Part Two: Metering List of Topics 5.0 BrightWorks Metering 5.1 About BrightWorks' Metering Capability 5.1.1 The Purpose of Software Metering 5.1.2 Evolution of Software Metering 5.1.3 BrightWorks Metering Methods 5.2 BrightWorks' Metering Features 5.3 BrightWorks' Metering Components 5.3.1 The License Server NLM/VAP 5.3.2 The File Server Agent NLM for DOS 5.3.3 The Workstation Software Metering Agent for Windows 5.3.4 The Workstation Security Agent 5.3.5 The Usage Monitor 5.3.6 The View Users Utility 5.3.7 The Report Utility 5.4 How This Part Is Organized 5.5 Quick Start Guide 5.5.1 Load the NLMs. 5.5.2 Set up a Windows PC for Metering 5.5.3 NON-TSR METHOD 5.5.4 TSR METHOD 5.5.5 Automatic File Updating 5.5.6 Setting Up A Straight DOS PC For Metering 5.5.7 Locking Out Local Drives 5.5.8 SWATCHER & SMRAGENT 5.5.9 Activating Directory Trustee Rights 5.5.10 Software Updates 5.5.11 Virus Protection 5.5.12 Tutorial 6.0 Setting Up Metered Applications 6.1 Introduction 6.1.1 How BrightWorks' Metering Works 6.1.2 Access to Metering Setup Functions 6.1.3 What's in this Chapter 6.2 Metered Applications 6.3 Registering Applications for Software Metering 6.3.1 Trustee Rights 6.3.2 Modifying an Application's Metering Configuration 6.3.3 Modifying Trustee Rights 6.3.4 Deleting Rights 6.3.5 Deleting Metered Applications 6.4 Attaching to and Detaching from File Servers 6.4.1 Attaching to a File Server 6.4.2 Detaching from a File Server 7.0 Using the Security Features 7.1 Introduction 7.1.1 Access to Security Functions 7.1.2 What's in this Chapter 7.2 File Integrity Scanning 7.2.1 What Are Authorized Files? 7.2.2 Adding Authorized Files 7.2.3 Reprotecting Authorized Files 7.2.4 Deleting Authorized Files 7.3 Running Unauthorized Files 7.3.1 Using Run Unauthorized Files 7.4 Specifying the File Scan Interval 7.5 Specifying the Security Scan Interval 7.5.1 Specifying the Security Scan Interval 7.6 Disabling Local Drives 7.7 Restricting Local Execution 7.8 Specifying Security Exceptions 7.8.1 How Security Exceptions Work 7.8.2 Using Security Exceptions 8.0 Using the Administration Features 8.1 Introduction 8.1.1 Access to Metering's Administration Functions 8.1.2 What's in this Chapter 8.2 Viewing Metering Settings 8.3 Viewing Application Usage 8.4 Monitoring and Controlling Application Usage 8.4.1 Administering Current Users 8.4.2 Sending a Message to a Current User 8.4.3 Viewing Current Users' Information 8.4.4 Releasing a Current User from a Metered Application 8.4.5 Launching another BrightWorks Capability 8.4.6 Administering Queued Users 8.4.7 Sending a Message to a Queued User 8.4.8 Editing the Queued User List 8.4.9 Viewing Queued Users' Information 8.4.10 Launching another BrightWorks Capability 8.5 Modifying and Updating the Application Usage Graph 8.5.1 Modifying Application Information 8.5.2 Changing the Number of Maximum Concurrent Users 8.5.3 Changing Metered Application Information 8.5.4 Changing the Usage Scale 8.5.5 Changing the Colors Used in the Status Bar 8.5.6 Hiding or Showing the Status Bar 8.5.7 Performing Queries 8.6 Controlling Data Files 8.6.1 Configuration Options 8.6.2 Home Directory 8.6.3 Purging Stored Data 8.6.4 Purge Usage Information 8.6.5 Purge Security Information 9.0 Generating Reports 9.1 Introduction 9.1.1 Access to Report Functions 9.1.2 What's in this Chapter 9.2 Exporting Files 9.3 Generating Reports 9.4 The Report Window 9.5 Report Types 9.5.1 Metering Definitions 9.5.2 Application Summary 9.5.3 Application with User Detail 9.5.4 Application with User Summary 9.5.5 User Summary 9.5.6 User with Application Detail 9.5.7 User with Application Summary 9.5.8 File Integrity Activity Report 9.5.9 SPA Compliance 9.5.10 Software Purchase Forecast 9.5.11 Upgrade Purchase Forecast 10.0 Monitoring Tools for Network Users 10.1 Introduction 10.1.1 Access to the Monitoring Functions 10.1.2 What's in this Chapter 10.2 Viewing Application Usage 10.2.1 Monitoring Application Usage 10.2.3 Viewing Application Information 10.2.4 Viewing Current Users 10.2.5 Sending a Message to a Current User 10.2.6 Viewing Current Users' Information 10.2.7 Viewing Queued Users 10.2.8 Sending a Message to a Queued User 10.2.9 Viewing Queued Users' Information 10.3 Modifying and Updating the Usage Graph 10.3.1 Changing the Usage Scale 10.3.2 Changing the Colors Used in the Status Bar 10.3.3 Hiding or Showing the Status Bar 10.3.4 Performing Queries 10.4 Using DOS Slook 10.4.1 Using Slook 10.4.2 Viewing Current Users 10.4.3 Viewing Queued Users 11.0 Advanced Utilities 11.1 About the Metering Utilities 11.1.1 Utilities List 11.2 Swatcher TSR Method 11.2.1 Swatcher 11.2.2 Note About Swatcher 11.2.3 DSW 11.2.4 Potential DSW Problems 11.3 SYSMOD 5.0 BrightWorks Metering Welcome to BrightWorks' metering capability, the comprehensive software control solution for your local area network! NOTE: This chapter pertains to BrightWorks and SiteMeter. 5.1 About BrightWorks' Metering Capability BrightWorks' metering features controls your LAN software-so you stay legal. And it helps you reduce your software expenditures. In addition to offering industry-standard metering methods, BrightWorks' metering also includes an NLM-based process that both eliminates workstation administration and improves security. Plus BrightWorks provides comprehensive reports with all the management information you need to make informed decisions about your network. Because McAfee has been perfecting software metering since 1988, you are getting the most comprehensive package available. Take, for example, the ability to meter suites of applications (e.g., Microsoft Office). With BrightWorks, you can ensure accurate license compliance with groups of files which are governed by a single license agreement. 5.1.1 The Purpose of Software Metering Software metering puts control of all your network applications at your fingertips. With software metering you can: o Reduce software expenditures o Reduce training and administrative expenses o Enforce software license compliance o Track software usage 5.1.2 Evolution of Software Metering To provide network administrators with these benefits, an array of network metering utilities have been developed. The technology driving these application metering programs has evolved significantly. Today, License Server Application Programs Interface (LSAPI) is the proposed standard for software metering tools. Proposed Standard: LSAPI LSAPI works in conjunction with the license server to broaden the application of metering. Advantages: o Software metering benefits o Supports standard applications off the shelf o Selects license systems based on management requirements Microsoft, Novell, Lotus, IBM, Hewlett Packard and McAfee worked together to draft LSAPI. Expect this standard to become available during 1994. Generation 1: Menu-Based Metering With menu-based metering, users accessed applications via a menu system which tracked usage. Advantages: o Software metering benefits Disadvantages: o Easily circumvented o Not transparent to users o Time-consuming to set up o Required the use of menus Generation 2: Stub Application Metering The next generation introduced stub application metering. Impostor applications (which looked like the originals) tracked usage and then passed control to the actual applications. Advantages: o Software metering benefits o Transparent to users Disadvantages: o Easily circumvented o Required two files for each application o Intensive administration Generation 3: Workstation TSR Metering With this third generation of metering, a TSR (Terminate and Stay Resident) program interacts with the VAP/NLM to meter network software. It intercepts the user's request to run an application and asks the VAP/NLM for permission to execute the software. Advantages: o Software metering benefits o Option to disable local drives o Transparent to users o Cannot be circumvented Disadvantages: o Consumes memory at each workstation o Intensive administration Generation 4: The BrightWorks Metering Capability BrightWorks' metering capability is the first software metering package which offers file server and workstation agent metering to give you these advantages: o Software metering benefits o No workstation TSR required for metering o Architecture for multiple workstation platform support (DOS, Windows, Unix) o Minimal administration with native Windows interface o NLM implementation centralizes control and prevents circumvention o Transparent to users o Framework for LSAPI support BrightWorks offers all of the advantages of using workstation and file server agents to meter network software. It also has the architecture in place for future developments in software metering technology. 5.1.3 BrightWorks Metering Methods By providing these options, you can choose the method best suited to your network needs. Multiple methods can be loaded on the same network simultaneously. File Server Agent Method for DOS By using a file server agent to meter your DOS based network software, no workstation software is required. Because software usage is tracked at the system level, you gain: o Compatibility with NetWare 3.x o Tracking of all DOS software at the file server via the NLM o Metering without workstation software This method involves the Proxy NLM directly. To use this option you must be running NetWare 3.x. Before a user fully loads an application, the Proxy NLM intercepts the request and checks to verify that the application is available. If the NLM grants permission, the user is permitted to use the application. Using the Proxy NLM does not consume any additional memory on the workstation and is the least intrusive method of providing software metering. Workstation Agent Method for Windows Similar to the File Server Agent Method for DOS, the Workstation Agent Method for Windows intercepts software usage requests at the system level. Plus the Workstation Agent Method for Windows provides a framework for future LSAPI support. This method provides: o Compatibility with NetWare 3.x o Tracking for all Windows software usage via the workstation agent and the NLM o Metering without workstation TSRs This workstation agent interacts with the File Server License NLM to meter network software. It is loaded onto workstations in a batch file called SMRUSER.BAT. Workstation Security Agent In addition to multiple methods of metering, the metering capability also provides an optional workstation security agent. This method: o Is compatible with NetWare 2.x and 3.x o Tracks all DOS and Windows software usage via the workstation TSR and file server NLM or VAP o Can disable local drives o Can prevent execution of local files The metering's workstation security agent is Swatcher and is a DOS TSR which requires 5K. Swatcher is included in the package but should be loaded only if the above capabilities are required. You can also load Swatcher for metering purposes if you choose not to use the file server agent method for metering DOS applications. 5.2 BrightWorks' Metering Features BrightWorks offers a comprehensive set of features and a wide range of capabilities: o Metering for individual DOS and Windows programs (or suites of programs) via fourth generation agent based metering o Optional workstation security agent o Real time trustee rights tied to applications to protect sensitive files o Real time graphical display of application usage o Valuable application usage summaries and reports o File protection against possible virus infection o Automatic notification for users when applications become available o Windows compatibility and native Windows console o Security for your network with optional password protection and VAP/NLM technology These features allow you to: o Assure compliance with software license agreements o Prevent users from using local drives (with optional security agent) o Determine software license requirements based on actual usage o Prevent costly downtime caused by virus infection o Increase productivity by keeping your users informed about application availability o Monitor software usage on several servers simultaneously o Control your network by keeping it secure 5.3 BrightWorks' Metering Components The following sections list all the components of the metering capability. 5.3.1 The License Server NLM/VAP SITEMETR.NLM/SITEMETR.VAP is the module responsible for granting or denying permission to execute applications. It resides on the file server. Using this module with one of the metering methods, you can: o Control all access to metered applications o Track software usage on your network 5.3.2 The File Server Agent NLM for DOS SMRPROXY.NLM is the file server agent method of software metering and file protection. As users request permission to use applications, the File Server Agent NLM communicates with the License Server NLM/VAP. Using SMRPROXY.NLM, you can: o Determine if the applications are available to run o Meter software without any workstation software on DOS workstations for NetWare 3.x file servers 5.3.3 The Workstation Software Metering Agent for Windows SMRAGENT.EXE is a workstation agent that interacts with the File Server License NLM/VAP to meter network software. Using SMRAGENT.EXE, you can: o Track Windows application usage o Meter software without a workstation TSR 5.3.4 The Workstation Security Agent SWATCHER.COM is the workstation security agent method for software metering and file protection. It acts as a messenger between the application and the file server. Using SWATCHER.COM, you can: o Automatically log out users who have tried to circumvent BrightWorks' metering capability o Restrict local execution o Disable local drives 5.3.5 The Usage Monitor USAGE.EXE is a BrightWorks metering utility that you can make available to your network users. Using this Windows utility, the users can determine who is using a metered application in real time. With USAGE.EXE, the users can: o View a list of both current and queued users of an application o Send current or queued users a NetWare Send Message 5.3.6 The View Users Utility SLOOK.EXE is a DOS program that you can make available to your users to enable them to determine who is using a metered application in real time. Using SLOOK.EXE the users can: o View a list of current users of an application o Send current users a NetWare Send Message Using DOS Slook, a user with SUPERVISOR rights can: o View a list of queued users for an application o View a list of current users of an application 5.3.7 The Report Utility SREPORT.EXE generates a variety of reports with useful information about software usage on your network. Using this Windows application, you can: o Determine the number of concurrent, queued and peak users for an application o Identify the number of licenses needed to accommodate current need, as well as a 10% increase and a 20% increase o Access information about the activity on virus secured files and applications 5.4 How This Part Is Organized CHAPTER TOPICS 5.0 BrightWorks' Metering Background information about the metering capability, metering methods, and components. 6.0 Setting Up Metered Applications Complete reference on software metering. 7.0 Using the Security Features Complete reference on file protection and the security features. 8.0 Using the Administration Features Instructions on using the console and administration menus. 9.0 Generating Reports Detailed information on how to generate reports. 10.0 Monitoring Tools for Network Users Information on how to monitor usage for each application. 11.0 Advanced Utilities Complete descriptions of using Swatcher and SYSMOD. 5.5 Quick Start Guide This section provides instructions for configuring your network for metering. All the information provided in this section is described in detail throughout thispart of the BrightWorks manual. Use the following procedure to set up metering on your network. 5.5.1 Load the NLMs. 1. At the fileserver console prompt type, :Load SMRPROXY 2. Hit return. This will load both SITMETR.NLM and SMRPROXY.NLM on the fileserver. Both of these NLMs are required for metering to take place. 5.5.2 Set up a Windows PC for Metering There are several methods for setting up a Windows PC for metering. Choose from the following three methods described below. 