only.

Both: Print on the local printer and on the local printer of the connected NetOp Guest.

Note: The printer driver and settings applied to the print job must be compatible with the used printing

device.

NetOp Host (OS/2)

remote print is not compatible with NetOp Remote Control (Windows) remote print, see the User’s Manual NetOp Host chapter Host Tools section Program Options section

Remote Printing Tab section.

327

6.5 OS/2

Public Name: Leave this box checked to make the Host respond to broadcast communication such as NetOp Guests browsing for NetOp Hosts, see also the User’s Manual NetOp Host chapter Host

Tools section Program Options section Host Name Tab section (default: checked).

Restart OS/2 after hangup: Check this box to restart OS/2 after disconnecting from NetOp Guest, see also the User’s Manual NetOp Host chapter Host Tools section Guest Access Security section

Guest Policy Tab section (default: unchecked).

6.5.2.3.2 Help Request Options (OS/2)

Select the

Host

window Tools menu Help Request Options command to display this window:

Help Request Options

328

The elements of this window are explained in the

the User’s Manual NetOp Host chapter Host Tools section Program Options section Help Request Tab section

.

6.5.2.3.3 Guest Access Security (OS/2)

Select the

Host

window Tools menu Guest Access Security command to display this window:

Guest Access Security

6 Other Operating Systems

The elements of this window are explained in the

User’s Manual NetOp Host chapter Host Tools

section Guest Access Security section Guest Access Privileges Tab section

.

329

6.5 OS/2

6.5.2.3.4 Maintenance Password (OS/2)

Select the

Host

window Tools menu Maintenance Password command to display this window:

Maintenance Password

The elements of this window are explained in the

User’s Manual NetOp Host chapter Host Tools

section Maintenance Password section.

6.5.2.3.5 Log Setup (OS/2)

Select the

Host

window Tools menu Log Setup command to display this window:

Log Setup

330

The elements of this window are explained in the

User’s Manual Common Tools chapter NetOp Log

section Log Setup section.

6 Other Operating Systems

6.5.2.3.6 Communication Profiles (OS/2)

Select the

Host

window Tools menu Communication Profiles command to display this window:

Communication Profile Setup

This window manages communication profiles.

NetOp Host (OS/2)

can communicate by these communication devices:

• NetBIOS

• IPX

• TCP/IP (UDP)

• TCP/IP (TCP)

• APPC

• Serial/Modem

• ISDN (CAPI 1.1)

• ISDN (CAPI 2.0)

• Gateway

Of these, all except APPC and ISDN (CAPI 1.1) are explained

in the

User’s Manual Common Tools

chapter Communication Device section. TCP/IP (UDP) is explained in the TCP/IP subsection, Serial/

Modem is explained in the Serial subsection and ISDN (CAPI 2.0) is explained in the ISDN (CAPI) subsection.

Communication profile list []: The pane will contain checkboxed names of the communication profiles that exist on the Host. Check boxes to enable communication profiles. Restart NetOp Host to apply changes, see also section.

the

User’s Manual NetOp Host chapter Host Tools section Communication Profiles

Add: Click this button to display the Communication Profile Edit window to create a communication profile.

Edit: Select a communication profile in the pane and click this button to display the Communication

Profile Edit window to edit it.

331

6.5 OS/2

Note: The Communication Profile Edit window is explained

chapter Communication Device section.

in the

User’s Manual Common Tools

Delete: Select a communication profile in the pane and click this button to delete it.

This section includes these sections:

APPC (OS/2)

ISDN (CAPI 1.1) (OS/2)

6.5.2.3.7 APPC (OS/2)

APPC (Advanced Program-to-Program Communication) is a network point-to-point communication device based on IBM's System Network Architecture (SNA). APPC is typically used in SNA networks.

Note: Each communication profile that uses APPC can support one NetOp connection. You can enable

multiple APPC communication profiles with different names.

Configuration

Install and configure APPC with Communication Manager (CM). For NetOp to use APPC, define two transaction programs (TP) with these names:

DWDTL1

DWDTL2

Note: These names that are case sensitive must be uppercase. In their setup, Service TP must be disabled

and operation type must be Queued operator preloaded. If you have problems configuring APPC, consult with your network/system administrator.

