home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 8 Other
/
08-Other.zip
/
ls4adm.zip
/
User.Doc
< prev
next >
Wrap
Text File
|
1994-09-06
|
8KB
|
222 lines
LAN Server Administration Utilities Documentation
*** Shipped as Appletts with LAN Server 4.0 ***
These are a set of utility functions that will enhance the administration
of a LAN Server installation.
PREREQUISITES
This minimum level of LAN Server supported on the workstation is 3.0.
The workstation must also be running OS/2 2.x or higher. All functions
will work against servers at this level, also.
INSTALLATION
Unzip the contents of LSUTIL.ZIP into the \IBMLAN\NETPROG directory on
your administration workstation. You will also need to do this on all
of the servers you administer.
UTILITY DESCRIPTIONS
DCDB Export
This utility produces a flat file containing all of the definitions
(users, groups, aliases, applications and access control profiles) for
all servers in a domain.
The syntax of the command is:
dcdb2asc [domain name]
where 'doman name' is the name of the Domain for which you wish to
dump the data. The program will write its output to stdout. This may
easily be redirected to a file or another program that can parse the
resulting data for other purposes (e.g., creating a clone of a
specific user).
As an alternative to the command line, there is a PM interface to the
DCDB Export utility. It's called EXPDCDB and is run without any
command line arguments. So the syntax is:
expdcdb
DCDB Imports
These are a group of utility functions which, taken together, can be
used to restore an entire domain. The programs are:
impgroup
- imports all groups from the export file
- syntax: impgroup domain_name export_file_name
(domain_name may also be any server name in the domain)
impalias
- imports all aliases from the export file
- syntax: impalias old_server_name [\\]new_server_name export_file_name
- notes: - if old_server_name == new_server_name, don't modify alias
definitions (like paths, for instance)
- if old_server_name == *, import all aliases to a single
target server
- if old_server_name == !, import all aliases to thier old
server names
impuser
- imports all users, groups, public and private applications
and logon assignments from the export file
- syntax: impuser domain_name export_file_name
impacc
- imports access controls from the export file
- syntax: impacc old_server [\\]new_server export_file_name [/create]
- notes: - If old_server == new_server, don't modify ACLs
definitions (like paths, for instance).
- If old_server == *, import all ACLs to a single
target server (new_server).
- If old_server == !, import all ACLs to thier old
server names (new_server should specify the domain
controller in this case).
- If /create option specified, create the directories
before creating the access profiles. Cannot create
files, print queues, serial devices, etc.
There are two PM front-ends:
impgrppm
- PM control program for impgroup
dcdbexim
- Scripting program which lets the user put together custom
utilities based on the programs in this package and others
the user may wish to collect. Functions via profiles. A
sample profile is provided (SAMPLE.PRO).
The profile consists of executable commands. The commands
are executed by the command processor (CMD.EXE), one at a
time. Lines in the file starting with an asterisk ('*')
are ignored.
For restoring a server or domain, there is a sequence to follow. If
the sequence is not followed, the resources will not be restored
properly. This sequence is:
Create all resources (directories, files, print queues, etc.)
impgroup -- restore groups
impalias -- restore aliases
impuser -- restore applications and user accounts
impacc -- restore access control profiles
External Alias Migration
*** NOTE: May only be used with LAN Server 4.0 domains ***
Used to translate existing external aliases into the internal
format. This speeds up getting access to the resource, as the
requester no longer needs to execute the batch file.
Syntax: extalias domain_name [/Y]
The optional '/Y' argument is to force the migration of all external
aliases without confirmation. Without specifying this option, the
program prompts the user for confirmation of each alias.
Bad Password Monitor
PWMon.EXE is a program that will enhance the security on a server. It
automatically revokes a user account when the limit of logon attempts
has been made with bad passwords.
This utility can be run be run detached, windowed or full-screen that
will monitor the alerts sent out by the on which machine it is run.
When it sees a bad password alert, the program will read back in the
audit log and look for a user that has exceeded the logon limit. This
limit defaults to 3 and is settable with a command-line option.
A user must be logged onto the local machine as either an
administrator or an accounts operator in order for this utility to run
properly.
Auditing must be enabled for at least the Badnetlogon and Badsesslogon
alerts or the program won't be able to tell who it was that entered
too many bad passwords.
The syntax of the command is:
pwmon [limit]
where 'limit' is the number of attempts after which the user's account
will be revoked.
Force All Users off a Server
For maintenance purposes, it is sometimes necessary to force all users
to disconnect from a server. This is sometimes referred to as "forced
logoff." Although, from the server's point of view, this isn't
actually a logoff.
This program must be run on the server that you wish to maintain. Use
NET ADMIN to run it from your workstation.
The syntax of the command is:
forcelog
and there are no parameters. This command file has the side-effect of
pausing the SERVER and NETLOGON services.
Disable a Single User
For security reasons, it is occasionally necessary to force a user off
the domain. For example, when someone is logged on as another user.
This command file will accomplish this by disabling the user account
and disconnecting that user from all servers in the domain.
The syntax of the command is:
discuser userid
where 'userid' is the userid of the account you wish to disable.
Remove User
The command to remove a user will not only erase the user's account
and logon profiles, but will also erase the home directory.
The syntax of the command is:
remuser userid [/y]
where 'userid' is the userid of the account you wish to remove. '/Y'
is used to suppress confirmation messages when you use this command in
a batch file.
NOTE: If you execute this command remotely via NET ADMIN, you must
enclose the command in quotes so the command parser doesn't strip
off the /Y. For example:
NET ADMIN \\SRVC /C "REMUSER XYZ /Y"
would work correctly whereas
NET ADMIN \\SRVC /C REMUSER XYZ /Y
would not.
Sample REXX Programs
ALIASES.CMD Exports all alias definitions to a comma-delimited
output file so they can be imported into a database,
word processor, or spreadsheet.
USERS.CMD Exports all user definitions to a comma-delimited
output file so they can be imported into a database,
word processor or spreadsheet.
HOMEDIR.CMD Re-establishes the user's home directory connection
if that connection was broken for some reason.