Compaq Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index


SET COMPUTER

Sets the role of the server in the domain and controls domain synchronization.

Format

SET COMPUTER computer-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators local group.

Related Commands

ADD COMPUTER
REMOVE COMPUTER
SHOW COMPUTERS

Parameters

computer-name

Specifies the name of the computer whose attributes are to be affected.

Qualifiers

/ACCOUNT_SYNCHRONIZE

Normally, synchronization of primary domain controller (PDC) and backup domain controller (BDC) security/accounts databases occurs without user intervention. Use the SET COMPUTER command with the /ACCOUNT_SYNCHRONIZE qualifier in those rare circumstances when PDC and BDC databases get out of synchronization.

If you specify the PDC of a domain with the SET COMPUTER command, /ACCOUNT_SYNCHRONIZE causes the PDC to send a synchronize status message to all BDCs in the domain. (Normally, the PDC sends synchronize status messages to all BDCs in the domain at regular intervals.) Each BDC that receives the status message uses it to determine whether its databases are synchronized with the PDC's databases. If the status message indicates to a BDC that the PDC's databases contain changes that are not represented in the BDC's databases, the BDC will request a partial synchronization. The PDC sends the BDC only those database elements that were changed since the last time the BDC received a status message.

If you specify the BDC with the SET COMPUTER command,
/ACCOUNT_SYNCHRONIZE causes the BDC to request a full synchronization.

Do not specify a member server with the
SET COMPUTER/ACCOUNT_SYNCHRONIZE command.

/AUTOSHARE_SYNCHRONIZE

Causes the computer to synchronize its list of autoshares. This qualifier is valid only to Compaq OpenVMS servers.

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/DESCRIPTION="string"

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the computer. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION indicates that the description is to be blank.

/ROLE=role-type

Sets the computer's role in the network to be either a primary or backup domain controller. The role-type can be either PRIMARY_DOMAIN_CONTROLLER or BACKUP_DOMAIN_CONTROLLER.

Only a computer whose current role is backup domain controller can have its role changed to primary domain controller. When this occurs, the existing primary domain controller (if it is available to the network) will automatically be demoted to backup domain controller.

A primary domain controller can only have its role changed to backup domain controller if another computer in the domain is acting as the current primary domain controller. This could happen if a backup domain controller was promoted to primary domain controller while the original primary domain controller was not available to the network. When the original primary domain controller is restarted, use this command to explicitly demote it to backup domain controller.

Do not use the SET COMPUTER/ROLE command to change the role of an Advanced Server domain controller to a member server, or vice versa. Use the SYS$UPDATE:PWRK$CONFIG command procedure.


Examples

#1

 LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE 
 %PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful 
      

This example causes the computer TINMAN to resynchronize its list of autoshares.

#2

 LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/ACCOUNT_SYNCHRONIZE 
 
 Resynchronizing the "LANDOFOZ" domain may take a few minutes. 
 
 Do you want to continue with the synchronization  [YES or NO] (YES) : 
 %PWRK-S-ACCSYNCHED, account synchronization was successful 
      

This example synchronizes the accounts databases on all backup domain controllers in the LANDOFOZ domain, with the primary domain controller TINMAN.

#3

 LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ACCOUNT_SYNCHRONIZE 
 
 Resynchronizing "DOROTHY" with its Primary Domain Controller "TINMAN" 
 may take a few minutes.  After the synchronization has completed, you 
 should check the Event Logs on "DOROTHY" and "TINMAN" to determine 
 whether synchronization was successful. 
 
 Do you want to continue with the synchronization [YES or NO] (YES) : 
 %PWRK-S-ACCSYNCHED, account synchronization was successful 
      

This example synchronizes the accounts database on the backup domain controller DOROTHY, with its primary domain controller TINMAN.

#4

 LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ROLE=PRIMARY_DOMAIN_CONTROLLER 
 
 Promoting "DOROTHY" to a Primary Domain Controller may take a few minutes. 
 
 Do you want to continue with the promotion [YES or NO] (YES) : 
 %PWRK-I-ROLESYNC, synchronizing "DOROTHY" with its primary 
 %PWRK-I-ROLENLSTOP, stopping the Net Logon service on "DOROTHY" 
 %PWRK-I-ROLENLSTOP, stopping the Net Logon service on "TINMAN" 
 %PWRK-I-ROLECHANGE, changing "TINMAN"'s role to Backup Domain Controller 
 %PWRK-I-ROLECHANGE, changing "DOROTHY"'s role to Primary Domain Controller 
 %PWRK-I-ROLENLSTART, starting the Net Logon service on "DOROTHY" 
 %PWRK-I-ROLENLSTART, starting the Net Logon service on "TINMAN" 
 %PWRK-S-ROLECHANGED, the computers role was successfully changed 
      

This example sets the backup domain controller named DOROTHY to be the primary domain controller in its domain. The current primary domain controller, TINMAN, is demoted to a backup domain controller.


SET FILE

Sets or modifies auditing or permissions on directories and files within a shared directory.

Format

SET FILE path [[domain-name\]name[,...]] [/qualifiers]

restrictions

Use of this command does not require special group membership. However, you must have read permission to the files and directories you modify.

Related Commands

SHOW FILES
SHOW OPEN_FILES

Parameters

path

Specifies the UNC (Universal Naming Convention) path to the directory or file for which to set auditing or permission information.

[domain-name\]name

The name specifies one or more users or groups for which to set auditing or permissions.

You can specify users or groups in the domain being administered or in a trusted domain. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain of the server currently being administered.

To remove all auditing information or permissions for all users and groups from the specified directory or files, omit the list of names and use the /REMOVE qualifier to remove the desired information. If you specify a user or group, you must include the /AUDIT, /PERMISSIONS or /REMOVE qualifiers to specify an action to perform.


Qualifiers

/APPLY_TO=(option[,...])

Controls how existing files and other subdirectories are affected by the change in attributes. This qualifier is only valid if path specifies a directory. By default, the change in attributes is applied to the specified directory, and its existing files only. You use the /APPLY_TO qualifier to change this default behavior. The option keyword can be one or more of the following:
Option Description
[NO]FILES FILES applies changes to existing files in the directory and to the directory itself. NOFILES applies changes only to the directory itself. Changes are not applied to existing files in the directory. NOFILES is the default.
[NO]SUBDIRECTORIES
  SUBDIRECTORIES applies changes to all existing subdirectories under the directory and to the directory itself. If you also specify FILES, the changes apply to the existing files in the subdirectories as well. NOSUBDIRECTORIES prevents changes from being applied to subdirectories under the directory. NOSUBDIRECTORIES is the default.

/AUDIT=(audit-type[=(event[,...])][,...])

Specifies a list of events to set or clear for auditing. The /AUDIT qualifier is position-sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /AUDIT values of their own; otherwise it pertains only to the name on which it is specified. The audit-type keyword can be one or more of the following:
Audit-Type Description
NONE Disables auditing of all failure and success events; cannot be specified with the FAILURE or SUCCESS audit-types
FAILURE Sets audit failure events
SUCCESS Sets audit success events

The FAILURE and SUCCESS audit-types are used to specify which failure and success audit events are to be enabled or disabled. Precede an event type with NO to disable auditing of that event. The event keyword can be one or more of the following:
Event Description
ALL Audits all events.
NONE No events will be audited.
[NO]READ For directories, audits display of file names, attributes, permissions, and owner. For files, audits display of file's data, attributes, permissions, and owner.
[NO]WRITE For directories, audits creation of subdirectories and files, changes to attributes, and display of permissions and owner. For files, audits changes to the file's data or attributes, and display of permissions and owner.
[NO]EXECUTE For directories, audits display of attributes, permissions, and owner, and changing to subdirectories. For files, audits running of program files and display of attributes, permissions, and owner.
[NO]DELETE Audits deletion of the directory or file.
[NO]CHANGE_PERMISSIONS
  Audits changes to permissions for a directory or file.
[NO]TAKE_OWNERSHIP
  Audits changes in ownership of a directory or file.

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before removing all permissions from a directory or files. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/LOG

/NOLOG

Controls whether the SET FILE command displays the file specifications of each file after its attributes have been modified. The default is to display all files modified.

/PERMISSIONS=(access-type[,...])

Sets or modifies access permissions on a directory or file. The /PERMISSIONS qualifier is position-sensitive: if specified before any name parameters, it applies to all names in the list that do not have explicit /PERMISSIONS values of their own; otherwise it pertains only to the name on which it is specified. The access-type is the type of access to be granted.

All permissions can be removed by using the /REMOVE=PERMISSIONS qualifier without specifying a name. If you remove all permissions from a directory or file, no one will be able to access it, and only the owner will be able to change the permissions.

If path specifies a directory, the access-type keyword can be one of the following:
Directory Access Type Description
NONE Prevents any access to the directory or any of its files.
LIST Allows viewing file names and subdirectory names, and changing to the directory's subdirectories. Disallows access to files unless granted by other directory or file permissions.
READ Allows viewing file names and subdirectory names, changing to the directory's subdirectories, and viewing data in files and running applications.
ADD Allows adding files and subdirectories to the directory. Disallows access to files unless granted by other directory or file permissions.
ADD_AND_READ
  Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, and adding files and subdirectories to the directory.
CHANGE Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, and deleting the directory and its files.
FULL Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, deleting the directory and its files, changing permissions on the directory and its files, and taking ownership of the directory and its files.
DIRECTORY_SPECIFIC=( access[,...])
  Grants specific access rights to the directory. The access keyword can be one or more of the following:
Access Description
FULL Allows complete access to the directory
NONE Allows no access to the directory
READ Allows viewing the names of files and subdirectories
WRITE Allows adding files and subdirectories
EXECUTE Allows changing to subdirectories in the directory
DELETE Allows deleting the directory
CHANGE_PERMISSIONS
  Allows changing the directory permissions
TAKE_OWNERSHIP
  Allows taking ownership of the directory
FILE_SPECIFIC=( access[,...])
  Grants specific access rights to the files in the directory. The access keyword can be one or more of the following:
Access Description
NOT_SPECIFIED Indicates that no file-specific access permissions are specified; cannot be used with any other access permission
FULL Allows complete access to the file and its data
NONE Allows no access to the file
READ Allows viewing the file's data
WRITE Allows changing the file's data
EXECUTE Allows running the file if it is a program file
DELETE Allows deleting the file
CHANGE_PERMISSIONS
  Allows changing the file's permissions
TAKE_OWNERSHIP
  Allows taking ownership of the file

If path specifies a file, the access-type keyword can be one of the following:
Directory Access Type Description
NONE Prevents any access to the file. Specifying no access for a user prevents access even if that user belongs to a group that has access to the file.
READ Allows viewing the file's data and running the file if it is a program.
CHANGE Allows viewing the file's data, running the file if it is a program, changing the data in the file, and deleting the file.
FULL Allows viewing the file's data, running the file if it is a program, changing the data in the file, deleting the file, changing permissions on the file, and taking ownership of the file.
FILE_SPECIFIC=( access[,...])
  Grants specific access rights to the file. The access keyword can be one or more of the following:
Access Description
FULL Allows complete access to the file and its data
NONE Allows no access to the file
READ Allows viewing the file's data
WRITE Allows changing the file's data
EXECUTE Allows running the file if it is a program file
DELETE Allows deleting the file
CHANGE_PERMISSIONS
  Allows changing the file's permissions
TAKE_OWNERSHIP
  Allows taking ownership of the file

/REMOVE=(attribute[,...])

Removes a given attribute from the directory or file specified by path. The /REMOVE qualifier is position sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /REMOVE values of their own; otherwise it pertains only to the name after which it is specified. The attribute keyword can be one or more of the following:
Attribute Description
AUDIT Removes all auditing information for the specified directory or file
PERMISSIONS Removes all permission information for the specified directory or file

For any given name, the /PERMISSIONS qualifier overrides the /REMOVE=PERMISSIONS qualifier, and the /AUDIT qualifier overrides the /REMOVE=AUDIT qualifier.

/SERVER=server-name

Specifies the name of the server on which to set directory or file permissions. The default is the server currently being administered.

Examples

#1

 LANDOFOZ\\TINMAN> SET FILE STATES\KANSAS - 
 _LANDOFOZ\\TINMAN> MUNCHKINS/AUDIT=(SUCCESS=DELETE) 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\" modified 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\MYPROG.EXE" modified 
 %PWRK-S-FILESMODIFIED, total of 4 files modified 
      

This example sets auditing for all successful deletions done by members of the group MUNCHKINS to the directory, subdirectories and files of the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).

#2

 LANDOFOZ\\TINMAN> SET FILE/PERMISSIONS=READ STATES\KANSAS\*.DAT - 
 _LANDOFOZ\\TINMAN> MUNCHKINS,WIZARD,SCARECROW/PERMISSIONS=FULL 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified 
 %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified 
 %PWRK-S-FILESMODIFIED, total of 2 files modified 
      

This example grants the group MUNCHKINS and the user WIZARD, READ access, and the user SCARECROW FULL access to all .DAT files in the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).


Previous Next Contents Index