Previous | Contents | Index |
PATHWORKS Advanced Server can validate requests of users to log on to the network. Logon validation, provided by the NetLogon service, allows the following:
In a domain, all servers that run the NetLogon service use identical
copies of the same domain-wide user accounts database. You create the
master user accounts database for the domain when you configure the
primary domain controller. This database is automatically copied to the
backup domain controllers in the domain that are running the NetLogon
service. You do not have to create user accounts separately on each
server. The user accounts database is sometimes called the Security
Account Management (SAM) database.
1.3.6 Logon Scripts
As the server administrator, you can use logon scripts to configure the
working environments of your users by allowing them to automatically
make network connections and start applications. The network
administrator can create logon scripts and then assign a different
logon script to each user, or create a logon script for multiple users.
A logon script runs automatically whenever a user logs on at a
workstation running Windows NT, Windows for Workgroups, or Windows 95.
1.3.7 Home Directories
As the server administrator, you may want to assign a user a home
directory on a server. Users can store private data in their home
directories and have access control over these directories to restrict
or grant access to other users. If users have home directories on
computers other than their own, connections can be made automatically
to home directories whenever users log on. Depending on the client
operating system, you may need to specify the home directory in a logon
script. (The term "computer," in this context, refers to a
client, server, or workstation in a domain.) For information about how
to specify a logon script and home directory for a user account, see
Section 3.3, Managing PATHWORKS Advanced Server User Accounts.
1.3.8 OpenVMS External Authentication
With OpenVMS V7.1 and higher, you can configure external
authentication. External authentication allows PATHWORKS
Advanced Server users to log in to the OpenVMS system using their
PATHWORKS Advanced Server user name and password, eliminating the
need to maintain a separate password for their OpenVMS and
PATHWORKS Advanced Server user accounts. The OpenVMS and
PATHWORKS Advanced Server passwords are automatically synchronized.
For more information about external authentication, see Section 3.3.13, Enabling PATHWORKS External Authentication.
1.3.9 PATHWORKS Licensing
To access the PATHWORKS Advanced Server, clients must be properly
licensed with a valid PATHWORKS Advanced Server license.
PATHWORKS Advanced Server includes the PATHWORKS license server,
which distributes licenses to clients before the first connection to a
network resource. The PATHWORKS License Registrar validates
licenses before subsequent connections and distributes server-based
licenses. The PATHWORKS for OpenVMS Server Installation and Configuration Guide describes how to install the
license server. Refer to the Advanced Server for OpenVMS Guide to Managing Advanced Server Licenses for more
information about PATHWORKS licensing.
1.4 Resource Sharing
Sharing is the process of making hardware and data available to users. PATHWORKS Advanced Server shares resources, such as directories and printers. As the administrator, you make resources available by assigning each resource a share name. The server uses security features to control access to the resources it shares.
Users gain access to a shared resource by using the assigned share name
to connect their computers to the server that provides the resource. As
the administrator, you define which resources to share, which users can
access them, and the type of access each user can have.
1.4.1 Disk Directories
PATHWORKS Advanced Server lets you share a directory on a disk by defining a share name for the directory. You then specify which users can access this resource by assigning access permissions to the directory or to files in the directory tree.
PATHWORKS Advanced Server automatically shares the root directory of all disk devices connected to the server that are mounted when you start the server process. This type of share is called an autoshare. It is accessible by Administrators only.
PATHWORKS Advanced Server lets you audit user attempts to access shared files or directories. You specify the types of access attempts to be audited. When one of those events occurs, PATHWORKS Advanced Server records an entry in the Security event log.
For information about setting permissions and auditing for individual
files and directories, see Chapter 4, Managing Directory and File Sharing.
1.4.2 Printers
PATHWORKS Advanced Server lets you share printers connected to the servers in a domain. With PATHWORKS Advanced Server, you can:
For information about managing print shares and queues, see
Chapter 5, Managing Shared Printers.
1.5 Monitoring Events and Troubleshooting
PATHWORKS Advanced Server provides log files for monitoring server resource use and for recording client and server problems.
