RemotelyAnywhere Documentation

Add to My manuals
250 Pages

advertisement

RemotelyAnywhere Documentation | Manualzz

RemotelyAnywhere

Version 4.70

A powerful remote access solution for the Microsoft Windows family of operating systems.

© 1998-2002 03AM Laboratories PL, Hungary

RemotelyAnywhere 4.70

Table of Contents

1.

2.

3.

4.

RemotelyAnywhere? 5 a. In General b. System

5

Requirements 5

Acknowledgements

Quick Start

6

7

Users Guide a. RemotelyAnywhere

b. Web-Based Administration

i. General Info

10

10

12

14

ii. Remote Access

1. Remote Control

2. Screenshot-based Remote Control

3. Telnet

4. Chat

5. File Transfer

iii. Administration

1. Processes

2. Services and Drivers

16

17

19

21

22

23

25

25

27

3. Task Scheduler

4. Event

28

28

5. File Manager

6. User Manager

29

31

7. Registry

8. Reboot

9. Compact

10. Autologon

11. Automatic Priorities

31

32

33

33

12. Time

13. Shared Resources

34

34

iv. Performance

v. System Info

vi. Configuration

Search 36

37

39

41

43

2. RemotelyAnywhere Access Control

3. NDS Control

46

52

Address

5. IP Lockout

6. Remote Control 58

7. Telnet/SSH

8. Process List

Monitoring

10. File Manager

60

62

65

11. Miscellaneous

12. Colors

13. Appearance

14. Local Preferences

66

68

69

70

Page 2

RemotelyAnywhere 4.70

15. SSL

16. RemotelyAnywhere Network Maintenance 72

17. Desktop Icon and Remote Control Notification 74

18. RemotelyAnywhere

Key

20. Shortcuts 78

Forwarding

22. FTP Server

vii. Custom Files

viii. Scripts

ix. Help

x. Logout

c. FTP Server i. Quick Start: Creating A New Virtual FTP Server

ii. Quick Start: Granting Access To The Server

iii. Specifying Further Server Options

1. Security

2. IP Filtering

3. Welcome

4. ODBC

90

90

92

92

94

80

81

82

84

85

86

86

88

iv. FTP Users

1. Creating an FTP User

2. Groups

3. Rights

97

97

99

100

4. Ratio

5. Disable

102

103

and

Connections 105

8. IP Filtering

9. Welcome

10. Permissions

106

107

v. FTP Groups

1. General Settings

109

109

Group

vi. FTP Status

vii. FTP Statistics

d. Telnet/SSH Server

e. Port Forwarding Server i. Quick Start

ii. Advanced Options

f. GUI Documentation

g. Command-line Parameters i. Installing RemotelyAnywhere on the local computer ii. Installing RemotelyAnywhere on a remote computer

124

124

iii. Uninstalling RemotelyAnywhere on a local computer 125 iv. Uninstalling RemotelyAnywhere on a remote computer 125

112

114

115

117

117

119

122

124

v. Starting and stopping a service vi. Restart

126 service 126 vii. Add RA permissions to an NT user or group

viii. Revoke RA permissions from an NT user or group

126

128 ix. Translate a Windows error code into a textual message 128 x. Create

Page 3

RemotelyAnywhere 4.70

xi. Export/Import RemotelyAnywhere configuration settings to/from a text file 130

xii. Sample Scripts For Remote Installation

h. Unattended Installation

i. WAP Access i. Introduction

131

134

136

136

ii. Security Precautions

iii. Info Screen

iv. The Menu

v. Services & Drivers

vi. Processes

vii. Performance

viii. Reboot

ix. Telnet

x. Logout

138

139

140

141

143

145

146

147

148

5. Appendices a. Appendix Reference

149

149

b. Appendix B: Monitoring Script Reference

c. Appendix C: Scripting Language Reference

d. Appendix D: Version History

156

160

237

Page 4

RemotelyAnywhere 4.70

What is RemotelyAnywhere?

In General:

• It's a Windows system service with minimal hard disk and memory footprint.

• Allows secure access to the computer via any TCP/IP network - even the

Internet.

• Closely integrates with Windows NT security, and provides Secure Sockets

Layer and SSH support for encrypted data transfers.

• Does not require special client software - all you need is your favorite browser.

It allows you to:

Remote control the server - take over the mouse and the keyboard.

• Access the host computer using any web browser or terminal emulator.

• Utilize a powerful FTP server, which is highly configurable and supports data encryption via SSL.

• Make use of a versatile Telnet/SSH server, using industry-strength encryption such as DES3 or Blowfish.

• See vital performance data, such as CPU and memory usage, open files, open IP ports, open registry keys, loaded DLLs, etc.

Manage services and drivers - start or stop them at will, or change their properties.

Manage files - copy, delete, and rename them. Assign or remove permissions. Upload or download any file from anywhere.

• Administer the computer from a Web interface, and access such common

administrative tools as Event Viewer, User Manager, etc. with your browser.

• Access your computer with any WAP device, and perform the most crucial administrative tasks truly from anywhere.

All the above features are accessible right from your web browser, via a slick and intuitive interface.

System Requirements

RemotelyAnywhere requires a computer running Windows XP/2000/NT4 or

Windows 98/ME.

Version 2.32 has been certified by VeriSign, Inc. on behalf of Microsoft Corporation as BackOffice® compatible.

Page 5

RemotelyAnywhere 4.70

Acknowledgements

This product includes cryptographic software developed by the OpenSSL

Project for use in the OpenSSL Toolkit. http://www.openssl.org

This product includes scripting software developed by ITB CompuPhase. The

Small language, its interpreter and compiler are copyright © Thiadmer

Riemersma, ITB CompuPhase, 1998-2000, The Netherlands. http://www.compuphase.com/small.htm

This product uses cryptographic software developed by the OpenSSH group. http://www.openssh.org

Page 6

RemotelyAnywhere 4.70

Quick Start

To install RemotelyAnywhere (RA), you should extract the distribution archive and execute the file RemotelyAnywhereSetup.exe. The setup wizard will walk you through the installation process and start the RemotelyAnywhere service.

You only need to install RemotelyAnywhere on the computer you want to access from afar. After that, you can go to any computer equipped with a recent browser, and you can access RA by typing http://your.machine.here:2000 as the URL.

URL

The URL varies from computer to computer.

When on a local area network, you can use the NETBIOS name: http://MAILSERVER:2000

If you install RemotelyAnywhere on an Internet server, it will most likely have a static IP address and/or a DNS name, such as 209.240.129.219 or www.remotelyanywhere.com. In this case, you can use either of these forms: http://209.240.129.219:2000 http://www.remotelyanywhere.com:2000

When accessing RemotelyAnywhere on your computer locally, you can use the loopback address: http://127.0.0.1:2000 http://localhost:2000

Page 7

RemotelyAnywhere 4.70

Login

Once you are done typing the URL in your browser and hit enter, your browser will connect to RemotelyAnywhere and display the Login screen.

On Windows NT, RA will use the Windows NT user database to authenticate the user. Initially, you will need to log on as someone who is the member of the Administrators group. Later you can change this default behavior by granting NT users or groups access to RA in the Configuration screens.

On Windows 98 and ME, you will need to enter the username and password you specified during Setup. If you left these settings at their default values, the default login is Administrator, and the default password is

“remotelyanywhere”.

RA is extremely easy and intuitive to use. When you first load RA, you'll see a screen with a menu on the left, a page showing some general information about the system and RA on the right. There's also a real-time display for the

CPU and memory load of the computer just above the menu area.

You can go ahead and explore the menu system – you will quickly learn how to navigate the RemotelyAnywhere screens and perform various actions. For detailed description of each function, please refer to the next section.

The “Use SSL” checkbox is present on the login dialog if you have set up SSL support. It allows for secure communications between the browser and the computer running RemotelyAnywhere.

The “Use NTLM” checkbox is present when accessing a Windows NT/2000 or

XP computer. It will use your current credentials (the one you have entered at the NT logon prompt on the computer running your browser) to identify you to the remote computer.

Page 8

RemotelyAnywhere 4.70

Bypassing the Login Screen

You can force an NTLM login – and thus bypass the login screen – by appending “/ntlm/” to the URL you access RemotelyAnywhere with. For example, the URL “http://MAILSERVER:2000” would become

“http://MAILSERVER:2000/ntlm/”. Please mind the trailing slash!

You can also use this method to bypass the menu system and access certain parts of RemotelyAnywhere directly. Here are some URLs as an example:

Remote Control: http://your.machine.here:2000/ntlm/remotecontrol.vcgi

Telnet: http://your.machine.here:2000/ntlm/raconstart.vcgi

Chat: http://your.machine.here:2000/ntlm/rachat.vcgi

Similarly, you can specify your username and password in the URL, thus forcing a normal login, by appending the credentials in a

“/login:username:password:domain/” form to the URL you access

RemotelyAnywhere with. For example, the URL “http://MAILSERVER:2000” would become

“http://MAILSERVER:2000/login:username:password:domain/”. Mind the trailing slash!

The Windows NT domain you are logging in to is optional. If omitted,

RemotelyAnywhere will try to authenticate you on the computer it’s running on, then in the domain it belongs to. Here are some URLS as an example:

Remote Control: http://your.machine.here:2000/login:admin:secret/remotecontrol.vcgi

Telnet: http://your.machine.here:2000/login:admin:secret:domain/raconstart.vcgi

Chat: http://your.machine.here:2000/login:admin:secret:domain/rachat.vcgi

Page 9

RemotelyAnywhere 4.70

Users Guide

RemotelyAnywhere Components

RemotelyAnywhere has several major components that help you access your computer from afar. These are:

1. A unique HTML-based remote administration module.

This is where you’ll probably spend most of your time when using

RemotelyAnywhere. Simply aim your browser at the remote computer, log in, and you have access to numerous HTML-based remote administration tools, such as an event viewer, user manager, etc. Furthermore, a few

Java applets let you perform interactive tasks such as remote controlling the computer, accessing a command prompt, chatting with whoever’s sitting in front of the computer, etc.

Security can be as tight as you want it to be. Numerous configuration settings allow you to restrict access to RemotelyAnywhere, and you can secure the dataflow between the browser and the remote computer using

Secure Sockets Layer.

The next section of the Users Guide will discuss the HTTP-based remote administration module in detail.

2. A unique WAP-based remote administration module.

WAP is short for Wireless Application Protocol. It is well suited for devices with limited display size and memory. The most important remote administration features found in the HTTP-based module are available from WAP-enabled devices, such as mobile phones, PDAs, etc.

3. An extremely powerful FTP server.

You can easily transfer files to and from the remote computer using the built-in FTP server. It’s extremely versatile, supporting more than FTP servers per computer, several authentication methods, extensive logging, and even SSL encryption for secure environments.

4. An industry-strength Telnet and SSH server.

You can gain access to a command prompt on the remote computer using any terminal emulator. RemotelyAnywhere supports the Telnet and SSH protocols. Telnet, when accessed from a terminal emulator, communicates in clear text, so you might want to opt for the SSH protocol. However, a

Java applet in the HTTP-based module can talk to the RemotelyAnywhere

Telnet server, while compressing and encrypting data – so you are not at a loss if you do not have an SSH-enabled terminal emulator.

Page 10

RemotelyAnywhere 4.70

The features of the Telnet and SSH server are too numerous to list here, see the appropriate section of this Users Guide for details.

5. A Port Forwarding server.

The Port Forwarding Server in RemotelyAnywhere can forward TCP/IP communications between two computers. You need this feature most when you want to access, for example, RemotelyAnywhere on a computer that’s behind a firewall. If you have RemotelyAnywhere installed on the firewall computer, you can forward a port to the target computer to easily gain access to a single port on a single computer behind the firewall without sacrificing network security.

Page 11

RemotelyAnywhere 4.70

Web-Based Administration

This is the heart of RemotelyAnywhere. You can perform the most important administrative tasks from an HTML interface over the network. All other administrative and configuration tasks for the other modules are performed here as well. You must make sure that Java and JavaScript support is enabled in your browser before connecting to RemotelyAnywhere.

The following browsers are supported:

• Microsoft Internet Explorer 5.0 or newer

• Netscape Navigator 6.2 or newer

• Pocket Internet Explorer 4.01 on the HP Jornada 720 *

*: Due to bugs in the device, Java applets over secure (HTTPS) connections do not work. HP might fix this in a ROM upgrade. Other Windows CE devices with Java and JavaScript support might work with RemotelyAnywhere, but have not been tested.

When you successfully log in to RemotelyAnywhere, you will see a menu that looks like the illustration below.

Not all of the features are available on the

Windows 9x family of operating systems, and not all the features work on Windows NT. The legend below explains what the little icons next to the function descriptions mean.

This function works on Windows

NT/2000 and XP.

This function is available on Windows 98 and Windows ME.

This function is available under both operating system families.

You will also see text in italics next to each menu point, specifying the required rights for accessing that particular function and all its children. For example: “Access: Basic”. Please refer to the description of the Configuration section for a complete reference of the possible access control restrictions.

Page 12

RemotelyAnywhere 4.70

To get a full description on what these functions can do for you, please click on the appropriate link below.

General Info

Administration

System Info

Custom Files

Help

Remote Access

Performance

Configuration

Scripts

Logout

A note on navigating the RemotelyAnywhere screens with your browser: Use of the web browser’s 'Back' button is not recommended. The URLs your browser requests from RA can and do perform actions on the remote machine. A press of the back button might trigger a URL revalidation, which, in turn, might lead to one of the last few actions performed again. This can be highly undesirable. Also, since the RA display uses frames, the back button does not always work as expected.

Page 13

RemotelyAnywhere 4.70

General Info

Access: Basic

The Info page is what you see when you first access RA. It has some very useful information on the general status of the host computer.

The Welcome section displays some generic information such as the date/time of the server and the organization the software has been licensed to.

The News of the Day area displays important messages such as alerts to Windows vulnerabilities, patches, etc. This is retrieved by your browser from our website.

The Security section displays the authentication method used, and information on the Secure Sockets

Layer connection.

The Shortcuts area lets you jump to frequently-used menu items with a single click.

The Operating System area displays an overview of the operating system.

The General

Information section provides information on the computer itself, and also displays the current CPU utilization.

The Memory section details memory usage.

Page 14

RemotelyAnywhere 4.70

The Most Recent Accesses area displays information on users who have recently accessed RemotelyAnywhere on this computer.

The Lockout section shows you possible intruders, and allows you to “unlock” their IP addresses too.

The Statistics area displays some generic statistics on RemotelyAnywhere usage.

Finally, the Copyright section contains the copyright message for the software.

You can disable or re-enable parts of the Info page by clicking the red ‘Close’ icon found at every section header. This lets you exclude information from the

Info page that you do not want to see every time.

Page 15

RemotelyAnywhere 4.70

Remote Access

Access: Various

This menu point brings up a list of four remote access options: Remote

Control, Screenshot-based Remote Control, Telnet, Chat and File Transfer.

These functions are described in the sections below.

The Screenshot-based Remote Control item is disabled by default and not shown in this menu. You need to go to Configuration/Remote Control to enable it. This is only provided as an emergency feature when you need to take control over the host computer from a browser that is not Java-enabled.

Page 16

RemotelyAnywhere 4.70

Remote Control

Access: Remote Control

This module downloads a small Java applet to show you the screen of the remote computer. Your actions - such as key presses and mouse movements

- are sent to the remote machine where RA emulates them.

You can type and use your mouse over the Java applet and it will be just like as if you were sitting in front of the remote machine.

The Remote Control menu, fully open, is shown below:

Some actions that cannot be captured by the applet (such as the Control-Alt-

Del key combination) must be sent to the host computer by clicking the menu button in the status area and then selecting “Send Special Keys”.

The “Send Special Keys” option will open up the second menu pane, where you can select which special keystrokes you want to send to the remote computer.

If you want to send Ctrl-Alt-Del, Ctrl-Shift-Esc or Alt-Tab character sequences, you can use the following keyboard shortcuts:

Keystroke Shortcut

Ctrl-Alt-Del Ctrl-Alt-Ins

Ctrl-Shift-Esc Ctrl-Shift-Ins

Alt-Tab Alt-Ins

Shift-Alt-Tab Shift-Alt-Ins

Page 17

RemotelyAnywhere 4.70

To open up a window that shows the remote computer's clipboard, click the

“Transfer Clipboard” button. This will open a dialog similar to this:

You can copy and paste text in this window. The “Send” button will transfer the contents of the window to the remote machine's clipboard. The “Refresh” button will reload the remote clipboard's contents into the window. Finally, the “Close” button will dismiss the dialog without making any changes.

The “Zoom In” and “Zoom Out” buttons will scale the remote computer’s screen to better fit on your monitor.

The “Exit” button will end your remote control session.

Page 18

RemotelyAnywhere 4.70

Screenshot-based Remote Control

Access: Remote Control

Access: View Remote Screen

Selecting this option brings up a form in the upper part of the screen and a screenshot of the server in the lower part. The screenshot (toned down to 16 colors by default and compressed into a PNG file) is a clickable image map.

What exactly happens when you click it is defined by the controls on the form:

The "Click Type" can be Single, Double or Right. You'll always be singleclicking the image map (hey, that's the way they work) but the active radio button determines what’s simulated on the server. Additionally, you can choose to have the server think the Shift or the Control key was depressed while the click happened by checking the appropriate checkbox.

You can simulate dragging the mouse by checking the 'Start Drag' box, clicking on the screen where you are dragging from, selecting 'End Drag', and clicking the screen again at the position you are dragging to.

The first of the six text links will refresh the image when clicked. The others will simulate special keystrokes: Alt-Tab, Control-Alt-Del, Shift-Esc, Control-

Esc, and Control-Shift-Esc.

If you click on the link that says 'Send text' it will change into 'Send passwd' and anything you type in the input field will be masked by asterisks so that it's safe from curious eyes. Click on 'Send passwd' to get back to normal entry mode.

The text entry field allows you to send keystrokes to the server. Just enter any text you want to type on the server's keyboard, and click the GO button.

If you check the 'Special' box, you can enter special characters and simulate special keys. Here's how they work:

Each key is represented by one or more characters. To specify a single keyboard character, use the character itself.

The plus sign (+), caret (^), percent sign (%), tilde (~), and braces { } have special meanings to this function. To specify one of these characters, enclose it within braces ({}). For example, to specify the plus sign, use {+}. To specify brace characters, use {{} and {}}.

Page 19

RemotelyAnywhere 4.70

To specify characters that aren't displayed when you press a key, such as

ENTER or TAB, and keys that represent actions rather than characters, use the codes shown below:

Key

BACKSPACE

CAPS LOCK

DEL

DOWN ARROW

END

ENTER

ESC

HOME

INS

LEFT ARROW

NUM LOCK

PAGE DOWN

PAGE UP

RIGHT ARROW

SCROLL LOCK

TAB

UP ARROW

F1 to F24

Code

{BACKSPACE}, {BS}, or {BKSP}

{CAPSLOCK}

{DELETE} or {DEL}

{DOWN}

{END}

{ENTER} or ~

{ESC}

{HOME}

{INSERT} or {INS}

{LEFT}

{NUMLOCK}

{PGDN}

{PGUP}

{RIGHT}

{SCROLLLOCK}

{TAB}

{UP}

{F1} to {F24}

To specify keys combined with any combination of the SHIFT, CTRL, and ALT keys, precede the key code with one or more of the following codes:

Key Code

SHIFT +

CTRL ^

ALT %

For example, if you wanted to go to the beginning of an edit field, select the entire line, place it on the clipboard, and overwrite it with something else then hit Enter, you would type:

{HOME}+{END}^cThis is the new text{ENTER}

This translates into pressing the HOME key (going to the beginning to the field), pressing the SHIFT and the END keys at the same time (selecting the entire field), pressing CONTROL+C (clipboard copy), typing the new text and then hitting ENTER.

There is a Monitoring mode in the Screen function. You can turn it on by scrolling to the bottom of the screenshot image and clicking on the Monitoring link. This mode will auto-refresh the screenshot in an interval you can specify in the Configuration pages. This screenshot does not act as an image map, so you can't click on it to perform actions on the server. To return to normal mode, select the screen function from the main menu.

Page 20

RemotelyAnywhere 4.70

Telnet

Access: Telnet

You can access a command prompt from within your browser by using this menu point. The Telnet client, written as a Java applet, provides encryption and data compression for security and speed.

Please see the section of the documentation that explains the Telnet/SSH server for more information on this menu option.

Page 21

RemotelyAnywhere 4.70

Chat

Access: Basic

Chat allows you to communicate with the user sitting in front of the computer. RemotelyAnywhere implements this functionality in a Java applet, which is similar to the screen that the remote user sees on his screen:

The text you type appears in the upper pane of the window – the remote user’s answers appear in the lower pane. You can copy and paste text from and to these windows.

Page 22

RemotelyAnywhere 4.70

File Transfer

Access: File Manager

File Transfer allows you to quickly and securely transfer files between the local and the remote computer.

The Java applet takes care of compression and encryption when transferring data.

The screen is divided into two panels. The left panel shows the file system of the computer running the web browser. The right panel displays the remote computer’s file system.

The file transfer applet is best used with the keyboard. There’s always an active and an inactive panel. To switch between the two panels and make the other one active, you can use the TAB key.

To select a single file or directory, simply move the white selection bar over it with the cursor keys. To enter a directory, hit the ENTER key while it is selected.

Use the HOME or the END key to jump to the beginning or the end of a directory listing.

To refresh a list, use the CTRL+R key combination.

To select and deselect multiple files or directories, hold down the SHIFT key while using the UP or DOWN arrow keys. To select files based on a mask, hit the PLUS key on the numeric keypad, and type in the criteria for selection. To deselect files using a mask, use the MINUS key on the keypad.

Page 23

RemotelyAnywhere 4.70

To transfer the selected files from the active panel to the inactive one, hit the

F5 key. Holding down SHIFT while pressing F5 will move the files instead of copying them.

To rename a selected file or directory, hit the F6 key.

To delete files or folders, use F8.

To create a new directory, hit F7.

Finally, to jump to an arbitrary drive and path in the active panel, hit the F1 key.

Note: Due to code signing issues with Netscape Navigator, the File Transfer applet currently requires Microsoft Internet Explorer.

Page 24

RemotelyAnywhere 4.70

Administration

Access: Various

The Administration menu point lets you perform various administrative tasks from a Web-based interface.

Processes

Access: Processes

The output of this function will give you a listing of all processes running on the computer. The list is hierarchical: a parent process will have its child processes listed underneath it, with indentation indicating relationships.

Please note that this is only for informational purposes, since Windows reuses process IDs.

Page 25

RemotelyAnywhere 4.70

The following are the possible fields the list can display:

PID: The internal Windows NT Process ID.

Name: The name of the executable file with full path. This works as a link, and clicking on it will give you some very detailed information on the process. On that page, you have the option of changing the priority class or the processor affinity for the selected process.

Version: The version of the program, if given.

Description: The description of what the program does, if given.

Memory Used: The amount of memory in use by the process in kilobytes.

Created: The date and time when the process was started.

CPU Time: The amount of CPU time (d hh:mm:ss) the process has used.

Priority: The priority class of the process.

Type: The type of the process (service or interactive).

Account: The user account the process runs under.

Kill: Clicking this red button will have RA kill the process. The process will be terminated immediately.

Page 26

RemotelyAnywhere 4.70

The Refresh button will retrieve and display the latest process list. The CPU% button will return a process list with an additional field, displaying current CPU utilization on a per-process basis. This function takes two process list samples, two seconds apart, and compares the amount of CPU time used by each process between the two samples to calculate CPU utilization percentages. The total amount displayed can actually be more than 100% on multiprocessor systems, since each processor can be utilized from 0 to 100 per cent. For dual-processor systems, the maximum is 200%, for quadprocessor systems it is 400%, etc.

Services and Drivers

Access: Services

The Services and Drivers lists have an identical format. They show you the names of all the services (or drivers) installed on the system and their status.

Clicking on their name will show you more detail about the selected object and will let you control it too. In addition to this, you are able to change its startup options as well. When specifying a user account to be used by a service, it must be in DOMAIN\USER form. If you want to use a local user account, you can type .\USER.

In the list of objects, the status field can contain 'Stopped', 'Running',

'Starting', 'Stopping', etc. If the service status is 'Stopped', and there is a question mark prepended to the status field, it means that the service should be running, but it isn't, and your attention is requested. RA looks through the list of services and drivers, and if it finds one that is set to start automatically but is not running, it will display the question mark.

Page 27

RemotelyAnywhere 4.70

Task Scheduler

Access: Task Scheduler

This function differs in behavior on NT and W2K systems. On NT, it gives you a simple interface to NT's Scheduler. In order to be able to view, add and delete tasks, the Schedule service must be running.

On W2K, it interfaces with the updated task scheduler service instead of the old, still present Scheduler. It allows you to create multiple triggers for a single task, specify different user accounts to run tasks under, etc. It supports the whole feature set for the W2K Task Scheduler.

On the main page, you get a list of all currently scheduled tasks. The table shows you the ID of the task, the command that is going to be executed, the time of the day the command is going to be run, the days of the week and the days of the month the command is scheduled to run on, whether the command is interactive (that is, shows up on the desktop) or not, and there is also an indicator that shows you if the last run of the job ended successfully or with an error.

By clicking the red box next to a task, you can remove it from the list. By clicking the 'Clear All' button, you can remove all currently scheduled tasks.

You can add a new scheduled task by clicking on the add button.

Event Viewer

Access: Event Viewer

You can view the NT logs using this option. The use of this feature is very much like NT's Event Viewer.

You'll get a listing of log entries on your screen, and clicking on an entry will display details about it.

You can choose to clear the contents of the log file by pressing the button at the bottom of the screen. If you specify a filename, the event log will be backed up before being erased.

You can also have RemotelyAnywhere send email alerts to an email address when log entries matching criteria are entered into any of the event logs.

Use the “Event Viewer Email Alerts” dialog to specify these criteria. The fields you can choose are the following:

Page 28

RemotelyAnywhere 4.70

Log: The event log to watch.

Type: Can be Error, Warning or Information. It is not necessary to specify this field.

Source: Type in the source of the message you want to be alerted on. For example: “Security”, “Disk”, etc. This field is optional.

Category: Type in the category of the message as it would appear in the event log. This field is optional.

Event: Type in the event code as it would appear in the event log. This field is optional.

Email: The email address the notifications are sent out to. You can only specify a single email address per entry, so if you want several people to receive these messages you should specify a group alias here.

File Manager

Access: File Manager

Selecting this item will display a list of all available drives on the screen, together with their capacity and available free space.

Clicking on the drive names will take you into the root directory of that drive, where files and directories will be links again.

Clicking on the name of a subdirectory will take you into that directory and produce a listing.

Clicking on the name of a file will cause RA to send it to your browser.

The checkboxes next to filenames allow you to select multiple files at once.

You can then delete, copy, move, etc. the selected files or directories by pressing the appropriate button. By clicking the Execute button, RA will attempt to launch each selected file on the host computer.

The Edit button lets you edit small text files right within your browser. This is useful for changing small configuration or batch files without downloading and uploading them.

The Attributes button will let you change file attributes, such as Hidden,

Read-Only, etc.

Page 29

RemotelyAnywhere 4.70

The Permissions button will let you specify new Windows NT permissions on the selected objects if the file system supports it.

Clicking the Upload button will let you upload files to the current directory using your browser.

