Previous | Contents | Index |
In general, the command descriptions in this manual include full command names, command options, and service names. However, the software recognizes abbreviations. Note that abbreviations are not recommended for use in batch jobs and command procedures.
You can abbreviate any command option by typing enough letters to distinguish it from other command options. The following is an example of the SET AUDIT POLICY command:
$ ADMINISTER LANDOFOZ\\TINMAN> SET AUD POLI /FAILURE=(LOGONOFF,PROCESS) - _LANDOFOZ\\TINMAN>/AUDIT/SUCCESS=(ALL) %PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ" LANDOFOZ\\TINMAN> |
Note the use of the continuation character (-) to enter this long command string.
You can abbreviate options and qualifiers as illustrated in the following example:
$ ADMIN LANDOFOZ\\TINMAN> SET AUD POLICY/FAIL=(LOG,PROC)/AUD/SUCCESS=(ALL) %PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ" LANDOFOZ\\TINMAN> |
You can manage a server with batch jobs that you set up. The .COM files can contain the ADMINISTER commands you would otherwise enter interactively. The following example (EVT_CLEANUP.COM) saves an event log, then clears it:
$ TYPE EVT_CLEANUP.COM $ ADMINISTER SAVE EVENTS/TYPE=SECURITY SYS$BACKUP:PW-SECURITY.EVT $ ADMINISTER CLEAR EVENTS/TYPE=SECURITY/NOCONFIRM $ EXIT |
For commands that have confirmation responses (selectable using
/CONFIRM and /NOCONFIRM qualifiers), the default in batch mode is to
not ask for confirmation. In other words, /NOCONFIRM is the default
action for batch jobs.
2.1.8 Universal Naming Convention (UNC) for Path Names
When using the Universal Naming Convention (UNC) for specifying the path to a shared directory or file, the UNC path has the form
\\server-name\share-name\path
where:
server-name | is the name of the server where the directory or file resides. |
share-name | is the name of the shared resource containing the directory or file. |
path | specifies the path to the directory or file within the shared resource. |
The server-name portion of the UNC, if omitted, defaults to the server currently being administered, or to the server name you specify using the /SERVER qualifier. You can omit the slash before the share-name if you omit the server-name.
Except for the TAKE FILE OWNERSHIP command, you can use standard DOS
wildcards within file names, but not for directories. The TAKE FILE
OWNERSHIP command does not accept wildcards for the UNC path.
2.1.9 Parameter Restrictions
The ADMINISTER command parameters listed in the following table cannot contain the following characters:
" / \ [ ] : ; | = , + * ? < >
When using ADMINISTER commands, note the following parameter restrictions:
Parameter | Restriction |
---|---|
[domain-name\] server-user-name | |
Specifies the Advanced Server user name to be mapped to an OpenVMS server name. An Advanced Server user can be mapped to only one OpenVMS user. Optionally, you can specify a network user in a trusted domain. To specify a network user, include the domain name ( domain-name\) with the user name, as in KANSAS\DOLE, where KANSAS is the trusted domain in which the network user account resides, and DOLE is the user name of the user account in the trusted domain. | |
host-user-name | Specifies the OpenVMS user name to which the Advanced Server user name is to be mapped. More than one Advanced Server user can be mapped to the same OpenVMS user. |
computer-name |
Specifies a computer name as a name that identifies the computer on the
network. The
computer-name must be unique in the network.
The maximum number of characters is 15. |
domain-name |
Specifies the name of the domain. Except where noted, the default is
the domain currently being administered.
The maximum number of characters is 15. |
server-name |
Specifies the name of a server that is a member of the domain. The
default is the server currently being administered.
The maximum number of characters is 15. |
full-user-name |
Specifies the full, or complete, name for the user. Enclose the
full-user-name in quotation marks if it contains lowercase
letters, blanks (spaces) or other nonalphanumeric characters.
The maximum number of characters is 256. |
group-name |
Specifies the name of an Advanced Server group. A group name cannot be
identical to any other group or user name of the domain or computer
being administered.
The maximum number of characters is 20. |
[domain-name\] member-name | |
Specifies the users or groups as members of the group. Enclose the
member-name in quotation marks if it contains blanks (spaces)
or other nonalphanumeric characters.
When adding members to, or removing members from, a local group, you can specify user accounts or global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name in the format domain-name\member-name, such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. The maximum number of characters is 20. |
|
password |
Specifies the password for the user. Passwords are case sensitive.
Enclose the
password in quotation marks if it contains lowercase letters,
blanks (spaces) or other nonalphanumeric characters. If you enter
/PASSWORD with no value or an asterisk (*), you are prompted for the
password and its confirmation; the password is not echoed on your
terminal. When you are prompted, you need not use quotation marks.
The maximum number of characters is 14. |
old-password |
Specifies the current password for the user account. Passwords are case
sensitive. Enclose the
old-password in quotation marks if it contains lowercase
letters, blanks (spaces) or other nonalphanumeric characters. If you do
not specify
old-password, or specify it as an asterisk (*), you are
prompted for the password, which is not echoed on your terminal. When
you are prompted, you need not include quotation marks.