Connect

To connect from NetOp Guest, specify the NetOp Host LU Name or LU Alias, see

APPC Communication

Profile Edit

.

To request help from NetOp Host, specify the help provider NetOp Guest LU name or LU alias, see

APPC Communication Profile Edit .

NetOp Guest can respond to a NetOp Host help request by its enabled Help service names, see

the

User’s

Manual NetOp Guest chapter Guest Tools section Program Options section Help Request Tab section.

332

6 Other Operating Systems

APPC Communication Profile Edit

In the

Communication Profile Setup

window, click New or Edit to display this window:

The upper section of this window is explained in

Communication Device section.

the

User’s Manual Common Tools chapter

The APPC section will be displayed if APPC is selected in the Communication Device drop-down box.

Mode: []: By default, this field will specify #INTER. If communication does not work using the #INTER mode, ask your system/network administrator which other mode to specify.

Local LU alias: []: If a local LU alias is assigned, specify it in this field. Otherwise, leave the field blank.

6.5.2.3.8 ISDN (CAPI 1.1) (OS/2)

CAPI (Common Applications Programmer’s Interface) enables ISDN (Integrated Services Digital

Network) modems connected to each other to negotiate connection parameters.

NetOp Host (OS/2)

and version 6.5 NetOp Guest and NetOp Host support two versions of CAPI, the 16 bit version 1.1 (compatible with EuroISDN DSS1, German ISDN 1TR6, French ISDN VN2, Belgian

ISDN CT1 and others) and the 32 bit version 2.0 that is internationally recognized. NetOp Remote

Control versions 7.0+ support only the 32 bit version CAPI 2.0.

Note: ISDN (CAPI) is a point-to-point line communication device. Each of the two ISDN channels of an

ISDN modem can support one NetOp connection.

CAPI works with NetOp only if both ends of an ISDN connection support CAPI.

ISDN non-CAPI communication that is not compatible with ISDN CAPI communication uses the Serial or Windows Modem communication device.

While CAPI 2.0 is in principle compatible with the older 16 bit version CAPI 1.1, by experience we recommend using the same CAPI version at both ends of the connection.

Configuration

For connected modems using ISDN (CAPI), CAPI must be configured and enabled.

333

6.5 OS/2

If you have problems configuring CAPI, consult with your network/system administrator.

Connect

To connect from NetOp Guest, specify the NetOp Host computer ISDN device telephone number.

To request help from NetOp Host, specify the NetOp Guest computer ISDN device telephone number.

NetOp Guest can respond to a NetOp Host help request by its enabled Help service names, see

the

User’s

Manual NetOp Guest chapter Guest Tools section Program Options section Help Request Tab section.

ISDN (CAPI 1.1) Communication Profile Edit

In the

Communication Profile Setup

window, click the New or Edit button to display this window:

334

The upper section of this window is explained in

Communication Device section.

the

User’s Manual Common Tools chapter

The ISDN (CAPI 1.1) section will be displayed if ISDN (CAPI 1.1) is selected in the Communication

Device drop-down box.

Local Number (EAZ): []: Specify in the field of this drop-down box the local ISDN telephone number as specified in your CAPI configuration (default: 0). The drop-down box list contains previously specified local numbers. Select a number in the list to display it in the field.

The other sections are explained in the

User’s Manual Common Tools chapter Communication

Device section ISDN (CAPI) section ISDN (CAPI) Communication Profile Edit section.

6 Other Operating Systems

6.5.2.3.9 Modem Database (OS/2)

Select the Tools menu Modem Database command to display this window:

Modem

The elements of this window are explained in

the

User’s Manual Common Tools chapter Modem

Database and Dialog section Modem Database section.

335

6.6 DOS

6.6 DOS

NetOp Remote Control (DOS) includes

NetOp Host (DOS) that is actually the RemPC module of NetOp

for DOS (Network) version 4.32.