If you wish, the File Manager can display which process has a file or a directory open. To enable feature, use the 'File Manager' submenu of the

'Configuration' menu. You can display the following fields in the file manager:

Icon:

Name:

Attributes:

Permissions:

A small icon indicating the file type

File name and extension

File attributes (i.e. read-only, system, etc.)

Indicates what actions the user can perform on the object (i.e. read, write, change, etc.)

Size: File size

Compressed size: If the file system supports compression, this field shows the amount of storage the file takes up on disk

Compression ratio: Effectiveness of compression, if applicable

Created: File creation time

Last modified:

Last accessed:

Owner:

Last modification time

Last access (read or write) time

The owner of the file

In use by: The name of the application that might have this file opened

The 'Quick Jump' field accepts a path name. Entering a directory (for example

'C:\Winnt\System32\Drivers') and clicking on the 'Quick Jump' button will immediately take you to the requested location, without having to click your way there. This can be especially helpful over slow connections.

Clicking on header fields will change the sorting order of the file list to the relevant column. For example, to sort files by modification time rather than name, which is the default, simply click on the header field for that column.

To sort in descending order, click the header field of the currently active sorting field again.

Page 30

RemotelyAnywhere 4.70

User Manager

Access: User Manager

RemotelyAnywhere includes a full-blown user manager, supporting all of the features of NT's built-in User Manager.

Registry Editor

Access: Registry

This option will let you edit the registry of the host computer. First, the registry roots (HKCR, HKCU, HKLM, etc.) are displayed, and you can dig down into them by clicking on their names.

Registry keys are links that open up that key for you. Key values are also displayed here, with their name, type and value.

You can edit values that are of either text (REG_SZ, REG_EXPAND_SZ or

REG_MULTI_SZ) or integer (REG_DWORD) type. Binary, etc. values are only displayed but cannot be edited.

Using the buttons at the bottom of every page you can add a subkey, add a value or delete the currently opened key.

Reboot

Access: Reboot

Selecting this option will let you reboot the machine. You have four choices:

Normal reboot shuts down all applications and services nicely.

Page 31

RemotelyAnywhere 4.70

Emergency reboot will kill all processes and reboot the server quickly. This can be useful if there are hung processes that prevent NT from doing a normal shutdown.

Hard Reboot is just like pressing the reset button. The effect is immediate, even RemotelyAnywhere is unable to provide you with feedback if you click on this link.

The button "Restart RemotelyAnywhere" will restart the RemotelyAnywhere service; it does not reboot the machine. Handy if you change settings like the listening port and have no physical access to the machine to restart the service.

Compact Registry

Access: Registry

The registry hives that make up the system registry (system.dat and user.dat on Windows 9x, and software, system, security, default, and ntuser.dat on

Windows NT and Windows 2000) can get fragmented and can grow in size significantly.

When this happens, the system starts rather slowly, and registry operations take longer as well.

On the above screen, there’s 79 percent to be saved on the ntuser.dat file.

After clicking “Compact”, you will get a screen similar to the one above. It is highly recommended that you click the reboot button immediately, since all changes made to the system registry between compacting and the next reboot will be discarded.

After a reboot, the registry hives are replaced with the smaller, compacted ones. Your system will run more smoothly, and the registry will use less memory.

Page 32

RemotelyAnywhere 4.70

A note on the SYSTEM hive: Windows usually expands this hive by one-third of its actual size. A 33-34 percent projected savings on this hive does not justify compacting the registry.

Autologon

Access: Configuration

This option lets you enable or disable NT's autologon feature. You can also do this via the registry or with other small utilities, like the one included in the

NT Resource Kit.

Enabling autologon will cause the server to bypass the logon screen after system startup and log in with the username and password specified here.

This is a potential security risk: the username and password are stored in the registry in clear-text format.

Automatic Priorities

Access: Performance

This option lets you direct RA to automatically change process priorities. Have you ever wanted to run a backup on your server without impacting performance? Or have you ever wanted to archive a huge directory structure using zip/winzip on a live web server without putting additional load on the machine? Or have you ever wanted your workstation to be responsive while you browse the web on your workstation during a lengthy compile?

Sure you have. But this had been quite hard to achieve until now.

If you click on the above link, you are taken to a dialog that shows you a list of executables and their target priorities. The list is empty by default, so you'll need to click on the Add New Process button. On the dialog that comes up, enter the name of the executable, and select the target priority from the dropdown box. The name of the executable is without paths, so, for WinZip it's WINZIP.EXE, for the Microsoft C compiler it's CL.EXE, etc. The target priority is usually Idle. This puts your process in the same priority class as the screen saver, meaning that it will only get a chance to make any progress if it does not compete for CPU power with other processes. You can also select a target CPU for the process. This allows you to divide processes amongst CPUs on an SMP machine the way you like it. Click on 'Add it' and you are taken back to the previous list that is now showing your executable's name and the priority class you selected.

Page 33

RemotelyAnywhere 4.70

If there are entries in the above list, RA will scan the process list on your machine every ten seconds, looking for the process names you entered. If RA finds one and its priority class does not match the one you specified it will be changed to your preference.

Time

Access: Administration

This dialog lets you update the time on the computer.

Simply enter the correct values and click the Set Time button. Please note that the time is displayed according to the time zone settings of the host computer.

Shared Resources

Access: Administration

This function gives you a detailed report of all shared resources on the computer, including shared folders, administrative shares, printers, etc.

Page 34

RemotelyAnywhere 4.70

Shown above is a small part of the report, showing the C$ administrative share. The Path link takes you to the directory in File Manager. The connections list shows open files, if any, and these files can be closed forcibly by clicking on the Close button.

Access permissions active on the object are also shown in detail, except for administrative shares where permissions cannot be set.

The Delete Share button removes sharing from the object.

Virtual Memory

Access: Administration

This option allows you to change virtual memory settings on the computer.

Simply enter a minimum and maximum size for the paging file next to a drive listed above, and click the Save button. Entering zero values both for the minimum and the maximum size will remove the paging file from the drive.

You will need to reboot the computer for any changes to take effect.

Page 35

RemotelyAnywhere 4.70

System Search Path

Access: Administration

This option allows you to change the paths the system account (and also all user accounts) searches when looking for executable files.

Enter each path starting with a new line.

You will need to reboot the computer for any changes to take effect.

Page 36

RemotelyAnywhere 4.70

Performance

Access: Performance

On this page you are presented with the following options:

These menu items allow you access to the performance data collected by

RemotelyAnywhere. Descriptions for each of the choices can be found below.

CPU

This option takes you to a page with three or more graphs and two lists. The graphs show CPU utilization with different sampling rates.

Please note that RA needs time to gather performance data for these graphs. If you have just installed the software, it is likely that only the left-hand side of the first graph will show you meaningful information.

If you have multiple CPUs in your computer, you will see separate graphs for each one, as well as a set of graphs showing you the total

CPU load.

The sampling rate for the first graph is 10 seconds, so the graph spans not exactly an hour. This is useful to see what's happening right now on the machine. Data for the second graph is sampled every 5 minutes, which shows you a bit more than 24 hours of server activity.

The third is sampled once every hour, so the graph spans almost two weeks. If you move your mouse over a line in one of the graphs, the tooltip that pops up tells you when exactly the sample was taken.

Page 37

RemotelyAnywhere 4.70

The two lists at the bottom show the processes that take up most of the processor time. The first list is an absolute list: it simply sorts processes by the number of processor-seconds they have eaten up.

The second is more interesting: it's weighted, so younger processes that take up a lot of processing time come closer to the top. (The figure is: PROCESSOR_SECONDS/PROCESS_AGE_SECONDS). So if you see a sudden spike on the first graph you can check the second list and immediately find out which process is eating up processor time.

Memory

This will present you with three graphs that look very similar to the

CPU Load graphs. These display the memory utilization on the machine.

Network

Graphs displaying the network utilization per network interface are available under this menu point.

Disk Space

Graphs displaying the disk space utilization per logical disk are available under this menu point.

Registry Quota Utilization

A graph displaying the registry quota utilization is available under this menu point.

Page 38

RemotelyAnywhere 4.70

System Info

Access: Performance

On this page you are presented with the following options:

Descriptions for each of the choices can be found below.

Open Files

This will show a listing of all currently open files on the computer, along with the names of the processes that use these files.

Registry Keys in use

This will show a listing of all currently open registry keys on the computer, along with the names of the processes that use them.

Open TCP/IP Ports

This will present you with a listing of all open IP endpoints on the computer. You can specify if you want to see the ports that are listening for connections, ports that have been connected to another computer, and ports in various stages of being connected and disconnected. You can also elect to have RA resolve IP addresses appearing in the list to hostnames - please note that this can take a considerable amount of time.

DLLs in use

This will display a listing of all currently loaded dynamic link libraries.

Page 39

RemotelyAnywhere 4.70

RemotelyAnywhere Connections

Selecting this option will display all current connections

RemotelyAnywhere is currently serving. It will display the IP address and host name of the remote computer, the type of connection and the name of the Windows NT user associated with the connection. The connection type can be one of the following:

ƒ HTTP: a typical browser connection requesting a page.

ƒ Remote Control: a Java remote control client

ƒ Upload Status Viewer: a Java applet displaying the progress of a File Manager upload.

ƒ Performance Data Viewer: the Java applet above the menu, displaying CPU and memory utilization.

Drive & Partition Information

Displays all physical drives in your computer and their partition tables.

Network Adapters

This option will display all installed network adapters, their type, speed, hardware address, assigned IP addresses, and input and output statistics.

SCSI Information

Displays SCSI adapters and the devices connected to them. Requires an ASPI interface to be installed.

PCI Information

Shows all hardware connected to the PCI bus or buses in the system.

Motherboard Status

This feature relies on a 3 rd party free product created by Alex van

Kaam called Motherboard Monitor. If you have this software installed on your system, RemotelyAnywhere can extract information from it and display it here. MBM can provide you with the following information: chassis and CPU temperatures, fan speeds and voltages.

MBM can be found at http://mbm.livewiredev.com

.

Page 40

RemotelyAnywhere 4.70

Configuration

Access: Configuration

This page lets you customize and fine-tune RemotelyAnywhere. This is by far the most complicated part of the software, and it is quite necessary to consult the documentation before you start making any changes.

If you would like to change the behavior of RemotelyAnywhere, it is very likely that there is a configuration option that lets you do just what you need.

Here are the settings you can change:

By clicking the “Reset to Default” button, you can dismiss all changes you have ever made to the RemotelyAnywhere configuration and return to the factory defaults. All settings will be affected, except for the SSL certificates, the registration key, and the Port Forwarding Server and FTP Server related configuration options.

You can also use a registry editor to make changes to the RemotelyAnywhere configuration. A complete reference to the registry settings used by RA is provided in Appendix A.

If you decide to edit the registry to change RemotelyAnywhere configuration, make sure that the Remaint and RemotelyAnywhere services are stopped while you do so. The services save their configuration to the system registry when they are stopped, overwriting any changes that might have been made outside of these configuration screens.

An explanation of every configuration screen follows below.

Page 41

Connections

Access Control

NDS Access Control

IP Address Filtering

IP Address Lockout

Remote Control

Telnet/SSH

Process List

System Monitoring

File Manager

Miscellaneous

43

46

52

54

57

58

60

62

63

65

66

RemotelyAnywhere 4.70

Colors 68

Appearance 69

Local Preferences

SSL Setup

Desktop Icon

Network Maintenance

70

71

72

74

RemotelyAnywhere Log

Registration Key

75

76

Shortcuts 78

Port Forwarding

FTP Server

79

80

Page 42

RemotelyAnywhere 4.70

Connections

This dialog lets you change various connection and data transport related options.

TCP/IP port to listen on:

Specify the port you want RA to use. Takes effect when the service is restarted.

TCP/IP port (Telnet) to listen on:

Specify the port you want RA to listen on for Telnet connections. This defaults to the standard telnet port, which is 23. The change takes effect when the service is restarted.

TCP/IP port (SSH) to listen on:

Specify the port you want RA to listen on for Secure Shell connections. This defaults to the standard SSH port, which is 22. The change takes effect when the service is restarted.

Unsecured HTTP connections:

Enable/Disable unsecured HTTP connections. If disabled, and SSL transport is set up, does not allow HTTP connections.

Maximum number of servicing threads:

Specify the maximum number of threads RA can spawn to service client connections.

Page 43

RemotelyAnywhere 4.70

IP Address to listen on:

Specify the IP address you want RA to use for incoming connections. Your machine can have several IP addresses assigned to it, and RA can listen on all of those addresses or just the one you specify here. Takes effect when the service is restarted.

Automatic Content Compression: Enable/Disable content compression.

When enabled, this can be a great bandwidth-saver. HTML documents generated by RA typically compress to 10-15% of their original size.

Force HTTP Tunneling: You can force the Remote Access modules to use

HTTP tunneling instead of trying to establish a direct socket connection.

HTTP tunneling basically allows these applets to communicate to the

RemotelyAnywhere installation from behind proxy servers by issuing HTTP requests to RA.

This option has two advantages and one drawback:

If you connect to the remote computer via HTTPS, Remote Control, Telnet, and Chat will be tunneled through HTTPS – and SSL is much more secure than the built-in encryption used by these modules when a direct socket connection is established.

If you can not establish a direct connection to the remote computer (because of, say, a proxy server) you will not have to wait for the direct connection attempt to time out, RA will immediately try to connect via the HTTP tunnel.

The drawback is that you will definitely notice a performance decrease when using these modules with HTTP tunneling, since tunneling requires the data to be packed into HTTP packets and usually each packet will need to establish its own connection to RemotelyAnywhere.

Proxy Problem Fixer Mask: This is a rather obscure name for a setting, but in accordingly, it is provided to work around a rather obscure problem.

Some proxy servers request pages from web servers using several IP addresses. This can cause RemotelyAnywhere to bounce you back to the login page after you click the ‘Login’ button. If you are not affected by this problem, you should not change this setting. However if you experience this problem, read the following section carefully.

When you log in, your browser is assigned a session identifier in a cookie. For security reasons, this cookie is only valid when sent from the IP address the login originated from. Were it not so, if an attacker eavesdropped on your login process, he would be able to copy your cookie and gain access to all

RemotelyAnywhere resources you have access to.

Some proxy servers use several IP addresses when requesting data from a remote computer. If this is the case with your proxy server, RA sees the original IP address and session identifier as valid, but requests originating from other IP addresses (even if accompanied by a valid cookie) are replied to with the login page. The login page breaks out of frames, and displays itself in

Page 44

RemotelyAnywhere 4.70

your browser - and you are prompted to log in again.

A possible workaround is to keep logging in as many times as necessary - most proxy servers only use a few - maybe half a dozen - IP addresses. When all the IP addresses are 'logged in', you will not be bounced to the login page anymore.

From version 3.2, RemotelyAnywhere has a setting called 'Proxy Problem

Fixer'.

This is essentially a mask that can be applied to IP addresses. Suppose your proxy server uses the following IP addresses to request pages from servers:

192.168.0.33, 192.168.0.34, 192.168.0.35, 192.168.0.36, 192.168.0.37,

192.168.0.38

In this scenario, if you look at the IP addresses in binary form, you can see that only the last three bits are different:

11000000.10101000.00000000.00100001

11000000.10101000.00000000.00100010

11000000.10101000.00000000.00100011

11000000.10101000.00000000.00100100

11000000.10101000.00000000.00100101

11000000.10101000.00000000.00100110

This means that the largest number that can be represented on three bits

(111 binary = 7 decimal) has to be masked off of the IP addresses when checking them against each other to verify the validity of the session identifier cookie.

RemotelyAnywhere provides a subnet mask-like setting for this purpose. By default, it is set to 255.255.255.255 - this means that no bits are masked off.

Given the above scenario, we need to mask off the three least significant bits, thus we subtract 7 (binary form: 111) from 255.255.255.255, which leaves us with 255.255.255.248. By entering this value in the 'Proxy Problem Fixer' field, we are telling RA to ignore the last three bits.

This is a rather tedious way of getting around this problem - but there is no easier one, short of reconfiguring the proxy server to use only one IP address.

The latter is the recommended solution, since allowing several IP addresses to share the same session identifier can be a security risk. It is not really significant when you only mask off a few (three or four) bits, but if you need to decrease more and more significant bits of the IP addresses, you are putting yourself in a risky situation.

Of course, the risk can be decreased by protecting the cookie with SSL - but this requires that you request the login page with the HTTPS protocol and do not rely on the 'Use SSL' switch that appears when it is requested via unsecured HTTP.

Page 45

RemotelyAnywhere 4.70

RemotelyAnywhere Access Control

This dialog lets you control who has access to RemotelyAnywhere. This is slightly different on Windows 9x and Windows NT, due to lack of a user database on the Windows 9x family of operating systems. We’ll cover

Windows NT first. o Connection Idle Timeout:

Specify the idle time allowed on a connection before the user is automatically logged out. o Allow all Administrators to Access RA:

This is on by default. Adds “Full Control” permission to all administrators of the computer. If you turn it off, only users explicitly granted permission to use RA will have access. o NT LAN Manager Authentication:

Enable/Disable NTLM authentication. For those of you concerned about security, RA supports the Windows NT Challenge/Response type authentication. You must use Internet Explorer to take advantage of this feature. Netscape will always use the default authentication method, which means that passwords travel in Base64-encoded clear text over the network. You need not worry about exposing your password to eavesdroppers if you are using HTTPS to secure all communications between your browser and RemotelyAnywhere.

The upper portion of this dialog list users already granted access to

RemotelyAnywhere. The Add new permission button lets you specify a

Windows NT user or group, and the access mask you wish to assign. The red

Remove button next to each entry in the list will remove that user or group from the access list.

Page 46

RemotelyAnywhere 4.70

The Update Configuration button only serves to save the three configuration options mentioned above, adding and removing permissions take effect immediately.

Here’s the dialog showing you the options available for an entry in the permission list:

You can select individual permissions, or specify “Full Control”. You can also restrict the user to an IP address or a network by entering the appropriate parameters in the fields below. To restrict the user to a single IP address, enter it in the IP Address field, and leave Subnet Mask blank. To specify access from a network, enter the network address in the IP Address field, and enter the subnet mask in the Subnet Mask field.

Here’s a listing of all available permissions, and what they allow the user to do: o Basic

Anyone with any sort of access to RA is implicitly granted Basic access.

This allows for looking at the Info page, reading the Help file, chatting with the user in front of the computer, and logging out. o Registry Editor

Allows for editing and compacting the registry. o User Manager

Allows the use of the User Manager module. o File Manager

Allows the use of the File Manager module. o Event Viewer

Allows the use of the Event Viewer module. o Reboot

Allows rebooting the computer and restarting the RemotelyAnywhere

Page 47

RemotelyAnywhere 4.70

service. o Task Scheduler

Allows scheduling tasks. o Services

Allows access to controlling NT's Services and Drivers. o Processes

Allows access to the Process List, and adds the ability to terminate processes and/or change their priorities. o Administration

Access to setting the time, using the Shared Resources administrative page and changing virtual memory settings. o View Remote Screen

Allows using the screenshot-based Remote Control in read-only mode.

That is, users granted this option are able to view the server's screen, but not able to touch anything on it. o Remote Control

Allows use of both the screenshot-based and the Java-based Remote

Control module. o Configuration

Users with access to the Configuration module can re-configure RA.

This also grants users access to modifying RA permissions; keep this in mind! o Performance

Ability to view performance and system information data. o Custom Files

Users can retrieve files from the directory designated for RA's HTTP daemon. You can customize its behavior in the “Miscellaneous” configuration menu. o Execute Scripts

Users can execute existing scripts. o Create/Edit Scripts

Users can create, edit, and compile scripts. Implicitly grants “Execute

Scripts” rights. o Telnet

Allows access to the machine via Telnet - either using the built-in telnet client or any standalone terminal emulator. o SSH Shell

Allows access to a command prompt on the host computer via the SSH protocol.

Page 48

RemotelyAnywhere 4.70

o SSH Port Forward

Allows the user of an SSH session to forward generic ports (greater than 1024) on the server to other hosts and ports. o SSH Privileged Port Forward

Allows the user of an SSH session to forward privileged ports (port number below 1024) on the server to other hosts and ports. o SSH SFTP

Allows the user access to the filesystem of the host computer via the

SFTP (Secure File Transfer Protocol, an extension of SSH) protocol. o Full Control

Adds all possible permissions to a user. It is recommended to have at least one account that has “Full Control” capabilities.

Special care needs to be taken with a few of the above options. Users with access to Configuration and Registry Editor can also access and change the

RA configuration data, including permissions. However, the Registry Editor option can be considered safe, since the administrator can change permissions on the HKLM\Software\RemotelyAnywhere key and protect it from unwanted access. Users who can “Create/Edit Scripts” can also create programs in the Small language that run on the remote computer. These scripts will be run under the account of the person starting the script from the

“Scripts” menu – except when a Small program is called from the system monitoring script. In this case, the program is run under the LocalSystem account.

With the exception of the Reboot, Remote Control and Processes, Windows NT access restrictions apply. For example, you can grant someone access to the

File Manager, but they will only be able to access files and directories their

Windows NT account has permissions to. The same goes for the Registry

Editor, User Manager, etc.

The above exception for Reboot, Remote Control and Processes is made to provide you maximum control over your system, and RA uses the all-powerful

LocalSystem account to perform the above tasks. For example, not even an

Administrator has sufficient rights to terminate a service process - but with

RA performing this action under the LocalSystem account, any process can be terminated. Remote Control is another exception. When you are remotely controlling the system with RA, you have access to the mouse and the keyboard of the system. If nobody is logged on interactively, you will need to use the NT Logon dialog to gain access to the desktop, typing in a username or password, possibly different than the one you are accessing

RemotelyAnywhere with. If there is a user logged on to the host computer, you will be working under his account.

Access rights are cumulative. That is, if 'Group A' has access to the Event

Viewer, and 'Group B' has access to the File Manager, a user who is a member of both groups will have access to both modules.

Page 49

RemotelyAnywhere 4.70

If the machine is a domain controller, the user accounts and groups that appear are listed from its domain. If the computer is not a domain controller, local users and groups are displayed. You can specify where to list accounts from by typing the name of the domain or the computer in the input field and clicking the List accounts button.

You can also restrict a certain user to an IP address or an IP address range.

Please remember that access rights are cumulative: if 'Group X' has full access to RA and is not bound to an IP address, and 'User Z' is a member of that group, he will always have full access, even if you bind him to a specific

IP address or network. To allow a user or group access from two or more IP addresses or networks, simply grant them the same permissions several times, but with different IP restrictions.

Access rights are stored in the registry value

“HKEY_LOCAL_MACHINE/Software/RemotelyAnywhere/Permissions” in binary form. This data is basically a listing of the Security Identifiers of the groups or users, the access mask associated with them, the network they might be restricted to, and a CRC value. By default, any data under the

“HKEY_LOCAL_MACHINE/Software” key can only be changed by administrators or the LocalSystem account. Windows NT reserves the latter for services and the operating system itself.

Under Windows 9x, matters are slightly different.

On the main Access Control dialog, the Allow all Administrators and NT LAN

Manager Authentication options are not available, since these features are not supported by Windows 95/98/ME.

The Permissions dialog is different as well:

Since Windows 9x does not have a built-in user database, you need to specify user names and passwords.

Page 50

RemotelyAnywhere 4.70

The permission data is stored in the registry under

“HKEY_LOCAL_MACHINE/Software/RemotelyAnywhere/PermissionsWin9x” in binary form. The data is represented in a format that is similar to that of the

“Permissions” value used with Windows NT, but instead of specifying a security identifier, the actual user name and a secure hash of the password is stored.

Page 51

RemotelyAnywhere 4.70

NDS Access Control

In addition to (or instead of) assigning user to Windows NT users or groups, you can also utilize Novell’s eDirectory for permission management, with certain restrictions:

1. You can only assign permissions to NDS groups, and not NDS users.

2. NDS access is only granted to the HTML interface, and not to Telnet/SSH or the FTP server.

When logging in to the NDS tree instead of NT, you need to check the “NDS

Authentication” checkbox on the login dialog. This is present only if the NDS

Access Control has already been set up on the computer.

The NDS Access Control dialog can only be accessed if the host computer has the Novell Client software installed.

The dialog below shows you a typical NDS setup.

Three NDS groups have been granted access to RemotelyAnywhere: File

Managers, Telnet Users and RemotelyAnywhere Admins. Three different naming conventions are present in the above dialog: CN=group, group, and

CN=group.O=organization. You can enter the name of an NDS group in the format you like – for clarity we recommend that you use fully qualified group names.

To add a new entry to the above dialog, click the “Add new permission” button. A dialog will pop up, asking you for the name of the NDS group you want to add RemotelyAnywhere permissions to. Enter the name of the group in the format you desire and click “Add”. Another dialog will prompt you for the RemotelyAnywhere permissions to be granted to the account, and you will also be able to specify which NT group or groups the temporary account (see below) should be a member of.

Let’s suppose the following scenario:

1. An NDS account, Admin, is a member of the RemotelyAnywhere Admins

NDS group.

2. Another NDS account, Weblogs, has membership in both the Telnet Users and the File Managers NDS groups.

Page 52

RemotelyAnywhere 4.70

When Admin logs in, RemotelyAnywhere first authenticates him against the

NDS server. If successful, his group memberships are checked against the list you see on the illustration above. If he is a member of at least one of the listed groups, access is granted. A temporary NT user account is created and the account is added to the Windows NT group or groups specified for the

NDS group in the above dialog.

The temporary account is in the form of ndslogin_xxxxxxxx where ndslogin stands for the login name and xxxxxxx stands for a 32-bit random hexadecimal number. For example: Admin_1f8ce3dd.

The password for the temporary account will be a random stream of digits and letters with the maximum length made possible by the local security policy, and this password will never be displayed or transported across the network. This password will be used by RemotelyAnywhere to authenticate the temporary account towards the operating system.

When servicing requests for Admin, RemotelyAnywhere will execute under the security context of the temporary account. RA will allow the user to access its modules that are available for his NDS group - in this case, everything - and

Windows NT will make sure that he’s only able to access secured objects that his NT group membership entitles him to – in this case, everything an administrator account has access to.

Once Admin logs off (or times out due to inactivity) the temporary user account is logged off from Windows NT and removed from the user database.

When user Weblogs logs in, the situation is a little bit more complicated.

Weblogs is a member of two NDS groups listed above: Telnet Users and File

Managers. The NDS permission list is cumulative: Weblogs will have access to the RA modules accessible by all of his NDS groups - Basic, File Manager and Telnet in this case - and will be a member of all NT groups as specified for his NDS groups: Users and Backup Operators.

The session for Weblogs will be much more restrictive than that of the Admin user. He’ll only be able to access a command prompt on the server and the

File Manager and File transfer modules. His actions within these modules will be further restricted by his membership in the NT Users and Backup

Operators groups.

To troubleshoot NDS login problems, please make sure logging is enabled (in the Miscellaneous configuration page) and refer to the RemotelyAnywhere.log file in the installation directory. The log file will display NDS authentication status information as well as NDS error codes, if any.

Page 53

RemotelyAnywhere 4.70

IP Address Filtering

Use this dialog to specify which computers are allowed to access

RemotelyAnywhere on your system.

The above simple interface lets you maintain IP address restrictions. When the Current IP Address Filters list is empty, filtering is disabled.

The Up, Remove and Down buttons let you manage already entered filters.

Select one item in the list, and move it up or down with the appropriate buttons, or remove it altogether.