The maximum number of characters is 14. |
queue-name | Specifies the name of the queue. The maximum number of characters is 12. |
share-name |
The name of the share. If MS-DOS computers will connect to the share,
the
share-name can be up to 8 characters long, optionally followed
by a period and up to 3 more characters.
The maximum number of characters is 12. |
string |
Specifies descriptive information. Enclose the
string in quotation marks if it contains lowercase letters,
blanks (spaces) or other nonalphanumeric characters.
The maximum number of characters is 256. |
user-name |
Specifies the name of the user to be added. The
user-name must be unique within the domain or computer being
administered.
The maximum number of characters is 20. |
new-user-name |
Specifies the user name for the new user account.
The maximum number of characters is 20. |
workstation-name |
Specifies a workstation from which the user can log on to the domain.
The
workstation-name is the name of a workstation, or an asterisk
(*), to specify all workstations.
The maximum number of characters is 15. |
Adds a computer account to a domain's security database. Before a computer can join a domain, a computer account must be added to the domain's security database.The ADD COMPUTER command is useful only if you do not wish to give out the user name and password of an Administrator account in your domain to the administrator of the computer that will join your domain. If you do not wish to supply this information, use the ADD COMPUTER command to add the computer account to your domain before the computer's administrator joins the domain. If you supply password information to the administrator of the other computer, the administrator can use it when joining and the computer account will be added to the domain automatically.
The ADD COMPUTER command is not necessary for the primary domain controller; that computer is added automatically.
Note that until the intended computer account actually joins the domain, it is possible for a malicious user to give a different computer that computer name, and then have it join the domain using the computer account you have just created. If the added computer is a backup domain controller when it joins, it receives a copy of the domain's security database.
ADD COMPUTER computer-name [/qualifiers]
Use of this command requires membership in the Administrators local group.
computer-name
Specifies a 1 to 15 character name for the computer account to be added to the domain. The specified name cannot be the same as any other computer or domain name in the network.
/DOMAIN=domain-name
Specifies the name of the domain to which to add the computer account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./ROLE=role-type
Specifies the computer's role in the network. The role-type keyword can be one of the following:
Role-Type Specify if the computer is: BACKUP_DOMAIN_CONTROLLER A Windows NT or compatible backup domain controller SERVER Windows NT or compatible server, but not a primary or backup domain controller. WORKSTATION A Windows NT Workstation. This is the default. /SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add the computer account. Do not specify both /DOMAIN and /SERVER on the same command line.
LANDOFOZ\\TINMAN> ADD COMPUTER DOROTHY/ROLE=SERVER %PWRK-S-COMPADD, computer "DOROTHY" added to domain "LANDOFOZ" |
This example adds the computer named DOROTHY to the default domain (LANDOFOZ), as a Windows NT compatible server.
Adds a local or global group to a domain's security database, and optionally adds members to the group.
ADD GROUP group-name [/qualifiers]
Use of this command requires membership in the Administrators or Account Operators local group.
group-name
Specifies a 1 to 20 character name for the group to be added. A group name cannot be identical to any other group or user name of the domain or server being administered. It can contain any uppercase or lowercase characters except for the following:" / \ [ ] : ; | = , + * ? < >
/DESCRIPTION=string
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive information about the group. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank./DOMAIN=domain-name
Specifies the name of the domain to which to add the group. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./GLOBAL
Indicates that the specified group is to be added as a global group. This is the default if neither /GLOBAL nor /LOCAL are specified. Do not specify both /GLOBAL and /LOCAL on the same command line./LOCAL
Indicates that the specified group is to be added as a local group. By default, a group is added as a global group. Do not specify both /GLOBAL and /LOCAL on the same command line./MEMBERS=([domain-name]\member-name[,...])
Adds the specified members to the membership list of the group. If the group being added is a local group, you can add user accounts and global groups from the domain being administered and from domains it trusts.To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit a domain name, the user or group is assumed to be defined in the domain being administered.
If the group being added is a global group, you can add user accounts only from the domain being administered.
/SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add the group. Do not specify both /DOMAIN and /SERVER on the same command line.
#1 |
---|
LANDOFOZ\\TINMAN> ADD GROUP MUNCHKINS/MEMBERS=(SCARECROW,STRAWMAN) %PWRK-S-GROUPADD, group "MUNCHKINS" added to domain "LANDOFOZ" |
This example adds the global group named MUNCHKINS to the default domain being administered (LANDOFOZ). The group will contain as members, the users named SCARECROW and STRAWMAN. The group is added as a global group because neither the /GLOBAL nor /LOCAL qualifiers were specified, and /GLOBAL is the default.
#2 |
---|
LANDOFOZ\\TINMAN> ADD GROUP WINKIES/LOCAL - _LANDOFOZ\\TINMAN> /MEMBERS=(MUNCHKINS,KANSAS\WIZARD) %PWRK-S-GROUPADD, group "WINKIES" added to domain "LANDOFOZ" |
This example adds the local group named WINKIES to the default domain being administered (LANDOFOZ). The group will contain as members, the global group MUNCHKINS from the LANDOFOZ domain, and the user WIZARD from the trusted domain KANSAS.