NetOp Host (DOS) enables remote control from and chat with a computer that runs NetOp Guest and file

transfer from a computer that runs NetOp for DOS (Network) Guest.

The RemPCIPX v. 4.3 and RemPCNB v. 4.3 communication devices are available.

This section includes these sections:

Installation (DOS)

NetOp Host (DOS)

6.6.1 Installation (DOS)

Check on the NetOp Requirements website that your computer meets the requirements for running NetOp

Remote Control (DOS).

Insert the NetOp Remote Control CD into the CD drive of your computer.

Read the NetOp Remote Control CD root directory ReadMe_EN.txt file General and DOS sections that contain important general information and may include update information that was not available when the documentation was last edited.

The NetOp Remote Control CD root directory DOS.txt file contains NetOp Remote Control (DOS) installation and startup instructions.

To install NetOp Host (DOS) , copy these NetOp Remote Control CD \NRC\DOS\REMPC\ files:

REMPC.BAT: Default NetOp Host program file that will detect available communication and load

NetOp Host accordingly.

REMPCIPX.COM: IPX NetOp Host program file.

REMPCNB.COM: NetBIOS NetOp Host program file.

REMPCTST.COM: Communication detection program file used by REMPC.BAT.

to a computer directory.

6.6.2 NetOp Host (DOS)

Before loading

NetOp Host (DOS) , set up computer network communication by IPX and/or NetBIOS.

To load NetOp Host (DOS) manually, execute this command:

<Installed directory path>rempc <Host name>

Note: The command is not case sensitive.

This will run REMPC.BAT to detect available network communication and load NetOp Host (DOS)

accordingly by the <Host name> name.

If NetOp Host (DOS) loads, the computer will return a confirmation and a command prompt:

336

If NetOp Host (DOS) cannot load, the computer will return an error message.

Note: If both of IPX and NetBIOS are available, REMPC.BAT will select IPX.

To load NetOp Host (DOS) to communicate only by IPX, replace rempc by rempcipx.

To load NetOp Host (DOS) to communicate only by NetBIOS, replace rempc by rempcnb.

6 Other Operating Systems

You can set up the computer to load NetOp Host (DOS) at computer start by adding the load command to

the AUTOEXEC.BAT file.

If

NetOp Host (DOS)

is loaded, a remote computer NetOp Guest can connect to it.

While not being connected, the computer screen upper right corner will display a green rectangle with a flashing white asterisk. While being connected, a red/white flashing rectangle with a + will be displayed.

You can extend the load command by parameters that determine setup, see

NetOp Host (DOS) Load

Command Parameters .

To unload NetOp Host (DOS)

, execute this command:

<Installed directory path>rempc /r

6.6.2.1 NetOp Host (DOS) Load Command Parameters

You can extend the

NetOp Host (DOS)

load command:

<Installed directory path>rempc <Host name> by any of these parameters (insert one space before each parameter):

Parameter Function

#<Password> Requests <Password> from connecting Guests. Each connecting Guest has three password attempts. If exceeded, the Host will reject further connection attempts until reloaded.

*<Group name> If using NetBIOS, a Guest can connect only if its Guest ID is <Group name>.

/B:<Number> <Number> specifies the Host number of buffer blocks of 516 bytes in the range 1 to 40

(default: 4). The number of buffer blocks may affect transfer speed.

/C Enables typed text chat while connected. Chat can be started by the Host user by pressing

C

TRL

+A

LT

+C or by the Guest user to display the RemPC Chat mode window.

/G Enables remote control of 800 * 600 pixels 16 colors Super VGA mode Host applications.

/K:<Number> <Number> specifies keyboard and mouse control:

0: No keyboard and mouse control.

1: Advanced keyboard 1 control (default selection).

2: Advanced keyboard 2 control.

3: Standard keyboard control.

Note: If Guest computer keystrokes come out wrong on the Host computer screen, specifying another valid <Number> value may solve the problem.

/L

/M

Enables the Guest to lock the Host computer keyboard and mouse.

Enables remote control of DOS mouse.