5.5.3 NON-TSR METHOD This is also called the Workstation Agent Method. For the non-TSR method, the SMRAGENT Windows based driver must be loaded to meter both Windows and DOS programs run from Windows. SMRAGENT is copied into the \PUBLIC directory during the BrightWorks/SiteMeter installation. SWATCHER and SWINAPP are NOT required to be loaded on the PC for this method. 1. Place SMRAGENT on the load= line in the PC's WIN.INI file. It will then be loaded automatically when Windows is started. For example, LOAD=NWPOPUP.EXE F:\PUBLIC\SMRAGENT.EXE 5.5.4 TSR METHOD The TSR method is optional it is described here for those users who want to use it. 1. Load SWATCHER.COM before running Windows. You can do this in the AUTOEXEC.BAT file. A sample AUTOEXEC.BAT is as follows: IPX NETX F: SWATCHER You can also accomplish this in the SYSTEM LOGIN SCRIPT. An example Login Script would be: MAP S1: ... ... EXIT "LOADTSR.BAT" The batch file LOADTSR.BAT would be: SWATCHER NOTE: If the SWATCHER TSR method is used and the Security Scan Interval has been activated, the interval should be set to at least 2 minutes or greater to ensure that the users have enough time to log into the network and load SWATCHER before the SiteMeter NLM checks him or her for loading SWATCHER. Otherwise the user may be kicked off the network because they had too little time to login and load SWATCHER. Please see section 7.5 for more information on the Security Scan Interval. 2. Load SWINAPP.EXE on the load= line in the PC's WIN.INI file. For example, LOAD=NWPOPUP.EXE SWINAPP.EXE SWINAPP aids SWATCHER TSR in releasing locks on applications run from Windows. NOTE: Copy SWATCHER.COM and SWINAPP.EXE from the \BWORKS directory to the \LOGIN and \PUBLIC directories. SWATCHER.COM and SWINAPP.EXE are placed in the \BWORKS directory if you answered YES to install SWATCHER TSR during the BrightWorks\SiteMeter installation process. 5.5.5 Automatic File Updating If you have many PCs to update for SMRAGENT or SWATCHER, then you probably do not want to go to every single PC to update the WIN.INI or AUTOEXEC.BAT files. Fortunately, BrightWorks includes a file called SMRUSER.BAT in the \Public directory which will automatically make the SMRAGENT update or the SWATCHER/SWINAPP updates to the WIN.INI file. If you chose YES to install SWATCHER TSR during the installation, the SMRUSER.BAT file will add SWATCHER to the AUTOEXEC.BAT file and add SWINAPP to the WIN.INI file. If you chose NO to install SWATCHER TSR during the installation, the SMRUSER.BAT file will add SMRAGENT.EXE to the WIN.INI file. If you need to change the SMRUSER.BAT file, simply run the CUSTOM install and when prompted to install SWATCHER TSR, answer YES or NO for the appropriate SMRUSER.BAT file to be created. 1. Place the SMRUSER.BAT file in the SYSTEM LOGIN SCRIPT as follows: MAP INS S1:=C:\WINDOWS MAP INS S1:=C:\WIN31 INCLUDE SMRUSER.BAT MAP DEL S1: MAP DEL S1: NOTE: If the SMRUSER.BAT file is included in the system login script, a # sign must be placed in front of all of the SYSMOD statements in the SMRUSER.BAT file. For example, #SYSMOD WIN.INI REPLACEKEY LOAD SMRAGENT.EXE SMRAGENT.EXE 5.5.6 Setting Up A Straight DOS PC For Metering NOTHING must be loaded on a STRAIGHT DOS PC (without Windows) to meter DOS based programs. The only requirement is loading the SITEMETR NLM and the SMRPROXY NLM at the fileserver, which was done in the first section "Load the NLMS." The NLMs fully take care of metering DOS based programs on a straight DOS PC. 5.5.7 Locking Out Local Drives You can lock out local drives essentially making the PC diskless and preventing users from running Local .EXE or .COM programs. SWATCHER can be loaded on a DOS PC to enable the local drive lock out function to make a PC diskless or to disable local .exe or .com program execution (see Chapter 11 for more information on SWATCHER and DSW). 5.5.8 SWATCHER & SMRAGENT Please note that you cannot mix SWATCHER and SMRAGENT on the same PC. SWATCHER and SMRAGENT CANNOT be loaded on the same PC. Do NOT load SWATCHER and SWINAPP and SMRAGENT or SWATCHER and SMRAGENT on the same PC. Load SWATCHER and SMRAGENT on SEPARATE PCs. Either SMRAGENT will not load because SWATCHER is already loaded or metering problems may result. SWATCHER TSR and SWINAPP may be loaded on different PCs than SMRAGENT on the same network. For instance, PC 1 and PC 2 are on the same fileserver. PC 1 may load SWATCHER (or SWATCHER and SWINAPP for Windows) and PC 2 may load SMRAGENT for Windows. 5.5.9 Activating Directory Trustee Rights Directory Trustee Rights grant a user additional rights in specified directories when he or she runs a metered application. This is an OPTIONAL feature. See section 6.3.1 entitled "Trustee Rights" for further description. To assign trustee rights on a Windows Based PC, SMRAGENT must be loaded on the win.ini load= line for the Directory Trustee Rights to take effect. To assign trustee rights on a straight DOS based PC, nothing must be loaded on the PC. The NLMs do all the work. SWATCHER TSR may be optionally loaded. 5.5.10 Software Updates Please check Compuserve, GO BRIGHT, LIB 3 for any software updates to BrightWorks/SiteMeter. 5.5.11 Virus Protection SMRAGENT or SWATCHER is required for Windows based virus protection to be activated. See Chapter 7 for more information about virus protection. 5.5.12 Tutorial After reading the steps in the above sections, refer to the metering tutorial for a walk-through of the major metering features. 6.0 Setting Up Metered Applications Chapter 5 introduced BrightWorks' metering capability. This chapter explains in detail how to set up your software applications for software metering. NOTE: This chapter pertains to BrightWorks and SiteMeter. 6.1 Introduction Managing network software is a crucial task in maximizing LAN productivity. By maintaining control over your network applications, you can stay legal and ensure the most efficient use of LAN software. Effective management of network software requires controlling the number of simultaneous users of each software application. The maximum number of users differs with each software package and the number of licenses your company has purchased. BrightWorks' metering helps you keep track of this information, which is useful in determining the need for additional licenses of a particular software application. For example, suppose that you purchase 5 licenses of a word processing package. The metering reports indicate that all 5 copies are consistently in use with 3 users waiting in the queue for this application. This demonstrates the need to purchase additional licenses for this application. With software metering you only purchase the number of applications you need, reducing unnecessary software expenditures. BrightWorks' metering allows you to meter up to 200 files on a 286 file server and 500 files on a 386 file server. 6.1.1 How BrightWorks' Metering Works Think of the metering capability as a public library. You go to the library to check out a copy of a book (i.e., software). The library only has two copies of this book, and they are both checked out. The library places your name on a waiting list (i.e., queue); you then have the option to check out the book once it becomes available. Once the copy is available, the first person on the waiting list is notified. The library holds this book exclusively for this person for a predetermined amount of time (i.e., queue-back time). If after that time the person has not checked out the book, the next person on the list is notified of the book's availability. If no one else is waiting for the book, it is returned to the shelf for anyone's use. BrightWorks' metering works in much the same way. User requests to run applications go through the license server. This program checks for the application's availability; if it is available, the user is allowed to run the program. Once the maximum number of users is reached (as set by the network administrator), any further attempts to access the software are prevented. The metering capability then places all other potential users on a waiting list (queue), unless otherwise specified by the network administrator. Users that are placed in the queue are notified when a free copy of the application is available. The application is held for the exclusive use of the notified user for a specified number of minutes. If the user does not access the application within this time period, it is offered to the next user in the queue. 6.1.2 Access to Metering Setup Functions The functions needed to setup applications for metering are accessed in two ways: o by choosing the Metering button from the tool bar, or o by choosing the Metering command from the Administration menu. 6.1.3 What's in this Chapter The following chart describes the sections in this chapter: SECTION DESCRIPTION Metered Applications Describes the parts of a metered application. Registering Applications for Describes procedures for adding, Software Metering modifying and deleting metered applications in the metering capability. Attaching to and Detaching from Describes procedures for attaching File Servers to and detaching from file servers while using the metering capability. 6.2 Metered Applications A metered application is a software application(s) that has been registered with BrightWorks for software metering. When registering a file(s), you need to gather the following information for each application: o File(s) to Meter - the list of files to be registered. For example, wp.exe. You can also meter suites of applications, such as Microsoft Office, to ensure accurate license compliance. The executables for the applications in a suite would appear in this section. o Metered Application Name - the name of the application(s) to be registered. For example, WordPerfect. o Full Name - the entire name of the product or application. This field is ideal for entering descriptive information. For example, WordPerfect Version 5.1 for DOS. o Maximum Number of Concurrent Users - the total number of licenses purchased for this application. o Password - an optional password that restricts access to the metering configuration for this metered application. If you decide to assign a password to an application or to a suite of applications, you must supply this password before configuring this metered application (or suite) again. o Queue Back Time - the amount of time that the application (or suite) is held exclusively for a user waiting in the queue. o Directories in which Trustee Rights are Granted During Execution - an option that lets you grant temporary rights (trustee assignments) while an application (or suite) is running. 6.3 Registering Applications for Software Metering To control the number of simultaneous users of an application, you must register the application with BrightWorks. When registering a product, you need the information described in the previous section. Once a file is registered, BrightWorks ensures that only the specified number of concurrent users are using that application simultaneously. Use the following procedure to register an application for metering. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the Define Metered Applications command. The Define Metered Application dialog box displays. This dialog box displays all files currently registered to be metered. (If you have not registered any files for metering, the list will be blank.) This dialog box offers the following options: o Add - allows you to register an application for metering. o Modify - allows you to change the information already entered for a metered application. o Delete - allows you to remove an application from metering. o Attach to/Detach from File Servers - allows you to attach to or detach from different file servers while in BrightWorks. 2. Choose the Add button to register a metered application. The Add Metered Application dialog box displays. 3. Choose the Add button. The Browse for Files to Meter dialog box displays. 4. Select the appropriate filename (and directory, which is optional) from the list and choose the OK button to insert that filename in the File(s) to Meter text box. You can select multiple files for suite metering. NOTE: To include the file's entire path, select the Include Path option. The entire path and file name will be inserted in the File(s) to Meter text box. You are returned to the Add Metered Application dialog box. 5. Select the Metered Application Name text box and enter the metered application name. For example: WordPerfect. You cannot enter spaces in the metered application name. 6. Select the Full Name text box and type the full name of the application. You can also enter descriptive information about the application you are metering. For example: WordPerfect Version 5.1 for DOS. 7. Select the password text box and enter a password for this Metered Application (optional). Entering a password is optional. If you assign a password to this application or suite, you must provide this password before reconfiguring this metered application (or suite of applications). The password does not appear in the Password text box. NOTE: Assigning a password does not require users to enter that password before running the application. Instead it protects the metered application information you entered from any unauthorized changes. 8. Select the Maximum Number of Concurrent Users text box and enter the number of licenses you have purchased for this application. One is the default. 9. Select the Queue Back Time text box and enter an appropriate length of time. Entering a Queue Back Time is also optional. Queue Back Time is the length of time in minutes that an application is held exclusively for a queued user after he or she has been notified of its availability. If no time is specified, the queue-back feature is disabled. The default time is five minutes. 10. If you want to grant trustee rights continue with the next section. Otherwise, choose the OK button to exit this dialog box. If you choose the OK button, you have finished registering this application for software metering. NOTE: The information that you entered for the metered application can be changed if necessary. 6.3.1 Trustee Rights This option allows you to grant temporary rights (trustee assignments) to users while an application is running. This option is only in effect for users running NetWare 3.x. As the network administrator, you always have access to this feature, but only users running NetWare 3.x can be granted trustee assignments. For example, you can configure the metering of an application so that a user has rights to the ACCOUNTS directory only while he or she is running the Accounts Receivable package. This prevents users from copying/viewing/deleting financial data files from outside the application. Please note the following when using this option: o Rights for Named File Only - Secured Directory rights are available only for the file whose execution is being tracked. For example, if the application is WordPerfect (WP.EXE), you have Secured Directory rights while running this application. However, if you issue the DOS Shell command and exit into DOS, all rights are revoked until you EXIT back to WordPerfect. o Use Group Inheritance for Continuous Rights Inheritance - if you need a continuous "base" of rights in a directory affected by a Secured Directory definition, you MUST define those rights via SYSCON's Group Inheritance. o Supervisor Equivalent - if a user is a Supervisor or has Supervisor Equivalence, the Directory Security Mask feature does not affect that user. o Spawned Applications - if you define Directory Security for an application and that application calls another application (e.g., a menu system), the called application will not automatically receive Directory Security rights. If you wish the called application to have Directory Security rights, you must meter and grant rights to each called application. NOTE: You must have either SWATCHER.TSR or SMRAGENT loaded to activate the trustee windows necessary to assign rights to your network users. Use the following procedure to grant trustee rights. 1. From the Add Metered Applications dialog box, choose the Directories button. The Select a Drive/Directory dialog box displays. This dialog box allows you to traverse all directories. 2. Double click on the desired drive. A list of directories on that drive displays. 