Adds a user account mapping between an Advanced Server user account and an OpenVMS user account.
ADD HOSTMAP [domain-name\]server-user-name host-user-name [/qualifier]
Use of this command requires membership in the Administrators local group. This command is valid only for OpenVMS servers.
[domain-name\]server-user-name
Specifies the Advanced Server user name to be mapped to an OpenVMS user name. You can map a network user in a trusted domain to an OpenVMS user. Specify the domain-qualified user name in the format domain-name\server-user-name, such as KANSAS\DOLE, where KANSAS is the trusted domain, and DOLE is the user name of the user account defined in the trusted domain. If you omit a domain name, the user account is assumed to be defined in the domain of the server currently being administered.An Advanced Server user can be mapped to only one OpenVMS user.
host-user-name
Specifies the OpenVMS user name to which the Advanced Server user name is to be mapped. More than one Advanced Server user can be mapped to the same OpenVMS user.
/SERVER=server-name
Specifies the name of the server to which to add the host account mapping. The default is the server currently being administered.
LANDOFOZ\\TINMAN>ADD HOSTMAP SCARECROW STRAWMAN %PWRK-S-HOSTMAPADD, user "SCARECROW" mapped to host user "STRAWMAN" |
This example adds a user account mapping for the Advanced Server user SCARECROW, to the OpenVMS user STRAWMAN, on the server currently being administered (TINMAN).
Creates an Advanced Server print queue. A print queue can be either a printer queue associated with a physical printing device, or a routing queue that routes print requests to one or more printer queues.
ADD PRINT QUEUE queue-name {/PRINTER | /ROUTE_TO} [/qualifiers]
Use of this command requires membership in the Administrators, Server Operators, or Print Operators local group. This command is valid only to OpenVMS servers.
queue-name
Specifies a name for the queue to be added. The queue name may be 1 to 12 characters if the queue is a routing queue, or 1 to 8 characters if the queue is a printer queue. You specify the type of queue, printer or routing, with the /PRINTER and /ROUTE_TO qualifiers, respectively.
/DESCRIPTION=string
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information about the queue. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank./PRINTER=device-name
Indicates that the queue to be added is a printer queue, and specifies the physical device name or port to which the printer is physically connected. This is the actual OpenVMS system device, for example, OPA0, TTA2, TXA7, or LTA201. You must specify either the /PRINTER or /ROUTE_TO qualifier. Do not specify both /PRINTER and /ROUTE_TO on the same command line./ROUTE_TO=(printer-queue[,...])
Indicates that the queue to be added is a routing queue, and specifies one or more printer queues to which to route print jobs. You must specify either the /PRINTER or /ROUTE_TO qualifier. Do not specify both /PRINTER and /ROUTE_TO on the same command line./SERVER=server-name
Specifies the name of the server on which to create the print queue. The default is the server currently being administered./TYPE=printer-type
Specifies the type of printer when adding a printer queue. The printer-type keyword can be one of the following:
Printer-Type Type of Printer DL1100 DEClaser 1100 DL2100 DEClaser 2100 DL2100P DEClaser 2100 Plus DL2200 DEClaser 2200 DL2200P DEClaser 2200 Plus DL3200 DEClaser 3200 LN03 DIGITAL LN03 LN03P DIGITAL LN03 Plus LA50 DIGITAL LA50 LA70 DIGITAL LA70 LA75 DIGITAL LA75 LA210 DIGITAL LA210 LA324 DIGITAL LA324 LG01 DIGITAL LG01 LG02 DIGITAL LG02 LG06 DIGITAL LG06 LG31 DIGITAL LG31 LJ250 DIGITAL LJ250 FX850 EPSON FX850 FX1050 EPSON FX1050 HP_LASERJET Hewlett-Packard LaserJet IID PROPRINTER IBM Proprinter SILENTWRITER NEC Silentwriter 2, model 290 (not PostScript) GENERIC All other printer types (the default). Do not use the /TYPE qualifier with the /ROUTE_TO qualifier.
#1 |
---|
LANDOFOZ\\TINMAN> ADD PRINT QUEUE TOTO/PRINTER=LTA201/TYPE=DL3200 - _LANDOFOZ\\TINMAN> /DESCRIPTION="Dot's Printer" %PWRK-S-QUEADD, queue "TOTO" added on server "TINMAN" |
This example adds the printer queue TOTO to the server currently being administered (TINMAN). The printer is connected to LTA201 and is a DEClaser 3200. The description for the print queue is "Dot's Printer."
#2 |
---|
LANDOFOZ\\TINMAN> ADD PRINT QUEUE GLENDA/ROUTE_TO=(TOTO,WIZ) - _LANDOFOZ\\TINMAN>) /DESCRIPTION="Printers in the Land of Oz" %PWRK-S-QUEADD, queue "GLENDA" added on server "TINMAN" |
This example adds a routing queue named GLENDA to the server currently being administered (TINMAN). The print jobs are routed to either of the two printer queues: TOTO or WIZ. The description for the print queue is "Printers in the Land of Oz."
Previous | Next | Contents | Index |