The New Item fields let you specify a new filtering item. You can enter the following:

1. A single IP address

2. An IP address with a subnet mask, essentially granting or denying access for a whole network.

3. An IP address with wildcards and no subnet mask. Accepted wildcards are an asterisk (*) that matches any number of characters, or a question mark (?), that matches a single character only.

The Allow and Deny radio buttons let you specify whether you want to allow access to the IP address or addresses you are entering, or you want to deny it.

Whenever a new connection is established to RemotelyAnywhere, the remote

IP address is checked against the filter or filters in the list, and access is granted or denied accordingly. The IP filters that you set up here apply to every connection received by RA, except for those aimed at the Port

Forwarding Server and the FTP Server. To specify IP address restrictions for these two modules, use the IP filtering dialogs specific to them.

So how does exactly IP address filtering work?

Page 54

RemotelyAnywhere 4.70

When an IP address is checked against a list, RemotelyAnywhere goes from the first element of the list to the last, comparing the IP address against the item. If the item is a single IP address, it only matches the remote IP if they are equal. If the item is an IP address with a subnet mask, a logical AND operation is performed on the subnet mask and the remote IP address, and the result is checked against the item’s network address to see if the remote

IP address is in fact on the network. If the item is a wildcard, the remote IP address is converted to its dotted textual representation and the two strings are compared.

When a match is found, RemotelyAnywhere checks if it should allow or deny the connection, based on the allow/deny flag that belongs to the element.

This result is then used to decide whether to let the connection proceed.

If no match is found, then the connection is allowed. If you would like all connections to be denied by default, except for those in the list, enter a

DENY:* line as the last item on the list.

Examples:

1. Allow connections from IP address 215.43.21.12 and the network

192.168.0.0, and deny all other connections:

ALLOW:215.43.21.12

ALLOW:192.168.0.0 (255.255.0.0) –OR- ALLOW:192.168.*

DENY:*

2. Allow connections from IP address 215.43.21.12 and the network

192.168.0.0, but not from the address 192.168.0.12, and deny everything else:

ALLOW:215.43.21.12

DENY:192.168.0.12

ALLOW:192.168.0.0 (255.255.0.0) –OR- ALLOW:192.168.*

DENY:*

Please note that denying the connection from 192.168.0.12 comes before allowing connections to the 192.168.0.0 network. This is because if RA was to find the ALLOW item first, it would let IP address 192.168.0.12 through, since it matches the condition. To prevent this, we make sure that the address 192.168.0.12 is checked before the network it belongs to.

3. Allow all connections, except those coming from 192.168.0.12:

4. Deny all connections from the network 192.168.0.0 except for the subnet

192.168.12.0, and allow all other connections:

DENY:192.168.0.12

ALLOW:192.168.12.0 (255.255.255.0) –OR- ALLOW:192.168.12.*

DENY:192.168.0.0 (255.255.0.0) –OR- DENY:192.168.*

Page 55

RemotelyAnywhere 4.70

Ordering is important, again.

It is not possible for you to lock yourself out by accident when setting up IP address restrictions from afar, i.e. you can’t enter a DENY:* clause into an empty list.

Page 56

RemotelyAnywhere 4.70

IP Address Lockout

Use this feature to detect and temporarily lock out potential intruders. o Use IP Address Lockout:

Enable or disable this feature. It's useful if your server is exposed to the Internet. Lockout will prevent people from gaining access to the administrator username and password using brute-force methods. o Number of bad login attempts to lock out after:

Specify the number of login attempts here. By default, an intrusion will be detected if five bad login attempts are detected from the same IP address. o Reset count after:

After the amount of time specified in this box elapses, the bad-login count of the offending IP address will be reset to zero. o Lockout duration:

If there were a number of bad login attempts (specified in the second field) from an IP address in time-window period specified in the previous field, connections from the offending IP address will be rejected for the amount of time you specify here.

Bad login attempts and lockouts are logged in the RemotelyAnywhere.log file if you have logging enabled. Currently locked IP addresses are shown on the

General Info page and can be unlocked there.

Page 57

RemotelyAnywhere 4.70

Remote Control

This dialog allows you to change remote-control related options. o Auto-Panning:

If the host computer’s display area is larger than what the remote control client can display, only a part of the screen is shown and you can use the scrollbars to view the right area of the remote display.

When this option is enabled, the screen is automatically scrolled for you when the mouse is near the edge of the currently displayed area. o Use Mirror Driver If Available:

RemotelyAnywhere provides a mirror display driver on the W2K/XP platforms. This display driver provides a faster and less CPU-intensive remote control session. Should you have any compatibility problems, you can turn off the use of this driver by disabling this option. o Automatically Disable Wallpaper: Disables the wallpaper (or background desktop image) on the host computer when a remote control session is started. o Remote Control Client Idle Time Allowed:

If the remote control client is inactive for the amount of time specified here, it will automatically be disconnected. o Beep When Remote Control Starts Or Ends: The host computer will sound a beep when a remote control session is initiated or ended. o Beep Continuously During Remote Control: The host computer will beep periodically when a remote control session is active.

Page 58

RemotelyAnywhere 4.70

o Beep Interval For Above: Specifies the time between beeps for the above setting. o Lock Console When Connection Lost:

If set, and the Java remote control client loses connection to the server due to a network error, RA will lock the console to protect your work. o Local Keyboard & Mouse During Remote Control:

When disabled, the person sitting in front of the machine will not be able to use his mouse or keyboard while a remote control session is in progress. o Screenshot-based Remote Control:

When disabled (this is the default) this somewhat outdated and not very widely used remote control mode does not show up in the

Remote Access menu. o Screen Color Depth: Choose between 16, 256 or True Color resolution. You can also specify to use the remote host’s screen color depth. o Open New Window In Fullscreen Mode:

If set, it will open a fullscreen window for remote control. If disabled, opens a normal window. o Monitoring Mode Refresh interval:

In passive monitoring mode, your browser will request screen updates from the server from time to time. You can specify the number of seconds that will elapse between two updates here. Note: you can access monitoring mode by clicking on the link 'Monitor' below the screenshot image. o Maximum number of screen updates per second:

You can specify the maximum number of times RemotelyAnywhere sends screen updates to the browser. The interval for this value is 1-

50.

Page 59

RemotelyAnywhere 4.70

Telnet/SSH

This dialog allows you to change Telnet and Secure Shell related options. For a complete explanation of the Telnet/SSH server, please see the corresponding section of this document. o Telnet Server:

Enable or disable the Telnet Server. o SSH Server:

Enable or disable the Secure Shell Server. o Allow Unsecured Telnet Connections:

Allow plaintext terminal emulator connections to the Telnet port. If disabled, only the built-in Java client can be used to access Telnet.

This does not affect the SSH server. o Telnet Window Width & Height:

Specify the default size of the console window. This affects the size of the built-in Java client. o Login Timeout:

Enter the number of seconds the user may remain idle during the logon process. o Idle Timeout:

Enter the number of seconds the user may remain idle during a

Telnet/SSH session.

Page 60

RemotelyAnywhere 4.70

o Session Recovery Timeout:

When a Telnet connection is broken ungracefully (that is, the user does not type 'exit' at the command prompt) he will be able to reconnect to the session and continue work where it was left off for a period of time. You can specify the amount of time you want the lost telnet session be available for. Any and all running programs started by the user in the Telnet session will be available when the session is resumed. o Maximum Simultaneous Connections:

You can specify the maximum number of connections to the

Telnet/SSH servers. It's a good idea to set a reasonable limit, especially on computers connected to the Internet. Every new connection uses resources on the computer. o Logon Banner:

Enable or disable the logon message sent by the Telnet/SSH servers when a connection is established. The logon message looks like the following:

Windows NT Server 4.0 (build 1381) Service Pack 6

RemotelyAnywhere Telnet/SSH Server v3.5.268

Copyright (C) 1998-2001 3am Laboratories PL. All Rights

Reserved.

Login:

If you do not want to let anybody who connects to the Telnet/SSH ports know the version of the operating system and

RemotelyAnywhere, disable this option. o Opens In New Window:

If the console size you specified is too large for your workstation's display, you can have RemotelyAnywhere open a new browser window with just the Telnet client in it. o Open New Window In Fullscreen Mode:

If set, it will open a fullscreen window for the Telnet client. If disabled, opens a normal window. Only applies if the previous setting is enabled.

The Status button takes you to a screen where you can view manage the current Telnet and SSH connections.

The SSH Host Keys button lets you re-generate SSH1 and SSH2 host keys used by the SSH server. You can specify the key size, but the larger the key, the longer it takes to generate it. Anything above 2048 bits is overkill, and will take a very long time even on a fast computer.

Page 61

RemotelyAnywhere 4.70

Process List

Enables you to select which columns are displayed in the Process List.

There’s no reason to limit the number of fields displayed, other than screen real-estate.

Page 62

RemotelyAnywhere 4.70

System Monitoring

This is a powerful feature of RemotelyAnywhere. You can monitor the system based on the performance data collected.

You can define conditions, and actions to be performed. A condition and an associated action are known as a rule.

Rules are defined in the file MonitoringScript.txt located in your

RemotelyAnywhere directory. You can edit this file using your favorite text editor, or you can use the System Monitoring configuration option to make changes or create new rules.

A rule has the following structure:

<rule name> (delay)

{ <condition> { <action1> } else { <action2> } }

For example:

“Check Memory Usage” (10m)

{

MemUsageAboveFor(70%, 20m)

{

SendMail(“[email protected]”,

“Memory usage on [MACHINE]”,

“High utilization!\n”

“(Max: [MAX_USAGE])”);

} else

{

“See

}

SendMail(“[email protected]”,

“Memory usage back to normal”, topic.”);

}

The above rule executes every 10 minutes (delay), and checks the condition

MemUsageAboveFor. In the above scenario, if the memory utilization is above

70% for 20 minutes or more, the condition becomes true, and action1 is executed.

The action, in this case, will send an email to “ [email protected]

” describing what has happened.

The rule will keep checking the condition every 10 minutes after the condition has become true. If it’s still true, it does nothing – but if it becomes false

(that is, the emergency situation is resolved) it executes action2. That, in case, will email the administrator to let him know that the problem has been resolved.

Page 63

RemotelyAnywhere 4.70

The action can consist of several statements – they have to be separated with a semicolon. Such as:

MemUsageAboveFor(70%, 20m)

{

SendMail(“[email protected]”,

“Memory usage on [MACHINE]”,

“High utilization!\n”

“(Max: [MAX_USAGE])”);

SendMessage(“administrator”,

“High memory utilization on [MACHINE]!\n”

“(Max: [MAX_USAGE])”);

}

There is one special rule that can – and should - be defined: it’s called

ERROR. If something goes wrong while performing actions – for example, when the user Administrator is not logged on and the above actions are executed, SendMessage will fail – ERROR is executed, allowing you to customize error-handling behavior.

The MonitoringScript.txt file that ships with RemotelyAnywhere defines a number of sample rules. They are all commented out – you will need to remove the comment marks (#) from the beginning of each line of a rule you’d like to use.

You will find a full list of conditions, actions and string substitutions in

Appendix B .

It might seem overwhelming at first, but if you have a little bit of experience of programming in C or a similar language (escape sequences and string formatting are C-like) and study the sample MonitoringScript.txt for a little while, you will be up and running sooner than you thought.

You can enable or disable certain conditions with the dialog that appears when you select “System Monitoring”:

The “Edit script” button lets you edit the monitoring script in your browser.

Page 64

File Manager

RemotelyAnywhere 4.70

Enables you to select which columns are displayed in the File Manager.

Page 65

Miscellaneous

Configure various options of RemotelyAnywhere.

RemotelyAnywhere 4.70

o Write events to a log file:

Enable/Disable logging. It's off by default, but you can have everything that RA does logged in a file called RemotelyAnywhere.log in the directory RA is installed in. The most important events are also logged in the Windows NT Application log. This can not be disabled. o Number of days to retain logs for:

At midnight, RemotelyAnywhere rotates its log files and deletes old, unneeded ones. This value specifies how old logfiles can grow before they are deleted. When set to zero, no files are deleted, ever. o Automatically check for latest version on the Web:

When enabled, RemotelyAnywhere will attempt to connect to

RemotelyAnywhere.com every 24 hours to see if there is a newer version of the software available. If there is, it will notify you via the

“General Info” page, as well as place an entry in the

RemotelyAnywhere.log file. When RA connects to

RemotelyAnywhere.com, the following information is recorded on the server:

ƒ The version of RemotelyAnywhere making the request

ƒ The version and family of the operating system

RemotelyAnywhere is running on

ƒ The language of the operating system

ƒ Whether the instance of RemotelyAnywhere making the request is a trial or a licensed copy

Page 66

RemotelyAnywhere 4.70

This information is recorded for statistical purposes, to help 3am

Laboratories PL better server its customers. If you do not wish to provide this information to us, please disable this option. o Performance Queries:

Enable or disable performance data gathering. This puts a negligible load on the computer, and the file storing the data is compressed, and does not grow over 50 KBytes in size. o Indicate Computer Downtime:

On the performance graphs, the time when the computer was turned off (or RemotelyAnywhere was not able to gather performance data) can be indicated with a gap that is proportional to the length of the downtime. o Enable HTTP serving from custom location:

Enable/Disable the built-in HTTP daemon. o Custom HTTP directory:

Specify the root directory for the HTTP daemon. o Custom HTTP default index file:

Default index file RA looks for if a directory name is specified.

Directory browsing is not allowed. o SMTP Server:

The mail server RemotelyAnywhere will use to send email if necessary in the System Monitoring module. o Use red color in graphs above a certain percentage usage:

This option changes the appearance of the performance graphs. You can specify a percentage here, and if a stat is higher than that, it will be drawn using the color red, instead of the normal graph color. o Desktop Icon & Remote Control Notification: By default, RA uses a tray icon and popup dialogs to let the interactive user know when the machine is being accessed via RemotelyAnywhere. If this gets in the way - for example, on servers, where there is no interactive user - you can disable this feature here.

Page 67

RemotelyAnywhere 4.70

Colors

Change the colors RemotelyAnywhere uses. You should enter the six-digit hexadecimal RGB code for each color, prepended with a “#” sign, as per

HTML standards.

The “Restore Default” button will reset the color configuration to the factory defaults.

Page 68

RemotelyAnywhere 4.70

Appearance

This dialog lets you tailor the appearance of RemotelyAnywhere to your liking. o Performance Viewer above Menu:

Enable/Disable the Java applet showing the current processor and memory utilization above the menu. o Tooltips:

If you grow bored of the tooltips displayed by RA, you can turn them off here. o Icons:

You can turn off most of the icons displayed on the HTML pages. o Maximum number of Eventlog records to display per page:

The number of Eventlog records per page. o Maximum number of User records to display per page:

The number of entries in the User Manager that are displayed simultaneously. o Maximum number of records to display per WAP page:

Most of the WAP devices out there have very small screens and limited memory. Also, some gateways might enforce size restrictions on the

WML documents they compile for their devices. This configuration setting lets you specify the number of records to appear per WAP screen, where applicable. Such screens belong to the Processes,

Services, and Drivers menu options.

Page 69

Local Preferences

RemotelyAnywhere 4.70

Local preferences are like appearance and miscellaneous settings – but instead of storing them in RemotelyAnywhere, they are stored within your browser. If, for example, you regularly access a server machine both from the office and from home, and your office PC has a 15-inch display while your home computer boasts a 21-inch monitor, you might want to use different settings for the two locations. This option can also come in handy when there are a number of people using RemotelyAnywhere to access a computer. They might have different preferences for visuals, but if you set up your own configuration here it will be stored as a set of cookies in your browser. So every time you access that computer from the same browser, these settings will override the RemotelyAnywhere defaults.

Page 70

RemotelyAnywhere 4.70

SSL Setup

Setting up SSL support for RemotelyAnywhere is done in four easy steps: o First, you must set up your Certificate Authority. This step will create a

CA certificate - that's valid for ten years - and self-sign it. Simply fill out the form at the bottom of the page by specifying your country code, your organization and your name. Some default values are provided here from your computer’s registry. When you're done, click on the 'Create CA' button. This will create the CA. Click on the

'Continue' button at the bottom of the page when you're ready for the next step. o Second, you need to create the server certificate. Simply fill out the form at the bottom and click on 'Create Certificate' to proceed.

RemotelyAnywhere will generate a certificate request, and sign it with the Certificate Authority you created in the previous step. The certificate created this way will be valid for ten years. Click 'Continue' on the next screen. o The third step is optional: you can now install the CA certificate in your browser. This will suppress the message you'd be getting otherwise about the unknown Certificate Authority every time you make a secure connection to RemotelyAnywhere. Click on the button and follow the instructions on screen. o Fourth, you need to restart RemotelyAnywhere so that it can load the newly created server certificate. You can do this from the Control Panel or the console by typing 'net stop RemotelyAnywhere' and 'net start

RemotelyAnywhere'.

That's it, you are now ready to make a secure connection to RA. Simply use a

URL in the form of ' https://my.machine.here:2000' . Please note that you need to use two different ports for HTTP and HTTPS connections - and you must also specify 'http' or 'https' in the beginning of the URL to successfully connect.

Note: you can use the same CA certificate on several machines, but you can't use the same server certificate in more than one place. If you want to use one CA certificate on a network of NT machines, simply perform step one on the first machine, then copy the files CACert.pem, CAKey.pem and CACert.der in the RemotelyAnywhere directory to the other machines. You can then continue SSL setup from step two on all other boxes. You only have to perform step three once in this case.

The SSL certificates generated here are used for accessing the HTML-based administration module via HTTPS, and are also used by all virtual FTP servers to secure connections if using a suitable client.

Page 71

RemotelyAnywhere 4.70

RemotelyAnywhere Network Maintenance

You can use this option to install and configure RemotelyAnywhere on other computers connected to the network.

This option will not work if you have logged on with NTLM authentication.

NTLM authentication cannot be delegated over the network, so

RemotelyAnywhere will not be able to identify you to other computers.

First, you will be presented with a question on how to scan the network. You can choose to only scan a specified domain, or you can browse the whole network. On larger networks, this can be a lengthy operation, so looking at only one domain at a time is recommended. You also have the option of inspecting and upgrading a single computer.

On the following screen, you will be shown the part of the network you have chosen in the previous step. All computers will be listed, and you will be able to see what operating system and which version they are running, what roles they fulfill, and last, but not least, whether they have RA installed or not.

If RemotelyAnywhere is installed on a machine in the list, you can quickly open RA on the computer by clicking on its name. You can also see what version of RemotelyAnywhere is running on the computer, and you can upgrade it if necessary with two mouse clicks.

If a computer does not have RA installed, you can quickly do a remote install by only two clicks.

On computers that are running the same version of RA as the machine you are currently accessing, you have a third option: copying RemotelyAnywhere settings. One click takes you to a page that allows you to select what sections of the local machine's configuration you want to enforce on the target machine, and another click copies these settings over. Here is a quick list of what is copied with each section. Please check the appendix describing registry settings for a further explanation of these options.

Connection and Port Settings:

ListenerSocket, DisableCompression, DisableNonSSL,

ForceHTTPTunneling, ProxyProblemFixer, HTMDenied,

XMLDenied, SMTPServer

Permissions:

AdminAccess, AllowNTLM, Permissions, VisitLength

IP Address Filtering & IP Address Lockout:

IPFilterSettings, IP Address Lockout, LockoutBadLoginCount,

LockoutDuration, LockoutEnabled, LockoutResetCountAfter

Remote Control:

ColorDepth, LockConsole, RAClientTimeout, RCDisableInput,

Page 72

RemotelyAnywhere 4.70

RCFullScreen, RCMaxUpdatesPerSecond, RefreshInterval,

ScreenshotBasedRC

Telnet:

ConsoleFont, ConsoleHeight, ConsoleWidth, TelnetBanner,

TelnetColors, TelnetEnabled, TelnetFullScreen, TelnetHeight,

TelnetLoginTimeout, TelnetMaxConnections, TelnetNewWindow,

TelnetPort, TelnetReconnectTimeout, TelnetWidth

Process List:

PlistCols

File Manager:

FlistCols

Miscellaneous (Logging, etc.):

CheckForUpdates, Logging, PerformanceQueries,

CPU1UpdateTime, CPU2UpdateTime, CPU3UpdateTime

Automatic Priority Adjustments:

AutomaticPriorities

Color Scheme and Appearance:

EventlogRecords, PVAboveMenu, Tooltips, HTMLColor_BG,

HTMLColor_FORM, HTMLColor_Head, HTMLColor_Link,

HTMLColor_ServiceRunningBG, HTMLColor_ServiceRunningFG,

HTMLColor_ServiceStoppedBG, HTMLColor_TDBG,

HTMLColor_TDBG_Lit, HTMLColor_Text, HTMLColor_THBG,

HTMLColor_Vlink, HTMLTagFont, HTMLTagFormFont,

IconsEnabled, IndicateDowntime, WAPMaxLinesPerScreen,

ShortcutSettings, SplashScreen, UseGraphRed, UsersPerPage

Tray Icon and Notification Settings:

RAGui, RAGuiConfirmationText, RAGuiConfirmationTimeout,

RAGuiDefaultToYes, RAGuiPerfWindows, RAGuiShowIcon

Not Copied:

CompiledMonitoringScript, FTPSettings, IpAddress,

InstalledVersion, PFSSettings, ServingDefault, ServingDir,

ServingEnabled

Page 73

RemotelyAnywhere 4.70

Desktop Icon and Remote Control Notification

You can change the way the RemotelyAnywhere system tray icon operates.

The icon is enabled by default, but here are some options to change its behavior: o Desktop Icon & Remote Control Notification:

By turning this option off, you will disable the icon, and also any attempts to notify the local user when someone is accessing the computer remotely. When this option is off, none of the other settings in this configuration screen apply. This option, when disabled, basically tells RemotelyAnywhere not to bother starting RAGui.exe, the software that sits in the system tray and communicates with the user. Disabling this option will also disable the Chat function. o Show RemotelyAnywhere icon in System Tray:

If you turn this off, the user will not be bothered by the little blinking icon every time a request is made to RemotelyAnywhere. In fact, the icon will be completely hidden. However, this does not disable the user confirmation for remote control. o Default answer to Remote Control Notification:

Yes or No. When someone tries to gain remote control access to the computer, and the local user does not answer the query, the remote control session will either proceed or not, depending on this setting. o Number of seconds before Notification times out:

Timeout for the query. o Notification Confirmation Text:

The text that will be presented to the user in the remote control confirmation dialog box. The string “%USER%” will be substituted by the name of the user who is attempting the remote control operation.

Page 74

RemotelyAnywhere 4.70

RemotelyAnywhere Log

This option lets you view the RemotelyAnywhere log files.

By default, the active log file, RemotelyAnywhere.log is brought up, but you can select any of the older log files named RAYYYYMMDD.log, that were found in the RemotelyAnywhere directory, from the drop-down list in the lower part of the screen.

You can enable or disable logging to text files as you will, but

RemotelyAnywhere will always log the following events to the Windows

NT/2000 Application Log:

1. Service Start/Stop

2. Login/Logout

3. Remote Control Start/Stop

4. Telnet/SSH Login/Logout

The Application Log is used because of security considerations.

In addition, service start and stop events are always written to the

RemotelyAnywhere.log file, no matter whether logging is enabled or disabled.

Page 75

RemotelyAnywhere 4.70

Registration Key

You can enter your license key here.

Simply paste the license key you received from your software vendor into the input field, and click the Save button.

The license file that you must copy without making ANY modifications looks something like this:

-----BEGIN LICENSE-----

PRODUCT RemotelyAnywhere

VALIDFORVERSION 4

UPG.INS.UNTIL 2003-01-13

LICENSETYPE CITY

LICENSESCOPE Budapest, Hungary

LICENSECOUNT 1

LICENSEETYPE PRIVATE

LICENSEE 3am Laboratories PL

ISSUER 3am Laboratories PL

ISSUERID 1060-4b81-0781-f51c

ISSUEDATE 2002-01-13

ISSUEREASON OTHER

LICENSEID 52af-38f3-126e-0658

-----END LICENSE-----

-----BEGIN PKCS7-----

MIHbBgkqhkiG9w0BBwKggc0wgcoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEH

ATGBqjCBpwIBATBGMEExCzAJBgNVBAYTAkhVMRwwGgYDVQQKExMzYW0gTGFib3Jh dG9yaWVzIFBMMRQwEgYDVQQDEwtNYXJ0b24gQW5rYQIBADAJBgUrDgMCGgUAMA0G

CSqGSIb3DQEBAQUABEAo+9m7IinfHGT62YLIJ2KdHwhfch/iYuwGuXwVO+vRUa7T

OL/AOCG4FJUrxG1nK5Ic9yvhz5JdAPvE+U05gzQT

-----END PKCS7-----

You must make sure that you copy and paste everything between the BEGIN

LICENSE and END PKCS7 lines, including those!

The license file contains two distinct parts. The first part, the actual license itself is in plain text format. This is marked with the BEGIN LICENSE and END

LICENSE lines. The second part, the digital signature assures the integrity of the license text. This is contained between the BEGIN PKCS7 and END PKCS7 lines.

There are two distinct license types:

1. Node-Locked License

This license allows the software to be executed on one or more computers.

The license file specifies which computers are allowed to run the software.

The computers are identified with their Windows computer names. When you purchase the software license, you need to specify the names of the computers you intend to run RemotelyAnywhere on. For example:

MAILSERVER, WEBSERVER. The license will then only work on these computers. If you need to replace the hardware and intend to run

RemotelyAnywhere on the new computers, you will need to give them the same computer name or purchase a new license.

Page 76

RemotelyAnywhere 4.70

2. Volume and Unlimited Licenses

These licenses do not tie the software’s usage to specific computers. These licensing types are available to customers purchasing licenses for a large number of computers. Availability depends on the distributor.

Page 77

RemotelyAnywhere 4.70

Shortcuts

You can place shortcuts on the General Info page to reach the most frequently used parts of RemotelyAnywhere with just one click after logging in. The configuration dialog looks like the following:

Simply select the checkboxes next to the functions you wish to place on the

Info page, and click Update.

Page 78

RemotelyAnywhere 4.70

Port Forwarding

This option accesses pages that are used to set up and administer the Port

Forwarding Server built into RemotelyAnywhere.

For a detailed description of the configuration interface, please see the section on the Port Forwarding Server in this documentation.

Page 79

RemotelyAnywhere 4.70

FTP Server

This option accesses pages that are used to set up and administer the FTP

Server built into RemotelyAnywhere.

For a detailed description of the configuration interface, please see the section on the FTP Server in this documentation.

Page 80

RemotelyAnywhere 4.70

Custom Files

Access: Custom Files

RemotelyAnywhere is able to act as a simple HTTP daemon and serve files from the computer to the Web. Access to these files requires a special permission. You can customize the HTTP daemon's behavior in the

Miscellaneous submenu of the Configuration menu.

In order to make use of this feature, you must first set the 'Enable HTTP serving from custom location' setting to Enabled. You can then specify the root directory for the HTTP daemon, and the default index file. After making these changes, reloading the RA menu will display a new item: "Custom

Files". Choosing this will display the default index file from the web root you specified in the right frame.

Page 81

RemotelyAnywhere 4.70

Scripts

Access: Create/Edit Scripts

Access: Execute Scripts

RemotelyAnywhere provides an extension interface. You can create custom scripts from within RA, and these scripts can interact with the system,

RemotelyAnywhere, and the user.

The scripting menu looks like this:

Clicking on the name of the script will execute it. The Edit command will bring up a page with the source code of the script, where you can edit and compile your program. The Delete command removes the script.

To create a new script, enter its desired name in the input field and click the

Create button.

There are three kinds of scripts you can create:

1. Interactive

2. Quiet

3. Hybrid

Interactive scripts display their output on HTML pages, within the

RemotelyAnywhere frameset. An example for an interactive script is the

File.sma script, which is installed with RA. These scripts do not have to return a value from their main function. They communicate with the user via the

htmlBeginOutptut(), htmlEndOutput(), and various other html***() functions.

A Quiet script is one that is usually called from the System Monitoring script.

It does not display output. A return value is required at the end of the main function. A skeleton example for a Quiet script is here:

#include <ra>

Page 82

RemotelyAnywhere 4.70

main ()

{

return

}

This script does not do anything useful. It simply returns a zero value, meaning that no problem has occurred. If you attempt to run this script from the Script menu, you will get a message similar to this:

Hybrid scripts, on the other hand, are executable interactively and also return a value at the end of their main function. An example for a hybrid script is the

WatchProcess.sma file, included with RemotelyAnywhere. Hybrid scripts check the return value of the htmlBeginOutput() function, and if it’s a zero value, the script is run in non-interactive mode. (That is, it is invoked from the

System Monitoring script, via the Small() function call.)

For a complete reference of the scripting language, please see

Appendix C ,

and the Small Booklet (smalldoc.pdf), also included with RemotelyAnywhere.

If you have experience in programming in C or C++, and have a basic understanding of HTML, you will be creating your own scripts in no time.

Page 83

RemotelyAnywhere 4.70

Help

Access: Basic

You can view this file and the software license, and also find a link to the

RemotelyAnywhere web site. You can enter your registration key here as well.

Page 84

RemotelyAnywhere 4.70

Logout

Access: Basic

Clicking here will end your RemotelyAnywhere session. You do not have to use this option - if you do not log out, your session will eventually time out.

The timeout period can be specified in the Configuration screens.

Page 85

RemotelyAnywhere 4.70

FTP Server

The FTP Server that comes with RemotelyAnywhere is extremely versatile.

You can set up an unlimited amount of FTP server on a computer, each with its unique IP address and port combination. You can create users and groups for your FTP server, or you can use built-in Windows NT accounts for rights management.

Quick Start: Creating A New Virtual FTP Server

The FTP Server logs all user activity to the main RemotelyAnywhere log file, if logging has been enabled in Configuration / Miscellaneous.

In order to set up an FTP server on a computer, you need to define at least one virtual FTP server. This is done in the Configuration/FTP pages:

The configuration page, shown above, allows you to manage your servers, users and groups. It also lets you to check on the current status of the server and access statistics of past activity.

Clicking the red box in the Delete column deletes the corresponding object, and clicking on the status indicator in front of a virtual server starts or stops that server. A green mark shows that the server is running, a red mark shows that it is stopped – either because it has been stopped manually or has been disabled, or it could not start because of an error.

When you stop an FTP server on this screen, the virtual server’s status will change to Disabled. So when you reboot the computer, the server will not be

Page 86

RemotelyAnywhere 4.70

started automatically. When you start a stopped or disabled FTP server, the server will be Enabled, and rebooting the computer will automatically start the virtual FTP server.

To set up a new FTP server, click the ‘Add new server’ button. This brings up the following dialog:

You can specify the following settings here: o Name:

The name of the virtual FTP server. It is for informational purposes only. You can enter whatever you wish – this is what will be displayed on the FTP configuration screen, the login message from the FTP server, etc. o TCP/IP address to listen on:

The IP address to use. You can select one item from the list. If you select ‘All available’, the virtual FTP server will listen on all assigned IP addresses. o TCP/IP port to listen on:

The port in use by the virtual FTP server. The default is the standard

FTP port, 21. o The server is enabled:

If a server is enabled, it will start automatically when the

RemotelyAnywhere service is started. If it’s disabled, you will need to start it manually. o Root directory:

The root directory for the virtual FTP server. Leaving this field blank will cause the drive list to be used as the root.

Page 87

RemotelyAnywhere 4.70

o Resolve shell links:

If you enable this option, shell links (.lnk files) pointing to directories will be displayed as directories, enabling you to use Unix and Windows

2000-style hard links. o Upload speed limit:

The global upload speed limit for the server. No matter how fast users are sending data, the server will not accept it any faster than the speed specified here. o Download speed limit:

The global download speed limit for the server. No matter how fast users are accepting data, the server will not send it any faster than the speed specified here.

By filling out the dialog with the desired values and clicking the Update button, the server is created and started. The dialog will change, and allow you access to five other configuration pages related to the virtual server:

• Security

• IP Filtering

• NT Users

• Welcome

• ODBC

Quick Start: Granting Access To The Server

We will discuss the NT Users dialog below.

You can connect to the newly defined FTP server with any FTP client, but you are not able to log in just yet. You need to create a new FTP user and let him access the server – or you can allow a Windows NT user to access the new virtual FTP server.

The difference between FTP users and NT users is simple:

NT users are pre-existing users in the Windows NT user database. Creating and managing them is done via the User Manager – either the HTML-based one included in RA, or the User Manager applet that comes with Windows.

You cannot explicitly tell the FTP server which directories and files the user has access to, but Windows access rights are enforced. If a user can access a file below the server’s root directory locally or over the network, he will be able to do so via FTP as well. If a user has no rights to a file or a directory, he will not be able to access the object with FTP either. This is enforced by the

FTP server by having the thread servicing the user impersonate him towards the operating system as soon as login is complete.

FTP users on the other hand are created and managed within the FTP configuration pages. You can tell the server which files or folders the user can access, where he can read from, where he can write to. When an FTP user logs on, the thread servicing the user is executing under the LocalSystem account by default. This is rather undesirable, so you can specify an NT user

Page 88

RemotelyAnywhere 4.70

account on a per-server basis that will be impersonated when servicing FTP users.

For the purpose of this Quick Start section, we’ll assume a Windows

NT/Windows 2000 operating system, and grant access to an NT user.

Clicking on the NT Users button brings up the following dialog:

To grant access to a Windows NT user or group on the FTP server, select its name in the listing on the right and click the Update button. To revoke access from a user or a group, select its name in the list on the left, and click the Update button.

To list user accounts from a domain rather than from the local computer, enter the domain’s name in the ‘Authenticate users under domain’ field and click the Update button.

Now that you have granted access to an NT user, you can use an FTP client to connect and log in to the FTP server. The user will have access to all files and directories below the server’s root directory. However, on an NTFS file system, NT access restrictions do apply. For example, if the user does not have the rights to read or write in a certain directory, he will not be able to do so via FTP either. The FTP server enforces this in a very effective way: the thread servicing the user will impersonate him towards the operating system as soon as login is successful.

The ‘Authenticate FTP users under NT account’ fields let you specify a username, domain and password for an existing Windows NT account. This is used when an FTP user logs on: the thread servicing the user will be impersonating this account towards the operating system. If you enter an incorrect username or an incorrect password here, the FTP user will receive a

Page 89

RemotelyAnywhere 4.70

“Login incorrect” message from the FTP server, even if he enters his credentials correctly.

Granting access to FTP users is covered in the section that describes the FTP user management interface.

Specifying Further Server Options

There are three other configuration pages related to a virtual FTP server that can be accessed from the main FTP server-editing dialog. They are described below.

Security

The Security dialog lets you specify various security and connection-related options. It is shown below.

You can specify the following settings here: o Maximum number of simultaneous users:

The maximum simultaneous connections to this FTP server. Setting it to zero will remove any limitations. o Maximum number of failed login attempts:

If a user fails to log in with this many tries, the connection will be dropped. o Login timeout:

The maximum number of seconds the user can take to log in.

Page 90

RemotelyAnywhere 4.70

o No transfer timeout:

If this many seconds elapse on an open connection without a file transfer or a directory listing, the connection will be considered idle for too long and will be terminated. o Stalled timeout:

The amount of time a file transfer can spend without sending or receiving any amount of data before it’s considered stalled and terminated. o Allow keep-alives:

When enabled, any FTP command such as CWD, PWD, or the ubiquitous NOOP will reset the “No transfer timeout” counter (see above). FTP clients use various commands to keep the connection from being idle. If this option is enabled, these commands will serve their purpose. If disabled, only an actual file transfer or a directory listing will reset the counter. o Anti-hammering:

This option is much like the RemotelyAnywhere IP Address Lockout setting. By default, if 4 bad logins occur from an IP address within one minute, the IP address will be locked out for one hour. o Thread Priority:

You can select the priority of the threads servicing users for the FTP server. If you are running an FTP server on an otherwise busy web server, it might be a good idea to set the priority to a lower value than the default Normal setting. o Allow unsecured FTP Connections:

If this is disabled, the FTP client must support and utilize SSL. o Allow data connections to go to different IPs:

The FTP protocol uses two connections: the control connection and the data connection. The data connection is where all raw data is sent, the control connection is used to send commands to the server and receive replies. Normally data connections are set up to the same IP address as that of the control connection, but in order to facilitate server-toserver file transfers, it can be desirable to allow data connections to go to different IP addresses. If you are not using server-to-server transfers, you can safely disable this option. o WS_FTP compatible secure connections:

WS_FTP, the most widely used SSL-enabled FTP client has an unfortunate bug in the implementation of the protocol. No matter whether you are using passive or active mode, the SSL data connection is always negotiated the same way. This is normally not a problem, but if you want to use server-to-server transfers with SSL encryption, the server has to behave differently when in passive or in active mode. When this option is set to Yes, server-to-server transfers will not work with SSL.

Page 91

RemotelyAnywhere 4.70

IP Filtering

The IP Filtering dialog lets you specify which IP addresses to accept and reject connections from. By default, clients can come from any IP address. Using the dialog below, you can set up rules that block or accept addresses or ranges of addresses.

The IP Filtering engine used by the FTP Server is the same as the one used by

RemotelyAnywhere itself. Please see the Configuration / IP Address Filtering section for a detailed description on how to use IP address filtering.

Welcome

The Welcome dialog lets you specify welcome notes for your users:

The first option, the welcome banner, enables or disables the welcome note automatically sent by the server whenever a connection is established to the

FTP port. This is always the following:

Page 92

RemotelyAnywhere 4.70

RemotelyAnywhere FTP Server 3.5.267 ready.

Copyright (C) 1998-2001 3am Laboratories PL. All rights reserved.

If you do not wish to let the outside world know which FTP server you are running, you can disable this option.

The next message, immediately following the welcome banner, can be fully customized. By default, it looks like the following:

------------------------------------------------------------

Welcome to the FTP Server 1 FTP server, running on Windows NT Server 4.0 (build 1381) Service Pack 6.

The server has been up for 6d 02h 05m 05s.

Data downloaded: 8909.38 MBytes

Data uploaded: 3226.56 MBytes

Sessions serviced: 182

------------------------------------------------------------

You can change this the way you like, or set it to blank to avoid a pre-login welcome message altogether. If you disable both the banner and the welcome note, the FTP Server will just send “Welcome” whenever somebody connects to the FTP port. This is because the FTP specification requires a server to send a code and some text when a connection is established.

By default, the post-login message looks like the following:

------------------------------------------------------------

Welcome, 3AMLABS\Marton, to FTP Server 1.

Your last succesful login was at 13-Feb-2001 17:47:54.

Good logins so far: 182.

Bad logins so far: 0.

You have uploaded 3226.58 MBytes and downloaded

8909.38 MBytes in your previous sessions.

------------------------------------------------------------

User logged in.

This can be fully customized as well, or can be set to an empty text to avoid the message. The last line, “User logged in.” will always be sent to the client though: yet another requirement by the FTP protocol.

The following variables can be inserted into the welcome messages, and they will be automatically replaced with their corresponding values:

• _!SERVER_NAME!_

The name of the FTP server.

• _!OS_VERSION!_

The operating system and its version.

• _!SERVER_UPTIME!_

The amount of time the server has been up for.

• _!BYTES_UP!_ and _!BYTES_DOWN!_

The amount of data uploaded and downloaded. These variables behave differently when used in the pre-login or in the post-login messages.

In the pre-login message, they represent a server-wide value, while in

Page 93

RemotelyAnywhere 4.70

the post-login message they represent the amount of data transferred by the user.

• _!TOTAL_LOGINS!_

The number of successful logins to the FTP server. Only valid in the pre-login message.

• _!GOOD_LOGINS!_ and _!BAD_LOGINS!_

The number of logins and unsuccessful login attempts. Only valid in the post-login message.

• _!LAST_LOGIN!_

The last successful login by the user. Only valid in the post-login message.

These welcome messages are server-wide settings, and apply to all users and groups. When you specify a welcome message for an FTP group or an FTP user, it will override the post-login message defined here.

ODBC Access

The ODBC Access option lets you specify a database as a source for user information.

Page 94

RemotelyAnywhere 4.70

You can set up a database to contain user information. This can be any database type: Oracle, SQL Server, Microsoft Access, or even a plain text file.

You need to create an ODBC data source that refers to this database so that

RemotelyAnywhere can access it. The data source must be a so-called

Machine Data Source, as this is the only ODBC source available to processes running in the system context.

When you have your database and ODBC data source ready, please test it by querying it with a tool that supports ODBC queries, such as a spreadsheet program.

You should have all user information available in one table. If you already have an user database and user information is in separate tables, you should set up a query within your database that contains all user-related fields.

RemotelyAnywhere only reads from the database.

The above screenshot is set up for the following scenario:

Suppose that you have a user database in a data source called FTPUsers. The user information is present in a database table called Users. A database user called ra is able to read from the Users table. You should also supply the password for this user in the above form.

The Users table can have any number of fields in any order, but the above figure assumes that these fields are present: login (character string) password (character string) homedir (character string) quota (integer, in bytes, optional) downstream (integer, speed in bytes/sec, optional) upstream (integer, speed in bytes/sec, optional) disabled (integer, zero or non-zero, optional) maxconns (integer, optional) maxconnsperip (integer, optional) welcome (character string, optional)

The only three mandatory fields are login, password and homedir. The login and password fields contain the user’s login name and password, in clear text.

The homedir field must contain the user’s home directory, which can be an absolute path (such as z:\ftp\users\~john) or it can be relative to the server root (such as /users/~john).

Users have full access to their home directory, but have neither read nor write permissions outside of it.

The quota field will not let the user store more data in his home directory and its subdirectories than the number of bytes specified here.

The downstream and upstream fields restrict download and upload speed.

They are optional, and should be an integer number specifying bytes per second.

Page 95

RemotelyAnywhere 4.70

The disabled field should be an integer. When it’s non-zero, the user is disabled and cannot log in.

The maxconns field specifies the maximum simultaneous connections to this

FTP server for a user.

The maxconnsperip field specifies the maximum simultaneous connections per unique IP address for a user.

The welcome string, if used, should contain a custom welcome message for the user.

Page 96

RemotelyAnywhere 4.70

FTP Users

FTP users are defined in RemotelyAnywhere. They do not exist outside of the

FTP server, unlike NT users.

Creating an FTP User

To create an FTP User, click on the Add new user button on the main FTP configuration screen.

Enter the desired username and password in the above dialog. You can also specify upload and download speed limits to the user – these options, if not set to zero, which means that they are disabled, override the global FTP server settings.

Clicking on the Update button creates the user, and makes the following options available:

• Groups

• Rights

• Ratio

• Disable

• Homes

• Permissions Report

The dialog changes showing you buttons to access the nine extra configuration pages related to the user:

• Max Connections

• IP Filtering

• Welcome

Page 97

RemotelyAnywhere 4.70

The newly created user cannot log in yet: you have to assign permissions to him for an FTP server and a path so that the user is able to use his account.

To allow anonymous access to an FTP server, you should create an FTP user called “anonymous”. This user account is special: no password checking is done upon login.

You assign permissions to the anonymous user account as you would to any other user. By default, the newly created anonymous user has no rights to any virtual FTP server defined.

Page 98

RemotelyAnywhere 4.70

Groups

This dialog lets you specify which FTP groups the user belongs to. For more details on FTP groups, please see the appropriate section.

Selecting a group that the user is a member of and clicking the Update button will remove the user from that group. Selecting a group that the user is not a member of and clicking the Update button will add the user to that group.

The Back button takes you back to the main user editing dialog.

Page 99

RemotelyAnywhere 4.70

Rights

The following dialog lets you edit users’ access rights to directories.

To grant access to a directory on a server, select the virtual server from the server list, select the type of rights you wish to assign to the user, enter the path to the directory and click the Update button.

The path you specify can be a full path, containing a drive letter, or a path relative to the server’s root directory. If you assign rights to a path that is not within the server’s root directory, the setting will have no effect at all.

The following rights are possible:

L – Show directory contents.

Allows the user to list the contents of the directory.

R – Read file.

Download files from the directory.

C – Create subdirectories.

Create new directories in the directory.

D – Delete/rename file.

Delete or rename a file or a directory. Also required to be able to overwrite files.

W – Create/modify file.

Create a new file and/or write data to it.

Full access.

All of the above.

The above settings let the user access FTP Server 1 – he has full control over the contents of the server. These rights only apply to the root directory of the server and all directories below that. The user also has list, read and write access to the c:\work directory on FTP Server 2. However, the user has no

Page 100

RemotelyAnywhere 4.70

rights at all to the c:\work\java directory on FTP Server 2. The user has no rights at all on FTP Server 3, meaning he cannot even log on.

The rights you specify for a directory are automatically inherited by its subdirectories, unless you specify different rights for them.

The following method is used when checking access rights to a directory:

1. The current virtual server’s access list is enumerated for the current user.

2. When the directory closest to the directory in question is found, the access rights specified for that directory is used. For example, if the user has

LRW rights for C:\Work, he has LR rights for C:\Work\CPP, and the directory in question is C:\Work\CPP\Project1, only LR rights are returned

– meaning that the user can only list and read files, but not write to them.

3. If an NT user is specified for the server to run FTP accounts under, further

Windows NT-enforced restrictions might apply, based on file system permissions.

You can also make the user member of one or more groups, and these groups can also be members of one or more groups. For an explanation of this scenario, please see the FTP Groups section of this document.

Page 101

RemotelyAnywhere 4.70

Ratio

The following dialog test you edit upload/download ratio settings for users.

The upload/download ratio lets you control how much data the user has to upload before he can download anything.

If the Upload ratio is set to 1, and the Download ratio is set to 5, the user can download 5 bytes for every byte uploaded. If it were the other way around, the user would have to upload 5 bytes to be able to download one.

You can enter any positive integer number in either of these fields.

There are four possible settings for the Ratio type:

1. None. The user is a normal user, and can download any file he has read access to, without having to upload first.

2. Per session. When the user logs in, his counters are zeroed. Should he lose connection while uploading or downloading, any remaining credits he has will be lost.

3. Per user. The user’s credits are remembered over sessions. It is not recommended if you want several users to share the same account.

4. Per IP. Even if the user loses connection, his credits are remembered, if he logs in again from the same IP address. This does not cause a problem, even if the user account is shared by hundreds of concurrent users.

The Per IP ratio information expiration time setting allows you to expire the per-IP credits after a certain amount of time. If the user logs back from the same IP address after not visiting the server for this much time, he will have to start over building up his credits.

The ratio setting applies to all virtual servers.

To let the user download files without uploading, you can specify a starting

credit. The amount given is in kilobytes – the user will be able to download the specified amount of data without uploading.

Page 102

RemotelyAnywhere 4.70

Disable

The following dialog lets you explicitly disable (or ban) a user on a virtual FTP server.

Disabled users cannot log in, even if they have rights on an FTP server. You can also disable a connected user from the FTP Status page.

Page 103

RemotelyAnywhere 4.70

Homes and Quotas

The dialog below lets you specify home directories for the user.

A home directory is basically the entry point for a user on an FTP server.

When the user logs in, he will find himself in the directory you specify here. If no home directory is specified, he will be logged in to the server’s root directory.

The user can move out from his home directory if he has rights to an outside directory.

You can use a full path, starting with a drive letter, when specifying home directories – or you can enter a relative path to the server’s root directory.

Home directories specified above the server’s root directory are disregarded.

You should make sure that the user has rights to his entry point on the server

– either to his home directory, or if the home directory is not specified, to the root directory of the server. If the user has no rights to the entry point, he will not be able to log in.

You can specify quotas for your users. Quotas are only enforced on home directories, and apply to all files contained in the home directory and its subdirectories. If a user has rights to upload files outside of his home directory, he will be able to do so without restrictions – quotas only apply to the home directory and its contents.

Since Windows does not support disk quotas for user accounts,

RemotelyAnywhere has to enforce them. When a user starts to upload a file, the FTP server quickly scans the contents of the directory to determine if the user is below or above the quota. If the quota is not exceeded, the upload can be started – however, the FTP server will interrupt the transfer as soon as the file being uploaded starts to exceed the specified quota.

Home directory quotas are entirely optional, by leaving the field empty you choose not to limit the amount of data that can be stored on the server by the user.

Page 104

RemotelyAnywhere 4.70

Maximum Connections

You can specify the maximum number of simultaneous connections for a user account in this dialog. By default, a user account can be used to log in any number of times, until exhausting the maximum number of connections for the virtual FTP server, or exhausting the resources of the computer.

Simply select the server on the right, enter the number of maximum simultaneous connections in the Count field and click the Update button.

To remove a limitation, select it in the list on the left and click the Update button.

You can also limit the number of simultaneous connections for the user from a computer or IP address. The Per IP field serves this purpose. When left blank, or a zero is entered, this limitation is disabled. If you enter a numeric value, a single computer can be used to log in that many times with the account.

It is a good idea to limit certain user accounts (for example the Anonymous account) this way. An overall maximum connection limit ensures that the server cannot be overloaded by thousands of Anonymous users, and a Per IP limitation makes sure that no single user can take up all available connections by himself.

In the screen above, user John has been restricted to a single connection on

FTP Server 1. On FTP Server 2, he can maintain four simultaneous connections, either from four different computers or a single machine. On FTP

Server 3, he is limited to 30 connections, but only one connection per computer can be used.

Page 105

IP Filtering

IP Filtering brings up the following dialog:

RemotelyAnywhere 4.70

You can specify which IP addresses the user is able to log in from – or which

IP addresses are not usable by him. When a user attempts to log in,

RemotelyAnywhere will check this list and decide to allow the user to continue with the login attempt, or terminate his connection without even checking the password.

The engine used for IP address filtering is the same as the one used by

RemotelyAnywhere for HTTP-based administration. For an explanation of the possible options, please see the section on Configuration / IP Address

Filtering.

Page 106

RemotelyAnywhere 4.70

Welcome

You can specify a custom welcome message for a user here.

Messages specified here override any post-login message specified for the virtual FTP server. In this case, messages specified for any groups the user belongs to will be disregarded as well.

Page 107

RemotelyAnywhere 4.70

Permissions Report

The permissions report can be retrieved for any FTP user. It will list all FTP servers, and all the rights a user has on the given server. Here is a sample report for a user on FTP Server 2:

You can see that the user can list, read and write to files in the C:\Work directory. The ‘Inherited from’ column shows that this particular right was granted to the user himself.

The user has full access to the C:\Work\files directory, due to being a member of the ‘filexfer’ group. As a member of the ‘web’ group he also as full access to the C:\Work\websites directory.

He has no rights at all to the C:\Work\Java directory – and it is clear that the user himself has been denied access.

This report can be useful if you have a more complicated setup of groups and users, and would like to see what exactly the user can do on the system, and where do these rights come from.

Page 108

RemotelyAnywhere 4.70

FTP Groups

FTP Groups make it easier to control what resources your FTP users have access to. To create a new group, click the Add new group button on the main

FTP settings screen.

General Group Settings

This dialog lets you specify general settings for a group.

You can make a group a member of another group, thus bringing in any permissions or restrictions for its member users from the parent group.

Selecting a group in the Member of list and clicking the Update button will remove it from that group. Selecting a group in the Not member of list and clicking the Update button will add the group to it.

You can also specify a welcome message for a group. Whenever a member logs in, he will see this message instead of the server’s general welcome message.

Page 109

RemotelyAnywhere 4.70

FTP Group Rights

Use this dialog to specify rights to servers and directories.

The dialog works very much like the FTP User Rights dialog, for a basic description please see the appropriate section of this document.

There are some scenarios, however, that might require further explanation.

Suppose the following, rather complicated scenario:

• User1 is member of Group1.

• Group1 is member of Group2 and Group3. On the membership display,

Group2 is shown first Group3 is shown second.

• User1 is granted LR access to C:\, and LRW access to C:\Work.

• Group1 is granted full access to C:\, LR access to C:\Work, and LRWD access to C:\Work\CPP.

• Group2 is granted LR access to C:\Work\CPP and full access to

C:\Work\CPP\Project1

• Group3 is granted LR access to C:\Work\CPP\Project1

So, what exactly User1 can do in the aforementioned directories?

• C:\

He has LR rights. He was explicitly granted LR rights to this directory, and this overrides anything else.

• C:\TEMP

He has LR rights. He was explicitly granted LR rights to the directory closest to this one (C:\), and no groups that he is a member of, directly or indirectly, specify anything else for the C:\TEMP directory.

• C:\Work

LRW rights again. See the first case.

Page 110

RemotelyAnywhere 4.70

• C:\Work\CPP

LRWD, because Group1 has LRWD rights. Even though Group2, which

Group1 is a member of, specifies LR access for this directory, Group1 is the least indirect object that specifies actual rights for the directory.

Group2 is one more indirection away, with User1 only being a member of it because he is a member of Group1, and is therefore overridden by Group1.

• C:\Work\CPP\Project1

Full access. Both Group2 and Group3 are two indirections away, they both specify access rights to the same directory, so the deciding factor between Group2 and Group3 is that Group2 is the first one in the list on the membership display of Group1.

Page 111

RemotelyAnywhere 4.70

FTP Status

The FTP Status screen, accessible from the main FTP configuration page, shows each virtual FTP server’s current status.

For each server, it provides a listing of all current connections and their current activity.

The fields in the list are:

Icon

This field shows a small icon, representing the current status of the connection. A green checkmark indicates a ready, or idle connection.

An hourglass indicates a connection currently in the process of logging in or becoming ready. An up or down arrow indicates uploading or downloading.

User name

The name of the user associated with the connection. For NT users, it is in an AUTHORITY\ACCOUNT form. For FTP users, it’s simply the username. For connections not yet logged in, it’s “N/A”.

Control address

The IP address of the FTP control connection.

Downloaded

Bytes downloaded during this connection.

Uploaded

Bytes uploaded during this connection.

Data address

The IP address of the FTP data connection, if applicable.

Path

The path and name of the file currently being uploaded or downloaded, if any.

Speed

The speed of the upload or download process.

Bytes left

The amount of data left from the transfer operation. Only applies to download transfers, since the FTP protocol does not let the server know the size of the file being uploaded in advance.

Est. time left

The estimated time remaining from the transfer operation. Only applies to download transfers, for the same reason as the previous item.

Kick

This button kicks the user out – in other words, terminates the

Page 112

RemotelyAnywhere 4.70

connection.

Ban user

This button kicks and then bans the user from the FTP server. Only applies to FTP users, and not to NT users. The user’s properties will show him as disabled on the server he was banned from.

Ban user IP

This option first kicks the user from the server in question, then adds an IP filtering rule to the user object that will prevent him from logging in again from the IP address in question. He will have the ability to log in from other IP addresses (depending on IP filtering setup) and the IP address will only be disabled for this user.

Ban server IP

This button kicks the user, then adds an IP filtering rule to the server object that will cause the server not to accept connections from the IP address in question at all. The user will be able to log in from other IP addresses.