Auditing allows you to record server resource use. It can provide the following information about each access attempt:
The event log records client and server events. It contains the following information about each event:
For information about setting auditing for specific events and about
troubleshooting server problems, see Chapter 6, Monitoring Events and Troubleshooting.
1.6 Network Administration Interfaces
You can administer PATHWORKS Advanced Server, another server, or a workstation in the network, from either the OpenVMS server or from a workstation, using one of the interfaces listed in the following table.
Computer Type | Interface |
---|---|
PATHWORKS for OpenVMS (Advanced Server) |
Includes the following:
|
Windows NT Server | Windows NT server administration tools (Windows-based interfaces, including Server Manager, Print Manager, User Manager for Domains, and Event Viewer). |
PATHWORKS V5 for OpenVMS (LAN Manager) | ADMIN/PATH utility (a character-cell user interface), or Net commands (a command-line interface). |
LAN Manager V2. x (retail) servers | Net commands (a command-line interface), or NET ADMIN (a character-cell interface). |
Advanced Server for DIGITAL UNIX | Advanced Server for DIGITAL UNIX pwadmin commands (a command-line interface), or net commands (limited functions). |
DOS client | Net commands (a command-line interface). |
Windows, Windows NT, or Windows 95 client | MS-DOS Net interface (a command-line-interface), or Windows NT server administration tools (Windows-based user interfaces). |
You control most aspects of the PATHWORKS Advanced Server using the PATHWORKS ADMINISTER command line interface. You invoke the PATHWORKS ADMINISTER command line interface by entering the ADMINISTER command in response to the OpenVMS system prompt. The PATHWORKS command line interface prompts you with the name of the domain and the name of the server you are currently administering. For example:
$ ADMINISTER LANDOFOZ\\TINMAN> |
In this example, you are managing a domain called LANDOFOZ and a server called TINMAN. Once you have invoked the command line interface, you can enter any number of ADMINISTER commands.
You can also execute ADMINISTER commands on the DCL command line in the following way:
$ ADMINISTER SHOW SHARES Shared resources on server "TINMAN": Name Type Description ------------ --------- ------------------------------------------ DICK Printer Dick's print share EXAMPLE Directory NETLOGON Directory Logon Scripts Directory PWLICENSE Directory PATHWORKS Client License Software PWLIC Directory PATHWORKS Client License Software PWUTIL Directory PATHWORKS Client-based Utilities USERS Directory Users Directory Total of 7 shares $ |
In this example, the command line interface executes a single command and returns you to the OpenVMS system prompt.
The ADMINISTER command line interface will prompt you for information required for a given command if you do not supply it on the command line. For example, you can log on to the network using the LOGON command, as follows. Note that the password is required, so the software prompts you for it. (The password is not displayed as you enter it.)
$ ADMINISTER LANDOFOZ\\TINMAN> LOGON ADMINISTRATOR Password: The server \\TINMAN successfully logged you on as Administrator. Your privilege level on domain LANDOFOZ is ADMIN. The last time you logged on was 07/19/98 06:41 PM. LANDOFOZ\\TINMAN> |
The PATHWORKS command line interface has online help that describes command syntax, options, and qualifiers. It also explains each command and gives examples of command use.
To use online help, enter one of the following commands:
Syntax | Information Provided |
---|---|
$ ADMINISTER HELP | A list of help topics |
$ ADMINISTER HELP command | The description, syntax, qualifiers, and examples for the specified ADMINISTER command |
$ ADMINISTER
domain\\ server> HELP |
A list of help topics |
The Help file for the PATHWORKS Advanced Server ADMINISTER command line interface has the same structure as an OpenVMS DCL Help file.
For complete information on ADMINISTER commands and their syntax, see
the Advanced Server for OpenVMS Commands Reference Manual or the ADMINISTER command line
interface Help file.
1.7.2 Administering Domains and Servers
There are two types of PATHWORKS Advanced Server ADMINISTER commands:
By default, commands are executed on the domain and server indicated by the ADMINISTER command line interface prompt. For example, the following prompt indicates the domain currently being administered is LANDOFOZ, and the server is TINMAN:
LANDOFOZ//TINMAN> |
You can use the SET ADMINISTRATION command to administer another domain or server. For more information, see Chapter 2, Managing Domains and Servers.
If you have OpenVMS system management privileges SYSPRV and OPER on the system, you can execute any ADMINISTER command on the local server without logging on to the network. In this case, you are treated as if you had logged on to the network as Administrator. If you do not have these OpenVMS privileges, or if you wish to manage a server other than your local server, you must log on to the network using the LOGON command and provide the required password for a user account that is a member of the Administrator's group (for example, the Administrator user account).
To log on to the network, use the LOGON command. For example:
LANDOFOZ//TINMAN> LOGON Username: ADMINISTRATOR Password: The server \\TINMAN successfully logged you on as Administrator. Your privilege level on domain LANDOFOZ is ADMIN. The last time you logged on was 07/19/98 06:41 PM. LANDOFOZ\\TINMAN> |
You are prompted for your user name and password. The password is not displayed as you enter it. Once you log on to the domain, you remain logged on after you exit from the ADMINISTER command interface. To log off the domain, use the LOGOFF command.
You can administer another server using the TELL command. The TELL command sends the command to be executed to the specified server. In the following example, the server currently being administered is TINMAN, and the other server is WOODMAN. The command to be executed on server WOODMAN is SHOW COMPUTERS.
LANDOFOZ//TINMAN> TELL WOODMAN SHOW COMPUTERS %PWRK-I-SRVINFO, the server type is: Advanced Server 3.51 for OpenVMS Computers in domain "LANDOFOZ": Computer Type Description -------------------- ------------------------- -------------------------- [PD] TINMAN OpenVMS 3.51 Primary PATHWORKS V6.0 for OpenVMS (Advanced Server) [BD] WOODMAN OpenVMS 3.51 Backup PATHWORKS V6.0 for OpenVMS (Advanced Server) Total of 2 computers LANDOFOZ//TINMAN> |
Be sure to use the proper command sytax for the server you are administering. For example, to administer a server running PATHWORKS V5 for OpenVMS (LAN Manager), you use PATHWORKS LAN Manager NET commands. In the following example, the PATHWORKS LAN Manager server name is QUEEN.
LANDOFOZ//TINMAN> TELL QUEEN NET SHARE %PWRK-I-SRVINFO, the server type is: LAN Manager 2.2 for OpenVMS Sharename Resource Remark --------------------------------------------------------------------------- ADMIN$ Remote Admin C$ USERS:[PWRK$ROOT] PATHWORKS share IPC$ Remote IPC USERS$ _QUEEN$DUA1: ODS-2 volume USERS: VAXVMSV0.55$ _QUEEN$DUA2 ODS-2 volume VAXVMSV0.55: NETLOGON Logon Users Directory PWUTIL C:[LANMAN.SHARES.WIN] PATHWORKS Client-based Utilities RONNIE USERS:[RONNIE] RPL C:[LANMAN.RPL] Remoteboot server share RPLFILES C:[LANMAN.RPL.RPLFILES] Remoteboot server share USERS Logon Users Directory The command completed successfully LANDOFOZ//TINMAN> |
Some of your network users may be designated as members of administrative groups, such as account operators, print operators, server operators, or administrators. These users have administrative or operator privileges that enable them to perform specific tasks, as described in the following table.
Group Name | Tasks |
---|---|
Account Operators | Create and manage user accounts and global and local groups. |
Administrators | Access servers and computers from network, take ownership of files, manage auditing and security logs, perform all account operator tasks, assign use rights, create groups, keep a local profile, share and stop sharing directories, files, and printers. |
Print Operators | Keep a local profile; share and stop sharing printers. |
Server Operators | Access servers and computers from network, take ownership of files, manage auditing and security logs, share and stop sharing directories, files, and printers. |
If you have different operators responsible for different parts of your network and you do not want to assign them full administrative privileges, make them members of operator groups only at the server they can administer.
Previous | Next | Contents | Index |