/Q Enables the Host computer user to confirm access. The Host computer will beep when a

Guest connects. To allow access, press C

TRL

+A

LT

+A. To deny access, press any other key.

/S:<Number> <Number> specifies the Host stack size in the range 100 to 10240 Bytes (default: 200). The stack size may affect remote control of Host applications.

/U Enables public Host name for the Host to respond to broadcast communication.

To display available load command parameters on the screen, execute this command:

<Installed directory path>rempc /?

337

6.6 DOS

338

Index

A

About NDU window (Tools NDU Help Menu) 184

About NetOp Security Manager window (NSM Help Menu) 34

Active Connections (Working with NSM) 40

Active Connections Display (NSM Records Display Pane) 64

ActiveX Demo window (Tools Running NetOp Guest ActiveX Component) 233

Add NetOp Guest ID to NetOp Guest ID Group window (NSM NetOp Definitions) 77

B

Base DN 124

C

Change Account for Session window (Tools NDU Executing Deployment) 217

Choose Account window (Host Guest Access Security) 157

Common Controls (Introduction) 14

Communication Log (NRC (Other) NetOp Host (Mac)) 281

Communication Setup (NGW Setup) 148

Connection Notification 205

Copy Media Files window (Tools NDU Importing Media Files) 185

D

Danware Data (First pages) 2

Delete Selected Button (NSM Tool Bar) 35

Deploying Other Programs Than NetOp (Tools NDU Deployment Tips) 224

Device Groups (NGW Communication Setup) 150

distinguished name 125

Domain (NSM Windows Definitions) 105

DWBATH - Scheduled Jobs (NSM Security Database Tables) 130

DWDOMN - Domains (NSM Security Database Tables) 130

DWGRUP - NetOp Guest ID Groups (NSM Security Database Tables) 131

DWMAIN - Role Assignments (NSM Security Database Tables) 133

DWNTGR - Windows Groups (NSM Security Database Tables) 134, 138

DWPOLI - Security Policies (NSM Security Database Tables) 134

DWSERV - NetOp Security Servers (NSM Security Database Tables) 136

DWTODO - Scheduled Actions (NSM Security Database Tables) 137

DWWKST - Workstations (NSM Security Database Tables) 138

E

Edit Copy Statement window (Tools NDU Copy Files Tab) 201

Edit Menu (NSM Menu Bar) 31

Edit Selected Button (NSM Tool Bar) 35

End Time window (NSM Scheduling) 70

Executing Deployment (Tools NDU) 217

F

File Menu (NSM Menu Bar) 31

File Menu (Tools NDU Menu Bar) 182

G

Gateway on Firewall sketch (NGW) 160

Graphics Tab (Tools Guest ActiveX Properties) 237

Group Browse Filter 126

Index

339

Group Member Attribute 126

Group Search Filter 126

Guest ID (NSM NetOp Definitions) 72

Guest ID Group (NSM NetOp Definitions) 78

Guest Profile window (Host Guest Access Security) 155

H

I

Help Menu (NSM Menu Bar) 33

Host ID (NSM NetOp Definitions) 82

HOST Section (Tools SETUP.ISS) 170

Incoming and Outgoing (NGW Functionality) 146

Initial Setup of Guests and Hosts window (NSM Security Settings) 47

Initial Setup of Roles window (NSM Security Settings) 48

Insert Domain window (NSM Windows Definitions) 106

Insert Role Assignment window (NSM Security Settings) 46

Insert Windows Group as Guest window (NSM Security Settings) 43

Insert Windows Group as Host window (NSM Security Settings) 45

Insert Windows Group window (NSM Windows Definitions) 95

Insert Windows User window (NSM Windows Definitions) 90

Insert Workstation window (NSM Windows Definitions) 98

INSTALL Section (Tools SETUP.ISS) 169

Installation (NDU) (Tools NDU) 180

Installation (Solaris) (NRC (Other) NetOp Host (Solaris)) 272

Installing (Mac) (NRC (Other) NetOp Host (Mac) Installation) 279

Installing (Solaris) (NRC (Other) NetOp Host (Solaris) Installation) 272

Installing NetOp in a TSE (Tools NetOp in TSE) 228

Internal Routing (NGW Functionality) 147

L

Large Tool Bar (NSM Tool Bar) 34

License (First pages) 3

Loading NetOp Guest (NRC (Other) NRC (Linux) Guest) 266

Loading, Unloading and displaying NetOp Host (NRC (Other) NetOp Host (Solaris)) 275