3. From the list, double click on the desired directory. The new drive/directory displays as your Current Directory. This is where you will grant trustee rights. 4. Choose the OK button to grant rights. The Select Rights Mask dialog box displays. 5. To assign rights, select the desired right from the Rights Available to Grant list and then choose the Include button. The right displays in the Rights Granted list. To include all rights, choose the Include All button. If you wish to remove a right you have already assigned, select the right from the Rights Granted list and then choose the Remove button. To remove all rights, choose the Remove All button. 6. Choose the OK button to exit the Select Rights Mask dialog box. In the Add Metered Applications dialog box, the rights you assigned and the directory in which they were assigned are shown in the text box. 7. Repeat steps 1 through 6 for all directories where you wish to grant rights. 8. Choose the OK button to exit the Add Metered Applications dialog box. Notice that the directories in which you granted rights are shown in the Directories in Which Trustee Rights are Granted list. This completes registering this metered application. 6.3.2 Modifying an Application's Metering Configuration You can modify any of the metered application information you provided when registering the software for metering. Use the following procedure to change metered application information. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the Define Metered Application command. The Define Metered Application dialog box displays. 2. Select the application you wish to modify. 3. Choose the Modify button. If the application does not have a password associated with it, the Modify Metered Application dialog box displays with all the information you provided when registering this application for metering. If the application (or suite) does have a password assigned to it, a dialog box displays prompting you to enter that password. Enter either the Metered Application or the Supervisor Password and then choose the OK button. 4. Select the file(s) you wish to modify from the File(s) to meter list box. This list box allows you to meter a suite of applications that share a license agreement. For example, if you have one license agreement which covers three applications, only one person should be able to access any of these three applications at one time (as opposed to three different users using the three different applications at one time). By selecting all the files belonging to a suite of applications, you can modify the name, password, maximum number of concurrent users, queue back time and trustee rights for all files under a single license. 5. Make all necessary changes to the information shown in the window by selecting the text box and typing the new data. NOTE: The changes you make do not take effect until you choose the OK button. The file server console reflects the changes made by displaying "Refreshing Filename Table for Metered Applications." 6. Choose the OK button to exit the Modify Metered Application dialog box and save your changes. You are returned to the Define Metered Application dialog box where you can either modify other applications or exit this dialog box by choosing the Close button. 6.3.3 Modifying Trustee Rights In addition to changing the metered application information described in the previous section, you can also reassign or delete the trustee rights you had previously granted. Use the following procedure to modify trustee rights. 1. From the Modify Metered Application dialog box, select the directory whose rights you wish to modify. 2. Choose the Modify Mask button. The Select Rights Mask dialog box displays. 3. Include additional rights by selecting the desired right from the Rights Available to Grant list and choosing the Include button. You can also include all available rights by choosing the Include All button. 4. Remove existing rights by selecting the desired right from the Rights Granted list and choosing the Remove button. You can remove all the granted rights by choosing the Remove All button. 5. Choose the OK button to exit the Select Rights Mask dialog box. The Modify Metered Application dialog box displays with the changes you made to the granted rights. 6.3.4 Deleting Rights You can also delete all the rights you assigned from the Modify Metered Application dialog box. NOTE: Deleting rights does not delete any of those rights which users may have permanently assigned to them through Novell's system. Use the following procedure to delete trustee rights. 1. Select the desired directory from the Directory In Which Trustee Rights Are Granted list. 2. Choose the Delete button. The rights are removed from this directory. 6.3.5 Deleting Metered Applications You can remove an application from the metering capability. This procedure does not remove the application from your network; it merely releases it from being metered by BrightWorks. Use the following procedure to delete applications from BrightWorks' metering capability. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the Define Metered Applications command. The Define Metered Application dialog box displays. 2. Select the application to delete. 3. Choose the Delete button. If the application has a password associated with it, you are prompted to enter that password. 4. From the prompt that displays, choose the Yes button to delete the metered application. 5. Choose the Close button to exit this window. 6.4 Attaching to and Detaching from File Servers BrightWorks' metering offers you flexibility in managing your network applications. Many of the Metering dialog boxes allow you to attach to and detach from file servers in a multi-server environment on your LAN. Using the Attach and Detach buttons, you can change file servers quickly and easily. In doing so, you can control metering on any file server you wish. This feature allows you to log in and out of file servers while using BrightWorks. This tool will be particularly useful when you register applications for software metering. The following section describes the attaching and detaching procedures. 6.4.1 Attaching to a File Server The steps outlined in these two sections describe attaching to and detaching from file servers from the Configuration Options dialog box. Many of BrightWorks' metering dialog boxes have Attach and Detach buttons. NOTE: If you choose these buttons from a dialog box, you can skip step 1 of these two procedures. Use the following procedure to attach to a file server. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the Configuration Options command. The Configuration Options dialog box displays. Your current server automatically displays; you can choose another server from this list box. 2. Choose the Attach button. The Attach to Server dialog box displays. 3. From the list box, select the file server to which you wish to attach. 4. Enter your user name and password to attach to that file server. 5. Choose the OK button to exit this dialog box. 6. Choose the OK button to exit the Configuration Options dialog box. 6.4.2 Detaching from a File Server Use the following procedure to detach from the current file server. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the Configuration Options command. The Configuration dialog box displays. Your current server automatically displays; you can select a different file server from this list box. 2. Choose the Detach button. The Detach from Server dialog box displays. 3. Select the desired file server from the drop-down list box. 4. Choose the OK button to detach from this file server. NOTES: a - You cannot detach from the file server from which BrightWorks was launched. b - You cannot detach from a file server if it is the only file server to which you are attached or if it is your current file server. 5. Choose the OK button to exit the Configuration Options dialog box. That concludes this chapter. The following chapter explains how to use the security features available with BrightWorks. 7.0 Using the Security Features Chapter 6 explained how to set up applications for software metering. This chapter explains how to use the security features available with BrightWorks. NOTE: This chapter pertains to BrightWorks and SiteMeter. 7.1 Introduction BrightWorks' metering offers a number of features that secure and protect your network software by preventing viruses and unauthorized access to local drives. The file integrity scanning feature guards your LAN against potential infection from viruses. A virus is an additional process that attaches itself to or maliciously alters an executable file. A virus can cause many problems on your network, such as: o Rename or destroy data o Create a program that can cause the workstation to hang or possibly crash o Cause a program to run in a continuous loop o Make a program consume more memory than is necessary With file integrity scanning you reduce the risk of virus infection. BrightWorks provides other security features related to local drive use. You can control which users have access to their local drives to prevent unauthorized software and program installation. With BrightWorks' metering, you can define rights to local execution for all users or for specific users. 7.1.1 Access to Security Functions The security functions are accessed in two ways: o by choosing the Security button from the tool bar, or o by choosing the Security command from the Administration menu. 7.1.2 What's in this Chapter The following chart describes the sections in this chapter: SECTION DESCRIPTION File Integrity Scanning Describes procedures for defining authorized files on your network. Running Unauthorized Files Describes procedures for allowing unauthorized files to run on your network. Specifying the File Scan Describes procedures for instructing Interval the metering capability how often it should check for unauthorized files on the network. Specifying the Security Scan Describes procedures for instructing the Interval metering capability how often it should check for network users who have not loaded Swatcher. Disabling Local Drives Describes procedures for denying users any access to their local drives. Restricting Local Execution Describes procedures for disallowing users to execute applications from their local drives. Specifying Security Exceptions Describes procedures for determining which users are allowed to use the network without loading Swatcher. 7.2 File Integrity Scanning To prevent virus infection, BrightWorks checks files for changes before allowing them to execute. The first step is registering (or authorizing) your files for scanning. Once you register your software, only files that have a fingerprint matching the fingerprint registered are allowed to run. Every time the file is run (or at specified intervals), the fingerprint value is recalculated and compared to the value that had been originally registered. If the two do NOT match, the file is not allowed to run. With this method of file protection it is not necessary to recognize a particular virus strain. Any byte change is detected and treated as a potential virus. This section describes the two steps to file integrity scanning: o Register (or Authorize) the files o Set the File Integrity Scan Interval 7.2.1 What Are Authorized Files? An authorized file is a file that has been registered for file integrity scanning. If a file is not an authorized file and you do NOT allow unauthorized files to be run, it will not be allowed to execute. Metering records the characteristics of each authorized file and stores this value in the NetWare bindery. With the security features included in BrightWorks' metering, you can: o Add - new files to the list of authorized files. o Reprotect - files that have been changed, as in the case of an upgrade. o Delete - files from the authorized files list. 7.2.2 Adding Authorized Files To register a file for virus protection, you need to add it to the list of authorized files. Use the following procedure to add a file to the authorized files list. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Define Authorized Files command. The Define Authorized Files dialog box. From this dialog box you can: o Add files to the Currently Authorized Files list. o Reprotect files that are already authorized. o Delete files that have been authorized. 2. Choose the Add button. The Browse for Files to Authorize dialog box displays. 3. Select the desired drive and directory. 4. Select a file from the File Name list. You can select all the files in this directory by pointing to the first file in the File Name list, holding down the left mouse button and dragging the cursor down. This highlights all the files that will be authorized. 5. Choose the OK button. Any files you just chose now appear in the Currently Authorized Files list. 7.2.3 Reprotecting Authorized Files You can reprotect a previously authorized file, which should be done for applications that have been upgraded. Reprotecting a file recalculates the file's checksum value. NOTE: If you are using Swatcher to meter and file protect your network, make sure Swatcher is not loaded when reprotecting a file. Use the following procedure to reprotect a file. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Define Authorized Files command. The Define Authorized Files dialog box displays. 2. Choose the file you wish to reprotect. 3. Choose the Reprotect button. A message displays at the bottom of the window indicating that the file is being updated for protection. NOTE: You can also reprotect a file by double clicking on the appropriate filename in the Currently Authorized Files list. 7.2.4 Deleting Authorized Files You can remove authorization from a file. This does not remove the file from the network; it merely removes the BrightWorks security protection features for the file. When you do this, the file will be allowed to execute regardless of any changes made to the file. (It will not, however, be allowed to run at all when unauthorized files cannot be run.) Use the following procedure to remove an authorized file from registration for file integrity scanning. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Define Authorized Files command. The Define Authorized Files dialog box displays. 2. Select the file to be deleted. 3. Choose the Delete button. A prompt displays asking you to verify your choice to delete the file protection from this file. 4. Choose the Yes button if you wish to remove the file protection. 7.3 Running Unauthorized Files This option instructs BrightWorks whether or not to permit execution of currently unauthorized files on the network. Using this option prevents unauthorized software from being run on the network. When this option is enabled, only the listed application files are allowed to run. The Specify Policy dialog box lets you specify on which file server(s) you wish to allow or disallow unauthorized files to run. NOTE: Make sure BWORKS.EXE is always an authorized file. If BWORKS.EXE is not an authorized file and you choose to use the unauthorized files option, you will NOT be able to run BrightWorks. Also make sure LOGIN.EXE is always an authorized file. If LOGIN.EXE is not an authorized file and you choose to use the unauthorized files option, users will be unable to log in to the network. 7.3.1 Using Run Unauthorized Files Use the following procedure to specify whether or not unauthorized files should be run. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Specify Policy command. The Specify Policy dialog box displays. This dialog box allows you to specify on which file servers you allow unauthorized files to run. The Current Server list box automatically displays your current server. You can attach to or detach from other file servers using the Attach and Detach buttons. NOTE: The default is to have the option enabled. Step 2 disables this option. 2. If you do not wish to allow unauthorized files to be executed, select the "Allow unauthorized files to be executed" option. The "x" disappears from the box, indicating that you do not allow files that are not authorized to run on the network. 