For each server, anti-hammering information, if applicable, is also shown. It is in the following format:

IP address

The address the attempted connection came from.

Expires at

The time when the information will be discarded – users will be able to

Bad logins

Number of bad logins from the IP address. establish connections from the IP address at this time again.

Delete

Clicking this button will remove the anti-hammering information from the FTP server’s memory, thus making the IP address available for logins, had it been locked out.

The Refresh button refreshes the contents of the screen to reflect any changes, while the Back button goes back to the main FTP settings screen.

Page 113

RemotelyAnywhere 4.70

FTP Statistics

The statistics page shows you per-server and per-user statistics, such as the last login, number of logins, bytes sent and received, etc.

The red button labeled Reset for servers and FTP users, and Delete for NT users will reset or delete statistics kept on the object.

Page 114

RemotelyAnywhere 4.70

Telnet/SSH Server

The Telnet and SSH server included with RemotelyAnywhere let you access a command prompt on a remote computer from a terminal emulator software or a web browser.

You can either use the Java Telnet client that's part of RA, or any other terminal emulator you like. There are several reasons to stick with our client:

It's secure - it uses the same encryption that's employed by the remote control module. It's fast, since it uses sophisticated data compression to achieve high throughput. And finally, it lets you transfer keystrokes that terminal emulators don't handle, e.g. the Alt key. You can also use your mouse in console applications that support it.

If you decide to use a terminal emulator instead, you will need to connect to the Telnet port (23) or the SSH port (22). You can change the default listener ports in the configuration dialogs to any available port. Should you need to send a special keystroke to the server, just press CTRL-Q and a virtual keyboard will pop up. You can then move the pointer over the desired key with the cursor keys, and press Enter to send it. If you want to send a combination of several keys at the same time, you can select the keys with

Space, and then press Enter after selecting the last key of the combination.

When a connection is initiated from a terminal emulator, you will be asked to log on.

This is handled automatically by SSH clients, so you need to enter your username and password in the SSH client itself. RemotelyAnywhere currently supports the SSH1 and SSH2 protocols with password authentication. To specify a Windows NT/2000 domain, you can enter it as part of the username, separated from the actual login name with a backslash character. For example: DOMAIN\Username.

With Telnet clients, you need to enter your credentials in clear text during the session. You are asked for your username, password, and Windows NT/2000 domain.

After successfully logging in, you will be asked if you want full console support. If you answer with No, you will only be able to use stream-mode programs - applications that take over the whole console window, like

Edit.com, Norton Commander, the Far file manager, etc. will not work.

However, if you are only planning to use command-line utilities, you can safely say No to this question and you will be right at the command prompt.

If you answered yes to the previous question, you will be asked to specify the console window size. A default value is provided for you. You should make sure that the terminal emulator you are using supports it and is set to the size you enter here.

Page 115

RemotelyAnywhere 4.70

Finally, if you have an ANSI compliant terminal emulator, you can choose to use ANSI color support during the session.

Should you disconnect your terminal emulator, or go to a different page in the browser window containing the Telnet client applet, all applications you have running in the Telnet session are left active.

You can reconnect to this Telnet session by simply logging in (or loading the applet) again. There is a timeframe for this though: if you do not reconnect within an hour, all your telnet applications, including the command shell, are terminated. You can change the timeout value from the default one hour to anything you like in the configuration dialogs.

To close the Telnet session for good, type "exit" at the command prompt.

Page 116

RemotelyAnywhere 4.70

Port Forwarding Server

The Port Forwarding Server included with RemotelyAnywhere lets you forward one or more TCP/IP ports on one computer to another, essentially bridging separate networks.

Quick Start

How exactly does the Port Forwarding Server (PFS) work?

LAN

Internet

Internal Fileserver

Firewall Computer

Imagine the above scenario. You have a LAN, connected to the Internet with a firewall / proxy server. The computers on the LAN all have non-Internet IP addresses, and they connect to the outside world via the proxy server.

If you have RemotelyAnywhere installed on any computer on the LAN, say, the fileserver, you can access RA on that computer from within the LAN without any problems. However, it is not accessible from the Internet.

However, if you set up RemotelyAnywhere and PFS on the firewall, so that a certain port (say, 3000) on the firewall is forwarded to the fileserver’s IP address and RA port (2000 by default), accessing port 3000 on the firewall will let you access RemotelyAnywhere on the fileserver. From within the LAN and from the outside as well.

We’ll show a simple example of setting up a solution to the above problem in

PFS. Let’s assume the following:

• The firewall’s Internet IP address is 145.236.120.227

• The firewall’s LAN IP address is 192.168.0.2

• The fileserver’s LAN IP address is 192.168.0.10

• RemotelyAnywhere is installed on both computers, and is listening on port 2000.

Page 117

RemotelyAnywhere 4.70

What we need to do is simple: map port 3000 on the firewall computer to port

2000 on the mail server (dns name mailserver.company.com).

To set up the above solution in PFS, you have to access the Configuration menu, and then select the Port Forwarding item.

This will bring up the following dialog:

To add a new port forwarding item, click on the Add button:

The Incoming Protocol field will be TCP. Other protocols (SSL, CSSL) will be discussed later. The Incoming IP Address can be either ‘All available’ meaning that the port will be forwarded from all IP addresses of the firewall.

If you want to use a single IP address instead of all assigned ones, select it here. The Incoming Port can be anything not already in use on the computer – let’s assume 3000 for now.

The Outgoing Protocol will be TCP. The Outgoing IP Address will be mailserver.company.com (or the actual IP address of the host), and the

Outgoing Port will be 2000.

The Defer Close and the I/O Timeout values can be left to their defaults, we’ll explain them later.

Page 118

RemotelyAnywhere 4.70

The Description field lets you specify a remark associated with the port forwarding item, it will be displayed on the main screen.

If you fill out the dialog and click the Add button, the item will be listed on the main PFS screen:

That’s all there is to it, you have just set up the first port forwarding item.

Advanced Options

You can select a port forwarding item on the main screen with the Select checkbox. Clicking the Edit button will show you and let you modify all the properties of the port forwarding item.

Clicking the Filtering button on the edit screen will let you specify IP address restrictions for the item – this works exactly like the RA IP Address Filtering feature, only it restricts incoming connections to the corresponding port forwarding item only. For more information, please see the documentation on the Configuration / IP Address Filtering topic.

The I/O Timeout setting lets you specify how long the PFS will hold a connection open with no data going through it in either direction. When the amount of time specified here is reached and the connection is idle, both ends of the connection will be closed gracefully.

Page 119

RemotelyAnywhere 4.70

The Defer Close setting lets you specify a timeout value for a special condition. When one end of the connection has been closed, but the other is still open, PFS will wait this much time for the open end of the connection to be closed. It will then close the connection itself.

The Incoming and Outgoing Protocol fields let you specify SSL or CSSL as well as TCP. To translate SSL connections to TCP or TCP to SSL, and thus behave as an SSL proxy for applications that are not SSL-enabled, simply set one end to SSL and the other end to TCP.

There are situations when SSL encryption would be a very nice thing to have, but neither the client nor the server support it. In this case, you can use two installations of RemotelyAnywhere: one to translate the connection from TCP to SSL, the other to translate it back from SSL to TCP.

Let’s suppose that you are using a laptop with a dialup account, and your email software does not support SSL. Let’s also suppose that your corporate mail server does not support SSL either. If you still want to keep your email secure, you can install RemotelyAnywhere both on your laptop and on the email server, and set up a port forwarding item on both computers.

On your laptop, you would need to do the following:

1. Create a port forwarding item with the incoming IP address as 127.0.0.1

(the loopback address), the incoming port as 3110, the incoming protocol is TCP. The outgoing IP address or host name would be set to that of your email server, the outgoing port would be set to 3110, and the outgoing protocol would be SSL.

2. Change your email client’s preferences so that the POP3 server is

127.0.0.1 and the port is 3110.

On the mail server, you would need to only create one port forwarding item, with the incoming IP address set to your mail server’s Internet IP address, the incoming port would be 3110, and the incoming protocol would be SSL.

The outgoing IP address would be the same (the mail server’s Internet IP address), the outgoing port would be 110 (the standard POP3 port), and the outgoing protocol would be set to TCP.

If you performed the above three steps, starting up your email client and checking for mail would actually go through two port forwarding servers; the first one being on your own computer, encrypting all data before it’s sent to the mail server. The mail server’s port forwarding server would receive the encrypted data, and decrypt it before sending it on to the actual mail server software. Data flowing in the other direction would be also seamlessly encrypted and decrypted.

However, if you have two RemotelyAnywhere Port Forwarding Servers talking to each other, you could also utilize the proprietary CSSL protocol instead of using plain SSL. CSSL, which stands for Compressed SSL, would also seamlessly compress and uncompress your data as well as encrypt and decrypt it – to keep to the above example, making your mail arrive much faster over a dialup connection. (And also, to properly finish the laptop/email

Page 120

RemotelyAnywhere 4.70

example, you would also have to create one additional port forwarding item on both computers for the SMTP protocol that is used to send email as opposed to receiving it. This runs on port 25 by default.)

Page 121

RemotelyAnywhere 4.70

GUI Documentation

RemotelyAnywhere includes a system tray icon that serves multiple purposes.

This icon can be fully configured via the Configuration / Desktop Icon and

Remote Control Notification screen.

The icon will blink whenever someone is accessing the computer with

RemotelyAnywhere. Double-clicking the tray icon will bring up a dialog, that shows the most recent events that have occurred within RemotelyAnywhere.

By default, two other icons are shown as well. One is a memory usage indicator (in red), the other is a CPU load indicator (in blue). These can be enabled and disabled at will.

Right-clicking the RemotelyAnywhere icon will bring up the following menu:

The ‘Open Status Window’ item is the default action.

Choosing this is equivalent to double-clicking the icon.

The Enable/Disable RemotelyAnywhere items let you turn the RemotelyAnywhere service on and off at will.

The Enable/Disable Status Indicators items will enable or disable the memory and CPU usage indicators.

The ‘About’ command will bring up the product’s about box.

The ‘Show Performance Windows’ item will open a submenu similar to the one below.

Page 122

RemotelyAnywhere 4.70

In this menu, you are given a selection of performance indicators to display on your desktop.

What actually appears in this menu is based on the performance data RemotelyAnywhere is able to collect.

The software automatically collects performance data on the local disk drives, incoming and outgoing network traffic broken down by network interface,

CPU usage (total and broken down by individual

CPU on SMP systems), and various memory counters.

When you select an item from this menu, a window will pop up, similar to this:

Double-clicking the performance window will shrink it to a smaller format:

You can have as many of these windows up on your screen as you want. They are persistent – that is, they will automatically appear in their previous position after a reboot.

Page 123

RemotelyAnywhere 4.70

Command-line Parameters

On Windows NT and Windows 2000, you can run RemotelyAnywhere from the command line to perform various actions. These are:

1. Installing RemotelyAnywhere on the local computer

The command for this operation is:

Install [-port PORT]

You will need to have the RemotelyAnywhere installation files in the current directory, either copied from an existing installation or from the manual installation archive available on RemotelyAnywhere.com.

This command will create the RemotelyAnywhere service and its support driver in the current directory, and start it immediately.

The optional parameter can specify the listener port. For example:

RemotelyAnywhere Install -port 2020

You will need administrative privileges on the local computer to successfully perform this operation.

You can also install the mirror display driver that enhances remote control speed on the local computer using the following command:

RemotelyAnywhere InstallMirrorDriver

This command requires administrative privileges just like “Install” – and it will only work on the local computer. To install the mirror driver on a remote computer, first install RemotelyAnywhere (see point 2) then initiate a remote control session. You will be prompted to perform the installation which can be done with two simple clicks.

2. Installing RemotelyAnywhere on a remote computer

The command is:

Install <–computer COMPUTER> <–path PATH> [-port PORT]

[-minimal] [-license FILENAME]

You will need to have the RemotelyAnywhere installation files in the current directory. You will also need administrative rights on the remote computer.

The first optional parameter is the same as when installing RA on the local computer; it specifies the HTTP port number. The [-minimal] switch allows you to perform a minimal install. This option does not

Page 124

RemotelyAnywhere 4.70

copy the documentation files, thus speeding up the install process over a slow network connection. The two required parameters are the name of the remote computer and the local path to the intended destination directory on the remote computer.

The [-license FILENAME] option lets you specify a license file to be installed on the target computer.

For example, if you want to install RA on a computer called KOSSUTH in the C:\RemotelyAnywhere directory, and you do not want the documentation files copied, you will need to enter the following command:

RemotelyAnywhere Install –computer KOSSUTH -path

“C:\RemotelyAnywhere” -minimal

This will create the destination directory, copy all necessary files, and create and start the RA service on KOSSUTH.

3. Uninstalling RemotelyAnywhere on a local computer

The command is:

Uninstall

This will stop and remove the RemotelyAnywhere service and its support driver, as well as all registry entries created by

RemotelyAnywhere. You will need to delete the RemotelyAnywhere directory and all its contents yourself.

For example:

RemotelyAnywhere Uninstall

You will need administrative privileges on the local computer to successfully perform this operation.

4. Uninstalling RemotelyAnywhere on a remote computer

The command is:

Uninstall <-computer COMPUTER>

This will stop and remove the RemotelyAnywhere service and its support driver, as well as all registry entries created by

RemotelyAnywhere. You will need to delete the RemotelyAnywhere directory and all its contents yourself.

For example:

RemotelyAnywhere Uninstall –computer KOSSUTH

Page 125

RemotelyAnywhere 4.70

You will need administrative privileges on the remote computer to successfully perform this operation.

5. Starting and stopping a service

The command is: start [-service SERVICE] [-computer MACHINE] stop [-service SERVICE] [-computer MACHINE]

The optional parameters are the name of the service (it defaults to

RemotelyAnywhere) to be started, and the computer to perform the operation on (defaults to the local computer).

For example:

RemotelyAnywhere start

This will start the RemotelyAnywhere service on the local computer.

RemotelyAnywhere stop W3SVC –computer KOSSUTH

This will stop the W3SVC service on the computer called KOSSUTH.

You will need administrative rights on the remote computer to perform this operation.

6. Restart the RA service

The command is:

Restart [-computer COMPUTER]

The optional parameter is a computer name (defaults to the local machine).

For example:

RemotelyAnywhere Restart –computer KOSSUTH

You will need administrative privileges on the computer to successfully perform this operation.

7. Add RA permissions to an NT user or group

The command is:

AddPermission <-user USER> [-permissions PERMISSIONS]

The required parameter is the name of a Windows NT user or group.

The optional parameter is a listing of permissions. If it is omitted,

Basic permissions are added to the user.

This command only works on the local computer.

Page 126

RemotelyAnywhere 4.70

A list of possible permission values:

BASIC

REGISTRY

- Basic

- Registry Editor

USERMANAGER - User Manager

FILEMANAGER - File Manager

EVENTVIEWER - Event Viewer

REBOOT - Reboot

TASKSCHEDULER - Task Scheduler

SERVICES - Services

PROCESSES - Processes

REMOTECONTROL - Remote Control

TELNET

VIEWSCREEN

- Telnet

- View Remote Screen

CONFIGURATION - Configuration

PERFORMANCE - Performance

EXECSCRIPT

EDITSCRIPT

- Execute Scripts

- Create/Edit Scripts

CUSTOMHTTP - Custom HTTP server

Administration

FULLCONTROL - Full Control

SSHSHELL

SSHFORWARD

- SSH Shell Access

- SSH Port Forwarding

SSHPRIVFORWARD - SSH Privileged Port Forwarding

SSHSFTP - SSH File Access (SFTP)

Please see the documentation on Configuration / RemotelyAnywhere

Access Control for a description of each permission setting.

For example:

RemotelyAnywhere AddPermission –user

3AMLABS/RemotelyAnywhere –permissions TELNET

PROCESSES REMOTECONTROL

The above command adds Telnet, Processes and Remote Control permissions to the RemotelyAnywhere user or group in the domain

3AMLABS.

You will need to have RemotelyAnywhere Configuration privileges to successfully execute this command.

RemotelyAnywhere should not be running when you execute this command. So if you want to perform adding permissions as part of the installation process, here’s a sequence of commands you should perform:

RemotelyAnywhere Install

RemotelyAnywhere Stop

RemotelyAnywhere AddPermission –user RemotelyAnywhere – permissions FULLCONTROL

RemotelyAnywhere Start

Page 127

RemotelyAnywhere 4.70

The above sequence, when placed in a batch file, will install

RemotelyAnywhere on the local computer, stop the RA service, add

Full Control permissions to the user or group RemotelyAnywhere, and start the RA service.

8. Revoke RA permissions from an NT user or group

The command is:

DelPermission <-user USER>

The required parameter is the name of a Windows NT user or group.

This command revokes all RemotelyAnywhere permissions from the specified account. The same rules and restrictions apply as in the case of the AddPermission command.

9. Translate a Windows error code into a textual message

The command is:

Perror <-error ERROR>

The required parameter is an error code, such as 2, 11001, etc.

When you see an error code in the RemotelyAnywhere.log file, and there is no textual representation for it, you can use the above command to get the necessary information from Windows.

For example, the command

RemotelyAnywhere Perror -error 11001

Will produce the following output:

Error: No such host is known. (11001)

10. Create SSL Certificates

The commands are:

CreateCACert <-country COUNTRY> <-organization

ORGANIZATION> <-name NAME> [-path PATH]

CreateSRVCert <-country COUNTRY> <-organization

ORGANIZATION> <-name NAME> [-path PATH]

For CreateCACert, the required parameters are: o COUNTRY: The country your organization is located in. o ORGANIZATION: The name of your organization. o NAME: Your name.

Page 128

RemotelyAnywhere 4.70

For CreateSRVCert, the required parameters are: o COUNTRY: The country the computer is located in. o ORGANIZATION: The name of your organization – please append something like “RemotelyAnywhere” to this field. It

must not be the same as the organization name in the

CreateCACert command. o NAME: The name of the computer. It should be the name you will be using in the URL, to avoid “Invalid Certificate” warnings.

If the computer has a fully qualified domain name (such as pc10.mydomain.com) use it. If you are only accessing the computer from the LAN, use its NETBIOS name (such as

PC10ACCT). If you are going to access the computer with an IP address in the URL, enter the IP address as the computer name.

The optional parameter, PATH, specifies an output directory. If omitted, RemotelyAnywhere will write the certificates into its installation directory.

For example:

C:\RemotelyAnywhere>RemotelyAnywhere CreateCACert -country

HU -organization "3am Laboratories PL" -name "Marton

Anka"

RemotelyAnywhere 3.2.258

Copyright (C) 3am Laboratories PL, 1999, 2000.

Running on Windows NT/2000.

Checking your credentials...passed.

Generating CA Certificate...

Loading 'screen' into random state - done

Generating a 512 bit private key writing new private key to 'C:\RemotelyAnywhere\CAKey.pem'

-----

The following information will be incorporated into your certificate request.

----- countryName:HU organizationName:3am Laboratories PL commonName:Marton Anka

OK.

Converting CA Certificate to .der format...

OK.

The above example shows a command that creates a CA certificate, and the output from RemotelyAnywhere.

An example for the CreateSRVCert command:

C:\RemotelyAnywhere>RemotelyAnywhere CreateSRVCert -country

USA -organization "3am Laboratories PL -

RemotelyAnywhere" -name ra.03am.com

Page 129

RemotelyAnywhere 4.70

RemotelyAnywhere 3.2.258

Copyright (C) 3am Laboratories PL, 1999, 2000.

Running on Windows NT/2000.

Checking your credentials...passed.

Generating Server Certificate Request...

Loading 'screen' into random state - done

Generating a 512 bit private key writing new private key to 'C:\RemotelyAnywhere\RAKey.pem'

-----

The following information will be incorporated into your certificate request.

----- countryName:USA organizationName:3am Laboratories PL - RemotelyAnywhere commonName:ra.03am.com

OK.

Signing Server Certificate...

Signature ok subject=/C=USA/O=3am Laboratories PL -

RemotelyAnywhere/CN=ra.03am.com

Getting CA Private Key

OK.

The above command created a server certificate for the computer, and signed it with the CA certificate generated in the previous step.

Please note that in order to be able to execute the CreateCACert and

CreateSRVCert commands, the user typing them in needs to have

Configure access to the RemotelyAnywhere installation where the command is executed.

11. Export/Import RemotelyAnywhere configuration settings to/from a text file

The commands are:

CreateIniFile [-inifile FILENAME] [-computer MACHINE]

LoadIniFile [-inifile FILENAME] [-computer MACHINE]

The default value for FILENAME is RemotelyAnywhere.ini in the directory the RemotelyAnywhere executable is located in. The

COMPUTER parameter, if not specified, defaults to the local computer.

You can use these commands to quickly copy configuration settings from one RemotelyAnywhere installation to another, usually when installing RemotelyAnywhere to a remote computer from the command line.

A typical set of commands using these settings would be:

RemotelyAnywhere CreateIniFile

RemotelyAnywhere Install –computer SERVER1

RemotelyAnywhere Stop –computer SERVER1

Page 130

RemotelyAnywhere 4.70

RemotelyAnywhere LoadIniFile –computer SERVER1

RemotelyAnywhere Start –computer SERVER1

The first line saves the local RemotelyAnywhere configuration to the default file. The second command installs RA on the computer named

SERVER1. The third command stops the RA service on SERVER1 – necessary, because the previous command already started RA. The fourth command will read all settings from the default ini file, and configure RA on SERVER1 accordingly. Finally, the last command starts

RA.

The CreateIniFile command will write all RemotelyAnywhere configuration data to the target text file. The LoadIniFile command will import all configuration data contained within the text file to the target computer. This means that all configuration data is copied, including permissions, FTP Server settings, the license key, etc. If you do not want to import specific configuration items, you will need to edit the generated ini file and remove these entries. The role of each registry setting is described in

Appendix A . The format of the generated ini file

is as follows:

[MetaData]

Creator=RemotelyAnywhere

CreatorBuildNumber=268

SourceComputer=SERVER2

Value0000=UseGraphRed

Value0001=VisitLength

Values=2

[UseGraphRed]

Type=REG_DWORD

Data=0

[VisitLength]

Type=REG_DWORD

Data=600

The above example, of course, is just a small part of the actual file generated. If you do not wish to copy, for example, the VisitLength setting, simply remove the ValueXXXX=VisitLength line from the

MetaData section.

12. Sample Scripts For Remote Installation

Why should you bother with command-line usage of

RemotelyAnywhere at all? Well, you don’t have to, but they can be very useful if you are doing a massive rollout of RemotelyAnywhere to a great number of NT computers.

Using a batch file and calling RemotelyAnywhere with the Install, etc. parameters is the most effective way of quickly setting up RA on a number of machines. We’ll take a look at how it is done in the real world.

Page 131

RemotelyAnywhere 4.70

First, you will want to install RA on a single computer – you can use the GUI installer to do this. Then, access Configuration and set up everything to your liking. You should also create the SSL certificates on this computer.

Next, go into the RemotelyAnywhere folder and execute the

CreateIniFile command. This will export the whole RemotelyAnywhere configuration to a text file. You should open this text file and make sure that all the settings are the way you want them; you can find a complete reference to the registry entries in the appendices of this document.

Once you have a RemotelyAnywhere installation, proper configuration data in an initialization file and the SSL certificates, you are ready to install the software on remote computers.

Here are the steps that need to be taken:

1. Install RA on the target computer. This will copy all necessary files, and start the RemotelyAnywhere service with the default settings.

2. Stop the RA services on the target machine – this is required because we’ll be changing the configuration data.

3. Create the SSL certificate for the remote computer. If you followed the steps described above, the CA certificate has already been created locally, and it is automatically copied by the Install procedure, so you only need to care about the individual computer certificates in this step. Since the CreateSRVCert command can only execute on a local computer, you need to back up the computer certificate file on the local machine, generate the certificate for the target computer, copy it over, and then restore the certificate.

4. Import the configuration data.

5. Start the RA service.

In a batch file, this looks like the following:

Echo #################################### >>rainst.log

Echo INSTALLING ON %1 >>rainst.log

Echo #################################### >>rainst.log

RemotelyAnywhere Install –computer %1 -path “C:\Program

Files\RemotelyAnywhere” >>rainst.log

RemotelyAnywhere Stop –computer %1 >>rainst.log

RemotelyAnywhere CreateSRVCert –country US –organization

“Company – RemotelyAnywhere” –name %1 >>rainst.log

Echo Copying certificate. >>rainst.log

Copy RACert.pem “\\%1\c$\Program Files\RemotelyAnywhere”

>>rainst.log

RemotelyAnywhere LoadIniFile –computer %1 -inifile

RemotelyAnywhere.ini >>rainst.log

Page 132

RemotelyAnywhere 4.70

RemotelyAnywhere Start –machine %1 >>rainst.log

The %1 batch file variable assumes that the first parameter passed to it is the name of the remote computer. The “Copy RACert.pem” command further assumes that the target computer has the default administrative share C$ open. You should also remember to back up the RACert.pem (the local computer’s SSL certificate) file prior to running the script, and don’t forget to restore it once it is done.

If you put the contents of the above file into a batch file called rainst.cmd, you can create another batch file called rollout.cmd with the following contents:

Ren RACert.pem RACert.local

Call rainst.cmd MAILSERVER

Call rainst.cmd WEBSERVER

Call rainst.cmd WKSTA1

Call rainst.cmd WKSTA2

Del RACert.pem

Ren RACert.local RACert.pem

The above script takes care of saving and restoring the original certificate file for the local computer, and installs RemotelyAnywhere using the first script on four computers.

When the command completes, you should verify the contents of the rainst.log file where all the output has been redirected to.

All of the above commands, with the exception of CreateCACert and CreateSRVCert, are only supported on the Windows NT family of operating systems. The target computer, if applicable, must be a Windows NT computer as well.

Page 133

RemotelyAnywhere 4.70

Unattended Installation

InstallShield, the installer software RemotelyAnywhere uses, supports silent - unattended - installations.

In order to perform an unattended installation, you should first download the

RemotelyAnywereNP.zip (no-package) archive, and unzip it into a temporary directory. This archive contains the RemotelyAnywhere setup files, and since it’s not packaged into a single executable, you will be able to pass commandline parameters to Setup.exe.

To perform a silent install, you should first create a setup response file. You need to run Setup with the –r switch to do this. Launch a command prompt, go to the directory where the RemotelyAnywhere files reside, and execute the following command:

Setup –r

This will launch Setup, and you will need to go through the installation process once. Setup will record every choice you make in a file called

Setup.iss, located in your Windows directory.

You can use this file to launch unattended setups later on. You will need to make available the setup files on the machine you want the silent install to run on, either by copying them over or placing them in a directory on the

LAN. Then copy the Setup.iss file created in the previous step into the

Windows directory of the target computer. Next, type the following command:

Setup -s

Setup will launch, and run in the background, installing RemotelyAnywhere.

When it finishes, it creates a Setup.log file in the directory where Setup.exe resides. You can examine the contents of this file to see whether the installation was successful.

RemotelyAnywhere provides a small batch file named silentsetup.bat to help you with the above process. Using silentsetup.bat is extremely easy:

1. Extract RemotelyAnywhereNP.zip into a directory on your LAN.

2. Go to the first machine where you want to install RemotelyAnywhere.

3. Execute silentsetup.bat. Setup will run (you will need to provide user input this first time), the response file will be created, and copied into the Setup directory.

4. Go to the next computer you want RA to be installed on. Execute

silentsetup.bat. The response file will be automatically copied to the

Windows directory, and Setup will be run in the background.

5. The batch file will show you the contents of the file Setup.log. Look for the

[ResponseResult] section, on a successful install, the ResultCode value is equal to zero.

6. Repeat from step 4.

Page 134

RemotelyAnywhere 4.70

You should pay attention when using the response file you create:

1. You cannot use a response file on Windows NT or 2000 that was generated on Windows 9x, nor vice versa.

2. You cannot use a response file generated by an upgrade installation to install a fresh copy of RemotelyAnywhere, nor vice versa.

If you attempt to use a response file that does not meet the above conditions,

Setup will fail.

Page 135

RemotelyAnywhere 4.70

WAP Access

Introduction

RemotelyAnywhere supports limited access via wireless devices using the

Wireless Application Protocol (WAP).

These devices are usually mobile phones, with limited screen size, limited memory, and limited processor capacity.

For this reason, they do not understand HTML – pages displayed on WAP devices are written in WML, which is based on XML. Graphics are simple black-and-white images.

When you access RemotelyAnywhere via the WAP interface, you are prompted to log in:

Enter your username and password using the phone’s controls then click the

Submit link:

Page 136

RemotelyAnywhere 4.70

Note: If RemotelyAnywhere does not recognize your WAP device as such, it might cause your WAP browser to display a message regarding unknown content, a compile error, or something similar. In this case, you can edit the contents of the WapClients.cfg file found in your RemotelyAnywhere directory to make the user agent known as a WAP device. Further information on the format of the file is found inside. It is a plain text file and can be edited using any text editor.

Page 137

RemotelyAnywhere 4.70

Security Precautions

With HTTP and the browser interface, you have a fairly simple job securing your communication: simply create an SSL certificate, install the certificate in your browser, and use HTTPS as the protocol.

With the WAP interface, things are more difficult, since your phone does not directly communicate with RemotelyAnywhere. WAP devices connect to a WAP gateway that acts like an intelligent proxy server:

1. The phone issues a request to the gateway. The phone and the gateway communicate via UDP (connectionless IP).

2. The gateway issues an HTTP or HTTPS request to RemotelyAnywhere and waits for the reply.

3. The gateway compiles the received WML into bytecode and sends it to the phone.

While this is of no concern when browsing WAP pages for stock quotes or weather forecasts, it raises two issues when a secure connection is required:

1. The phone must be able to communicate with the gateway via a secure channel. This is done via the WTLS protocol that requires that the phone

‘trusts’ the gateway – that is, it has its WTLS certificate installed.

2. The gateway must be able to communicate with RemotelyAnywhere via

HTTPS. This requires that the gateway ‘trust’ the RemotelyAnywhere installation in question – it should have its certificate installed.

When using a commercial gateway (such as the ones provided by cellphone companies) the first issue is usually not a problem. However, your cellphone provider will probably not install your self-generated RemotelyAnywhere certificates, so the secure connection between the gateway and

RemotelyAnywhere will not be established.

To solve this problem, 3am Laboratories PL, the creator of RemotelyAnywhere will set up a WAP gateway exclusively for RemotelyAnywhere users. It will provide secure communication between the WAP device and the gateway, and will communicate with RemotelyAnywhere installations using HTTPS.

Please keep an eye on www.remotelyanywhere.com

, any news regarding this plan will be posted there.

If you need secure WAP access now, you might want to consider setting up your own WAP gateway. While a WAP gateway can (and usually does) cost in the USD 10,000 range, you can get a full-featured, WTLS-enabled WAP gateway from Infinite Technologies supporting three concurrent users for about USD 500. Please visit www.waplite.com

for more information.

Page 138

RemotelyAnywhere 4.70

Info Screen

You will be greeted with an Info screen that displays some essential information about the computer. The Info screen will look similar to these:

At the bottom of this screen (and at the bottom of every screen) you will find the main menu that allows you to select RemotelyAnywhere functions accessible via the WAP interface.

Page 139

RemotelyAnywhere 4.70

The Menu

The menu, at the bottom of the screen looks like this (only partially shown):

The complete list of menu options is this:

1. Info

2. Services

3. Drivers

4. Processes

5. Performance

6. Reboot

7. Telnet

8. Logout

A link to this menu is present at the bottom of every page displayed by

RemotelyAnywhere.

Page 140

Services & Drivers

The Services page looks like this:

RemotelyAnywhere 4.70

You see a listing of all installed services, with their status next to them.

Selecting a service takes you into a menu that allows you to control that service:

On the services listing page, near the end, you can request different parts of the list:

Page 141

RemotelyAnywhere 4.70

The Drivers page looks and acts exactly like the Services page, so we won’t go into details here.

Page 142

Processes

The Processes page has three options:

RemotelyAnywhere 4.70

The first two will let you see a listing similar to the Services or Drivers lists – next to the process name you will see either the CPU time used by the process or the Memory in use by the process, depending on your selection:

Selecting a process will display detailed information about it, such as the executable name with full path, the parent process, if available, the creation time, CPU time, pagefile and physical memory usage:

Page 143

RemotelyAnywhere 4.70

You also have the option of killing a process here.

The third option in the Processes menu is the Create Process one. This will present you with the following dialog:

Filling out this form and submitting it launches a new process under the user account of the person using the WAP device. You can use this for a variety of tasks, such as executing batch files:

Executable Name: cmd.exe

Optional Parameters: /C c:\backup\startbackup.cmd

This will launch the command interpreter, which, in turn, will launch the startbackup.cmd batch file in the c:\backup directory.

Page 144

RemotelyAnywhere 4.70

Performance

On the performance pages, you can view graphs on the CPU, memory, and disk space utilization. The main menu looks like this:

By selecting either of these options, you are presented with three graphs, each with a different sampling rate – just like in the main RemotelyAnywhere performance charts.

The CPU load represents the total CPU load on multiprocessor machines. The memory load includes physical and virtual memory. The disk space utilization chart represents the total for all harddisks in the computer.

Page 145

RemotelyAnywhere 4.70

Reboot

This option presents you with a menu similar to the one found in the HTML interface:

The first three selections reboot the computer. Normal reboot shuts down all applications. Emergency reboot kills all processes then shuts down and restarts the system in an orderly fashion. You might lose data in your running applications. Hard reboot is just like pressing the reset button or toggling the power switch: use this only as a last resort!

The last selection restarts the RemotelyAnywhere service.

Page 146

RemotelyAnywhere 4.70

Telnet

This option gives you access to a command prompt on the remote computer.

To type a command, first you need to enter it into the Input field below, then send it with the Send link, finally send an Enter key with the Send Enter link.

The Refresh link (not shown on the above illustration) will request the current contents of the screen and send it to your WAP device.

Page 147

RemotelyAnywhere 4.70

Logout

This menu option ends your RemotelyAnywhere session.

It is not strictly necessary to manually log out – your session will eventually time out after the time period specified in the RemotelyAnywhere configuration elapses.

Page 148

RemotelyAnywhere 4.70

Appendices

The four appendices below cover the registry settings used by

RemotelyAnywhere, the System Monitoring language reference, the Scripting

Language Extensions reference and the version history.

Appendix A: Registry Reference

RemotelyAnywhere stores all its configuration data in one registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\RemotelyAnywhere

Below is a table listing all possible values and their meanings.

Please keep in mind that it is not recommended to make changes to these settings by hand. If you do so, you should stop the RemotelyAnywhere service before making any changes and only start it after you are done, to make sure RA recognizes the changes you have made.

Value Name

@CurrentIP

@CurrentPort

@InstalledBuild

AdminAccess

AllowNTLM

AllowUsernameInCookie

AutomaticPriorities

CheckForUpdates

ColorDepth

CompiledMonitoringScript

ConsoleFont

Type Description

DWORD The IP address RemotelyAnywhere is currently listening on. (0: All available IP addresses)

DWORD The TCP/IP port RemotelyAnywhere is currently listening on.

DWORD The build number of

RemotelyAnywhere currently running on the computer.

DWORD Allow all administrators to access

RA. (1: Yes, 0: No)

DWORD Use NTLM authentication if necessary. (1: Yes, 0: No)

DWORD Allow the browser to remember the last username that logged in to

RemotelyAnywhere. (1: Yes, 0: No)

BINARY Settings for Automatic Priorities

DWORD If set to 1, RemotelyAnywhere will periodically check the

RemotelyAnywhere website for new versions of the software.

DWORD Color depth to use during remote control. If set to 0, the remote computer’s color depth will be used.

BINARY The System Monitoring Script in compiled form.

REG_SZ The name of the font file to use with the built-in Telnet client.

Page 149

Value Name

ConsoleHeight

ConsoleWidth

CPU1UpdateTime

CPU2UpdateTime

CPU3UpdateTime

DisableCompression

DisabledInfoItems

DisableNonSSL

EventLogEmailer

EventlogRecords

FlistCols

ForceHTTPTunneling

FTPSettings

FTTimeout

HTML_XXXX

IconsEnabled

RemotelyAnywhere 4.70

Type Description

DWORD Height, in characters, of the Telnet window.

DWORD Width, in characters, of the Telnet window. data for the shortest queries. Default: 10 seconds. data for the medium queries. Default:

300 seconds (5 minutes). for the longest queries. Default:

3600 seconds (one hour).

DWORD When set to non-zero, it will disable content compression. Netscape browsers have problems with compressed content, and IE5 introduced a few glitches as well. If you are experiencing strange HTML pages within RA, set this to a nonzero value.

DWORD A bit mask specifying which items have been minimized – or rather, disabled – on the General Info page.

DWORD When non-zero, disables unsecured connections. Only SSL connections will be allowed.

BINARY Stores the rules for emailing new event log entries.

DWORD Number of eventlog records to display per page.

DWORD A bit mask representing which columns to display in the File

Manager.

DWORD When set to non-zero, the Remote

Control and Telnet clients tunnel through HTTP instead of establishing a direct connection to

RemotelyAnywhere.

BINARY FTP Server configuration data.

DWORD The idle timeout threshold for the

File Transfer module in seconds.

REG_SZ Various settings that define the appearance of RemotelyAnywhere

(colors, font tags, etc).

DWORD A non-zero value allows RA to display small icons on the HTML pages it generates.

Page 150

RemotelyAnywhere 4.70

Value Name

IndicateDowntime

InstalledVersion

InstallPath

IpAddress

IpFilterSettings

ListenerSocket

LockConsole

LockoutBadLoginCount

LockoutDuration

LockoutEnabled

LockoutResetCountAfter

Logging

MaxNumberOfServicingThreads

NumberOfDaysToRetainLogs

PerformanceQueries

Type Description

DWORD A non-zero value will direct

RemotelyAnywhere to indicate on the performance monitoring graphs when a computer was not operating.

REG_SZ The currently installed version.

REG_SZ The directory RemotelyAnywhere was installed in.

DWORD The IP address RemotelyAnywhere should listen on. If set to zero, it will listen for connections on all available

IP addresses.

BINARY IP Filtering configuration in binary form.

DWORD The TCP/IP port RA should listen on for incoming HTTP and HTTPS connections. The default is 2000.

DWORD If a remote control session is abruptly terminated, a non-zero value in this field will direct RA to lock the console.

DWORD Number of bad logins before locking out an IP address.

DWORD The number of seconds an IP address is locked out for.

DWORD A non-zero value means that IP

Address Lockout is enabled.

DWORD The number of seconds that should elapse before RA resets the bad login count on an IP address.

DWORD A non-zero value allows RA to write events into a file called

RemotelyAnywhere.log in its installation directory.

DWORD Maximum number of threads

RemotelyAnywhere can use to service user requests.

DWORD Number of days the log files are kept for – thus the maximum number of RAyymmdd.log files in the RA directory.

DWORD A non-zero value enables performance queries.

Page 151

Value Name

Permissions

PermissionsNDS

PFSSettings

PlistCols

ProxyProblemFixer

PVAboveMenu

RAClientTimeout

RAGui

RAGuiConfirmationText

RAGuiConfirmationTimeout

RAGuiDefaultToYes

RAGuiPerfWindows

RAGuiShowIcon

RCBeepContinuously

RemotelyAnywhere 4.70

Type Description

BINARY Permission data. On Windows NT, this is a list of SIDs (security identifiers) representing users or groups, and bit masks representing available functions to that particular user or group. On Windows 9x, this is a list of usernames, corresponding passwords encrypted with a one-way encryption algorithm, and corresponding bit masks.

BINARY NDS (Novell eDirectory) permission data in binary form.

DWORD Port Forwarding Server configuration data.

DWORD A bit mask describing which columns to display in the Process List.

DWORD The proxy problem fixer mask, as described in

Configuration/Connections.

DWORD A non-zero value enables the

Performance Viewer applet above the menu bar.

DWORD The number of seconds before the

Java remote control client will disconnect idle connections.

DWORD A non-zero value enables the

RemotelyAnywhere system tray icon and the Remote Control query.

REG_SZ The confirmation text that appears in the remote control confirmation dialog.

DWORD The number of seconds before the

Remote Control query times out.

DWORD A non-zero value indicates that a timed-out Remote Control query is to be treated as equivalent to the user pressing the Yes button. A zero value means that the No button should be used instead.

BINARY The size, position, and type of the performance windows on the desktop.

DWORD A non-zero value allows the systemtray icon to be shown.

DWORD Whether or not the host computer should bee periodically when a remote control session is active. (1:

Yes, 0: No)

Page 152

RemotelyAnywhere 4.70

Value Name

RCBeepInterval

RCBeepWhenRCStartsAndEnds

RCDisableInput

RCDisableWallpaper

RCFullScreen

RCMaxUpdatesPerSecond

RCUseMirrorDriver

RefreshInterval

ScreenshotBasedRC

ServingDefault

ServingDir

ServingEnabled

ShortcutSettings

SMTPAuth

SMTPPassword

SMTPServer

SMTPUser

Type Description

DWORD Number of seconds between beeps.

Only applies if RCBeepContinuously has been turned on.

DWORD Sound a beep when a remote control session is initiated or terminated.

(1: Yes, 0: No)

DWORD A non-zero value instructs RA to disable the local mouse and keyboard during a remote control session.

DWORD A non-zero value indicates that RA should disable the desktop wallpaper when a remote control session is started.

DWORD Specifies whether the remote control client, when opened in a new window, opens a full-screen window or a normal one.

DWORD The maximum number of updates per second sent by

RemotelyAnywhere during a remote control session.

DWORD Whether or not RemotelyAnywhere should utilize its mirror display driver during a remote control session.

DWORD The refresh interval for screenshotbased monitoring mode, in seconds.

REG_SZ Enable or disable the screenshotbased remote control interface.

REG_SZ The default (index) file for the builtin HTTP daemon.

REG_SZ The root directory for the HTTP daemon.

DWORD A non-zero value enables the built-in

HTTP daemon.

BINARY Definitions for the shortcuts that appear on the General Info page.

DWORD A non-zero value enables SMTP authentication towards the mail server when RemotelyAnywhere sends out an alert email.

REG_SZ The password used to authenticate the SMTP user towards the mail server. Stored in clear-text form.

REG_SZ The SMTP server RemotelyAnywhere should use when sending emails.

REG_SZ The user name to use when logging in to the SMTP server.

Page 153

Value Name

Special.DisableInfoPage

Special.LoginRCButtonOnly

SplashScreen

SSHEnabled

SSHPort

SSLMessage

TelnetBanner

TelnetColors

TelnetEnabled

TelnetFullScreen

TelnetHeight

TelnetIdleTimeout

RemotelyAnywhere 4.70

Type Description

DWORD This is a “hidden” setting. It’s not available from the configuration pages. If you want to disable all items on the Info page – except for the Welcome and the Copyright sections – create a DWORD value with this name and set it to nonzero.

DWORD This is a “hidden” setting. It’s not available from the configuration pages. If you want to remove the

“Login” button on the login page

(thus leaving the “Remote Control” button only) create a DWORD value with this name and set it to nonzero.

DWORD If non-zero, display the

RemotelyAnywhere Splash Screen when the computer is booted. (Only used on Win9x.)

DWORD Enables or disables the SSH server.

DWORD Defines the TCP/IP port the SSH server listens on. The default is 22.

DWORD If non-zero, it allows RA to display a warning on the login page if SSL has not been configured on the computer.

DWORD A non-zero value indicates that the

Telnet server can send its ‘banner’ – that is, its own version, the operating system, etc. when a connection is made to the Telnet port.

DWORD A non-zero value indicates that the

Telnet server should send ANSI color codes to the client.

DWORD A non-zero value enables the telnet server.

DWORD A non-zero value indicates that a new telnet connection should be opened in a full-screen browser window.

DWORD The preferred height (in characters) of the console in a Telnet session using a 3 rd party Telnet client.

DWORD The number of seconds the user can stay idle (that is, not send a keystroke) when logged in to the

Telnet or SSH server.

Page 154

Value Name

TelnetLoginTimeout

TelnetMaxConnections

TelnetNewWindow

TelnetPort

TelnetReconnectTimeout

TelnetSSH1Enabled

TelnetUnsecuredEnabled

TelnetWidth

Tooltips

UseGraphRed

UsersPerPage

VersionChecksPerformed

VisitLength

WAPMaxLinesPerScreen

RemotelyAnywhere 4.70

Type Description

DWORD The number of seconds the user can stay idle for while entering login information in his Telnet client.

DWORD The maximum allowed connections to the Telnet server.

DWORD A non-zero value indicates that

RemotelyAnywhere should open a new browser window when a Telnet connection is initiated.

DWORD The TCP/IP port the Telnet server should listen on. The default is 23.

DWORD The number of seconds a ‘lingering’ telnet connection – that is, one that has been abruptly disconnected – is available for reconnection.

DWORD When non-zero, it allows the SSH server to negotiate an older (SSH1) connection. If set to zero (disabled) then only SSH2 connections are accepted.

DWORD A non-zero value enables plaintext connections to the telnet server. If set to zero, only connections initiated from the browser will be accepted.

DWORD The preferred width (in characters) of the console in a Telnet session using a 3 rd party Telnet client.

DWORD A non-zero value enables tooltips on the RemotelyAnywhere HTML pages.

DWORD When drawing performance graphs, the percentage above the value specified here is shown in red. A zero value means it’s turned off.

DWORD The number of users that appear on the User Manager user list per page.

DWORD The number of times

RemotelyAnywhere has requested version information from

RemotelyAnywhere.com.

DWORD The number of seconds before a logged on RemotelyAnywhere session times out.

DWORD The number of items in lists on a

WML page sent to a WAP device.

Page 155

RemotelyAnywhere 4.70

Appendix B: Monitoring Script Reference

Conditions

• DiskFreeSpaceUnder(<drive>, <amount>) o Becomes true if there’s less than <amount> number of bytes free on <drive>.

• ProcUsageAboveFor(<usage>, <time>) o Becomes true if the processor usage has been above <usage> for the time period specified in <time>.

• MemUsageAboveFor(<usage>, <time>) o True if the memory usage is above the specified amount for the specified time.

• NetInUsageAboveFor(<net interface>, <usage>, <time>) o True if the network input on the specified network interface has taken up more than the specified percentage of the available bandwidth of said interface for the amount of time specified.

• NetOutUsageAboveFor(<net interface>, <usage>, <time>) o True if the network output on the specified network interface has taken up more than the specified percentage of the available bandwidth of said interface for the amount of time specified.

• CheckAnswer(<server:port>, <request>, <reply>, <time>) received from the server does not match the reply specified above.

• Small(<script name>) o Connects to the server and port specified, sends a request, and waits for a reply. True if the connection is unsuccessful, there is no data received for the amount of time specified, or the response o Executes the Small script specified in the <script name> parameter. Becomes TRUE if the script returns a non-zero value, and becomes FALSE if the script returns with zero.

The script must meet the following requirements:

Page 156

RemotelyAnywhere 4.70

ƒ It has to be compiled and available in the

RemotelyAnywhere installation directory.

ƒ It must have a main function, and that function should return an integer value.

Parameters

• <drive> o A drive specification, for example, “C:\\”

• <amount> o Amount of memory or HD space. For example: 1,000,000 (bytes) or 128M (megabytes).

• <usage> o A percentage of, for example, processor usage. E.g.: 90%

• <time> o An amount of time. For example: 10s (10 seconds), 20m (20 minutes), 24h (24 hours).

• <net interface> o A number identifying a network interface. You can see the list of network interfaces installed in the computer by going to

Performance->Network Adapters. The first adapter in this list is adapter 1, the second is adapter 2, etc.

• <server:port> o When querying a TCP/IP service, you must specify the server and the port to connect to. This can be in the form of a DNS name and a port number (such as “www.company.com:80”) or an IP address and a port number (such as “192.168.0.3:8888”).

• <request>

• <reply> o When you query a TCP/IP service, you specify here what you want to send to the server. For example: “HEAD / HTTP/1.0”. o When you query a TCP/IP service, you expect a reply to your request. RA will match the first few bytes of the response from the server against the reply you specify here.

Page 157

RemotelyAnywhere 4.70

• <string> o An arbitrary string of characters enclosed by double quotes (“).

• <script name> o The name of a compiled Small script, without the extension. Must be enclosed in double quotes. The script must have a main function.

Actions

• Log(<string>) o Places the parameter in the RemotelyAnywhere.log file.

• SendMail(<string>, <string>, <string>) o Sends an email to the recipient specified in the first parameter, with the subject specified in the second parameter. The contents of the email message are in the third parameter.

• SendMail(<string>, <string>, <string>, <string>) o Sends an email to the recipient specified in the second parameter, with the subject specified in the third parameter. The contents of the email message are in the fourth parameter. The sender of the email is identified in the first parameter.

• SendMessage(<string>, <string>) o Sends an administrative message to the user or computer specified in the first parameter. The contents of the message are specified in the second parameter.

• Execute(<string>) o Executes a program or a batch file. The full path name of the program to be executed and any parameters (including optional output redirection) are specified in the sole parameter.

• Small(<script name>) o Executes a Small script. The script must be compiled and must have a main function.

String Substitutions

When sending emails or administrative messages, it is necessary to include detailed information on the events that have caused the alert to be sent out.

The following items, if placed in a string parameter, will be substituted with

Page 158

RemotelyAnywhere 4.70

their associated value.

• [MACHINE] o The name of the computer.

• [FREE_MBYTES] o Free megabytes on a disk drive. Only has a value if the action follows a DiskFreeSpaceUnder condition.

• [TOTAL_MBYTES] o Total megabytes on a disk drive. Only has a value if the action follows a DiskFreeSpaceUnder condition.

• [FREE_PERCENT] o Percentage of free space on a disk drive. Only has a value if the action follows a DiskFreeSpaceUnder condition.

• [AVG_USAGE] o Average usage.

• [MIN_USAGE] o Minimum usage.

• [MAX_USAGE]

ProcUsageAboveFor, MemUsageAboveFor, NetInUsageAboveFor or

NetOutUsageAboveFor.

• [ANSWER] o Maximum usage. This, and the above two strings only have a value when the action follows one of these conditions: o The response received from the checked server in a CheckAnswer condition.

• [FILE <filename>] o The contents of the specified file. For example,

[FILE C:\\TEMP\\output.txt] will place the contents of the file

C:\TEMP\output.txt in the string.

• [SMALL_RES] o The return value from a Small script’s main function. It is of integer type. Only valid after a Small condition or a Small action.

Page 159

RemotelyAnywhere 4.70

Appendix C: Scripting Language Reference

RemotelyAnywhere uses a 3 rd party scripting language called Small.

What is Small?

This is probably best described in the words of the author of the language itself:

Small is a simple, typeless, 32-bit extension language with a C-like syntax.

The Small compiler outputs P-code (or bytecode) that subsequently runs on an abstract machine. Execution speed, stability, simplicity and a small footprint were essential design criterions for both the language and the abstract machine.

[…]

The Small language was designed as a flexible, general-purpose language.

The tool set (compiler, abstract machine) were written so that they were easily extensible and would run on different software/hardware architectures.

Many years ago, I retyped the “Small C" compiler from Dr. Dobb's Journal, by

Ron Cain and James Hendrix. Having just grasped the basics of the C language, working on the Small C compiler was a learning experience of its own. […]

In early 1998, I was looking for a scripting language for an animation toolkit.

[…] While experimenting with Quincy (from Al Stevens), I decided that a simplified C would probably be a good fit. I dusted off Small C. This is the result.

Small is a descendent of the original Small C, which at its turn was a subset of C. The most fundamental changes that I did were the removal of the type system and the substitution of pointers by references. The motivations to adapt the C language to (yet another) tiny language are best discussed elsewhere (see the rationale in appendix A), but by scrapping the type system and the support for pointers, I could hardly call my language a “subset of C" or a “C dialect". Therefore, I stripped off the “C" from the title and kept the name “Small".

--Thiadmer Riemersma, the Small Booklet, 1999

For an introduction and a complete language reference, please see the Small

Booklet (smalldoc.pdf) included with your copy of RemotelyAnywhere.

This appendix describes the RemotelyAnywhere extensions to the language.

These extensions allow your scripts to communicate with RemotelyAnywhere, the user, and provide a small subset of the Win32 API.

The definition of the functions are in the ‘ra.inc’ header file, so you must insert the “#include <ra>” line in your script’s source code in order to use

Page 160

RemotelyAnywhere 4.70

them. If you create a new script with RemotelyAnywhere, it will place the appropriate line in the source to use these functions.

Following is a list and description of functions that make up the extensions.

native gb(arr[], id);............................................................................ 163

native sb(arr[], id, value); .................................................................. 164

native strize(array[], len=-1); ............................................................. 165

native strlen(string[]);........................................................................ 166

native strcpy(dest[], src[]);................................................................. 167

native strcat(dest[], src[]); ................................................................. 168

native strleft(dest[], src[], len);........................................................... 169

native strright(dest[], src[], len);......................................................... 170

native strmid(dest[], src[], pos, len); ................................................... 171

native strchr(string[], c, start=0);........................................................ 172

native strstr(string1[], string2[], start=0);............................................ 173

native strcmp(string1[], string2[]); ...................................................... 174 native stricmp(string1[], string2[]); ..................................................... 174

native sprintf(string[], format[], ... ); ................................................... 175

native atoi(string[]); .......................................................................... 176

native fopen(filename[], mode); .......................................................... 177

native fclose(file); .............................................................................. 178

native fread(file, buf[], bytes); ............................................................ 179

native fwrite(file, buf[], bytes);............................................................ 180

native fseek(file, offset, method); ........................................................ 181

native socket(address[], port, timeout=-1); .......................................... 182

native closesocket(sock); .................................................................... 183

native recv(sock, buf[], bytes); ........................................................... 184

native send(sock, buf[], bytes); ........................................................... 185

native htmlBeginOutput(title[]="");...................................................... 186

native htmlEndOutput(); ..................................................................... 187

native htmlWrite(text[], htmlize=false); ............................................... 188

native htmlBR(); ................................................................................ 189

native htmlBeginTable(...); ................................................................. 190

native htmlEndTable(); ....................................................................... 191

native htmlTableRow(...); ................................................................... 192

native htmlBeginTableRow();............................................................... 193

native htmlEndTableRow(); ................................................................. 194

native htmlTableCell(text[]); ............................................................... 195

native htmlBeginTableCell(); ............................................................... 196

native htmlEndTableCell(); .................................................................. 197

native htmlBeginDialog(text[]); ........................................................... 198

native htmlEndDialog();...................................................................... 199

native htmlBeginForm(); ..................................................................... 200

native htmlEndForm(); ....................................................................... 201

native htmlAddParam(...);................................................................... 202

native htmlGetParam(param[], value[]);............................................... 203

native htmlButton(text[], func[]); ........................................................ 204

native htmlButtonBack(text[]="Back", form=true); ................................ 205

native htmlRadioButton(param[], value[], checked=false); ..................... 206

native htmlCheckbox(param[], value[], checked=false);......................... 207

native htmlEdit(param[], value[]=""); .................................................. 208

native htmlLink(title[], url[]); .............................................................. 209

Page 161

RemotelyAnywhere 4.70

native htmlCBLink(title[], func[], ... ); .................................................. 210

native htmlError(msg[]); .................................................................... 211

native raEnumProcs(); ........................................................................ 212

native raGetProcessNum(); ................................................................. 213

native raGetProcess(id, &pid, name[], &cpu, &mem); ............................. 214 native raGetNextProcess(&pid, name[], &cpu, &mem); ........................... 214

native raEnumProcsClose(); ................................................................ 215

native raKillProcess(pid); .................................................................... 216

native raForkProcess(cmdline[]); ......................................................... 217

native raExecuteCmd(cmd[], buf[]="", buflen=0, timeout=-1); ............... 218

native raReboot(type=REBOOT_NORMAL);............................................ 219

native raEnumServices();.................................................................... 220

native raGetServiceNum();.................................................................. 221

native raGetService(id, name[], displayName[], binary[], &type, &status,

&startup); ...................................................................... 222 native raGetNextService(name[], displayName[], binary[], &type, &status,

&startup); ...................................................................... 222

native raEnumServicesClose(); ............................................................ 224

native raStartService(name[]);............................................................ 225

native raStopService(name[]); ............................................................ 226

native raPauseService(name[]);........................................................... 227

native raContinueService(name[]); ...................................................... 228

native raGetTime();............................................................................ 229

native raGetPerformance(type, time, &value, ...); .................................. 230

native raSleep(time); ......................................................................... 231

native raLog(msg[]); .......................................................................... 232

native raSendMail(to[], subj[], msg[], from[]=””);................................. 233

native raMessage(to[], msg[]);............................................................ 234

native raRegGetValue(base, key[], value[], type, ...); ............................ 235

native raRegSetValue(base, key[], value[], type, ...);............................. 236

Page 162

RemotelyAnywhere 4.70

native gb(arr[], id);

Extracts a byte from an array at the specified index. (Handles a Small cell array as a byte array.)

Parameters arr

[in] The array to extract the byte from

id

[in] The index from the byte is to be extracted

Return Value

If the function succeeds, it returns the value of the byte at the specified index in the array (in the range [0..255]).

If the function fails, it returns –1.

Page 163

RemotelyAnywhere 4.70

native sb(arr[], id, value);

Sets a byte in an array at the specified index. (Handles a Small cell array as a byte array.)

Parameters arr

[in] The array to set the byte in

id

[in] The index at the byte is to be set

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns 0.

Page 164

RemotelyAnywhere 4.70

native strize(array[], len=-1);

Converts a Small string to a C-Style string and vice versa. (It is useful when – for example – you want to read/write a text message from/to a file or a socket.)

Parameters arrray

[in] The array containing the text to be converted.

len

[in] The length of the string to be converted. If this parameter is

–1, the string is assumed to be zero terminated and all characters are going to be converted.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns 0.

Page 165

RemotelyAnywhere 4.70

native strlen(string[]);

Returns the length in characters of a string (not including the terminating null character).

Parameters string

[in] The string whose length is to be returned

Return Value

If the function succeeds, it returns the length of the string (greater than or equals to 0).

If the function fails, it returns -1.

Page 166

RemotelyAnywhere 4.70

native strcpy(dest[], src[]);

Copies a string to a buffer.

Parameters dest

[out] The array to receive the contents of the src string. The array must be large enough to contain the string including the terminating null character. src

[in] The string to be copied.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns 0.

Page 167

RemotelyAnywhere 4.70

native strcat(dest[], src[]);

Appends one string to another.

Parameters dest

[in/out] The array containing the string to which the contents of

src are to be appended. The array must be large enough to contain both strings. src

[in] The string to be appended.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns 0.

Page 168

RemotelyAnywhere 4.70

native strleft(dest[], src[], len);

Extracts the beginning of a string to an array.

Parameters dest

[out] The array to receive the contents of the src string’s specified part. The array must be large enough to contain it including the terminating null character. src

[in] The string to extract from. len

[in] The number of characters to be copied from the beginning of

src to dest. If the length of src is less than len, the whole string is being copied.

Return Value

If the function succeeds, it returns the number of characters copied to

dest not including the terminating null character.

If the function fails, it returns 0.

Page 169

RemotelyAnywhere 4.70

native strright(dest[], src[], len);

Extracts the end of a string to an array.

Parameters dest

[out] The array to receive the contents of the src string’s specified part. The array must be large enough to contain it including the terminating null character. src

[in] The string to extract from. len

[in] The number of characters to be copied from the end of src to

dest. If the length of src is less than len, the whole string is being copied.

Return Value

If the function succeeds, it returns the number of characters copied to

dest not including the terminating null character.

If the function fails, it returns 0.

Page 170

RemotelyAnywhere 4.70

native strmid(dest[], src[], pos, len);

Extracts the specified part of a string to an array.

Parameters dest

[out] The array to receive the contents of the src string’s specified part. The array must be large enough to contain it including the terminating null character. src

[in] The string to extract from. pos

[in] The index of the first character that is to be copied from src. len

[in] The number of characters to be copied from src to dest. If the length of src is less than pos+len, only the appropriate number of characters are being copied.

Return Value

If the function succeeds, it returns the number of characters copied to

dest not including the terminating null character.

If the function fails, it returns 0.

Page 171

RemotelyAnywhere 4.70

native strchr(string[], c, start=0);

Finds the first occurrence of a character in a string.

Parameters string

[in] The string to search in. c start

[in] The character to be searched.

[in] The index from which the search to start.

Return Value

If the character is found, the index of the first occurrence of c in

string.

If the function fails or the character is not found, -1.

Page 172

RemotelyAnywhere 4.70

native strstr(string1[], string2[], start=0);

Finds the first occurrence of a string in another string.

Parameters string1

[in] The string to search in. string2

[in] The string to search for. start

[in] The index which the search to start at.

Return Value

If the string is found, the index of the first occurrence of string2 in

string1.

If the function fails or the string is not found, -1.

Page 173

RemotelyAnywhere 4.70

native strcmp(string1[], string2[]); native stricmp(string1[], string2[]);

Compares (case sensitive/insensitive) two strings by checking the first characters against each other, the second characters against each other, and so on until it finds an inequality or reaches the ends of the strings.

The function returns the difference of the values of the first unequal characters it encounters. For example, strcmp determines that "abcz" is greater than "abcdefg" and returns the difference of z and d.

Parameters string1

[in] The first string. string2

[in] The second string.

Return Value

If string1 is less than string2, the return value is negative. If string1 is greater than string2, the return value is positive. If the strings are equal, the return value is zero.

If the function fails, the return value is zero.

Page 174

RemotelyAnywhere 4.70

native sprintf(string[], format[], ... );

Formats a string. The parameters are converted and placed in the output string according to the format specifications in the format parameter.

Parameters string

[out] The array that receives the formatted string. It must be large enough to contain the resulting string. format

[in] The format specification string. For more information, see the Remarks section.

Return Value

If the function succeeds, the return value is the number of characters stored in the string array not including the terminating null character.

If the function fails, the return value is zero.

Remarks

The format specification is very similar to that of the sprintf function of the standard C library. Fields always begin with a percent sign (%). If an unrecognized character follows a percent sign, it is inserted into the output. A format specification has the following form:

%[0][width]type

The width specifies the minimum field width allocated to the parameter in the output string. The allocated field is always filled right aligned with the parameter. If the width is preceded by a ‘0’ character, and the parameter is an integer type, the blank space remaining in the field is filled with ‘0’ characters.

The following type specifications are supported:

Field Meaning c Single character. The value is interpreted as the ASCII code of a character. d i

Signed decimal integer. This type is equivalent to i.

Signed decimal integer. This type is equivalent to d. s t

T

U x

X

String. The value is interpreted as an array of characters.

Time. The value is interpreted as an integer returned by

raGetTime(): the number of seconds elapsed since midnight,

January 1, 1970. The output is formatted as “hh:mm:ss”.

Date. The value is interpreted as in the case of the ‘t’ type. The output is formatted as “DD-MM-YYYY”.

Unsigned decimal integer.

Unsigned hexadecimal integer with lowercase alphabetical characters.

Same as ‘x’, but with uppercase alphabetical characters.

Page 175

RemotelyAnywhere 4.70

native atoi(string[]);

Converts a string to an integer.

Parameters string

[in] The string to be converted.

Return Value

Returns the value produced by interpreting the input string as a signed decimal number. The return value is 0 if the string cannot be interpreted. The return value is undefined in the case of an overflow.

Page 176

RemotelyAnywhere 4.70

native fopen(filename[], mode);

Opens a file.

Parameters filename

[in] A string representing the name of the file to be opened. mode

[in] A number indicating how to open the file. It can have the following values:

ƒ FILE_READ: Open the file for reading

ƒ FILE_WRITE: Open the file for writing

Return Value

If the function succeeds, it returns a nonzero value identifying the opened file.

If the function fails, it returns zero.

Page 177

native fclose(file);

Closes an open file.

Parameters file

[in] A file identifier returned by fopen.

RemotelyAnywhere 4.70

Page 178

RemotelyAnywhere 4.70

native fread(file, buf[], bytes);

Reads data from a file.

Parameters file

[in] A file identifier returned by fopen. buf

[in/out] An array that receives the file contents. bytes

[in] Number of bytes to be read into the array.

Return Value

If the function succeeds, it returns the number of bytes read, which may be less than bytes if the end of file is reached or an error encountered.

If the function fails, it returns zero.

Page 179

RemotelyAnywhere 4.70

native fwrite(file, buf[], bytes);

Writes data to a file.

Parameters file

[in] A file identifier returned by fopen. buf

[in] An array whose contents are to be stored. bytes

[in] Number of bytes to be stored.

Return Value

If the function succeeds, it returns the number of bytes written, which may be less than bytes if an error is encountered.

If the function fails, it returns zero.

Page 180

RemotelyAnywhere 4.70

native fseek(file, offset, method);

Repositions the file pointer.

Parameters file

[in] A file identifier returned by fopen. offset

[in] Offset, which the file pointer is to be set to. method

[in] Identifies the initial position, which the file pointer is to be set relatively to. It must be one of the following constants:

ƒ FILE_BEGIN: beginning of the file

ƒ FILE_CURRENT: current file position

ƒ FILE_END: end of the file

Return Value

If the function succeeds, it returns the number of bytes written, which may be less than bytes if an error is encountered.

If the function fails, it returns zero.

Page 181

RemotelyAnywhere 4.70

native socket(address[], port, timeout=-1);

Opens a TCP socket and connects it to the specified address and port.

Parameters address

[in] A string representing the address the socket is to be port connected to. It may be a dotted number (for example

“127.0.0.1”) or a machine name to be resolved (for example

“www.remotelyanywhere.com”).

[in] The port number, which the socket is to be connected to. timeout

[in] Timeout value in milliseconds to be assigned to the socket. If

–1, no timeout is assigned.

Return Value

If the function succeeds, it returns a nonzero number identifying the socket.

If the function fails, it returns zero.

Remarks

RemotelyAnywhere currently supports blocking mode TCP sockets only.

The specified timeout value will affect the behavior of all operations on the socket. If a request cannot be completed in the time interval specified by timeout, the calls will fail. If timeout is not specified, all operations will block until they can be finished or some error occurs.

Page 182

native closesocket(sock);

Closes a socket.

Parameters

sock

[in] An identifier returned by socket.

RemotelyAnywhere 4.70

Page 183

RemotelyAnywhere 4.70

native recv(sock, buf[], bytes);

Reads data from a socket.

Parameters

sock

[in] A socket identifier returned by socket. buf

[in/out] An array that receives the data. bytes

[in] Maximum number of bytes to be read into the array.

Return Value

If the function succeeds, it returns the number of bytes read.

If the function fails, it returns zero.

Remarks

The function will block until some input is available or an error occurs

(for example the timeout specified in socket elapses).

Page 184

RemotelyAnywhere 4.70

native send(sock, buf[], bytes);

Sends data to a socket.

Parameters sock

[in] A socket identifier returned by socket. buf

[in] An array whose contents are to be sent. bytes

[in] Number of bytes to be sent.

Return Value

If the function succeeds, it returns the number of bytes written.

If the function fails, it returns zero.

Remarks

The function will block until all the data is sent or some error occurs

(for example the timeout specified in socket elapses).

Page 185

RemotelyAnywhere 4.70

native htmlBeginOutput(title[]="");

Opens the output to be sent to the caller of the script.

Parameters title

[in] A string specifying the text that should appear in the headline of the RemotelyAnywhere browser window.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns zero.

Remarks

The function will succeed if the script containing it is called from the

RemotelyAnywhere user interface. It fails, if it is called from a

Monitoring Script rule.

If this function fails any further call to the html… functions should be skipped because they will have no effect at all.

The htmlEndOutput() function must be called to send the output.

Page 186

native htmlEndOutput();

Sends the output to the caller of the script.

RemotelyAnywhere 4.70

Page 187

RemotelyAnywhere 4.70

native htmlWrite(text[], htmlize=false);

Writes text to the HTML output.

Parameters text

[in] The string to be written to the output. htmlize

[in] Specifies whether text is to be converted to html format.

See the Remarks section for more information.

Remarks

The htmlize parameter specifies the way the HTML output is being written. If it is false, you can directly write the output using HTML tags, special characters, etc. If it is true, the text is converted to appear the same in the browser window. Special characters (for example brackets, national characters, etc.) are substituted to their HTML equivalent.

Page 188

native htmlBR();

Writes a line break tag (<BR>) to the output.

RemotelyAnywhere 4.70

Page 189

RemotelyAnywhere 4.70

native htmlBeginTable(...);

Begins a table on the output.

Parameters

[in] Strings that specify the name of the columns in the table

Remarks

htmlEndTable() should be called in order to the table appear correctly.

Page 190

native htmlEndTable();

Ends a table started with htmlBeginTable.

RemotelyAnywhere 4.70

Page 191

RemotelyAnywhere 4.70

native htmlTableRow(...);

Writes a row to a table.

Parameters

[in] Strings that specify the content of the cells in the row

Page 192

native htmlBeginTableRow();

Begins a row in the current table.

RemotelyAnywhere 4.70

Page 193

native htmlEndTableRow();

Ends a row started with htmlBeginTableRow.

RemotelyAnywhere 4.70

Page 194

RemotelyAnywhere 4.70

native htmlTableCell(text[]);

Inserts a cell into the current row of the table.

Parameters text

[in] String specifying the content of the cell

Page 195

native htmlBeginTableCell();

Begins a cell in the current row of the table.

RemotelyAnywhere 4.70

Page 196

RemotelyAnywhere 4.70

native htmlEndTableCell();

Ends the current cell started with htmlBeginTableCell.

Page 197

RemotelyAnywhere 4.70

native htmlBeginDialog(text[]);

Begins a dialog area on the output. It will have the standard

“RemotelyAnywhere look-and-feel”.

Parameters text

[in] String specifying the caption of the dialog

Page 198

native htmlEndDialog();

Ends a dialog started with htmlBeginDialog.

RemotelyAnywhere 4.70

Page 199

native htmlBeginForm();

Begins a form on the output.

RemotelyAnywhere 4.70

Page 200

native htmlEndForm();

Ends a form started with htmlBeginForm.

RemotelyAnywhere 4.70

Page 201

RemotelyAnywhere 4.70

native htmlAddParam(...);

Inserts so-called hidden parameters into the current form (started with

htmlBeginForm) that can be accessed with htmlGetParam when processing form data.

Parameters

[in] String pairs specifying the name and value of parameters

Page 202

RemotelyAnywhere 4.70

native htmlGetParam(param[], value[]);

Gets the value of a parameter submitted on a form or in a link.

Parameters param

[in] String specifying the name of the parameter whose value is to be get value

[out] Array that receives the string value of the specified parameter. It must be large enough to contain the string.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns zero.

Remarks

This call will succeed only in a callback function specified in

htmlButton or htmlCBLink.

Page 203

RemotelyAnywhere 4.70

native htmlButton(text[], func[]);

Inserts a button into a form that submits the form data to the specified callback function.

Parameters text func

[in] String specifying the caption of the button.

[in] String specifying the name of the callback function to call when the button is clicked.

Return Value

If the function succeeds, it returns 1.

If the function fails, it returns zero.

Remarks

This function is valid only on a form started with htmlBeginForm.

Page 204

RemotelyAnywhere 4.70

native htmlButtonBack(text[]="Back", form=true);

Puts a button that will navigate the user back to the Scripts page of

RemotelyAnywhere.

Parameters text form

[in] String specifying the caption of the button.

[in] A boolean value specifying whether to insert a new form containing this button only. See the Remarks section for more information.

Remarks

If you call this function in the scope of a form started with

htmlBeginForm you should pass false in the form parameter, because it is of unpredictable result creating a form without closing the previous one.

Page 205

RemotelyAnywhere 4.70

native htmlRadioButton(param[], value[], checked=false);

Inserts a radio button into a form with the specified name and value.

Parameters param

[in] String specifying the parameter, which the radio button will modify. value

[in] String specifying the value, which the radio button will insert into the parameter. This will also be the caption of the radio button. checked

[in] Boolean value specifying whether the radio button is checked by default.

Remarks

This function is valid only in the scope of a form started with

htmlBeginForm.

Radio buttons assigned to the same parameter belong to the same group. Only one of them is allowed to be checked, because it provides the value of the parameter.

Page 206

RemotelyAnywhere 4.70

native htmlCheckbox(param[], value[], checked=false);

Inserts a checkbox on a form with the specified name and value.

Parameters param

[in] String specifying the parameter, which the checkbox will modify. value

[in] String specifying the value, which the checkbox will insert into the parameter. This will also be the caption of the checkbox. checked

[in] Boolean value specifying whether the checkbox is checked by default.

Remarks

This function is valid only in the scope of a form started with

htmlBeginForm.

The form will submit the parameter only when the checkbox is checked.

Page 207

RemotelyAnywhere 4.70

native htmlEdit(param[], value[]="");

Inserts an edit line into a form.

Parameters param

[in] String specifying the parameter, which receives the content of the edit line. value

[in] String specifying the initial value of the edit line.

Remarks

This function is valid only in the scope of a form started with

htmlBeginForm.

Page 208

RemotelyAnywhere 4.70

native htmlLink(title[], url[]);

Writes a link to the output.

Parameters

title

[in] String specifying the text appearing on the output. url

[in] String containing the URL, which the link points to.

Page 209

RemotelyAnywhere 4.70

native htmlCBLink(title[], func[], ... );

Writes a link that will call a function in the current script with the specified parameters.

Parameters title func

[in] String specifying the text appearing on the output.

[in] String specifying the name of the callback function to be called when the link is activated.

[in] String pairs containing parameter name-value information, that will passed to the callback function.

Remarks

The value of parameters passed with the link can be retrieved with

htmlGetParam in the callback function.

Page 210

RemotelyAnywhere 4.70

native htmlError(msg[]);

Puts a standard RemotelyAnywhere error dialog to the ouput.

Parameters msg

[in] String specifying the text appearing in the error box.

Remarks

This call will discard the previously written output and immediately sends the error message to the user, so no further output should be written.

Page 211

RemotelyAnywhere 4.70

native raEnumProcs();

Takes a snapshot of the currently active processes, that can be enumerated.

Remarks

You can call raGetProcessNum, raGetProcess, raGetNextProcess to retrieve information on the processes.

You must call raEnumProcsClose to release resources allocated by the snapshot.

Page 212

RemotelyAnywhere 4.70

native raGetProcessNum();

Gets the number of processes in the last snapshot taken with raEnumProcs.

Page 213

RemotelyAnywhere 4.70

native raGetProcess(id, &pid, name[], &cpu, &mem); native raGetNextProcess(&pid, name[], &cpu, &mem);

Retrieves information on the specified process in the last snapshot taken with

raEnumProcs.

Parameters id

[in] The index of the process to retrieve information on. pid

[out] Variable that receives the process ID. name

[out] Array that is being filled with the string representing the name of the process. cpu

[out] Variable that receives the CPU time the process used in milliseconds. mem

[out] Variable that receives the size of memory allocated by the process in Kilobytes.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 214

native raEnumProcsClose();

Frees resources allocated by raEnumProcs.

RemotelyAnywhere 4.70

Page 215

RemotelyAnywhere 4.70

native raKillProcess(pid);

Terminates the process with the specified ID.

Parameters pid

[in] Process ID.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Remarks

Windows might reuse the process ID of a process when it is terminated, so you must be very careful when getting the ID from a snapshot taken with raEnumProcs and be sure that the process you are going to terminate is still running. You should call raKillProcess as soon as possible after raEnumProcs.

Page 216

RemotelyAnywhere 4.70

native raForkProcess(cmdline[]);

Executes a command using the CreateProcess Win32 function.

Parameters pid

[in] String specifying the command line.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Remarks

The function will succeed if the executable specified in the command line is found regardless to if it succeeded to initialize. (For example the function reports success if the executable is found but the new process fails to initialize because of missing DLLs.)

Page 217

RemotelyAnywhere 4.70

native raExecuteCmd(cmd[], buf[]="", buflen=0, timeout=-1);

Executes a command with the command line interpreter specified in the

COMSPEC environment variable (usually CMD.EXE on Windows NT/2000 and

COMMAND.COM on Windows 95/98).

Parameters cmd

[in] String specifying the command line. buf

[out] An array that will receive the output produced by the command if buflen is not zero. buflen

[in] The length of the array specified by buf. timeout

[in] The time in milliseconds the command waits for command termination before getting output. If –1, it waits for infinity.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Remarks

This function uses the command line interpreter’s output redirection option to store output in a temporary file, so no output redirection should be used in the command line.

If buflen is set to 0, the function will not wait for the termination of the command.

Page 218

RemotelyAnywhere 4.70

native raReboot(type=REBOOT_NORMAL);

Initiates reboot.

Parameters type

[in] One of the following constants defining the type of the reboot process:

ƒ REBOOT_NORMAL: normal reboot process (normal termination of running processes, services, etc.)

ƒ REBOOT_EMERGENCY: the fastest possible reboot, should be used only in emergency

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Remarks

After initiating the reboot process, the script should terminate as soon as possible to allow RemotelyAnywhere to shut down correctly.

Page 219

RemotelyAnywhere 4.70

native raEnumServices();

Takes a snapshot of the currently active services and drivers that can be enumerated.

Remarks

You can call raGetServiceNum, raGetService, raGetNextService to retrieve information on the processes.

You must call raEnumServicesClose to release resources allocated by the snapshot.

Page 220

RemotelyAnywhere 4.70

native raGetServiceNum();

Gets the number of services and drivers in the last snapshot taken with

raEnumServices.

Page 221

RemotelyAnywhere 4.70

native raGetService(id, name[], displayName[], binary[], &type, &status,

&startup); native raGetNextService(name[], displayName[], binary[], &type, &status,

&startup); taken with raEnumServices.

Parameters id

[in] The index of the service or driver to retrieve information on.

Retrieves information on the specified service or driver in the last snapshot name

[out] Array that is being filled with the string representing the short name of the service/driver. displayName

[out] Array that is being filled with the string representing the long name of the service/driver. binary

[out] Array that is being filled with the string representing the executable belonging to the service/driver. type

[out] Variable that receives the type of the service/driver. It can be one of the following constants:

ƒ SERVICE_KERNEL_DRIVER: Indicating a device driver

ƒ SERVICE_FILE_SYSTEM_DRIVER: Indicating a file system driver

ƒ SERVICE_WIN32_OWN_PROCESS: Indicating a service application that runs in its own process

ƒ SERVICE_WIN32_SHARE_PROCESS: Indicating a service application that shares a process with other services

ƒ SERVICE_INTERACTIVE_PROCESS: Indicating a service application that can interact with the desktop status

[out] Variable that receives the status of the service/driver. It can be one of the following constants:

ƒ SERVICE_STOPPED: The service is not running

ƒ SERVICE_START_PENDING: The service is starting

ƒ SERVICE_STOP_PENDING: The service is stopping

ƒ SERVICE_RUNNING: The service is running

ƒ SERVICE_CONTINUE_PENDING: The service continue is pending

ƒ SERVICE_PAUSE_PENDING: The service pause is pending

ƒ SERVICE_PAUSED: The service is paused startup

[out] Variable that receives a value indicating when to start the service/driver. It can be one of the following values:

Page 222

RemotelyAnywhere 4.70

ƒ SERVICE_BOOT_START: Started by the system loader

ƒ SERVICE_SYSTEM_START: Started by the

IoInitSystem function

ƒ SERVICE_AUTO_START: Started by the service control manager during system startup

ƒ SERVICE_DEMAND_START: Started by the service control manager

ƒ SERVICE_DISABLED: The service/driver cannot be started

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 223

native raEnumServicesClose();

Frees resources allocated by raEnumServices.

RemotelyAnywhere 4.70

Page 224

RemotelyAnywhere 4.70

native raStartService(name[]);

Starts a service/driver.

Parameters name

[in] String specifying the name of the service to be started.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 225

RemotelyAnywhere 4.70

native raStopService(name[]);

Stops a service/driver.

Parameters name

[in] String specifying the name of the service to be started.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 226

RemotelyAnywhere 4.70

native raPauseService(name[]);

Pauses a service/driver.

Parameters name

[in] String specifying the name of the service to be started.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 227

RemotelyAnywhere 4.70

native raContinueService(name[]);

Continues a paused service/driver.

Parameters name

[in] String specifying the name of the service to be started.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 228

RemotelyAnywhere 4.70

native raGetTime();

Retrieves system time.

Return value

Returns the number of seconds elapsed since midnight (00:00:00),

January 1, 1970.

Page 229

RemotelyAnywhere 4.70

native raGetPerformance(type, time, &value, ...);

Retrieves data from the performance counters managed by

RemotelyAnywhere.

Parameters type

[in] Constant value indicating the type of performance data to retrieve. It can be one of the following:

ƒ PERF_DRIVE: Amount of free space on a storage device

ƒ PERF_NET_IN: Incoming traffic on a network adapter

ƒ PERF_NET_OUT: Outgoing traffic on a network adapter

ƒ PERF_CPU_NTH: The appropriate CPU’s usage

ƒ PERF_CPU: Overall CPU usage

ƒ PERF_MEMORY: Memory usage

ƒ PERF_PHYSICAL_MEMORY: Physical memory usage

ƒ PERF_PAGEFILE: Pagefile usage

ƒ PERF_REGISTRY_QUOTA: Registry quota time

[in] The time when the performance data to be retrieved is time registered

[out] Variable that will receive the performance data (an integer in the range [0..100] indicating the usage in percents of the specified resource)

[in] Optional variable needed by some type of the performance counters:

ƒ PERF_DRIVE: a character indicating which disk drive’s performance data is to be retrieved

ƒ PERF_NETIN, PERF_NETOUT, PERF_CPU_NTH: An integer value indicating which resource’s performance data is to be retrieved

Return value

If the function succeeds, the return value is the period of the performance counter from which the data is retrieved in seconds.

If the function fails, the return value is zero.

Page 230

RemotelyAnywhere 4.70

native raSleep(time);

Suspends the execution of the script for the specified amount of time.

Parameters time

[in] The number of milliseconds defining the duration of the suspension.

Page 231

native raLog(msg[]);

Writes an entry to the RemotelyAnywhere log.

Parameters msg

[in] The string to be written to the log.

RemotelyAnywhere 4.70

Page 232

RemotelyAnywhere 4.70

native raSendMail(to[], subj[], msg[], from[]=””);

Sends an e-mail message.

Parameters to

[in] String specifying the addressee of the message. subj

[in] String specifying the text in the subject of the message. msg

[in] String specifying the text in message body. from

[in] String specifying the sender of the message. If an empty string is passed, a default value is used.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Remarks

The function uses the SMTP server configured in RemotelyAnywhere

Configuration/Miscellaneous.

The function will block until the message is sent or an error occurs.

Page 233

RemotelyAnywhere 4.70

native raMessage(to[], msg[]);

Sends an administrative message to a user.

Parameters to

[in] String specifying the user to send the message to. msg

[in] String specifying the message text.

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 234

RemotelyAnywhere 4.70

native raRegGetValue(base, key[], value[], type, ...);

Retrieves a value from the system registry.

Parameters base

[in] A constant specifying which registry tree to use. It can be one of the following:

ƒ HKEY_CLASSES_ROOT

ƒ HKEY_CURRENT_CONFIG

ƒ HKEY_CURRENT_USER

ƒ HKEY_LOCAL_MACHINE

ƒ HKEY_USERS

ƒ HKEY_PERFORMANCE_DATA

ƒ HKEY_DYN_DATA key

[in] String specifying the registry key to get the data from. value

[in] String specifying the name of the value to get. type

[in] A constant specifying the type of the data. It can be one of the following values:

ƒ REG_SZ: String

ƒ REG_EXPAND_SZ: String with environment variable references

ƒ REG_BINARY: Free form binary (~byte array)

ƒ REG_DWORD: 32-bit number

Parameters that depend on type:

ƒ REG_SZ

ƒ REG_EXPAND_SZ

Param5: [out] An array that receives the string

Param6: [in] The length of the array

ƒ REG_BINARY

Param5: [out] An array that receives the data

Param6: [in] The maximum number of bytes to receive

ƒ REG_DWORD

Param5: [out] A variable that receives the value

Return value

If the function succeeds, the return value is the number of bytes retrieved.

If the function fails, the return value is zero.

Page 235

RemotelyAnywhere 4.70

native raRegSetValue(base, key[], value[], type, ...);

Sets a value in the system registry.

Parameters base

[in] A constant specifying which registry tree to use. It can be one of the following:

ƒ HKEY_CLASSES_ROOT

ƒ HKEY_CURRENT_CONFIG

ƒ HKEY_CURRENT_USER

ƒ HKEY_LOCAL_MACHINE

ƒ HKEY_USERS

ƒ HKEY_PERFORMANCE_DATA

ƒ HKEY_DYN_DATA key

[in] String specifying the registry key to write the data to. value

[in] String specifying the name of the value to write. type

[in] A constant specifying the type of the data. It can be one of the following values:

ƒ REG_SZ: String

ƒ REG_EXPAND_SZ: String with environment variable references

ƒ REG_BINARY: Free form binary (~byte array)

ƒ REG_DWORD: 32-bit number

Parameters that depend on type:

ƒ REG_SZ

ƒ REG_EXPAND_SZ

Param5: [in] The string to write

ƒ REG_BINARY

Param5: [out] An array containing the data to write

Param6: [in] The number of bytes to write

ƒ REG_DWORD

Param5: [out] The number to write

Return value

If the function succeeds, the return value is 1.

If the function fails, the return value is zero.

Page 236

RemotelyAnywhere 4.70

Appendix D: Version History

Nov-18-2002 4.70.310 o Fixes

ƒ SSH Server updated to OpenSSH 3.5. Supports privilege separation.

ƒ ZModem file transfer support in Telnet and SSH sessions.

ƒ Minor changes and fixes.

Oct-9-2002 4.60.305 o Fixes

ƒ Security update to SSH server.

ƒ Minor Remote Control issues fixed.

ƒ Added “-license” option for command-line remote installs.

ƒ Licensing information is no longer kept in the

RemotelyAnywhere directory and has been moved to the registry.

ƒ Minor changes and fixes.

Sep-2-2002 4.53.301 o Fixes

ƒ Network Management configuration copying handles all registry keys correctly.

ƒ Fixed a memory leak.

ƒ Fixed yet another focus problem during Remote Control that was introduced with Sun JVM 1.4.0.1.

ƒ Upgrade installations will no longer require a reboot.

Aug-15-2002 4.52.299 o Fixed minor problems with international keyboard layouts during remote control.

Jul-31-2002 4.51.298 o Updated the SSL library to OpenSSL 0.9.6e. The OpenSSL update released on Jul-30-2002 and included in this version of

RemotelyAnywhere fixes all known security vulnerabilities in the open source cryptographic library.

Jul-22-2002 4.50.297 o Updated the SSH component to OpenSSH 3.1. With this new release, advanced SSH functionality such as SSH tunneling and SFTP is available. o Minor changes and fixes.

Page 237

RemotelyAnywhere 4.70

Jul-3-2002 4.41.294 o Minor changes and fixes, including a fix for a bug in the FTP server where client timeouts were not handled correctly.

Jun-26-2002 4.40.293 o New Features

ƒ NDS Authentication (integration with Novell’s eDirectory)

ƒ Minor new configuration options for the Remote Control module and the FTP server. o Minor changes and fixes

May-20-2002 4.30.290 o Minor changes and fixes

Apr-30-2002 4.20.288 o Minor changes and fixes

Mar-25-2002 4.10.284 o Minor changes and fixes

Feb-14-2002 4.00.280 o Added support for Windows XP, dropped support for Windows 95 and

Windows NT 3.51. o Remote Control speed upgraded. Now using a mirror display driver for maximum efficiency. o Added a File Transfer applet that allows fast, compressed and encrypted transfer of files between the host and the remote computer. o Added support for SSH2. o Ability to monitor the Event Log and send out alerts via email. o Innumerous smaller feature enhancements.

Jul-10-2001 3.52.271 o Fixes

ƒ Fixed a number of minor issues present in the original build of version 3.52.

Apr-11-2001 3.52 o New Features

ƒ Enhancements to the FTP Server: connection limitation per IP address, quotas on home directories, server-relative paths, permission reports, etc.

ƒ Services now link to the host process, and processes link to services hosted – NT only.

Page 238

RemotelyAnywhere 4.70

o Fixes

ƒ Fixed a number of minor issues present in version 3.51.

March-20-2001 3.51 o Fixes

ƒ Fixed a number of minor, isolated issues present in version 3.5.

Feb-27-2001 3.5 o Fixes

ƒ Fixed a number of issues present in the previous beta version.

Jan-29-2001 3.5 Beta (266) o New Features

ƒ Added SSH Terminal Emulation support. Now, instead of using clear-text Telnet, a user is able to utilize industry-strength SSH encryption for terminal emulation sessions.

ƒ Administer shares from a HTML interface.

ƒ Set Date/Time from a HTML interface.

ƒ Added an Event Viewer module to the WAP interface.

ƒ Ability to specify login credentials in the URL, thus bypassing the login screen.

ƒ Adjust virtual memory settings from a HTML interface. o Fixes

ƒ RemotelyAnywhere now makes better use of screen real estate on Windows CE devices. Note: You need a Windows CE browser that supports JavaScript in order to use RA.

ƒ Accurate CPU identification routine.

Jan-08-2001 3.5 Beta (265) o New Features

ƒ Added a full-featured FTP server to RemotelyAnywhere. The

FTP server supports NT users as well as user-defined ones, and can also encrypt file transfers with SSL.

ƒ Added a port-forwarding server.

ƒ Major events, such as service start/stop, login/logout, remote control start/end and telnet login/logout are now recorded in the NT Application Log as well as the RemotelyAnywhere.log file.

ƒ Task Scheduler now fully supports the Windows 2000 scheduler interface.

ƒ Network Maintenance can update several computers in one pass, and you can also specify a single computer in the Scan

Network dialog.

ƒ Default configuration can be read from another

RemotelyAnywhere installation within Setup.

ƒ Added two command-line parameters (CreateINIFile and

LoadINIFile) to help with default configurations when installing from the command prompt.

Page 239

RemotelyAnywhere 4.70

ƒ Minor updates to several existing functions. o Fixes

ƒ Removed ‘behind firewall’ settings – applets now make an intelligent decision based on network conditions.

ƒ The Telnet login banner can now be disabled.

ƒ Fixed several issues with Telnet.

ƒ Remote install now does not rely on the existence of administrative shares such as “c$”.

ƒ New, more powerful IP address filtering technique.

ƒ Several minor changes to increase robustness and stability.

Oct-12-2000 3.21 o New Features

ƒ General

ƒ Ability to force NTLM logon, which automatically uses your current credentials to identify you to

RemotelyAnywhere. If you insert the /ntlm/ string into the URL you use to access RA, you will be able to bypass the login screen. This also allows you to use a direct shortcut to, for example, the Remote Control screen. For example, the URL "http://mycomputer:2000/ntlm/" will perform an NTLM logon and get you to the main page.

The URL

"http://mycomputer:2000/ntlm/remotecontrol.vcgi" performs an NTLM logon and starts the remote control session.

ƒ Added sorting by columns to the File Manager.

ƒ User Manager now breaks up a long list of users into pages. The number of users that appear per page can be changed in Configuration->Appearance.

ƒ Network Maintenance now displays the description of the computer, if available.

ƒ Added a new sample, CheckCDrive.sma, to the scripting samples, demonstrating the use of performance counters.

ƒ Added a new service, RemotelyAnywhere Maintenance

(RAMaint) that will keep the RemotelyAnywhere service alive in the event of a software error. This was not crucial to do, but a great number of users reported that version 3.2 is not able to start automatically on various

NT4 systems. This service will act as a workaround.

ƒ RA now displays the interactive user on NT/W2K systems on the Info page, and whenever a remote control session is initiated.

ƒ Remote Control

ƒ Screenshot-based Remote Control is now disabled by default and does not appear on the Remote Access menu. You can turn it back on in Configuration->Remote

Control.

Page 240

RemotelyAnywhere 4.70

ƒ Added the ability to limit the maximum number of screen updates sent to the remote computer per second when using Remote Control. This defaults to 10, but you can adjust it in the range of 1-50.

ƒ Caps Lock is automatically turned off at the start of a remote control session.

ƒ Constantly depressed modifier keys (such as Control,

Shift and Alt) do not send a key repeat event to

RemotelyAnywhere.

ƒ RA now uses Active Accessibility if available on the computer to detect which portions of the screen have changed. This should improve performance and decrease CPU utilization.

ƒ RA now polls console windows on the desktop for changes, improving performance.

ƒ Added three shortcut keys: Ctrl-Alt-Insert acts as Ctrl-

Alt-Del. Ctrl-Insert acts as Ctrl-Esc (and consequently,

Ctrl-Shift-Insert acts as Ctrl-Shift-Esc) and Alt-Insert acts as Alt-Tab.

ƒ WAP

ƒ Added the ability to access a command prompt from a

WAP device This lets you access Telnet via WAP.

ƒ Moved the information on how to recognize WAP devices from the executable to a text file called WapClients.cfg.

If RemotelyAnywhere did not identify your WAP phone correctly, you can edit this text file and remedy the problem.

ƒ Ability to configure the amount of data sent to your WAP device. In Configuration->Appearance, you have a new setting that tells RA how many lines of text the device can accept. This effects the Processes, Services and

Drivers displays.

ƒ The WAP menu was moved from the end of each page to a new WAP page. This will further decrease the amount of per-page data sent to the WAP device. o Fixes

ƒ Fixed a problem when RA was not able to start automatically on some NT4 systems. RA now delays the loading of most system

DLLs until they are actually needed. This should fix the problem for most people. If you are still getting errors from the Service

Control Manager regarding the RemotelyAnywhere service not starting, simply set the startup mode of the RA service to

Manual. In this case, RAMaint will start RemotelyAnywhere 60 seconds after the system is booted.

ƒ Fixed a problem with Netscape Navigator that resulted in the

Remote Control client exiting with a java.lang.OutOfMemoryError exception when remote control was started.

ƒ Fixed the registry editor that caused display corruption when viewing registry values with HTML code embedded in them.

Page 241

RemotelyAnywhere 4.70

ƒ Fixed an overflow condition that caused RA to display 100% network utilization once a while. The SNMP data structures reserve a 64-bit counter value for network IO statistics, but some network drivers only use the first 32 bits - and on 32 bits you can only represent 4 gigabytes. RemotelyAnywhere now detects this situation and corrects the counter values to correctly calculate network utilization.

ƒ Fixed a CPU utilization problem that caused Internet Explorer to eat all available CPU time on one processor when you had

RemotelyAnywhere open in a browser window and the RA service was stopped in the meantime.

ƒ The Telnet server, TSClient, now uses less memory and loads only a minimal set of system DLLs.

ƒ Windows 2000 changed some of the internal Windows NT structures that caused thread information to be displayed incorrectly when looking at the details of a process. This has been corrected.

ƒ Fixed a problem with scripting that caused the raGetPerformance function never to return meaningful data.

ƒ Worked around a bug in Internet Explorer 5.5 that causes an incorrect security warning to be displayed when clicking on a

"javascript:func();" URL on a secure page within a frameset.

ƒ Entering the IP address of the SMTP server will now work correctly. Until now, only an FQDN was accepted in this field.

ƒ Fixed a potential division by zero condition on Windows9x in the performance queries retrieving information on the memory status.

Aug-10-2000 3.2 o Mainly a maintenance release. o Improved remote control performance. o Added shortcuts to the Info page – now access your most frequently used functions with one click. o Memory utilization now correctly displays on Win9x computers. o Ability to view and truncate the RemotelyAnywhere.log file from the

Configuration page. o Serial number entry has been moved from Help to Configuration. o Added an auto-disconnect mechanism for Remote Control if the connected user is the same as the one trying to log in. o Added support for access through proxy servers that use several IP addresses to request pages. o Added new command-line options that allow for creating SSL certificates. o Fixed a number of potential crash conditions.

June-14-2000 3.1 o A number of minor changes and fixes since the beta version.

May-16-2000 3.1 Beta (253)

Page 242

RemotelyAnywhere 4.70

o Major new features:

ƒ Added support for WAP devices. You can now perform critical tasks from your WAP-enabled phone.

ƒ Added scripting. RA understands the Small language developed by CompuPhase, and you can use it to extend its functionality.

ƒ Added a Chat feature that allows you to communicate with the user sitting in front of the remote computer

ƒ A new type of reboot: Cold reboot, just like pressing the reset button

ƒ User interface redesigned

ƒ Ability to compact the system registry files o Minor new features:

ƒ Remote Control displays screen updates progressively over slow links

ƒ Apply permissions from the command-line

ƒ Send special keys from Remote Control

ƒ Option to force HTTP tunneling

ƒ Default message can be customized when a connection is attempted from a blocked IP address

ƒ Command-line parameters can be specified when executing files or programs from the File Manager

ƒ Remote Control now handles full-screen DOS windows

ƒ A sender can be specified for emails sent by RemotelyAnywhere o Fixes:

ƒ Fix for timeout when uploading files

ƒ Fixed a problem with Telnet where a non-administrator user was not able to use the built-in client

ƒ Fixed file transfer problems over HTTPS

ƒ Fix for RAGui crashes

ƒ Fix for international keyboard layouts in Remote Control

ƒ Numerous small changes and improvements

Feb-16-2000 3.0 o A number of minor changes since the beta version.

Feb-07-2000 3.0 Beta (246) o Windows 95/98 support o Faster Remote Control o Improved performance monitoring o System monitoring and alerting module (supports email and administrative alerts) o Numerous (or rather, innumerous) improvements throughout the whole software. Improved stability, speed, usability.

Jan-28-2000 2.41b o A minor maintenance release

Page 243

RemotelyAnywhere 4.70

Nov-24-1999 2.41 o A number of minor changes and fixes

Nov-14-1999 2.40 o A number of minor changes and fixes

Nov-4-1999 2.40 Beta (236) o Lost Telnet sessions are automatically reconnected o Improved Remote Control speed o Ability to disable the local mouse and keyboard during a remote control session o Automatic Priorities can now also change a process's affinity mask o Added Network Adapter information to the Performance menu point o Added a universal progress indicator that appears in the right-end of the status bar, and displays progress information during lengthy processes o The File Manager can now delete and copy whole paths o The File Manager can now copy security information (owner & permission data) o The File Manager can now serve files of any size o The File Manager now accepts a target filename in the Upload dialog o Ability to switch authentication methods in order to access network drives from the File Manager o Ability to restrict a certain user (or group) to an IP address or an IP address range o Added the ability to work with firewall port-mapping o Added Back & Refresh buttons to a number of pages where applicable o Optimized File Manager speed o Optimized Network Maintenance speed (Information is cached) o Optimized Permissions speed (User and Group information is cached) o GIF support removed and entirely replaced with PNG o Fixed a keyboard problem in Remote Control o Added icons to the Menu, the Title bar, etc. o A number of minor changes and fixes

Oct-19-1999 2.40 Beta (234) o Telnet server, usable with any Telnet client o A secure and fast Java Telnet client o Network Maintenance (Remote installation & configuration of

RemotelyAnywhere on computers connected to the network) o Clipboard transfer for Remote Control o Automatically offers encryption if SSL is available o Ability to reset configuration to defaults if needed o You can list user accounts from any computer or domain where permissions have to be assigned o A number of minor changes and fixes

Page 244

RemotelyAnywhere 4.70

Aug-3-1999 2.34 o Better CPU identification. o Remote control client selection menu is optional. o The console lock upon a terminated remote control session is optional. o The user notification / confirmation dialogs can be turned off from the configuration screens. o Tooltips can be turned off if desired. o The 'quick jump' field appears on all File Manager pages. o A number of minor changes and fixes.

June-09-1999 2.34 Beta (217) o User confirmation now required for remote control. o Unexpectedly terminated remote control sessions now lock the console. o Remote control defaults to the Java client in the current browser. o Setup now correctly launches RemotelyAnywhere if requested. o Fixed an authentication failure problem with NTLM and SP5. o Fixed a problem with version 2.33 refusing to start on NT3.51. o Now more 'back button' friendly, and you can also open parts of

RemotelyAnywhere in new windows. o Added tooltips for the menu. o The Ctrl and Shift keys now work when trying to select multiple items with the mouse. o Added a 'quick jump' field to the File Manager. o A number of minor changes and fixes.

May-12-1999 2.33 o Ability to disable non-secure HTTP connections. o Minor changes and fixes.

Apr-27-1999 2.33 Beta (209) o Added a system tray icon. o Ability to serve HTML files and data from a custom directory. o Displays which files are in use by a certain process. o Displays which registry keys are in use by a certain process. o Displays system-wide DLL usage. o Allows control over per-process processor affinity. o Registry editor now handles REG_MULTI_SZ strings. o Occasional palette problems with remote control have been fixed. o Minor changes and fixes.

Mar-22-1999 2.32 o Ability to open new windows in normal mode (i.e. not fullscreen). o New command line options: -service (for the commands 'start' and

'stop') and -port (for the command 'install'). o A few minor, but important bugs fixed.

Page 245

RemotelyAnywhere 4.70

Mar-16-1999 2.32 Beta (203) o New with Performance:

ƒ Completely rewritten performance queries. No longer loads zillions of unneeded DLLs, unlike previous versions and

Perfmon.

ƒ Added the ability to disable the applet displaying CPU &

Memory load graphs. o New with User Manager:

ƒ Fixed problems with changing Dialin permissions. o New with File Manager:

ƒ Option to overwrite existing files when copying, moving or uploading. o New/Fix: Services and drivers now display version information if available. o New/Fix: Minor changes and fixes.

Mar-9-1999 2.32 Beta (202) o New with Performance:

ƒ See all IP endpoints.

ƒ See all currently open connections to RA. o New, sophisticated access control. o New with Remote Control:

ƒ Disconnect idle clients.

ƒ If busy, shows the current user's IP address. o New/Fix: Applications launched in the File Manager are executed under the correct user account. o New/Fix: Minor changes and fixes. o New/Fix: Remote install will now perform an upgrade correctly.

Feb-24-1999 2.32 Beta (197) o New with the File Manager:

ƒ Ability to view and edit NTFS permissions.

ƒ Ability to rename files.

ƒ Ability to copy a file to the same location with different name.

ƒ Added a browse button and dialog for file operations where a target directory has to be specified.

ƒ Ability to edit small text files right within the browser.

ƒ Ability to view and change file attributes.

ƒ Added a field to show the permissions that apply to the current user. o New Performance menu point:

ƒ Ability to automatically update process priorities.

ƒ Memory Usage Graph

ƒ CPU Usage Graph o New with Remote Control:

ƒ Keyboard mapping problems with international keyboard layouts have been fixed.

ƒ Significant performance increase.

ƒ Minor interface changes.

Page 246

RemotelyAnywhere 4.70

o New with the Process List: Added some new fields: Version, Short

Name, Description. o New with the Task Scheduler: Ability to edit scheduled tasks. o New Key Structure: Allows for temporary licenses. o New/Fix: Minor interface changes.

Feb-9-1999 2.31 o Fix: Added a new configuration option: "Automatic Content

Compression". Apparently, there is a confirmed bug in Netscape that prevents the use of content-encoded Java class files. In order to make the Java remote control client work in Netscape Navigator, compression must be turned off. o Fix: Fixed yet another issue with proxies. o Fix: Small updates to the user interface.

Feb-8-1999 2.30 o New: Added the Task Scheduler, a powerful interface to NT's

Scheduler. o New: Compression for browsers that understand gzip or deflate content-encodings. This applies to IE (gzip and deflate) and Netscape

(gzip). Compression is fully transparent, and you will not notice it unless you work with RA over a slow link. Gzip and deflate is essentially the same, but gzip-encoded files are 18 bytes longer because of some header and trailer information the gzip specification requires. Because of this, deflate is always chosen over gzip if the client supports it. Both methods can save you an average of 60% of bandwidth. I came up with the 60% figure by testing RA with typical requests that result in a few hundred, or at most a few thousand bytes to be transferred. In an extreme case (viewing 2,000 event log records on one page) the savings were a whopping 98.4%. Only 24,740 bytes had been transferred, instead of 1,527,322 bytes! o New: The data streams between RemotelyAnywhere and the Java client are now encrypted. o Fix: Minor changes and fixes since the beta.

Feb-2-1999 2.30 Beta (182) o Fix: An occasional crash when shutting down RA with active connections. o Fix: Significantly improved the performance of the Java remote control. o Fix: Now more Netscape-friendly. o Fix: Remote install problems solved. o Fix: A number of other minor changes and tweaks.

Jan-25-1999 2.30 Beta (177) o Fix: The HKEY_CURRENT_USER key was showing the contents of the

Default user's key instead of the current user. This has been fixed.

Page 247

RemotelyAnywhere 4.70

o New: Icons are displayed for files and folders in the File Manager. The

Registry Editor and the Event Viewer also gained small icons. o New: Extra fields for File Manager and the Process List. You can go to

Configuration and activate/deactivate fields there. o New: Configurable listener IP address. o New: A Java-based remote control client. o New: Progress indicator for file uploads. o Fix: A problem with accessing RA through a proxy server has been fixed. o Issue: The Java-based remote control client does not encrypt the data stream between itself and RA. Encryption will be added for version 2.3.

Dec-03-1998 2.21 o IP Address Filtering. o Extra command-line options to support remote installation. o Fixed a problem that made RA unable to start on NT 3.51. o Added a 'Restart RemotelyAnywhere' command to the reboot page. o When downloading files from the File Manager, the browser will offer the correct filename. o Fixed a JavaScript issue that disallowed right-button drags in the

Remote Control module. o Brand-new interface.

Nov-12-1998 2.20 o SSL support. o Brand-new, heavily multi-threaded core. o IP address lockout. o In the File Manager, you can launch one or more files on the host computer with the click of a button. o Added monochrome color-depth to the screen function. o Updated the configuration page - more readable and supports the new options. o Fixed a few minor bugs:

ƒ The Time Written field was off in the Event Viewer.

ƒ The CPU Load page displayed erroneous information.

ƒ The 'There was an error loading the message file for...' message does not appear any more in the Event viewer.

Nov-12-1998 2.11 o Fixed a problem that would not let version 2.10 load on NT 3.51. o Added a "Restart RemotelyAnywhere" button to the Reboot page. o Added a number of command-line options and the ability to remotely install the service on another machine. These are fully described in the

Readme.TXT.

Sep-20-1998 2.10 o A HTML-based User Manager is now part of RA.

Page 248

RemotelyAnywhere 4.70

o Process list now shows the amount of memory in use by the process, rather than the number of page faults caused by it. o Fixed a bug with the file manager and very deep directory structures. o The Memory table on the Info page has been changed to reflect more accurate information. o Fixed a bug that caused RA to crash when trying to upload from a browser that doesn't support it. o Performance queries start after a delay, allowing other services to start quicker.

Sep-01-1998 2.01 o A bug was fixed that caused a very slow startup for the

RemotelyAnywhere service on some systems. o A bug was fixed that made RA consume memory on some systems. o Some minor tweaks to the HTML interface.

Aug-17-1998 2.0 o The final, commercial version! o Ability to upload files using your browser o Support for domains (and domain admins) o Ability to 'drag' the mouse on the remote control screen o Fixed a nasty memory leak bug o No need for ragina.dll and sshot.dll anymore. o Customizable colors.

Aug-4-1998 2.0 B3 101 o A couple of minor bug fixes, especially for international versions of

Windows NT.

Jul-31-1998 2.0 B3 o HTML changes everywhere... Looks much nicer, loads faster. o Rolled my own performance data classes, so pdh.dll is not needed anymore. o Smaller executable size. o Better, more powerful process information page. o Expanded File Manager functionality. o RA now uses the console during installation instead of message boxes.

This allows you to install it from batch files, scripts, etc.

Page 249

RemotelyAnywhere 4.70

Jul-20-1998 2.0 B2 o RA will refuse to install from a network or removable drive to ensure that it's always available. o Made all html and gif files part of the main executable. o On the Info page, the name of the user appears next to his or her IP address. o Added support for 256 color GIF screenshots in addition to 16 color ones, and support for 16 and 256 color PNG screenshots as well. PNG is usually 30% smaller than the GIF counterpart and has a lot better interlacing but requires the latest browser in order to be visible. o A new way of specifying who can access RA. Until now, everyone in the Administrators group (and only them) could access the service.

Now the default is that all Administrators and everyone in the member of a special group called RemotelyAnywhere have access. You can turn off the Administrator access, and can specify a group name other than

RemotelyAnywhere if you want. o Configuration page updated to allow for changing options related to authorization and screenshot image format. o RA now lets you send passwords that are safe from eyes over your shoulder. On the Screen page, you can switch back and forth normal text and password mode by clicking on the link that says 'Send text' or

'Send passwd' respectively. o The Autologon page will mask the password that you enter with asterisks. o Drivers/Services have changed. The page only lists the drivers and their status. Clicking on their name will bring up another page that lets you start and stop them. (Or pause and continue, where supported.)

This page will also tell you more information, like the binary name for the service, services or drivers this object depends on and what other objects depend on this one. Here you are also able to change startup options.

Jul-13-1998 2.0 B1 o First release.

Page 250

advertisement

Related manuals

advertisement

Table of contents