Loading, Unloading and Displaying NetOp Host (NRC (Other) NRC (Linux) Host) 268

Local Log Successful (Tools NDU Executing Deployment) 222

Local Log Unsuccessful (Tools NDU Executing Deployment) 222

Logging (NSM Records Menu) 61

Logging Options window (NSM Security Policies Display) 60

Logon to Database window (Starting NSM) 23

M

Main Host Processes (Tools NRC and Windows Security) 259

Maintenance Tab (Tools NDU Configuring a Response File) 204

Media Import Section (1) (Tools NDU Window) 184

Members of NetOp Guest ID Group window (NSM NetOp Definitions) 80

Menu and Toolbar Control (Introduction Common Controls) 15

Menu Bar ((NSM Window) 30

Message Pane (NSM Window) 37

Misc Tab (Tools NDU Configuring a Response File) 209

N

NetOp Definitions (NSM Records Menu) 71

NetOp Deployment Utility Window (Tools NDU) 181

340

NetOp Gateway (Chapter 2) 145

NetOp Gateway Setup (NGW) 148

NetOp Group (Guest ID) window (NSM NetOp Definitions) 79

NetOp Guest (NRC (Other) NRC (Solaris)) 273

NetOp Guest ID window Member of Tab (NSM NetOp Definitions) 76

NetOp Host ID window General Tab (NSM NetOp Definitions) 83

NetOp Host Window (NRC (Other) NRC (Linux) Host) 268

NetOp Name Management (Chapter 3) 161

NetOp Name Server Setup (NetOp Name Management) 163

NetOp Name Server Tab (NetOp Name Server Setup) 164

NetOp Net Numbers (NGW Communication Setup) 150

NetOp Properties for Domain window (NSM Windows Definitions) 107

NetOp Properties for Role Assignment window (NSM Security Settings) 49

NetOp Properties for Windows Group window (NSM Windows Definitions) 96, 102

NetOp Properties for Windows User window ((NSM Windows Definitions) 91

NetOp Properties for Workstation window (NSM Windows Definitions) 99

NetOp Security Management Functionality (NetOp Security Management Overview) 19

NetOp Security Management Overview (NetOp Security Management) 19

NetOp Security Manager Window (NetOp Security Management) 30

NetOp Security Role window (NSM Security Settings) 52

NetOp Security Server Setup (NetOp Security Management Setup) 20

NetOp User Programs (Tools NRC and Windows Security) 259

NetOpX Events (Tools Guest ActiveX Programmer Information) 241

NetOpX Messages and their Numbers (Tools Guest ActiveX Programmer Information) 242

New NetOp Guest ID Button (NSM Tool Bar) 34

New NetOp Guest ID Group Button (NSM Tool Bar) 34

New NetOp Host ID Button (NSM Tool Bar) 34

New NetOp Host ID Group Button (NSM Tool Bar) 34

New Role Assignment Button (NSM Tool Bar) 34

New Scheduled Job Button (NSM Tool Bar) 34

Normal Operation (Tools NRC and Windows Security) 259

O

ODBC Microsoft Access Setup window (Create Local Test Database) 24

Options Menu (NSM Menu Bar) 32

OU Search Filter 127

P

Please Make Sure... window (Tools NDU Executing Deployment) 218

point-to-point 146

Preferred Guest Type (NSM Security Policies Display) 57

Preferred Guest Type window (Create Local Test Database) 27

Preferred Host Type (NSM Security Policies Display) 59

Preferred Host Type window (Create Local Test Database) 28

Program Options window (NSM Options Menu) 33

R

Reading the List of Computers from Another Database (Tools NDU Deployment Tips) 226