3. Choose the OK button to save your change and exit the dialog box. 7.4 Specifying the File Scan Interval File Scan Interval tells BrightWorks how often to check the executable program against the registered copy of that file. To check a file every time it is requested, set the File Scan Interval to zero (0). If your file server has heavy network traffic, however, you may want to adjust this value to a figure more appropriate for your needs. The value can range from 0 to 1440 minutes (once every 24 hours). The value you set applies to ALL authorized files. Regardless of the value, the file is always checked against the registered copy the first time it is requested. If the field is set to 15 minutes, however, no matter how many times the file is executed it will not be checked again for 15 minutes after the first check. The first attempt to run the software after the 15 minute interval will reset the time interval. For example, you run LOTUS for the first time at 11:00 a.m. at which time BrightWorks' metering checks the file. The next time the file will be checked will be the first time it is requested after 11:15 a.m. (if the File Scan Interval has been set to 15). Use the following procedure to specify the file scan interval. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Specify File Scan Interval command. The Specify File Scan Interval dialog box displays. From this dialog box you can: o Set the scan interval o Attach to/Detach from a file 2. Use one of the following methods to set the interval and specify how frequently the metering capability checks the executable: o Click on the slide bar arrows to increment/decrement the value in one minute intervals, o Slide the slide bar to the appropriate value, or o Click on either side of the slide bar to increment/decrement the value by 10 minute intervals. 3. Once you have selected the appropriate time, choose the OK button. 7.5 Specifying the Security Scan Interval The Security Scan Interval is the length of time between Security Scan checks. This value indicates how frequently the metering capability scans the network to be sure users on the network either have loaded the Swatcher TSR or are listed as Security Exceptions. If a user is not a Security Exception and has not loaded Swatcher, the metering capability sends a NetWare Send message to the user indicating that he or she will be logged off the file server in 30 seconds. This allows the user enough time to save his or her work before being disconnected automatically from the network. The user must load Swatcher before logging in to the network again. NOTE: Trying to load Swatcher after receiving the 30 second warning will not prevent the user from being logged out. Setting the value to 0 minutes informs metering not to check if Swatcher is loaded. This is mandatory if you are NOT using the Swatcher TSR as your choice to meter and file protect your network. 7.5.1 Specifying the Security Scan Interval Use the following procedure to specify the security scan interval. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Specify Security Scan Interval command. The Specify Security Scan Interval dialog box displays. From this dialog box you can: o Set the scan interval o Attach to/Detach from file servers 2. Use one of the following methods to set the interval and specify how often BrightWorks' metering capability checks users for the Swatcher TSR: o Click the slide bar arrows to increment/decrement the value in one minute intervals, o Slide the slide bar to the appropriate value, or o Click on either side of the slide bar to increment/decrement the value in 10 minute intervals. NOTE: Setting the value to 0 minutes informs metering not to check if Swatcher is loaded. This is mandatory if you are NOT using the Swatcher TSR as your choice to meter and file protect your network. 3. Once you have selected the appropriate time, choose the OK button. 7.6 Disabling Local Drives This option allows you to specify whether or not to disable local drives entirely, essentially rendering the PC diskless. Disable Local Drives is only available if you use Swatcher, the workstation security agent method for metering and file protecting your LAN. To use this option you must specify a Novell Group in which users will not have access to their local disk drives. For example, you may want to create a group named NODRIVE. This NODRIVE group must be unique; the group you select for Disable Local Drives cannot also be used for Restrict Local Execution. NOTE: For information on creating these groups, refer to your Novell User Manuals. Use the following procedure to disable local drives. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Disable Local Drives command. The Disable Local Drives dialog box displays. From this dialog box you can: o Include groups o Remove groups o Attach to/Detach from file servers 2. If you wish to add a group to the Groups With Disabled Local Drives list, select the desired group from the Available Groups list and choose the Include button. The group is then moved from the Available Groups list to the Groups With Disabled Local Drives list. You can include all the available groups by choosing the Include All button. The groups you included now do not have access to their local drives. 3. If you wish to remove a group from the Groups With Disabled Local Drives list, select the desired group from this list and choose the Remove button. The group is then moved from the Groups With Disabled Local Drives list to the Available Groups list. You can remove all groups from the disabled drives list by choosing the Remove All button. The groups you removed now have access to their local drives. 4. When you have completed moving groups, choose the OK button to save your changes and exit. 7.7 Restricting Local Execution BrightWorks' metering provides an option that restricts execution of applications from local drives. By using this option, you can disallow network users from running applications or other programs from the hard drive. Users will still be able to access their local drives, but will not be able to run any applications locally. This feature provides an added layer of control over software usage on your network. NOTE: If you decide to use this option please refer to the section entitled DSW in Chapter 11. This option is only available if you are using Swatcher, the workstation security agent method of metering and file protecting your LAN. To use this option you must specify a Novell Group in which users will not be able to execute files from their local drives. For example, you may want to name this group NOEXEC. NOTE: For information on creating these groups, refer to your Novell User Manuals. Use the following procedure to restrict local execution. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Restrict Local Execution command. The Restrict Local Execution dialog box displays. From this dialog box you can: o Include groups o Remove groups o Attach to/Detach from file servers 2. To add a group to the Groups With Restricted Execution list, select the desired group from the Available Groups list and choose the Include button. The group is then moved from the Available Groups list to the Groups With Restricted Execution list. You can include all the available groups by choosing the Include All button. The groups you included now cannot execute applications from their local drives. 3. To remove a group from the Groups With Restricted Execution list, select the desired group from this list and choose the Remove button. The group is then moved from the Groups With Restricted Execution list to the Available Groups list. You can remove all groups from the restricted list by choosing the Remove All button. The groups you removed now can execute all applications from their local drives. 4. When you have completed moving groups, choose the OK button to save your changes and exit. 7.8 Specifying Security Exceptions If you are using Swatcher to meter and file protect your LAN, this option allows you to specify those users who are not required to load Swatcher. NOTE: If you decide to use this option please refer to the section entitled DSW in Chapter 11. The Security Exceptions is a list of users who are not required to load the Swatcher TSR when logging in to the network. 7.8.1 How Security Exceptions Work When using the Swatcher TSR method of metering and file protecting, you can set a Security Scan Interval. (Refer to the section Specify Security Scan Interval in this chapter.) This interval instructs the metering capability how often it should check to verify that all users have loaded the Swatcher TSR, except those specified in the Security Exceptions list. If a user is a member of this list, he or she will not be disconnected from the network if the metering capability finds that he or she does not have the Swatcher TSR loaded. 7.8.2 Using Security Exceptions Use the following procedure to define security exceptions. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Specify Security Exceptions command. The Specify Security Exceptions dialog box displays. From this dialog box you can: o Include users o Remove users o Attach to/Detach from file servers 2. To add a user to the Security Exceptions list, select the desired user from the Secure Users list and choose the Include button. The user is then moved from the Secure Users list to the Security Exceptions list. You can include all the Secure Users by choosing the Include All button. The users you included now are not required to load Swatcher when using the network. 3. To remove a user from the Security Exceptions list, select the desired user from this list and choose the Remove button. The user is then moved from the Security Exceptions list to the Secure Users list. You can remove all users from the security exceptions list by choosing the Remove All button. The users you removed now are required to load Swatcher. 4. When you have completed moving users, choose the OK button to save your changes and exit. That concludes this chapter. The following chapter explains how to use the metering's administration functions. 8.0 Using the Administration Features Chapter 7 explained the metering capability's file integrity scanning and security features. This chapter explains how to use metering's administration functions to monitor application usage on your network. NOTE: This chapter pertains to BrightWorks and SiteMeter. 8.1 Introduction BrightWorks' metering gives you the tools you need to administer your metered applications and monitor your network software usage. The metering capability is extremely flexible, giving you maximum control in administering your network. You can administer metering on different file servers and even launch another BrightWorks capability. Most of the administration functions described in this chapter can be accessed from the application usage graph, giving you maximum flexibility and control over your network applications. You can do all of the following to monitor your metered applications: o View the current metering settings o View a list of all the metered applications for a specified file server in addition to the number of current, peak and queued users and the number of licenses o View information about and send messages to both current and queued users, as well as release them from metering o Perform a query to update the application usage information throughout the network o Set the interval in which the application usage is updated o Set the high value for the usage scale o Conceal the status bar located at the bottom of the Application Usage dialog box o Purge stored data 8.1.1 Access to Metering's Administration Functions The metering administration functions are accessed in several ways: o by choosing the Monitor button from the tool bar, o by choosing the Monitoring command from the Administration menu, o by choosing the Security command from the Administration menu, or o by choosing the Hide/Show command from the File menu. 8.1.2 What's in this Chapter The following chart describes the sections in this chapter: SECTION DESCRIPTION Viewing Metering Settings Describes procedures for displaying a comprehensive list of settings about metering on your network file servers. Viewing Application Usage Describes procedures for accessing the Application Usage Graph. Monitoring and Controlling Describes procedures for viewing user information, sending Application Usage messages, releasing current users from metering, and launching another McAfee capability in a context-sensitive manner. Modifying and Updating the Application Describes procedures for changing the Usage Graph maximum number of concurrent users, changing the usage scale, changing the colors on the graph, performing a query, setting the query timer, and concealing the status bar. Controlling Data Files Describes procedures for specifying if historical data should be stored on a file server, purging usage data, and purging security data. 8.2 Viewing Metering Settings BrightWorks' metering lets you view all the metering settings for a file server. With this feature, you can access the following important information: o Current Server - indicates the file server to which you are presently attached. o SiteMeter NLM - indicates whether the SiteMeter NLM is active (loaded) or inactive. o SiteMeter Proxy NLM - indicates whether the SiteMeter Proxy NLM is active (loaded) or inactive. o Unauthorized Files - indicates whether unauthorized files are allowed to run. o File Integrity Status - indicates how often authorized files are checked for any changes. o Current Home Directory - indicates the directory where the SITEDATA, VIRUSDTA, and SMRPROXY files are located. o Swatcher Users - indicates whether users are checked to verify that the Swatcher TSR is loaded and also indicates the time interval in which they are checked. o Status of Swatcher - indicates whether or not Swatcher is loaded on the workstation. o Status of Windows Metering Agent - indicates whether or not SMRAgent is loaded on the workstation. Use the following procedure to view the current metering settings. 1. Choose the Metering command from the Administration menu. From the sub-menu that displays, choose the View Metering Status command. The View Metering Status dialog box displays. If you are not attached to the desired file server, use the Attach button. The current server displays automatically. You can view the settings for other file servers by choosing the desired file server from the list box. 2. Choose the Close button to exit this dialog box. 8.3 Viewing Application Usage The metering capability gives you the ability to view application usage on a specified file server. Using this feature, you can determine which applications are being used on the network, which applications have queued users, what the peak usage for an application is, and more. Use the following procedure to access the application usage graph. 1. Choose the Monitor button from the tool bar. The View Application Usage dialog box displays. 2. Select the desired file server. If you are not currently attached to the desired file server, choose the Attach button and then supply your user name and password for that file server. 3. Choose the OK button. The Application Usage window for the file server you have selected displays. From this window you can view in graph form the number of: o Current users of all metered applications o Queued users of all metered applications o Peak users of all metered applications (the total number of current users plus the total number of queued users) o Maximum Number of Concurrent Users of all metered applications (the total number of licenses purchased for this application) You can also view the following application information from this window: o Number of Current Users o Number of Queued Users o Number of Peak Users o Number of Licenses This information can be viewed either on the graph itself or with pop-up boxes. Use the following procedure to view this information with the pop-up boxes. 1. Select the desired application from the list along the left hand side of the window. When the cursor is in this area, it changes to a magnifying glass. 2. Hold down the left mouse button to display an information box that contains the above information. 8.4 Monitoring and Controlling Application Usage BrightWorks' metering gives you extensive monitoring capabilities over both current and queued users. You can view and even control a user's use of metered applications-all from the application usage graph. This section describes administering both current and queued users using the following tools: o View who the current and queued users are for an application o Send messages to current and queued users o Release current users from metering o Edit the queued user list o Launch another BrightWorks capability in a context-sensitive fashion NOTE: The steps in the rest of this section assume you have accessed the application usage graph. 8.4.1 Administering Current Users From the application usage graph, you can view the names of the individual users using an application, as reflected by the graph bars. This is particularly helpful if other users are trying to access an application. Once you find out which users are using the application currently, you can determine when a copy will be available by asking those users on the list how much longer they will be working in the desired application. Once you access this list, you have additional administrative options. Use the following procedure to view the names of the users who are currently using an application. 1. In the application usage graph, position the cursor to the area to the right of the application name within the graphic display. A small menu box should be attached to the bottom right of the arrow. If there is no menu box, the cursor is not pointing to a place where information is available. Information is available where the number of users (queued, peak and current) are displayed with graph bars. 2. Click here to display a pop-up menu. When the pop-up menu displays, the application in question is outlined in the list along the left hand side of the window. This menu contains the following items: o View Current Users - the list of users currently using this application o View Queued Users - the list of users who are currently waiting to use this application o Edit Queued User List - list of queued users who you can add or delete with this option NOTE: If the Queue Back Time is set to zero (0), the View Queued Users and Edit Queued User List options are disabled. 3. Choose the View Current Users command. The Current Users window displays listing all the users who are currently using this application. From this window you can: o Send a Message - send a Novell message to a user o View User Information - view a user's login information o Release a user - release a user's hold on a metered application o Launch another application - access another BrightWorks capability in a context-sensitive manner The following sections describe each of these features. 8.4.2 Sending a Message to a Current User You can send messages to current users from the Current Users window. This is useful if you want to know when a user will be finished using an application. Use the following procedure to send a NetWare Send message to a user who is currently using an application. 1. From the Current Users window, choose the user to whom you wish to send the message. A pop-up menu displays. 2. Choose the Send Message command. The Send Message To User dialog box displays. 3. Enter the message in the text box provided. 4. Choose the OK button to send the message. 8.4.3 Viewing Current Users' Information From the Current Users window, you can find out important information about users using applications on your network. The following information can be displayed about a selected current user: o Login Name - user's login name o Full Name - user's full name o Server - file server to which this user is attached o Logical Station - the station number that is arbitrarily assigned to a workstation o Network - network number of the workstation where this user is located o Station Address - node address of the workstation where this user is located o Time into Network - length of time this user has been logged in to the network o Application - application which the user is currently using o Time into Application - date and time the user launched the application Use the following procedure to view this information. 1. From the Current Users window, select the desired user. A pop-up menu displays. 2. Choose the User Information command. The Current User Information dialog box displays. 3. Choose the Close button to exit this dialog box. 8.4.4 Releasing a Current User from a Metered Application The Release command lets you release a current user from being metered in an application. This is helpful in the following scenario: John is using the last available copy of WordPerfect. He goes into a meeting with his workstation still running the application. Meanwhile, Karen needs to use a copy of WordPerfect. The network administrator can release John's copy of WordPerfect from metering, freeing up a licensed copy for Karen. When John returns from his meeting, he can still use the copy of WordPerfect running on his workstation (using the release feature does not exit that user from the application). Once he exits WordPerfect, however, he cannot get back in until another copy of the software frees up on the network. NOTE: If you use the Release feature, you may be in violation of your software vendor's license agreement. Use the following procedure to release a current user from metering. 1. From the Current Users window, choose the user whom you wish to release. A pop-up menu displays. 2. Choose the Release command. 3. If the metered application has a password associated with it, you are prompted to enter the password. Enter the appropriate password and choose the OK button. 4. At the prompt choose the Yes button to verify your choice to release this user from metering. Choose the No button to exit the message box without releasing the user. If you chose the Yes button, the selected user is released from metering. The copy of the application he or she is using is released for use by another user. 8.4.5 Launching another BrightWorks Capability From the menu, you can also launch another BrightWorks capability (NETremote+ or LAN Support Center) in a context-sensitive fashion. When launching the capability, it automatically configures it to the current user you selected. For example, if you selected Jane and then launched the remote capability, you would have control of Jane's PC. NOTE: Users must have the executables for these programs in their search path. Use the following procedure to launch another BrightWorks capability. 1. From the Current Users window, select the desired user. 2. Choose the desired capability (either remote or tickets) from the drop-down menu. NOTE: If you do not have either of these applications (NETremote+ or LAN Support Center) loaded, an error box displays notifying you that the executable could not be found. The executables for these applications should be placed in a search path mapping. 8.4.6 Administering Queued Users From the application usage graph, you can view the names of the individual users waiting to use an application, as reflected by the graph bars. Once you access this list, you have several administrative options. Use the following procedure to view who the queued users are. 1. In the application usage graph, position the cursor in the area to the right of the application name within the graphic display. A small menu box should be attached to the bottom right of the arrow. If there is no menu box, the cursor is not pointing to a place where information is available. Information is available where the number of users (queued, peak and current) displays with graph bars. 2. Click here to display a pop-up menu. When the pop-up menu displays, the application in question is outlined in the list along the left hand side of the window. 3. Choose the View Queued Users command. The Queued Users window displays listing all the users who are waiting to use this application. From this window you can: o Send Message - send a Novell message to a queued user o Edit Queued User List - add or delete users in the queue for a specific application o View User Information - view a queued user's login information o Launch another application - access another BrightWorks capability in a context-sensitive manner. Each of these options is described in the following sections. 8.4.7 Sending a Message to a Queued User If there are users waiting for an application you can send them a message. This is particularly useful if you want to notify them of what number they are in the list or which user may be finishing with the application soon, etc. Use the following procedure to send a NetWare Send message. 1. From the Queued Users window, choose the user to whom you wish to send the message. A pop-up menu displays. 2. Choose the Send Message command. The Send Message To User dialog box displays. 3. Enter the message in the text box provided. 4. Choose the OK button to send the message. 8.4.8 Editing the Queued User List You can add and remove users to and from the queued user list. This is particularly useful if a user does not want to be queued for an application. Use the following procedure to edit the queued user list. 1. From the Queued Users window, choose the list of Queued Users. The Edit Queued Users List dialog box displays listing the following information: o List of non-queued and non-current users o List of queued users 2. If you want to add users to the queue, select the desired users from the Non-Queued/Non-Current Users list and choose the Include button. The user is moved to the Queued Users list. Use the Include All button to include up to eight Non-Queued/Non-Current Users. 3. If you want to remove a user from the queue, select the desired users from the Queued User list and then choose the Remove button. The user is moved to the Non-Queued/Non-Current Users list. Use the Remove All button to remove up to eight non-queued/non-current users at once. 4. Choose the OK button to save your changes and exit. 8.4.9 Viewing Queued Users' Information The following information can be displayed about a selected queued user: o Login Name - user's login name o Full Name - user's full name o Server - file server to which this user is attached o Logical Station - the station number that is arbitrarily assigned to a workstation o Network - network number of the workstation where this user is located o Station Address - node address of the workstation where this user is located o Time into Network - length of time this user has been logged in to the network o Application - application which the user is currently waiting to use Use the following procedure to view this information. 1. From the Queued Users window, select the desired user. A pop-up menu displays. 2. Choose the User Information command. The Queued User Information dialog box displays. 3. Choose the Close button to exit this dialog box. 8.4.10 Launching another BrightWorks Capability From the menu, you can also launch another BrightWorks capability (NETremote+ or LAN Support Center) in a context-sensitive fashion. When launching the capability, it automatically configures it to the current user you selected. For example, if you selected Jane and then launched the remote capability, you would have control of Jane's PC. NOTE: Users must have the executables for these programs in their search path. Use the following procedure to launch another BrightWorks capability. 1. From the Queued Users window, select the desired user. 2. Choose the desired capability (either remote or tickets) from the drop-down menu. NOTE: If you do not have either of these applications (NETremote+ or LAN Support Center) loaded, an error box displays notifying you that the executable could not be found. The executables for these applications should be placed in a search path mapping. 8.5 Modifying and Updating the Application Usage Graph The metering capability offers a number of features that enhance your usage of the application usage graph. The following sections describe all of these options. 8.5.1 Modifying Application Information While viewing the application usage graph, you can make changes to the number of maximum concurrent users and to other parts of metered applications (e.g., queue back time, trustee rights, etc.). 8.5.2 Changing the Number of Maximum Concurrent Users By changing the number of maximum concurrent users, you can increase and decrease the number of licenses on your network as is necessary. Use the following procedure to change this value. 1. In the application usage window, position the cursor at the end of the Number Licensed line (i.e., point to the end of the vertical line). When you position the cursor on this line, the cursor should change from an arrow to a horizontal black double-arrow. 2. Click and hold down the left mouse button. 3. Drag the line to the desired value. The Count box in the status bar at the bottom of the window displays the number of licenses as you move the cursor to select a new value. NOTE: You can also modify the Maximum Number of Concurrent Users value by choosing the Define Metered Application option of the Administration Metering Menu. Select the metered application you wish to modify and then choose the Modify button. You can now edit the value. If you wish to change the value from the Modify Metered Application dialog box, double click on the application name in the left hand side of the application usage graph. 4. Once you change the value, the Edit License Maximum dialog box displays to confirm your change. This dialog box displays the following information: o Server - the current file server o Application - the name of the metered application o Current Maximum - the current maximum number of licenses for this application o New Maximum - the new value you dragged to for this application 5. If you wish to accept the new Maximum Number of Concurrent Users value, choose the OK button. If this value is not the desired number of licenses, you can also edit the value by simply typing over it in the text box. 8.5.3 Changing Metered Application Information You can alter any of the metered application information you entered when registering applications for metering. Use the following procedure to change this information from the application usage graph. 1. Double click on the desired application in the list in the left hand side of the window. The Modify Metered Application dialog box displays. 2. Follow the steps in Chapter 6 to change the metered application information. 8.5.4 Changing the Usage Scale The Usage Scale is the scale displayed across the top of the Application Usage window. By changing the high value for the graph, you can increase or decrease the number of users shown. For example, if you have 250 workstations on your network, you can set the high value to 250 to allow the bars to indicate usage by all your network users. If your network is large, but the number of licenses and concurrent users is small, you can set the value lower. With this flexibility, you can change the graph to be best suit your viewing needs. Use the following procedure to change the usage scale. 1. While displaying the usage graph, position the cursor in the scale bar directly beneath the title bar. The cursor itself should change to a scale. 2. Double click to display the Edit View Usage Scale dialog box. NOTE: You can also display this dialog box by choosing the Monitoring command from the Administration menu and then the Edit View Usage Scale from the sub-menu that displays. 3. Choose either Auto-scaled or User-defined. o Auto-scaled - allows the metering Administration program to determine the maximum value of the scale. o User-defined - allows you to determine the maximum value of the scale. 4. If you chose User-defined and wish to enter a high value, select the High text box and type the value you wish to use. NOTE: This value cannot exceed the maximum number of users for the file server. 5. Choose the OK button to save your changes and exit this dialog box. The usage scale beneath the title bar now reflects the new maximum you specified. 8.5.5 Changing the Colors Used in the Status Bar You can change the colors used in the status bar of the application usage window that reflect the number of current, queued, peak and licensed users. Use the following procedure to change these colors to best suit your viewing needs. 1. In the application usage graph, position the cursor to one of the colors in the status bar. The cursor changes to a transparent arrow. 2. Double click at this point. The standard Windows color palette for that key displays. 3. Select a new color. 4. Choose the OK button. The new color is shown on the graph bars as chosen. The colors can be changed for each item in the status bar. 8.5.6 Hiding or Showing the Status Bar You can hide or show the status bar on the usage graph. Showing the status bar lets you know which colors indicate current users, queued users, etc., as well as the count when you are changing the number of maximum concurrent users. Hiding it gives you more room to display the usage graph. Use the following procedure to conceal the status bar. From the File menu, choose the Hide Status Bar command. This toggles the status bar on and off. When the status bar is hidden, this command in the File menu changes to Show Status Bar. By choosing the Show command, you can display the status bar again. The usage graph reflects the application usage on your network. You can update the graph to reflect any changes by performing queries. 8.5.7 Performing Queries Every time a query is issued, either manually or automatically, the metering capability updates the usage information on the graph. The Query Indicator is the last item on the status bar. The indicator displays for either manual or automatic queries. The Query Now option allows you to update the application usage information. Use the following procedure to instruct the metering capability to perform a query at that point. Select the Monitoring command from the Administration menu. From the sub-menu that displays, choose the Query Now command. The Metering function performs a query and updates the Application Usage graph accordingly. The status bar at the right bottom of the window reflects the query's progress. NOTE: You can also access this feature by pressing . The Set Timer option allows you to determine how often the metering capability checks with the file server for application usage information. Use the following procedure to set the timer. 1. Choose the Monitoring command from the Administration menu. From the sub-menu that displays, choose the Set Monitor Timer command. The Set Monitor Timer dialog box displays. 2. Enter the desired value. You can enter a value in seconds from 0 to 9999. 3. Choose the OK button. NOTE: You can also access this option by pressing . 8.6 Controlling Data Files BrightWorks' metering offers several utilities which enhance your control over data files. You can access the following options: o Configuration Options - attaches to/detaches from file servers and specifies the directory where the metering files reside. o Purge Usage Information - removes the SITEDATA file from the home directory. o Purge Security Information - removes the VIRUSDTA file from the home directory. 8.6.1 Configuration Options Configuration Options let you attach to and detach from file servers, specify the home directory for data files, and specify whether or not to log historical usage and security data. Use the following procedure to access this option. 1. Choose the Metering command from the Administration menu From the sub-menu that displays, choose the Configuration Options command. The Configuration Options dialog box displays. You can attach to and detach from file servers using this option. The Home Directory is explained in the next section. 8.6.2 Home Directory This option allows you to define where the SiteMeter files reside.The default directory determined at installation time is SYS:\SYSTEM\SITEMETR. However, you can define the directory of your choice using this option. Users need Read, Open, Search, Write, and Create rights to this directory. Use the following procedure to use this option. 1. From the Configuration Options dialog box, select the Home Directory for Data Files text box. 2. Type the appropriate directory (using the full path). 3. If you wish to track software usage and security information, select the box next to "Log historical usage and security information." When the box is checked, the metering capability logs the usage and file protection information used in the reporting function. The default is to have this box checked. 4. Choose the OK button. 8.6.3 Purging Stored Data The metering capability gives you added control over your files by allowing you to purge stored usage and security data. These functions are particularly helpful should these files become corrupted. 8.6.4 Purge Usage Information This option removes the SITEDATA file from the home directory. NOTE: If metering needs to access the file after it is deleted, a new file is automatically created. Use the following procedure to purge usage information. 1. Choose the Monitoring command from the Administration menu. From the sub-menu that displays, choose the Purge Usage Information command. The Purge Usage Information dialog box displays. The list box displays your current server. 2. From the Current Server list box, select the file server from which you wish to purge the usage information. If you are not attached to the desired file server, you can use the Attach button. 3. If you are sure you want to purge all usage information on the specified file server, choose the OK button. 8.6.5 Purge Security Information This option removes the VIRUSDTA from the home directory. NOTE: If metering needs to access the file after it is deleted, a new file is created automatically. Use the following procedure to purge security information. 1. Choose the Security command from the Administration menu. From the sub-menu that displays, choose the Purge Security Information command. The Purge Security Information dialog box displays. The list box displays your current server. 2. From the Current Server list box, select the file server from which you wish to purge the security information. If you are not attached to the desired file server, you can use the Attach button. 3. If you are sure you want to purge all security information on the specified file server, choose the OK button. That concludes this chapter. The next chapter provides information about report generation. 9.0 Generating Reports Chapter 8 explained the metering capability's administration features. This chapter explains how to use the report utility. NOTE: This chapter pertains to BrightWorks and SiteMeter. 9.1 Introduction The metering capability's reporting module is a flexible tool designed to help you manage your network more effectively. It puts important information about application usage and software security at your fingertips. Using its simple Windows interface, you can generate the report you need quickly and easily. And with a variety of report types and formats, you can choose the one best-suited to your business needs. For example, run a report on a single user to see what applications he or she uses. Or run a report on all network applications that you meter to see which applications are being used the most to get the information you need to determine additional software needs. All of this flexibility is at your fingertips with the reporting module. BrightWorks also provides the capability to export coded data into standard database formats. You can choose the database format best-suited to your needs. NOTE: The Crystal Reports software is installed using the Fusion install utility. Refer to the installation instructions in Chapter 2 of this manual. When installed, a Crystal Reports program icon is added to the MCAFEE Program Manager group. Procedures for using Crystal Reports are presented in Crystal.txt of this manual. 9.1.1 Access to Report Functions The Report function is accessed by choosing the Metering and Security command from the Reports menu. 9.1.2 What's in this Chapter The following table describes the sections in this chapter: SECTION DESCRIPTION Exporting Files Describes procedures for exporting coded data into standard database formats. Generating Reports Describes procedures for running reports with the metering capability. The Report Window Describes all the capabilities and features of the report window. Report Types Describes the information given by each of the different types of reports. 9.2 Exporting Files The metering capability's report feature allows you to export coded data to a standard database format. Use the following procedure to export files. 1. Choose the Metering and Security command from the Reports menu. The Reports window displays. 2. From the File menu, choose the Export command. The Export dialog box displays. 3. From the Current Server list box, specify the server from which you wish to export the coded file. The current server displays automatically in the list box. You can also attach to and detach from different file servers. Choose the Attach button to attach to another file server. 4. Select one of the options to specify the source of the data you are exporting. The four options are: o Sitedata o Virusdta o Metering Definitions o Security Definitions Sitedata and Virusdta are the files where metering stores its information. The Metering and Security Definitions options retrieve the information directly from the bindery. To select an option, simply click in the appropriate radio button. NOTES: a - Choosing Sitedata or Virusdta enables the Default and Browse buttons. The filename text box automatically displays the default file name. For Sitedata the default is SYS:\SYSTEM\SITEMETR\SITEDATA; for Virusdta, the default is SYS:\SYSTEM\SITEMETR\VIRUSDTA. b - You can also specify a different file name (if Sitedata or Virusdta was stored in a different place) by entering the name in the text box or by choosing the Browse button. Choosing the Browse button produces the standard Windows Browse dialog box. Once you select the desired file and choose the OK button, the file name you selected displays in the Filename text box. c - Because the Metering and Security Definitions options communicate directly with the bindery to access the information, these options are not needed and therefore are not enabled. 5. Choose the format for the exported data from the Format list box. The available formats include: o Lotus 123 2.1 o Lotus 123 3.x o Quattro o Lotus 123 1.x o Symphony 1.1-2.2 o Symphony 1.0 o Excel 2.0 o Excel 3.0 o Excel 4.0 o dBase II o dBase III o dBase III Plus o dBase IV o Data Interchange Format o ASCII (Tab delimiter) o ASCII (Tab delimiter-guess numeric values) o ASCII (comma delimiter-min quoted) o ASCII (comma delimiter- strings quoted o ASCII (comma delimiter-guess numeric values) o Btrieve 6. Specify the file name for the new format. Enter the desired file name in the Filename text box or choose the Save As button. Choosing the Save As button produces the standard Windows Save As dialog box. Once you specify the path and file name and choose the OK button, you are returned to the Export dialog box. The name you specified displays in the Filename text box. 7. Once you have specified all the above information, choose the OK button. 8. At the prompt that displays choose the Yes button to export the data. You can also choose the No button to discontinue the export process. If you choose the Yes button, the Export Status window displays. This window contains the following information: o Server - Indicates the server from which the data is being exported. o Input Source - Indicates whether the data being exported came from Metering Definitions or Security Definitions (Input Source will be blank if you chose Virusdta or Sitedata). o Input File - Indicates if the data source was Virusdta or Sitedata (Input File will be blank if you specified Metering or Security Definitions). o Output File - Indicates the name of the file to which the data is being exported. o Output Format - Indicates in what format the exported data will appear. The percentage complete bar tracks the progress of the exporting. During the export, you can choose the Abort button to halt the exporting. This button changes to Close once the export is complete. By choosing Close, the output file is put into the current directory. 9.3 Generating Reports Use the following procedure to generate a report. 1. Choose the Metering and Security command from the Reports menu. The Reports window displays. 2. From the Reports menu, choose the Choose Report command. The SiteMeter Reports dialog box displays with the following information: o Current Server o Report Type o Source o Print Destination o Activity Date Range o Filter Criteria The dialog box also has OK, Cancel, Attach, and Detach buttons. The functionality of all these options is explained in the following steps. 3. From the Current Server list box, select the desired server. The Current Server list box automatically displays your current server. You can select another server by choosing one from the drop-down list box. You can also use the Attach and Detach buttons to attach to/detach from other file servers. 4. From the Report Type list box, select a report type. The list box provides these options: o Metering Definitions (based on application usage) o Application Summary (based on application usage) o Application with User Detail (based on application usage) o Application with User Summary (based on application usage) o User Summary (based on user information) o User with Application Detail (based on user information) o User with Application Summary (based on user information) o File Integrity Activity (based on protected file information) o SPA Compliance (based on application usage) o Software Purchase Forecast (based on application usage) o Upgrade Purchase Forecast (based on application usage) Your report selection drives the source file name, the activity date range and the filter criteria. Based on what you choose here, defaults will appear in these three sections of the dialog box. 5. Specify the source of the report in the Filename text box. If the report type you selected in Step 4 uses data from a file, the file automatically displays in this list box. For example, if the report type uses the Sitedata file, the text box will read: SYS\SYSTEM\SITEMETR\SITEDATA. You can choose another file either by entering one directly in the text box or by using the Browse button. The Browse button produces the standard Windows Browse dialog box. Once you select the path and file name and choose the OK button, you are returned to the Reports dialog box. The selected file name displays in the Filename text box. Choose the Default button to define the default file as the report source. 6. In the Print Destination section of the dialog box, specify where you want to send the report. The three options are Window, Printer, and File. If you want to send the report to a file, select the appropriate file from the File list box. The options are: o Space Separated - each field in the report is separated by a space in the output file o Tab Separated - each field in the report is separated by a tab in the output file. 7. Set the Activity Date Range. The From: and To: fields list the default data range (which is the entire date range of the file that you have specified as the source of the data). To change either date to view a particular range of data, double-click in the field. The calendar displays. The title of this box reflects the date currently set. Underneath this is a bar listing the year; the arrows at either end of the date bar allow you to go forward and backward to find a different year. Underneath that is a similar bar with the month. Underneath that are buttons-one for each day of the month. Simply choose a button to select the appropriate date. As you change the date, the title bar changes to reflect the new date you are specifying. Choose the OK button to save your change and exit back to the other dialog box. The new dates appear in the Reports dialog box. NOTE: There is no date range for Metering Definitions. 8. In the Filter Criteria list box, specify the filter criteria you wish to use for your report. The options include users, applications and protected files. You can select either one specific user or all users, and you can select either one specific application or all applications. The default will appear based on the report type you selected in Step 4. The list in Step 4 specifies if the default will be based on application data, user data or protected files data. 9. Once you have completed the above steps, choose the OK button. The Export Status window displays. This window contains the following information: o Server - Indicates the server from which the data is being exported. o Input Source - Indicates whether the data being exported came from Metering Definitions or Security Definitions (Input Source will be blank if you chose Virusdta or Sitedata). o Input File - Indicates if the data source was Virusdta or Sitedata (this field will be blank if you specified Metering Definitions). o Output File - Indicates the name of the file to which the data is being exported. o Output Format - Indicates in what format the exported data will appear. The percentage complete bar tracks the progress of the exporting. NOTE: If the data file you are creating already exists, then a message box will display asking "Do you wish to update your baseline?" If you wish to create another data file, choose the Yes button and the Export window displays. If you do not choose to update your baseline, then the Export window will not display. The metering capability exports 3 files for one report. During the export, you can choose the Abort button to halt the exporting. This button changes to Close once the export is complete. By choosing Close, the output file is put into the current directory. 10. When you close this dialog box, a window displays with the report name in the title bar. The next section of the manual describes the report window. 9.4 The Report Window Once the Export dialog box closes, the SiteMeter Reports window displays. This section describes the parts of the report window. The title bar displays the report type being generated. While the report is being generated on this window, a ribbon of buttons displays to the left. The two left most buttons are arrows pointing to the left. The left-most sends you to the beginning of the report; the other goes to the previous page. The next two buttons are arrows pointing right. The first goes to the next page, and the other to the end of the report. The fourth button is the stop button. Once the first page of the report is generated, this button becomes enabled. You can use it to halt the report generation at that point. After that there are two additional buttons. The first is page view; the second is a print button which prints the report. Most of these buttons are grayed during report generation. The next section is a box displaying the following: o Read (indicating the records read from the database) o Selected (indicating those records in the specified date range or meeting other criteria) o Total (indicating the total records in the database) o % (indicating the percentage of the report which is completed) All of these fields except Total change to reflect the real time report generation. The Next box tells you which page you are on, for example 1 of 18 or 2 of 18. Beneath all of this is the actual report. 9.5 Report Types BrightWorks' reporting module offers a number of different report types for application usage and software security information. Choose the report type best suited to your business and decision-making needs. The following report types are offered: o Metering Definitions o Application Summary o Application with User Detail o Application with User Summary o User Summary o User with Application Detail o User with Application Summary o File Integrity Activity o SPA Compliance o Software Purchase Forecast o Upgrade Purchase Forecast The contents of each report type are described in the following sections. 9.5.1 Metering Definitions The Metering Definitions report provides the network manager with a listing of all the applications currently being metered. For each application, it also provides the number of licenses, whether or not it is password-protected, and any other definitions specific to this application. The report heading details: o Date of report generation o Report type (i.e., Metering Definitions, etc.) o Applications on which report was generated The report provides the following information about each application: o Path and file name being metered o Metered application name o Number of licenses available o Length of the queue back time o Whether or not a password is required for this metered application 9.5.2 Application Summary The Application Summary report provides a summary of all the activity for each metered application. From this report, a user can get an overview of activity for each metered application. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The applications on which the report was generated (will be either one application name or All) The report provides the following details about each application: o Path and file name being metered o Metered application name o Number of licenses available o Peak number of concurrent users o Peak number of queued users o Total number of users o Total usage time o Total queued users o Percent utilization This report also provides a grand summary of each of the above categories for all the applications included in the report. 9.5.3 Application with User Detail The Application with User Detail report provides detailed information about a user's activity for each metered application. For example, this report details when a user accessed an application and for how long he or she used it. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The users on which the report was generated (will be either one user name or All) The report provides the following information for each application included in the report: o Path and file name being metered o Metered application name o Number of licenses available o Peak number of concurrent users o Peak number of queued users o Total number of users o Total usage time o Total queued users o Percent utilization Beneath all of the above information about each application, the following detailed information is provided about each user who used the application: o Date and time of usage o User name o Status (whether the user was granted access or queued) o Total time in minutes of usage NOTE: The above information is provided each time a user accesses the application. 9.5.4 Application with User Summary The Application with User Summary report provides a summary of all the activity for each metered application, as well as an overview of a network user's use of each metered application. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The applications on which the report was generated (will be either one application name or All) The report provides the following information for each application included in the report: o Path and file name being metered o Metered application name o Number of licenses available o Peak number of concurrent users o Peak number of queued users o Total number of users o Total usage time o Total queued users o Percent utilization Beneath all of the above information about each application, the following summary information is provided about each user who used the application: o User name o Total usage o Total usage time o Total number of times queued o Total average queue time 9.5.5 User Summary The User Summary report provides the network manager with a listing of all the users who used metered applications. It offers crucial information, such as the number of times a user was queued. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The users on which the report was generated (will be either one user name or All) The report provides the following information about each user on which the report was generated: o User name o Total number of times queued o Total usage o Total usage time o Percent utilization This report also provides a grand summary for each of the above categories for each user included in the report. 9.5.6 User with Application Detail The User with Application Detail report provides information about each time a user accessed a metered application. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The users on which the report was generated (will be either one user name or All) The report provides the following information about each user on which the report was generated: o User name o Total number of times queued o Total usage time o Percent utilization Beneath all of the above information about each user, the following detailed information is provided about each application this user used: o Date and time of usage o Application name o Status (whether the user was granted access or queued) o Total time in minutes of usage NOTE: The above information is provided for each time the user accessed an application. 9.5.7 User with Application Summary The User with Application Summary report provides summarized information for each metered application that a user used. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The users on which the report was generated (will be either one user name or All) The report provides the following information about each user on which the report was generated: o User name o Total number of times queued o Total usage o Total usage time o Percent utilization Beneath all of the above information about each user, the following summary information is provided about each application the user used: o Path and file name being metered o Metered application name o Number of licenses available o Total number of times queued o Total usage o Total usage time o Percent utilization 9.5.8 File Integrity Activity Report The File Integrity Activity report provides a listing of all the activity on the virus secured files and applications. It also gives details about who used the secured files, where these files were used and the actions taken by the metering capability on these files. The report heading details: o Date of report generation o Report type o Date range for which report was generated o The server on which the report was generated o The users on which the report was generated (will be either one user name or All) o The applications on which the report was generated (will be either one application name or All) This report provides the following information about the software security violations: o Action detected o User o File name o Date and time o Network name o Station 9.5.9 SPA Compliance The SPA Compliance report is accepted by the Software Publisher's Association in conjunction with software purchase records as proof of software license compliance in networked environments. The report heading details: o Date of report generation o Report type o The server on which the report was generated o The applications on which the report was generated (will be either one application name or All) The report provides the following information about metered applications: o Metered application name o File name o Number of licenses available o Peak queued users o Peak usage 9.5.10 Software Purchase Forecast The Software Purchase Forecast report recommends software purchases for metered applications based on user activity and the perceived user need as indicated by the number of queued users. The report heading details: o Date of report generation o Report type o The server on which the report was generated o The applications on which the report was generated (will be either one application name or All) The report provides the following information about each application on which the report was generated: o Metered application name o File name o Number of licenses installed o Peak queued users o Number of surplus licenses (number of purchases to accommodate current need) o 10% Surplus Recommendation (purchase required to accommodate the current need plus a 10% increase) o 20% Surplus Recommendation (purchase required to accommodate the current need plus a 20% increase) 9.5.11 Upgrade Purchase Forecast The Upgrade Purchase Forecast report recommends software upgrades for metered applications based on user activity and the perceived user need as indicated by the number of queued users. The report heading details: o Date of report generation o Report type o The server on which the report was generated o The applications on which the report was generated (will be either one application name or All) The report provides the following information about each application on which the report was generated: o Metered application name o File name o Number of licenses installed o Peak usage o Number of surplus licenses (number of purchases to accommodate current need) o 10% Surplus Recommendation (purchase required to accommodate the current need plus a 10% increase) o 20% Surplus Recommendation (purchase required to accommodate the current need plus a 20% increase) That concludes this chapter. The next chapter describes the monitoring capabilities available for network users. 10.0 Monitoring Tools for Network Users Chapter 9 explained how to generate reports detailing application usage. This chapter explains how network users can monitor the use of the software applications on the LAN. NOTE: This chapter pertains to BrightWorks and SiteMeter. 10.1 Introduction BrightWorks provides utilities that enable your network users to monitor application usage and view user activity. These features enhance the users' ability to work effectively with the network's licensed software. Network users access these utilities through the Usage Monitor, as described in this chapter. 10.1.1 Access to the Monitoring Functions The Usage Monitor's functions are accessed in several ways: o by choosing the Monitoring command from the Tools menu or o by choosing the Hide/Show command from the Console menu. 10.1.2 What's in this Chapter The following chart describes the sections in this chapter: SECTION DESCRIPTION Viewing Application Usage Describes procedures for accessing the application usage graph, viewing user information, and sending messages to both current and queued users. Modifying and Updating the Describes procedures for changing the usage Usage Graph scale, changing the colors on the graph, concealing the status bar, performing a query and setting the query timer. Using DOS Slook Describes procedures for using this monitoring utility for DOS users. 10.2 Viewing Application Usage BrightWorks' Usage Monitor allows network users without SUPERVISOR rights to view the application usage graph. This section explains how network users can use this function to get valuable information about application usage by other network users. The Usage Monitor allows ANY networked user to determine who is using a particular metered application in real time. This is very useful when locked out of an application because the Usage Monitor shows you which users are using an application. To use the Usage Monitor, you must first access the utility. The network administrator must put USAGE.EXE (and the associated .DLLs) in a public place. Users then use the Windows file utility to create a new icon on their Windows desktops. Finally, the users can choose the Usage icon. This section is divided into three parts: o Monitoring Application Usage o Monitoring Current Users o Monitoring Queued Users 10.2.1 Monitoring Application Usage Networked users can use this utility to see what applications are being used, which ones have queued users, etc. Use the following procedure to view application usage. 1. Choose the View Application Usage command from the Console menu. The View Application Usage dialog box displays. 2. Select the desired file server. If you are not currently attached to the desired file server, choose the Attach button. 3. Choose the OK button. The Application Usage window for the file server you have selected displays. From this window you can view in graph form the number of: o Current users of all metered applications o Queued users of all metered applications o Peak users of all metered applications (the total number of current users plus the total number of queued users) o Maximum Number of Concurrent Users of all metered applications (the total number of licenses purchased for this application) 10.2.3 Viewing Application Information You can view the following application information from this window: o Number of Current Users o Number of Queued Users o Number of Peak Users o Number of Licenses This information can be viewed either on the graph itself or with pop-up boxes. Use the following procedure to view this information with the pop-up boxes. 1. Select the desired application from the list along the left hand side of the window. When the cursor is in this area, it changes to a magnifying glass. 2. Hold down the left mouse button to display an information box that contains the above information. 10.2.4 Viewing Current Users Use the following procedure to view the names of the users who are currently using an application. 1. In the application usage graph, position the cursor in the area to the right of the application name within the graphic display. A small menu box should be attached to the bottom right of the arrow. If there is no menu box, the cursor is not pointing to a place where information is available. Information is available where the number of users (queued, peak and current) are displayed with graph bars. 2. Click here to display a pop-up menu. When the pop-up menu displays, the application in question is outlined in the list along the left hand side of the window. This menu contains the following items: o View Current Users - the list of users currently using this application o View Queued Users - the list of users who are currently waiting to use this application 3. Choose the View Current Users command. The Current Users window displays listing all the users who are currently using this application. From this window you can: o Send a Message - send a Novell message to a user. o View User Information - view a user's login information. 10.2.5 Sending a Message to a Current User You can send messages to current users from the Current Users window. This is useful if you want to know when a user will be finished using an application that you want to use. Use the following procedure to send a NetWare Send message to a user who is currently using an application. 1. From the Current Users window, choose the user to whom you wish to send the message. A pop-up menu displays. 2. Choose the Send Message command. The Send Message To User dialog box displays. 3. Enter the message in the text box provided. 4. Choose the OK button to send the message. 10.2.6 Viewing Current Users' Information From the Current Users window, you can find out important information about users using applications on your network. The following information can be displayed about a selected current user: o Login Name - user's login name o Full Name - user's full name o Server - file server to which this user is attached o Logical Station - the station number that is arbitrarily assigned to a workstation o Network - network number of the workstation where this user is located o Station Address - node address of the workstation where this user is located o Time into Network - length of time this user has been logged in to the network o Application - application which the user is currently using o Time into Application - date and time that the user launched the application Use the following procedure to view this information. 1. From the Current Users window, select the desired user. A pop-up menu displays. 2. Choose the User Information command. The Current User Information dialog box displays. 3. Choose the Close button to exit this dialog box. 10.2.7 Viewing Queued Users Use the following procedure to view the users who are waiting to use an application. 1. In the application usage graph, position the cursor in the area to the right of the application name within the graphic display. A small menu box should be attached to the bottom right of the arrow. If there is no menu box, the cursor is not pointing to a place where information is available. Information is available where the number of users (queued, peak and current) displays with graph bars. 2. Click here to display a pop-up menu. When the pop-up menu displays, the application in question is outlined in the list along the left hand side of the window. 3. Choose the View Queued Users command. The Queued Users window displays listing all the users who are waiting to use this application. From this window you can: o Send Message - send a Novell message to a queued user. o View User Information - view a queued user's login information. 10.2.8 Sending a Message to a Queued User If there are users waiting for an application you can send them messages. Use the following procedure to send a NetWare Send message to a user who is currently waiting to use the application. 1. From the Queued Users window, choose the user to whom you wish to send the message. A pop-up menu displays. 2. Choose the Send Message command. The Send Message To User dialog box displays. 3. Enter the message in the text box provided. 4. Choose the OK button to send the message. 10.2.9 Viewing Queued Users' Information The following information can be displayed about a selected queued user: o Login Name - user's login name o Full Name - user's full name o Server - file server to which this user is attached o Logical Station - the station number that is arbitrarily assigned to a workstation o Network - network number of the workstation where this user is located o Station Address - node address of the workstation where this user is located o Time into Network - length of time this user has been logged in to the network o Application - application which the user is currently waiting to use Use the following procedure to view this information. 1. From the Queued Users window, select the desired user. A pop-up menu displays. 2. Choose the User Information command. The Queued User Information dialog box displays with all of the above information. 3. Choose the Close button to exit this dialog box. 10.3 Modifying and Updating the Usage Graph Networked users can alter the usage graph to best suit their viewing needs. In addition to changing the usage scale and the colors, they can also perform queries to keep the graph up-to-date. 10.3.1 Changing the Usage Scale The Usage Scale is the scale displayed across the top of the Application Usage window. By changing the high value for the graph, you can increase or decrease the number of users shown. For example, if you have 250 workstations on your network, you can set the high value to 250 to allow the bars to indicate usage by all your network users. If your network is large, but the number of licenses and concurrent users is small, you can set the value lower. With this flexibility, you can change the graph to best suit your viewing needs. Use the following procedure to change the usage scale. 1. While displaying the usage graph, position the cursor in the scale bar directly beneath the title bar. The cursor itself should change to a scale. 2. Double click to display the Edit View Usage Scale dialog box. 3. Choose either Auto-scaled or User-defined. o Auto-scaled - allows the Usage Monitor to determine the maximum value of the scale. o User-defined - allows you to determine the maximum value of the scale. 4. If you chose User-defined and wish to enter a high value, select the High text box and type the value you wish to use. NOTE: This value cannot exceed the maximum number of users for the file server. 5. Choose the OK button to save your changes and exit this dialog box. The usage scale beneath the title bar now reflects the new maximum you specified. 10.3.2 Changing the Colors Used in the Status Bar You can change the colors used in the status bar of the application usage window that reflect the number of current, queued, peak and licensed users. Change these colors to best suit your viewing needs. Use the following procedure to change these colors. 1. In the application usage graph, position the cursor to one of the colors in the status bar. The cursor changes to a transparent arrow. 2. Double click at this point. The standard Windows color palette for that key displays. 3. Select a new color. 4. Choose the OK button. The new color is shown on the graph bars as chosen. The colors can be changed for each item in the status bar. 10.3.3 Hiding or Showing the Status Bar You can hide or show the status bar on the usage graph. Showing the status bar lets you know which colors indicate current users, queued users, etc., as well as the count when you are changing the number of maximum concurrent users. Hiding it gives you more room to display the usage graph. Use the following procedure to conceal or reveal the status bar. From the Console menu, choose the Hide Status Bar command. This toggles the status bar on and off. When the status bar is hidden, this command in the File menu changes to Show Status Bar. By choosing the Show command, you can display the status bar again. 10.3.4 Performing Queries The usage graph reflects the application usage on your network. You can update the graph to reflect any changes by performing queries. Every time a query is issued, either manually or automatically, the Usage Monitor updates the usage information on the graph. The Query Indicator is the last item on the status bar. The indicator displays for either manual or automatic queries. The Query Now option allows you to update the application usage information. Use the following procedure to instruct the Usage Monitor to perform a query at that point. 1. Select the Query Now command from the Console menu. The Metering function performs a query and updates the Application Usage graph accordingly. The status bar at the right bottom of the window reflects the query's progress. NOTE: You can also access this feature by pressing . The Set Timer option allows you to determine how often the Usage Monitor checks with the file server for application usage information. Use the following procedure to set the timer. 1. Choose the Set Timer command from the Console menu. The Set Monitor Timer dialog box displays. 2. Enter the desired value. You can enter a value in seconds from 0 to 9999. 3. Choose the OK button. NOTE: You can also access this option by pressing . 10.4 Using DOS Slook Slook is a metering utility which allows ANY network user to determine who is using a particular metered application in real time. This is very useful when you are locked out of an application. Slook shows you the users who are using an application. If you are a SUPERVISOR or equivalent, you can also view the users who are in the queue waiting to use the application. This utility should be used by DOS users (the Usage Monitor explained previously is for users running Windows). 10.4.1 Using Slook Use the following procedure to use DOS Slook. 1. To run DOS Slook, at the DOS prompt type: Slook You are presented with a list of all metered applications. NOTE: An asterisk at the end of a metered application indicates that someone is currently using the application. 2. Highlight the metered application you wish to view and then press . The Select Users to View window displays. This window allows you to view the current or queued users of a particular metered application. NOTE: If you do not have SUPERVISOR rights you will ONLY be able to view the list of Current Users. 10.4.2 Viewing Current Users The View Current Users option shows all users who are currently using the application. When the user exits the application, his or her name disappears from the box. This window is updated in real time. If you highlight a user and press , information about the user displays, including login time and the length of time he or she has been using the application. You can also send the user a NetWare Send message. 10.4.3 Viewing Queued Users The View Queued Users option shows all the users who are waiting to use the application. Users that are viewing the queued user list and who also have SUPERVISOR rights can add and delete users from the list. To add a user to the queue, press ; a list of user names displays. Highlight the appropriate name and press . The user is added to the queue. The queue can contain a maximum of 8 users. To delete a user, highlight the user that you wish to delete and press . You are prompted to confirm the deletion of the user. To exit, press ; at the Exit prompt, type Y and press . You are now returned to DOS. 11.0 Advanced Utilities Chapter 10 described the monitoring features available for network users. This chapter explains how to use the metering capability's advanced utilities. NOTE: This chapter pertains to BrightWorks and SiteMeter. 11.1 About the Metering Utilities The utilities described in this chapter are provided for you if you have decided not to use the SiteMeter Proxy NLM as the metering and file protection method for your LAN. 11.1.1 Utilities List The following lists the utilities described in this chapter: o SWATCHER o DSW o SYSMOD Each of these utilities is fully explained in the following sections. 11.2 Swatcher TSR Method If you have chosen to use the Swatcher TSR method of metering and file protecting your LAN, you may need to become familiar with the following metering utilities: o Swatcher o DSW 11.2.1 Swatcher Swatcher is a TSR and must be loaded in order to properly meter and protect the files on your LAN. Swatcher must be loaded from the DOS prompt. To load Swatcher type: Swatcher Swatcher must be loaded AFTER loading IPX and NETX shells. It should not be loaded high; it should be in conventional memory. We recommend loading Swatcher from the AUTOEXEC.BAT before logging in to the network. NOTE: DO NOT LOAD Swatcher.com via the NetWare login scripts (either personal or system), as inconsistent and/or inappropriate metering behavior may result. If you try to load Swatcher after login and the Security Scan Interval is set and you have a lengthy login script, you may be disconnected before you get a chance to load Swatcher. 11.2.2 Note About Swatcher Since membership in a group determines local drive access, the metering capability must know who you are when you load Swatcher. This can only be accomplished if Swatcher is loaded AFTER you log in. For security reasons, however, you may prefer that Swatcher is loaded BEFORE login time. To address this, we have created DSW.COM. Users can load Swatcher before logging in, but at this time BrightWorks' metering cannot identify the users and therefore will not restrict access to local drives. ONCE a user is logged in, you must run DSW.COM; it reads the CURRENT server's information about how it should handle the user's local drives and then changes Swatcher accordingly. DSW is only able to update Swatcher ONE TIME--the FIRST time it is run. Further attempts to run DSW do not change Swatcher, although you receive a message on the screen indicating that it has updated Swatcher. 11.2.3 DSW DSW is run through the system Login Script. Here is a sample login script: MAP F:=FS/SYS:LOGIN DRIVE F: #DSW DSW reads the information the server holds about a user, including whether to disable his or her local drives completely, disable only his or her local .EXE and .COM files, or give the him or her FULL rights. This information is sent to Swatcher. Swatcher receives it and updates its values accordingly. 11.2.4 Potential DSW Problems If more than one person uses the same PC and these people have different local drive rights, a problem could arise. SCENARIO 1: Person A (in local drives disabled group) loads Swatcher, logs in, and Swatcher is updated. Person B (who has full rights) logs in to the same PC that Person A was using. Because Swatcher is NOT updated again, Person B does not get access to the drives. Person B must reboot and reload Swatcher to get the appropriate rights. SCENARIO 2: Person A (with Full Rights) logs out. Person B (with no rights) logs into the same PC and now has full rights to the local drives. To prevent this problem, the PC should be re-booted between users. 11.3 SYSMOD SYSMOD is a McAfee utility designed to help network administrators edit files. With SYSMOD, you can edit users' files without going from workstation to workstation to do so. This utility is installed in the directories SITEMETR or FUSION and PUBLIC. When installing BrightWorks, this utility ensures that all users have access to SMRAGENT.EXE by editing their win.ini files. This is done automatically from the SMRUSER.BAT file, but you can also use SYSMOD if you prefer to edit your users' files manually. Do the following to use the SYSMOD program: Make sure that the path to the .INI files is included as either a search drive in the case of users' Windows residing on the network or in the users' path statements located in their AUTOEXEC.BAT files for local Windows on the C: drive. Example lines for login script: Map ins s16:=SYS:\USER\%LOGIN_NAME\WINDOWS INCLUDE SYS:PUBLIC\SMRUSER.BAT Example line for the SMRUSER.BAT using the INCLUDE command: SYSMOD WIN.INI REPLACEKEY LOAD SMRAGENT.EXE SMRAGENT.EXE