Records Display Pane (NSM Window) 36

Records Menu (NSM Menu Bar) 31

Refresh Button (NSM Selection Bar) 36

Remote Control Dialog (Tools NetOp Guest ActiveX Component) 239

Remote Log Successful (Tools NDU Executing Deployment) 221

Remote Log Unsuccessful (Tools NDU Executing Deployment) 223

Rename window (Host Guest Access Security) 155

Reviewing Log Files (Tools Silent Install) 178

Index

341

Role (NSM Security Settings) 50

Role Assignment (NSM Security Settings) 41

Running NetOp Guest ActiveX Component (Tools NetOp Guest ActiveX Component) 232

Running NetOp Name Server (NetOp Name Management) 165

Running NetOp Security Management (NetOp Security Management Overview) 21

Running Silent Install (Tools Silent Install) 178

S

Save Template As window (Tools NDU Storing and Retrieving Template Settings) 211

Scheduling (NSM Records Menu) 65

Secure Connection 124

Security (Using NetOp Security Management) 143

Security Database Setup (NetOp Security Management Setup) 19

Security Role window (Host Guest Access Security) 154

Security Server Group Name window (Create Local Test Database) 25

Security Server List window (Create Local Test Database) 26

Security Server Tab (NSS Setup) 140

Security Settings (NSM Records Menu) 40

Security Setup (NGW Setup) 151

Security Tab (Tools NDU Configuring a Response File) 189

Select File Type for Copy (Tools NDU Copy Files Tab) 201

Select Guest Type window (NSM Security Settings) 42

Select Host Type window (NSM Security Settings) 44

Select ODBC Data Source window (Tools NDU Selecting Remote Computers with NT Remote Service) 214

Select Phonebook Directory window (Tools NDU Selecting Remote Computers with NetOp Scripting) 216

Select Windows Group window (NSM Scheduling) 68

Selecting Remote Computers with NT Remote Service (Tools NDU Selecting Deployment Method) 213

Selection Bar (NSM Window) 35

Server Properties window (NSM Security Server List) 56

Session Status window (End) (Tools NDU Executing Deployment) 219

Session Status window (Start) (Tools NDU Executing Deployment) 219

SETUP.ISS window (Tools NDU Viewing and Editing the SETUP.ISS File) 212

Small Tool Bar (NSM Tool Bar) 34

Start Date and Time window (NSM Scheduling) 69

Starting NetOp Security Manager (NetOp Security Management) 22

Starting the Host

The Host 283, 297

Startup Tab (Tools NDU Configuring a Response File) 195

Summary (Chapter 1) 18

Summary (Chapter 2) 146

Summary (Chapter 4) 168

T

Table Control (Introduction Common Controls) 15

Target Group window (Tools NDU Selecting Remote Computers with NT Remote Service) 215

Template window (Tools NDU Configuring a Response File) 186

Temporary Access window (NSM Scheduling) 67

The First Three Sections (Tools SETUP.ISS) 168

Title Bar (NSM Window) 30

Tool Bar (NSM Window) 34

Tools for NetOp Remote Control (Windows) (Chapter 4) 167

Trademarks (First pages) 3

triple factor authentication 115

Troubleshooting Deployment Progress (Tools NDU Executing Deployment) 221

TSE NetOp Communication (Tools Running NetOp in a TSE) 228

342

U

Upload window (NDU General Tab) 188

Use 6.5 Access Server Host Side Authentication (Tools NDU Security Tab) 193

User Attribute 126

User Browse Filter 126

User DN 125

User Search Filter 126

Using a Repository (Tools NDU Deployment Tips) 226

W

Warranty (First pages) 3

Who may Remote Control Whom (Guest) window (NSM Windows Definitions) 92

Who may Remote Control Whom (Host) window (NSM Windows Definitions) 93

Window Control (Introduction Common Controls) 14

Windows Group (NSM Windows Definitions) 94

Windows User (NSM Windows Definitions) 89

Working with NetOp Security Manager (NetOp Security Management) 38

Working with the Gateway (NGW) 159

Workstation (NSM Windows Definitions) 97

Index

343

344

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents