home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 8 Other
/
08-Other.zip
/
lsmt213c.zip
/
lsmt.txt
< prev
next >
Wrap
Text File
|
1997-01-28
|
89KB
|
2,093 lines
------------------------------------------------------------------------------
* * * L S M T * * *
LAN Server Management Tools
Author : Alain Rykaert - IBM Belgium (RYKAERTA at BRUVMIS1)
- Alain_Rykaert@BE.IBM.COM
------------------------------------------------------------------------------
/===\ /============\ /===\ /===\ /===========\
| | / | | \ / | | |
| | | /=========/ | \ / | \===\ /===/
| | | | | \ / | | |
| | | \========\ | \/ | | |
| | | \ | | | |
| | \=========\ | | | | |
| | | | | /\ /\ | | |
| \=========\ /=========/ | | | \ / | | | |
| | | / | | \ / | | | |
\=============/ \============/ \===/ \/ \===/ \===/
LAN SERVER MANAGEMENT TOOLS
Latest Update: 28JAN97
------------------------------------------------------------------------------
* * * L S M T * * *
LAN Server Management Tools
Author : Alain Rykaert - IBM Belgium (RYKAERTA at BRUVMIS1)
- Alain_Rykaert@BE.IBM.COM
------------------------------------------------------------------------------
The major purpose of the tools is to help the novice as well as the
experienced LAN Server administrator to migrate, update and/or maintain his
LAN Server domain(s).
The tools allow the administrator to extract the information of his current
LAN Server environment into ASCII files, change it and use it to apply
these changes to the same or to a newly installed environment.
Therefore these tools are useful to:
- Backup a LAN Server domain
- Restore a backuped version
- Migrate (for example from LAN Server 3.0 to 4.0 or WarpServer)
- Consolidate
- Restructure the actual domain definitions
The programs are written in REXX not only to enable you to adjust them to
your own needs but also to demonstrate the usability and easiness of REXX.
We have written the programs to meet following objectives :
The command files have to:
- be easy to read and debug by any user who is familiar with REXX
- be easy to upgrade to a PM environment by using programs such as
VX-Rexx, VisPro-Rexx, GPF-Rexx, DrDialog and so on
- provide external customable files for proper convenience such as
column length, language and so on
- provide error and logging facilities for all activities
Overview
--------
Most of the base functions we split into different programs for better
reading and selective use of the resources.
To retrieve information of the existing LAN environment and extract it
to an ASCII file, you may use the GETxxx.CMD programs.
If there are any changes required, you may edit these flat files directly
with your favorite editor, spreadsheet or with a batch program.
Prerequisites For Your Editor:
------------------------------
Extracting your LAN Server environment information to an ASCII file results
in lines which easily exceed 254 characters.
Depending on your definitions, they might even be much larger.
Therefore, the editor or spreadsheet program you want to use to view and/or
manipulate these ASCII files has to be able to handle files with large lines,
and it should at least warn you if any truncation occurs.
( TEDIT.EXE, E.EXE and IBMWORKS support long lines.
EPM.EXE does not, but it warns you in case of truncation.)
To set the information back to your LAN Server environment, use the
SETxxx.CMD programs with the ASCII files as input.
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
A T T E N T I O N :
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Before you use the programs in a productive environment, make sure that
you have an actual backup of all your running servers.
Table of all programs:
----------------------
PRG Name Default Input Default Output Information
------------------------------------------------------------------------------
| INSTALL Install procedure
------------------------------------------------------------------------------
GETALL All information of the DC
------------------------------------------------------------------------------
GETSRVS SERVERS.INI SERVERS.CSV All Servers
LSMT.LOG
SETSRVS SERVERS.CSV LSMT.LOG
SERVERS.CHK
------------------------------------------------------------------------------
GETUSERS USERS.INI USERS.CSV All users settings
LSMT.LOG
SETUSERS USERS.CSV USERS.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETGRPS1 GROUPS.INI GROUPS1.CSV All groups names & comments
LSMT.LOG
GETGRPS2 GROUPS2.CSV All groups & memberships
LSMT.LOG
SETGRPS1 GROUPS1.CSV GROUPS1.CHK
LSMT.LOG
SETGRPS2 GROUPS2.CSV GROUPS2.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETALIAS ALIAS.INI ALIAS.CSV All alias definitions
LSMT.LOG
SETALIAS ALIAS.CSV ALIAS.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETACL ACL.CSV All access profiles
LSMT.LOG
SETACL ACL.CSV ACL.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETASSGN ASSGN.CSV Logon assignments for all
LSMT.LOG users and aliases
SETASSGN ASSGN.CSV ASSGN.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETAPPL APPL.INI APPL.CSV All public applications
LSMT.LOG
SETAPPL APPL.CSV APPL.CHK
LSMT.LOG
------------------------------------------------------------------------------
| GETSEL SELECTOR.CSV All applications selector
LSMT.LOG
| SETSEL SELECTOR.CSV SELECTOR.CHK
LSMT.LOG
------------------------------------------------------------------------------
GETPWD USERS.PWD Get all passwords (encrypted)
SETPWD USERS.PWD
------------------------------------------------------------------------------
In addition to above, we supply some more applets to demonstrate how you can
use REXX within OS/2 and also within your OS/2 LAN Server environment:
------------------------------------------------------------------------------
RXACL RXACL.CSV RXACL.CSV Get/Set ACL's to/from an
LSMT.LOG ASCII file
------------------------------------------------------------------------------
RXDASD RXDASD.CSV RXDASD.CSV Get/Set DASD limits to/from
RXDASD.INI LSMT.LOG an ASCII file
------------------------------------------------------------------------------
RXNET Simulates some NET.EXE browsing
functions with faster output than the
original NET.EXE
------------------------------------------------------------------------------
CHKASSGN Checks all you assignments for
inconsistency
------------------------------------------------------------------------------
Remark: depending of which procedure has been called, one or more other
procedures can be executed undercover such as 'SETCMD.CMD',
'GETCMD.CMD', 'SETHOME.CMD' etc...
------------------------------------------------------------------------------
///////////////////// Installation Of LSMT \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
------------------------------------------------------------------------------
To install LSMT, you will need following files:
Files Description
---------------------------
LSMT.TXT this document
LSMT.ZIP compressed file, contains all necessary product files
PKUNZIP2.EXE available after an OS/2 Lan Requester & Server installation
All files must be installed in a common directory on the same disk,
(example: Drive letter is D:)
Goto the drive D:
Create a directory: MD \LSMT
Goto this directory: CD \LSMT
Copy LSMT.ZIP to this directory: COPY ?:\LSMT.ZIP
(replace ?: with the Drive Letter where to get the source file, example A:)
Unzip the packed file: PKUNZIP2 LSMT.ZIP
Erase LSMT.ZIP from this directory DEL D:\LSMT.ZIP
Create the LSMT objects on the WPS INSTALL
Now, they are 3 ways to use the LSMT procedures :
1. To get for example all details about the defined Users,
execute 'GETUSERS' with the ComputerName of the (primary) Domain Controller.
Example: GETUSERS /SRV:BEDCDIE
2. to get all the DC's data chained together such as Users, Alias,
Logon Assignments etc...
execute 'GETALL' with the ComputerName of the (primary) Domain Controller.
Example: GETALL /SRV:BEDCDIE
(For details about GETALL and the optional programs go to the topic
'GETALL' 2 pages futher).
| 3. to do it by drag & drop, open the 'Outputs' folder and drag for example
| the 'USERS.CSV' to the ProgramObject 'Get from DC'.
To get more details goto the topic
'Using the Drag & Drop on the OS/2 Warp WorkPlaceShell',
the last chapter of the 'LSMT.TXT'.
------------------------------------------------------------------------------
About DLL's:
------------------------------------------------------------------------------
The power of REXX encourages the user to use REXX functions even if they are
not delivered with the original REXX code just by adding and loading
additional DLLs which contains the required functions.
One of the major enhancements of LS 4.0 in contrast to earlier versions is
that all LAN Server APIs can be accessed via REXX by external functions in a
new DLL (LSRXUT.DLL).
There are two DLLs included in LAN Server 4.0: LSRXUT3.DLL and LSRXUT4.DLL.
LSRXUT3.DLL is essentially the same as LSRXUT4.DLL with some restrictions
originated in the LAN Server 3.0 code.
One of the few restrictions is that if you are using a LAN Server 3.0
environment, you cannot use the apply API to copy the actual ACL of
the directory to its subdirectories.
If the directory resides on a LAN Server 4.0 Server, even if your
domain controller has a lower release, the apply will work.
The LSRXUT.DLL does not have to be installed at the server itself but on the
machine you are planning to use to run the programs.
If you are using LAN Requester 3.0, then you should use LSRXUT3.DLL.
If you are using LAN Server 4.0 or higher, use LSRXUT4.DLL.
In order to provide you with the latest information, we included in our
package the most recent versions of LSRXUT3.DLL and LSRXUT4.DLL which will
install automatically the correct version by the registration program
'RGLSRXUT.CMD'.
In addition to this, there are more DLL's included which we used within our
REXX program:
DLL file Author Content
------------------------------------------------------------------------------
LSRXUT.DLL Ingolf LAN Server REXX API's actually delivered with OS/2
Lindberg Lan Server 4.0 (we included a more recent version)
RXUTILS.DLL Thomas Some general purpose functions
Rogers
RXNPIPES.DLL Graham Used only if you decide to use piping as an
Ewart additional logging mechanism
If, during executing, you encounter the following error message:
SYS0032: The process cannot access the file because it is being used
by another process.
One of the DLLs is already in use, and you cannot replace it with the one
in your LSMT directory. Just reboot the workstation to 'unlock' the locked
DLL's.
A suggested way to register all the DLL's are following statemets in
the STARTUP.CMD :
CALL ?:\LSMT\RGUTIL.CMD
CALL ?:\LSMT\RGUTILS.CMD
CALL ?:\LSMT\RGLSRXUT.CMD
CALL ?:\LSMT\RGNPIPES.CMD
where '?:' stands for the driveletter of the drive you installed LSMT
------------------------------------------------------------------------------
The INI Files:
------------------------------------------------------------------------------
For some of our programs, we provide xxx.INI files to enable the user to set
several values externally without touching the CMD files.
These files allow you to specify which columns you would like to have
in your output file and which column width they should occupy.
Some programs will not provide this flexibility in making the decision about
which columns to see and which column width to use because the content of the
columns is subject to change dynamically.
In these cases, an INI file can always be just a snapshot of your actual
environment.
Therefore it needs to be rebuilt anytime you restart the programs because
your environment might have been changed, some of the objects represented by
the columns no longer exist or others have been added.
Example: ALIAS.INI
*************************************************
* DO NOT CHANGE THE FIRST 2 COLUMNS ORDER
* AND DO NOT CHANGE THE COLUMNS NAMES
*
OPT ; 3
NAME ; 8
TYPE ; 7
SERVER ; 8
PATH ; 30
REMARK ; 20
* NETNAME ; 8
LOCATION ; 13
MODE ; 17
MAXUSES ; 7
QUEUE ; 10
PRIORITY ; 8
DEVICE_POOL ; 12
*
*************************************************
With the INI file, you have following options:
- Changing the order of the lines will change the order of the
corresponding columns in the output file.
- Deleting lines or typing an asterisk '*' in the first column of the line
will have the effect that this column will not be displayed in the output
file.
- Changing the numbers will change the corresponding column width.
Restrictions:
-------------
- DO NOT CHANGE the column names, these are predefined names used by the API.
- Please obey additional restrictions given in the comment lines at the top
of each INI file.
For those programs which do not provide an INI file, you will be able to
delete certain columns in the ASCII files or reorder them.
This does not apply for some special columns described for each program in
their detailed description.
If you delete a column, this implies that you also want to delete the
information provided in this column.
If you delete some columns or exclude them by placing an asterisk in the
first column of the corresponding line in the INI file, you should be aware
that the information represented by the column now cannot be set by the
SET program because it does not know which value to set.
Some of the columns you may not delete because LAN Server needs the
information in these columns to complete your setting operation.
In this case, you will receive an error message from the API.
------------------------------------------------------------------------------
The ASCII Files:
------------------------------------------------------------------------------
All ASCII files produced by our REXX command files have a common look and
feel. In order to use advanced methods in editing those files, we used a
format you easily can edit with an ordinary file editor or with your favorite
spreadsheet program (for example, IBM Works, part of OS/2 Warp Bonuspak).
Nearly every spreadsheet program on the market is able to import a so-called
comma-separated value file. Within these files, each row of your spreadsheet
is represented by a corresponding line in your CSV file, and vice versa.
To decide which lines belong to which column of your spreadsheet, a special
character is used as delimiter of each column.
In most countries the comma ',' is used as list separator, others are using
the semicolon ';'.
By default, we decided to use the semicolon ';' as delimiter because some of
the values in OS/2 LAN Server (for example, Comments) may contain commas.
If you import the ASCII file into your spreadsheet and the data is not
separated correctly, try to figure out whether your default list separator is
the one we used.
IBM Works, for example, uses the list separator defined on the first notebook
page of the country settings located by default in the System Configurtation
Folder of the OS/2 System folder.
Check this option first to see whether it is set correctly.
In the top section of each CSV file, you will find a line starting with 'OPT'
This line contains the header description of all columns used in this file.
Therefore, if you want to know what kind of information is stored in a certain
column, just follow the column up or down until you reach a line which starts
with OPT.
For each column, you will find a descriptive name for the column's content.
If you are using a spreadsheet program to change values, you have to save it
as a comma-separated value file. Most of the spreadsheet programs save the
files by default to their own proprietary format.
Each column is separated by ';' (you will not see this separator if you are
using a spreadsheet program). If you are not explicitly allowed to change this
line (see: "Description Of The Standard Functions"), do not change this line.
With respect to the meaning of the semicolon, do not delete semicolons within
a row because deleting one semicolon has the effect of shifting all entries
one column to the left (and only for this line!).
Conversely if you are adding an additional semicolon all entries shift one
column to the right.
For the same reason, do not use semicolons in your entries, for example in
comment fields.
* List of all logon assignments ,allowed Options U=update D=delete
OPT;USERID ;REXX;WARPAPPL;DOSAPPL;WINAPPL;PUBLIC;IBM4039;OPTRA;MODEM;
;ODIER ; ; V ; ; ; P ; LPT1 ; ;COM4 ;
;PAULI ; R ; W ; ; ; P ; ;LPT3 ; ;
;RYKAERTA; R ; W ; X ; ; P ; LPT3 ; ; ;
;SHIMIZU ; ; W ; ; ; P ; ; ; ;
;TESTINI ; ; ; X ; Y ; P ; LPT1 ; ; ;
;VERNON ; ; W ; ; ; P ; ; ;COM3 ;
If you use this table to manipulate your data, the first column is always
your option column.
The following entries are allowed for the option column:
* Indicates that this line is a comment line, it will be ignored.
OPT This line contains information about the columns used in this file
(change it only on purpose; see "Descritption Of The Standard Functions")
A ADD
Indicates this is a new entry, add entry to your existing LAN
environment (some applications do not distinguish between ADD
and UPDATE)
U UPDATE
Indicates this line contains settings about an already existing entry,
and you want to change these settings.
D DELETE
The whole entry will be deleted from your LAN environment.
If there is no entry or just blanks in the option column, this line will not
be processed, it will be ignored.
Therefore, if you are applying any changes using this file, be sure to set the
proper option in the option column; otherwise your changes will not be
processed.
If you want to change the order or the appearance of one or more of these
columns, use the INI file if it is provided (see: "The INI Files").
If there is no INI file, and only then, you may change the order or delete
some of the columns by editing the ASCII file.
Please respect the restrictions for reorder or deletion in "Description
Of The Standard Functions".
However, if you delete a column for some programs, this implies that you also
want to delete the information provided in this column.
------------------------------------------------------------------------------
The Check Files:
------------------------------------------------------------------------------
If for some reason one or more of the lines in your ASCII files could not be
processed, for example an error occurred, you will find them collected in the
corresponding check file (filetype by default CHK).
This makes it easier for you to check the non processed lines for the reason
of their failure. Once corrected, you just have to rename this file to .CSV,
and process it again.
Due to the nature of this file, it will be only created if the SETxxx.CMD
fails to process all data.
------------------------------------------------------------------------------
The LOG file:
------------------------------------------------------------------------------
By default there is only one log file (LSMT.LOG) for all provided REXX
procedures, so that all logging information is collected in one log.
If needed, you can specify another logfile name for each procedure.
Every information which will be logged will also be visible on the screen.
The following information will be logged:
- Information about the originator of the log
- Errors
- Changes of your LAN environment (add, delete, change)
Each log entry gives you following information:
- An asterisk '*' in the first column indicates an ERROR log.
- Date and time when the entry was set (YYMMDD hh:mm).
- UserID of the admin who executed the program which set the log entry.
- Name of the program which set log entry.
- The function which was executed.
- The message of this function APL.
- In case of error, the return code in square brackets.
10/17/95 16:56 A948R34 SETUSERS Add User : BERRIT
10/17/95 17:01 A948R33 SETACL New Audit : ALIAS6 -
10/17/95 17:01 A948R33 SETACL New ACP : DOSAPL DOSUSERS - XR
10/17/95 17:01 A948R33 SETACL New ACP : ALIAS6 A948R33 - XR
10/17/95 17:39 A948R34 SETALIAS Update Alias : PRINTER3 - Printer 3
*20/02/96 11:46 ALAINADM SETUSERS Add User : RAMBO [2245 Could not ...
... add UserID ]
In the example above, you will see one line with an asterik in the first
column which classifies this line as an error logging.
At the very end of this line, you see a message enclosed in brackets which is
only a fraction of the original return code.
If there is a number at the beginning of the text in brackets, you will get
more information of the nature of this error if you type at an OS/2 command
prompt 'HELP NETxxxx' where xxxx is this number.
With an error 2245 you will see following by executing 'HELP NET2245':
NET2245: The password is shorter than required.
------------------------------------------------------------------------------
The Idea Of Named Pipes:
------------------------------------------------------------------------------
Named pipes in REXX give you a very sophisticated way to let two or more
programs communicate with each other.
If two programs are connected via a named pipe, each of them has a dedicated
role.
One program is responsible to send messages, the other to receive.
The sending program is using the pipe just as any other ordinary output device.
The major difference is that this output will not be stored anywhere but
taken immediately as input for the receiving program.
To enable the programs to establish more than one connection at a time,
you use names for each pipe to distinguish the connections.
Each pipe can be used only between two programs at the same time.
If another program wants to write messages to the same pipe, it has to
wait until a previous session is closed.
Standard REXX does not support named pipes, but we added the RXNPIPES.DLL
(written by Graham Ewart) to this package to support the use of named pipes
within REXX.
To demonstrate the use of named pipes, we provide two typical named
pipe programs written in REXX:
MNP.CMD Sends messages to a certain pipe.
CONSOLE.CMD Receives messages and shows them immediately on the screen.
You can use this program as a console console for all our
programs which produce log output.
CONSOLE2.EXE same function as CONSOLE.CMD but written in C to provide
multiple instances (written by Wouter Cloetens)
How to install and use Named Pipes with REXX:
---------------------------------------------
Here we have 2 possible methods:
1.a. To receive messages, start 'CONSOLE' with following optional parameters:
/PIP:Name_of_the_Pipe (default \PIPE\RXPIPE)
/LOG:LOF_Filename
/TO:Time_Out_Value
/SOUND
Parameter Description:
PIP : Name of pipe to open for receive
LOG : Name of the file all the received messages will be logged to
TO : the timeout in milliseconds the program waits until the pipe is open
SOUND : if set, you may hear the program's heart beat
Example: CONSOLE /PIP:\PIPE\MYPIPE /SOUND
| 1.b. To receive messages, start 'CONSOLE2' after editing 'CONSOLE2.CFG'
|
| Remark: CONSOLE2 does not log into a file on disk
2. To send messages, edit MNP.CMD, and fill in the name of the pipe you want
to send the messages.
3. Execute 'MNP' with your message: Example: MNP Hello
or
just pipe your message: Example: echo Hello > \PIPE\RXPIPE
4. To Stop the 'CONSOLE' or 'CONSOLE2': press [CTRL]-[BREAK]
The big advantage of pipes is that the sending program (MNP) and the receiving
program (CONSOLE or CONSOLE2) may run on different machines within your
network.
To use this scenario over your network, the machine which runs your CONSOLE or
CONSOLE2 programs has to meet following requirements:
- The operating system must be OS/2 2.1 or higher.
- The piping mechanism needs to share IPC$ and therefore either
LAN Requester 3.0 or higher with peer services
or
LAN Server 3.0 or higher has to be installed.
At the PC which sends messages, you have to edit MNP.CMD to type in the named
pipe of the receiving computer.
Prerequisites for installation of LSMT:
---------------------------------------
You have to meet following prerequisites to install LSMT:
LAN Server: OS/2 2.11 (or higher)
OS/2 LAN Server 3.0 (CSD7045 or higher) and higher
LAN Requester: OS/2 2.11 (or higher)
OS/2 LAN Requester 3.0 (CSD7045 or higher) and higher
------------------------------------------------------------------------------
Description of the standard functions:
------------------------------------------------------------------------------
In this chapter we describe in detail each LSMT procedure.
For each procedure we will show you either a full example ASCII file or
just an excerpt if the full file would not fit into this documents boundaries.
(three dots '...' indicate that some columns are not shown in this example)
Where appropriate you will find a table which includes the description of all
columns which are used within the ASCII files.
************
IMPORTANT
************
All the Rexx proceduers are based on the standard OS/2 Lan Server API's.
Each function of the LSRXUT.DLL is described in a on-line book, 'LSRXUTIL.INF'
Read & use the 'LSRXUTIL.INF' to get all avalaible information about the
Lan Server API's by executing:
VIEW LSRXUTIL
------------------------------------------------------------------------------
GETALL
------------------------------------------------------------------------------
Chain all GETxxx programs together in following order:
GETSRVS : Get all Server(s) definitions
GETUSERS : " " Users
GETGRPS1 : " " Groups
GETGRPS2 : " " Members of the Groups
GETALIAS : " " Alias
GETACL : " " Access Control Lists
GETASSGN : " " Logon Assignments
GETAPPL : " " Public & Private Applications
GETSEL (*) : " " Application Selectors
I will create a folder on the Workplace shell 'Lan Server Management Tools'
with all possible outputs in it.
Once all objects created, you can drag & drop those files to any favorite
editor or spreadsheet you like.
If needed, you can execute GETPWD to extract all (encoded) passwords from the
(primary) Domain Controller.
Remark (*): by default the 'GETSEL' is not included in the chain of all
procedures. If needed, you must edit the GETALL.CMD to enable GETSEL
If no parameters entered you will receive following :
╔═─────────────────────────────────────────────═╗
│ * LSMT * LSMT * LSMT * LSMT * LSMT * LSMT * │
├───────────────────────────────────────────────┤
│ Usage : GETALL /SRV:Servername_of_DC │
│ │
│ [/LOG:Log_File] [/PIP:Name_of_the_Pipe] [/M] │
│ │
│ Sample : GETALL /SRV:BEDCDIE │
├───────────────────────────────────────────────┤
│ Get ALL the Domain Controller definitions │
╚═─────────────────────────────────────────────═╝
Once the outputs retrieved from your Domain Controller, a shadow of each
Data file will be created in the 'OUTPUT' folder into the
'Lan Server Management Tools' folder. Now you double-click on one of the
output files or drag it to your favorite editor as we created with the
name 'T2 Editor' which will open open 'T2.EXE'.
Of course, this editor can be replaced and used by any other like TEDIT.EXE,
LPEX, EPM, Lotus 123, IBM Works etc ...
If desired, you can start from the command prompt the assiciated procedure
to set back some changes to the Domain Controller or try the Drag & Drop
option to the object 'Set Back to DC'.
Be aware that every modification made by you will 'log' an entry in the
'LSMT.LOG' file for later analyze and feedback.
------------------------------------------------------------------------------
GETDOM.CMD
------------------------------------------------------------------------------
Get all information about the servers in a specific domain.
The GETDOM procedure creates an additional Folder with the name of the server
into the 'All Servers in Domain' folder with objects pointing to the
'CONFIG.SYS', 'PROTOCOL.INI', 'IBMLAN.INI' etc... of the target server.
Into the same folder, additional Program objects request more information
from the target server such as System Information, Lan Server Error Logs etc..
Also, an ASCII file in the form of a spreadsheet will be created
into the 'Output' folder with the Object name 'DOMAIN.CSV'
Sample output:
--------------
;NAME ;OS2 ;BUILD ;MPTS ;LSR ;COMMENT ;ROLE ;
;DC1 ;XR03005 ;8.234 ;WR08200 ;IP08200 ;Domain Controller 1 ;Primary ;
;FS2 ;XR03005 ;8.234 ;WR08200 ;IP08200 ;File Server 2 ;Member ;
Each line represents a server. You will find the server name at the begin
of each line.
Following columns are in the ASCII File:
Column Name Description
---------------------------------------------------
NAME The Server computer name
OS2 The syslevel from the Server OS/2 Base
BUILD The buildlevel of the server OS/2 Base
MPTS The syslevel from the Server MPTS
LSR The syslevel from Lan Requester & Server
COMMENT The server comment
ROLE The role of this server in the domain
Possible values : Primary, Backup, Memeber or Standalone
DISC The auto-disconnect value
ALERTS The server alerts receiver table.
The table can be empty
HIDDEN The server hidden attribute setting
Restrictions:
-------------
In this procedure the column width of each output is not adjustable and
therefore there is no DOMAIN.INI file provided.
If you need to adjust the Column width, you have to edit/adjust the
Rexx procedure.
It's obvious that this procedure can be expanded if the need exist to get
also the syslevel of CM/2, DB/2, TCP/IP etc ...
Just edit the Rexx procedure and make the necessary changes.
------------------------------------------------------------------------------
GETSRVS.CMD / SETSRVS.CMD
------------------------------------------------------------------------------
Get and set all information about the servers in a specific domain.
The GET procedure creates an ASCII file in the form of a spreadsheet like the
following example:
OPT;NAME ;COMMENT ;DISC ;ALERTS;HIDDEN ;ANNDELTA; ...
;ITSCSV00;Domain Controller;Auto-;-none-;Visible;3000 ; ...
;ITSCSV01;Additional Server;120 ;-none-;Visible;3000 ; ...
Each line represents a server. You will find the server name at the beginning
of each line. If you do not exclude some columns in the SERVERS.INI, file you
will find the following columns in the ASCII File:
Column Name Description
---------------------------------------------------
OPT to set your options, allowed are
A = add U = update D = delete
NAME The server computer name
COMMENT The server comment
DISC The auto-disconnect value
ALERTS The server alerts receiver table.
The table can be empty
HIDDEN The server hidden attribute setting
ANNDELTA The random announce rate (in milliseconds)
ALERTSCHED The alert interval for notifying an administrator
of a network event
ERRORALERT The number of entries that can be written to the
error log file during a interval before notifying
an administrator
LOGONALERT The number of failed logon attempts to allow a user
before notifying an administrator
ACCESSALERT The number of failed file accesses to allow before
issuing an administrative alert
DISKALERT The number of kilobytes of free disk space, at which, an
administrator must be notified that the free space is low
MAXAUDITSZ Maximum audit file size
VERSION_MAJOR The major version number (Version)
VERSION_MINOR The minor version number (Release)
TYPE The server type. This information is a hexadecimal
value and is not interpreted
ANNOUNCE The network announce delta (in seconds), which determines
how often the server will be announced to other computers
on the network
ACTIVELOCKS The number of file locks that can be active
ALIST_MTIME The last time the access control list was modified
AUDITEDEVENTS The audit events setting. This value is unformatted
and is presented hexadecimal
AUDITING The auditing setting
AUTOPATH The server autoprofile location
AUTOPROFILE The server auto profile setting
CHDEVJOBS The number of serial device jobs that can be pending
on a server
CHDEVS The number of serial devices that can be shared on
the server
CHDEVQ The number of serial device queues that can coexist
on the server
CONNECTIONS The maximum number of connections to netnames
that are allowed
GLIST_MTIME The last time the group list was modified
GUESTACCT The guest account name
LANMASK The order in which the network device drivers
are served. The value is uninterpreted
NETIOALERT The Network I/O error ratio in one tenth of a percent
to allow before the administrator is notified
NUMADMIN The maximum allowed number of administrators
NUMBIGBUF Number of 64KB server buffers that are provided
NUMFILETASKS Number of processes that can access the operating
system at one time
NUMREQBUF The number of server buffers that are provided
OPENFILES The number of files (file handles to for example
files or pipes) that can be opened at once
OPENSEARCH The number of searches that can be opened at once
ULIST_MTIME The last time the users list was modified
USERS The maximum of users on the server
SESSOPENS The number of files that can be opened in one session
SESSVCS The maximum number of virtual circuits per client
SESSREQS The number of simultaneous requests that a client
can make on any virtual circuit
SECURITY The security type of the server
SHARES The maximum number of netnames a server can accommodate
SIZREQBUF The size (in bytes) of each server buffer
SRVHEURISTICS The server heuristics settings
USERPATH The path name to user directories
Comments:
---------
GETSRVS provide you a customable INI file where you can decide which
columns you want to see and which not to use.
Restrictions:
-------------
In this version of LSMT, only the following information can be set,
therefore do not change the values in the other columns:
COMMENT, DISC, ALERTS, HIDDEN, ANNDELTA, ALERTSCHED,
ERRORALERT, LOGONALERT, ACCESSALERT, DISKALERT, NETIOALERT, MAXAUDITSZ.
If you want to reorder or suppress the apearance of some columns,
use only the SERVERS.INI file.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set a server,
you will receive an error message during the SETSRVS.
------------------------------------------------------------------------------
GETUSERS.CMD / SETUSERS.CMD
------------------------------------------------------------------------------
The GET procedure creates an ASCII file in the form of a spreadsheet like the
following example:
OPT;NAME ;PASSWORD;PRIV ;FLAGS;USR_COMMENT ; ...
;GUEST ;**** ;Guest ;SN ;System ID ; ...
;ITSCADMN;**** ;Administrator;S ;ITSC Admin ; ...
;MATHIEU ;**** ;User ;S ;Maurice Mathieu; ...
;ALAINADM;**** ;Administrator;S ;Alain as Admin ; ...
;SHIMIZU ;**** ;Administrator;S ;Toshi Shimizu ; ...
Each line represents a user.
You will find the user ID at the beginning of each line.
If you do not exclude some columns in the USERS.INI, file you will
find the following columns:
Column Name Description
-------------------------------
OPT to set your options, allowed are
A = add U = update D = delete
PASSWORD The password of this user ID.
You may not see the original password of the user,
only 4 asterisks to indicate where to change the
password if necessary, and what minimum length is
required . If you want to set a new password,
overtype at least the asterisks with non-blank characters.
ATTENTION:
If you use this file to set a user password be aware
of your security guide lines. After usage of this ASCII
file as an input for SETUSERS it is recommended to
overtype the password values again with asterisks or
just delete this ASCII file, so that no files exists
on a machine with readable passwords in it.
HOME_DIR Shows you the position of the user's home directory,
if there is one.
MAX_STORAGE This value is NOT the DASD limit.
There only will be an alert sent to the administrator
if the amount of data in this directory exceeds the
given value. If you want to set DASD limits for this
directory, you have to use the NET DASD command
or our RXDASD.CMD.
PRIV The privilege of this user.
Valid Entry Description
Guest Guest user
User Normal user
Admin Administrator
USR_COMMENT The user comment which is used by UPM
(user profile management).
COMMENT The user comment which is used by the command line
interface of LAN Server.
FULL_NAME This user comment is not used by LAN Server,
but may be used by LAN aware programs.
SCRIPT_PATH The name of the logon script together with the path
specification relative to the NETLOGON SCRIPT parameter.
This is not PROFILE.CMD.
If you specify a CMD file in this column,
this command file will be executed during logon before
any logon assignments were made and before the
PROFILE.CMD will be executed. By default, this CMD
has to be in the IBMLAN\REPL\IMPORT\SCRIPTS directory
of the server which is processing your logon.
If you want to change the location, you can do this by
editing the IBMLAN.INI of the 'logon' - server:
[netlogon]
SCRIPTS = C:\IBMLAN\REPL\IMPORT\SCRIPTS
AUTH_FLAGS Flag Description
P Print operator privilege is enabled.
C Comm operator privilege is enabled.
S Server operator privilege is enabled.
A Accounts operator privilege is enabled.
WORKSTATIONS The workstation restriction for the user
LOGON_SERVER The computer to handle logon requests for this user account
| *****************
| IMPORTANT NOTICE:
| *****************
| If the Lan Administrator adds or updates some users and specifies the
| location of the Home Directories away from the Primary Domain Controller
| (which we recommend), another file 'HOMEACL.CSV' will be created with a list
| of Access Control Profiles which can be read & executed by the
| RXACL.CMD procedure or simply by drag & drop back to 'Set Back to the DC'
| object.
|
| This will be reminded during the execution of SETUSERS.CMD if needed.
Restrictions:
-------------
If you want to reorder or suppress the appearance of some columns,
use only the USERS.INI file.
The workstation restriction cannot be deleted once set because
in the actual version of the LSRXUT.DLL the none value will not be
recognized.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set a user, you
will receive an error message during SETUSER.
------------------------------------------------------------------------------
GETPWD.CMD / SETPWD.CMD
------------------------------------------------------------------------------
The GET procedure creates an ASCII file with the following
information:
+----- encoded password
!
GUEST:AAD3B435B51404EEAAD3B435B51404EE
ITSCADMN:B87209C77290AB876726788D823829CC
MATHIEU:C7899238765652CD655678BC866789C2
MBREWER:C8726773CA662589CA6454A3223C782B
OSCAR:987B665277C45782B2544567753A6442
SHIMIZU:67655378D7654547E78BCD66889643DC
Each line has the form USER ID: PASSWORD.
The password of the user ID you will see in this column is encrypted,
so you are not able to see the original password.
The only conclusion you can make of the values of this column is:
if two password entries are identical, then the original passwords are
identical.
This procedures are not intended to change passwords but to help you migrate
passwords from one installation to the other.
ATTENTION:
----------
As we mentioned above the passwords are encrypted so you should be careful
changing the password encryption within this file, it may result in an
unpredictable password if you are not using an already seen encryption.
Again the original passwords are NOT identical to the encryption but the
encryption represent a unique password.
Restrictions:
-------------
To get and set the passwords we are using an external program so that the log
file output differs from our standard LSMT.LOG.
Therefore, by default, we are not using LSMT.LOG.
------------------------------------------------------------------------------
GETGRPS1.CMD & GETGRPS2.CMD / SETGRPS1.CMD & SETGRPS2.CMD
------------------------------------------------------------------------------
The GETGRPS1 procedure create an ASCII file with the Group names & comments,
like the following examples:
OPT;NAME ;COMMENT ;
;ADMINS ; ;
;ASSIGNEE ;Permanent ITSC Members Group ;
;GUESTS ; ;
;RESIDENTS ;Temporary Residents Group ;
;SERVERS ; ;
;USERS ; ;
;WARPSERV ;Warp Server Residency ;
The GETGRPS2 procedure create an ASCII file with the Group names & membership,
like the following examples:
OPT;USERS ;ADMINS;ASSIGNEE;GUESTS;RESIDENT;SERVERS;USERS;WARPSERV;
;GUEST ; ; ; X ; ; ; ; ;
;ITSCADMN; X ; ; ; ; ; ; ;
;ITSCSV00; ; ; ; ; X ; ; ;
;ITSCSV01; ; ; ; ; X ; ; ;
;MATHIEU ; ; X ; ; X ; ; ; ;
;MBREWER ; ; X ; ; X ; ; ; ;
;OSCAR ; ; ; ; X ; ; ; ;
;SHIMIZU ; X ; X ; ; ; ; ; ;
This file gives you the information which users belong to which groups and
vice versa.
Each line represents a user id and each column a group id.
If you look at a line, it consists of a user name at the beginning and for
each group this UserID belongs to there will be a 'X' marked in the
corresponding group column.
Therefore if you read this file horizontally it will provide you with
the information in what groups this certain users is a member.
But if you read the same file vertically you will find out all users for a
certain group.
If you want to add a UserID to a group add an 'X' where the corresponding
user id row and group id column are crossing.
Mark the row with 'U' in the option column and process SETGRPS2.
If you want to delete a group membership just overtype an existing 'X'
with blank and proceed as above.
In respect to these two different CSV files, you have 2 different
SET programs:
Program Description
----------------------------
SETGRPS1.CMD Sets the basic information about groups (name and comment).
SETGRPS2.CMD Sets the relationship between users and groups.
Restrictions:
-------------
If you want to reorder or suppress the appearance of some columns in the
GROUPS1.CSV, use only the GROUPS.INI file.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set a group, you will receive
an error message during SETGRPS1 or SETGRPS2.
------------------------------------------------------------------------------
GETALIAS.CMD / SETALIAS.CMD
------------------------------------------------------------------------------
The Get procedure retrieves all alias definitions made in a certain domain.
+------- used by file aliases only
|
OPT;NAME ;TYPE ;SERVER ;PATH ;REMARK ;...;QUEUE ;...;
;APPL-FLG;Files ;\\ITSCSV00;F:\SHARED\FLG;Freelance ;...;Unknown;...;
;DISK-CD ;Files ;\\ITSCSV00;H:\ ;CD-ROM ;...;Unknown;...;
;DISK-MO ;Files ;\\ITSCSV00;G:\ ;Magn.Optic;...;Unknown;...;
;DISK-NVL;Files ;\\ITSCSV00;E:\NOVELL ;Novell Drv;...;Unknown;...;
;PUBLIC ;Files ;\\ITSCSV01;F:\PUBLIC ;PUBLIC ;...;Unknown;...;
;WARPSERV;Files ;\\ITSCSV00;E:\WARPSERV ;Warp Srv ;...;Unknown;...;
OPT;NAME ;TYPE ;SERVER ;PATH ;REMARK ;...;QUEUE ;...;
;IBM4039 ;Printer;\\ITSCSV01;Unknown ;IBM 4039 ;...;IBM4039;...;
;IBM4079 ;Printer;\\ITSCSV01;Unknown ;IBM 4079 ;...;IBM4079;...;
|
used by print aliases only -------+
Each line represents an alias:
you will find the alias name at the beginning of each line.
If you do not exclude some columns in the ALIAS.INI, file you will find the
following columns in the ASCII File:
Column Name Description
------------------------------
OPT to set your options, allowed are
A = add U = update D = delete
NAME The alias name
TYPE The alias type
SERVER The name of the server where the resource described
by this alias resides.
The name is used with the leading '\\' characters
PATH The path (for files alias only)
REMARK The alias remark
LOCATION The alias location
MODE When the alias is shared
MAXUSES The maximum number of users who can have redirection
to the resource identified by this alias
QUEUE The queue name (for serial or printer alias only)
PRIORITY The serial device priority
DEVICE_POOL The serial device pool
Comments:
---------
If you use the SET program to delete an alias you will be reminded to check
afterwards whether there still exist logon assignments to this deleted alias
(see "CHKASSGN.CMD).
Restrictions:
-------------
If you want to reorder or suppress the appearance of some columns, use only
the ALIAS.INI file.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set an alias, you will receive
an error message during SETALIAS.
------------------------------------------------------------------------------
GETACL.CMD / SETACL.CMD
------------------------------------------------------------------------------
The GET procedures retrieves the access control list for all existing aliases
and only for these.
The information will be stored in an ASCII file in the form of a spreadsheet
like the following:
OPT;ALIAS ;AUDIT ;ADMINS;ASSIGNEE;GUESTS ;RESIDENT;SERVERS;USERS ;...
;APPL-FLG;-none-; ; ; ; ; ;RWCXDAG;...
;DISK-CD ;-none-; ; ; ; ; ; RXG ;...
;DISK-NVL; ; ; ; ; ; ; ;...
;PUBLIC ;-none-; ;RWCXDAPG;RWCXDAPG; ; ; ;...
;WARPSERV;-none-; ; ; ; ; ; ;...
;IBM4039 ;-none-; CPG ; CPG ; CPG ; CPG ; ; CPG ;...
;IBM4079 ;-none-; ; CPG ; ; CPG ; ; ;...
The output is always sorted by group and user ids:
+--- group ids ---+ +--- user ids ---+
| | | |
OPT;ALIAS ;AUDIT ;ADMINS ;SERVERS ;LOCAL ;USERS ;ALAINADM;HERMADM ;
;OS2TOOLS ;-none-;CDRWXPG ; ; ; ; R ; RW
| | | | |
| audit for +------access control profiles for---+-------+
| this ACL each group and user
+----------------------for this alias
In this case, except for the first three columns, each column represents a
group or user ID, and each row represents an alias. If you read the file line
by line, you will get all access control profiles (ACP, the rights a group or
user ID has) for an certain alias.
The summary of all ACPs gives you the access control list (ACL) of this alias.
You will find the name of the alias in the column with the title ALIAS.
If you read the file column by column, you will get all ACPs a certain group
or user has defined for all aliases in the domain.
Column Name Description
------------------------------
OPT You will see this column in your output, but no values
will be initially set. This column is only used by the
SET programs. The SETACL.CMD allows you to use more
options in the ASCII file than just A, D and U.
If you change or add an ACL of an file alias, you have
the choice to apply this ACL to all subdirectories of
this alias:
Option Description
A Add an ACL with the values in this line
(you may also use U).
AA (Only for file aliases) Same as A(dd),
but the ACL will be applied to all subdirectories.
U Update an ACL with the values in this line.
UA (Only for file aliases) Same as U(pdate),
but the ACL will be applied to all subdirectories.
D DELETE: delete the ACL for this alias.
ALIAS Here, you will find all the alias names you have defined
in your environment.
They appear in following order (each alphabetically sorted):
All file aliases
All print aliases
All serial aliases.
AUDIT Describes what kind of audit is active for this alias
Valid Values Description
A All access attempts will be audited.
O Audit successful file opens.
W Audit successful file writes and successful
directory creates.
D Audit successful file deletes or truncates
and successful directory deletes.
P Audit successful file and directory access
control profile change.
o Audit failed file opens.
w Audit failed file writes and failed
directory creates.
d Audit failed file deletes or truncates
and failed directory deletes.
p Audit failed file and directory access control
profile change.
N or -none- No auditing is performed.
All other In each column, you will find the ACP of a certain
group or user id. The columns appear in following order
(each alphabetically sorted):
All groups
All user IDs.
Valid Values Description
N None
A Attribute
R Read
W Write
C Create
X Execute
D Delete
P Permissions
G This is a group permission.
The G parameter is not required to be specified
The access profile for a combination alias/user or alias/group will be deleted
if you update the alias line and,
- The corresponding ACP entry for the user or group is blank or
- The group ID or user ID is not in the list because you deleted it or
- The group ID or user ID is not in the list because you
used one of the parameters /USER or /GROUP with the GETACL command.
Therefore, the access control profile will have exactly the values
you set in this line. (WYSIWYG, what you see is what you get.)
Comments:
---------
Due to the nature of the ASCII file, you do not have any INI file used by the
GET program to change the order or suppress the output of certain columns.
Anyway, you may delete or change the order of the columns within the ASCII
file before you use it as input for the SET program.
If you change the column name of a group or user ID column, the program still
works as long as it is a valid group or user ID.
Attention:
----------
If you delete or rearange columns with an ASCII editor and not with a
spreadsheet program, such as IBM works, make sure that the column delimiters
(;) are also deleted or moved.
Restrictions:
-------------
Do not change, delete, reorder, or rename the first three columns
(OPT, ALIAS, AUDIT).
------------------------------------------------------------------------------
GETASSGN.CMD / SETASSGN.CMD
------------------------------------------------------------------------------
The GET procedure retrieves all logon profiles for all users and all existing
aliases.
The information will be stored in an ASCII file in the form of a spreadsheet
like the following:
* Do not delete or change the order of the first 2 Columns
OPT;USERID ;APPL-FLG;DISK-CD;DISK-NVL;PUBLIC;WARPSERV;IBM4039;IBM4079;
* Members Of Group: ADMINS
;ITSCADMN; ; ; ; ; ; ; ;
;SHIMIZU ; F ; L ; N ; P ; S ; LPT2 ; ;
* Members Of Group: ASSIGNEE
;MATHIEU ; F ; ; ; P ; ; LPT3 ; LPT4 ;
;MBREWER ; ; ; ; P ; ; ; ;
;SHIMIZU ; F ; L ; ; P ; S ; LPT2 ; ;
* Members Of Group: GUESTS
;GUEST ; ; ; ; P ; ; ; ;
* Members Of Group: RESIDENTS
;MATHIEU ; F ; ; ; P ; ; LPT3 ; ;
;MBREWER ; ; ; ; P ; ; ; ;
;OSCAR ; F ; ; ; P ; S ; ; LPT2 ;
The output is sorted by File, Print and Serial aliases:
File Printer Serial
Alias Alias Alias
+----------------------+ +------+ |
| | | | |
OPT;USERID ;WARPAPPL;DOSAPL;WINAPL;PUBLIC;IBM4039;OPTRA;MODEM;
;ODIER ; V ; ; ; P ; LPT1 ; ;COM4 ;
;PAULI ; W ; ; ; P ; ;LPT3 ; ;
;RYKAERT ; W ; ; ; P ; LPT3 ; ; ;
;SHIMIZU ; W ; ; ; P ; ; ; ;
;TESTINI ; ; X ; Y ; P ; LPT1 ; ; ;
;VERNON ; W ; ; ; P ; ; ;COM3 ;
| | | |
| +-------------logon profile---------------+
+-----------------------for this user
Type of Alias Valid Values
----------------------------
File All valid drive letters for logon assignments (without colon)
Print All valid ports for parallel logon assignments (without colon)
Serial All valid ports for serial logon assignments (without colon)
Attention:
----------
The logon profile for a combination user/alias will be deleted if you update
the user line and,
- The corresponding logon assignment entry is blank or
- The user ID is not in the list because you deleted it
Therefore, the logon profile will have exactly the values you set in this line.
* List of all logon assignments ,allowed Options u=update d=delete
OPT;USERID ;REXX;WARPAPPL;DOSAPL;WINAPL;PUBLIC;IBM4039;OPTRA;MODEM;
;ODIER ; ; V ; ; ; P ; LPT1 ; ;COM4 ;
;PAULI ; R ; W ; ; ; P ; ;LPT3 ; ;
;RYKAERT ; R ; W ; X ; ; P ; LPT3 ; ; ;
;SHIMIZU ; ; W ; ; ; P ; ; ; ;
;TESTINI ; ; ; X ; Y ; P ; LPT1 ; ; ;
;VERNON ; ; W ; ; ; P ; ; ;COM3 ;
If you delete column DOSAPL in the ASSGN.CSV file and you use this file as
input for SETASSGN, the following will be processed, besides others:
- The Logon Assignment X of user ID TESTINI for DOSAPL will be
deleted.
- The Logon Assignment X of user ID RYKAERT will not be deleted because only
the ID 'TESTINI' was marked with U for update.
Only lines with an valid option will be processed.
Comments:
---------
Due to the nature of the ASCII file (see :The ASCII Files), you do not have
any INI file used by the GET program to change the order or suppress the
output of certain columns.
Anyway, you may delete or change the order of the columns within the ASCII
file before you use it as input for the SET program.
If you change the column name of a group or user ID column, the program still
works as long as it is a valid alias name.
Attention:
----------
If you delete or rearrange columns with an ASCII editor and not with a
spreadsheet program, such as IBM Works, make sure that the column delimiters
(;) are also deleted or moved.
Restrictions:
-------------
Do not change, delete, reorder, or rename the first two columns (OPT, USERID).
------------------------------------------------------------------------------
GETAPPL.CMD / SETAPPL.CMD
------------------------------------------------------------------------------
The Get procedure retrieves all public applications definitions made in a
certain domain.
The information will be stored in an ASCII file in the form of a spreadsheet
like the following:
OPT;NAME ;REMARK ;COMMAND ;COMMAND_PARMS ; ...
;CUADRAW ;Drawing ;CUADRAW ; ; ...
;FREELANC;Freelance ;FLG.EXE ; ; ...
;LANMSG ;DLR Messg. ;DMPC ;%XSLCNF% CMM_MAIN.EXE; ...
;P2P ;Person 2 Per;P2PLAN.CMD; ; ...
;PMCAMERA;Screen Capt.;PMCAM200 ; ; ...
;VIRSCAN ;Virus Scan ;DISKG ; ; ...
Each line represents an public application, you will find the publication
name at the beginning of each line. If you do not exclude some columns in
the APPL.INI, file you will find the following columns in the ASCII File:
Column Name Description
------------------------------
OPT to set your options, allowed are
A = add U = update D = delete
NAME The application name
REMARK The application remark
COMMAND The command that starts the application
COMMAND_PARMS The application start parameters
APP_ALIAS_OR_DRV The alias or drive where the application resides.
It specifies a drive letter, followed by a colon (:),
if the application resides on the user's local machine
or it specifies an existing alias if the application
resides on a server
APP_PATH_TO_DIR The remaining path to the application
WRKDIR_DRIVE Specifies the drive that the working directory is to be
assigned to when the application is started.
A value of * indicates that the system should choose
a drive when the application is started
APP_DRIVE Applies to DOS public applications only.
It is used to specify the drive that is current when
the application runs. A value of * indicates that
the system should choose a drive letters
WRKDIR_ALIAS_OR_DRV Specifies the directory that is made current when the
application runs. If the working directory is on the
local machine, it specifies the drive, where the
directory is located. If the working directory is remote,
it specifies an existing alias where the directory is
located
WRKDIR_PATH_TO_DIR The remaining path to the working directory
PROMPT Prompt for parameters
INTERFACE The interface type
APPTYPE The application type
RES_COUNT The number of application resource list that follows.
A value of zero indicates that the application does not
require any redirected devices when it runs
Restrictions:
-------------
If you want to reorder or suppress the appearance of some columns, use only
the APPL.INI file.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set an application, you will
receive an error message during SETAPPL.
------------------------------------------------------------------------------
GETSEL.CMD & SETSEL.CMD
------------------------------------------------------------------------------
The GETSEL procedure create an ASCII file with the Applications & selectors
like the following examples:
OPT;USERS ;L123;EXCEL;PMDRAW;OFFICE;
;RYKAERT ; ; ; X ; X ;
;OSCAR ; X ; X ; ; X ;
;SHIMIZU ; ; ; X ; ;
This file gives you the information which users belong to which an application
is selected.
Each line represents a user id and each column an application id.
If you look at a line, it consists of a user name at the beginning and for
each application this UserID belongs to there will be a 'X' marked in the
corresponding application column.
Therefore if you read this file horizontally it will provide you with
the information in what kind of application a user will see in his/her
'Networkc Application' folder.
If you want to add a UserID to an application, add an 'X' where the
corresponding user id row and application id column are crossing.
Mark the row with 'U' in the option column and process SETSEL.
If you want to delete an application selection just overtype an existing 'X'
with blank and proceed as above.
The default input/output file is 'SELECTOR.CSV'
-------------------------------------------------------------------------------
Description Of Additional Tools
------------------------------------------------------------------------------
RXACL.CMD
------------------------------------------------------------------------------
If you use the /Get parameter this procedure retrieves all access control
lists defined on a certain server.
To get all directory ACLs you have to set the /DIR parameter.
To get all file related ACLs you have to set the /FILE parameter.
The information will be stored in an ASCII file in the form of a
spreadsheet like the following:
;\\ITSCSV01\C$\IBMLAN\DOSLAN\DOS;GUESTS;RG
;\\ITSCSV01\C$\IBMLAN\DOSLAN\DOS;USERS;RG
;\\ITSCSV01\C$\IBMLAN\DOSLAN\NET;GUESTS;RG
;\\ITSCSV01\C$\IBMLAN\DOSLAN\NET;USERS;RG
;\\ITSCSV01\C$\IBMLAN\REPL\IMPORT\SCRIPTS;ADMINS;RXG
;\\ITSCSV01\C$\IBMLAN\REPL\IMPORT\SCRIPTS;USERS;RXG
;\\ITSCSV01\C$\SPOOL\IBM4019X;ASSIGNEE;CPG
Every line in this file represents an access control list:
The empty space at the beginning gives you the ability to place an option
like A = add, U = update or D = delete.
The next entry is the full path of the resource where the ACL is defined on
using the universal name convention (UNC).
After that follows a combination of a ID (group ids and UserID ids) and
the grants which are given to that particular id.
Again the value G represents the grant to a group id and needs not to be
specified.
Restrictions:
-------------
This procedure does not provide a header information within the ASCII files.
------------------------------------------------------------------------------
RXDASD.CMD
------------------------------------------------------------------------------
Description:
------------
The procedure retrieves (/GET) or sets (/SET) all DASD limit information
defined on a certain server.
The information will be stored in an ASCII file in the form of a spreadsheet
like the following:
OPT;RESOURCE_NAME ;MAX ;USE ;THRESH;DELTA;
;F:\alain ;100000 ;3 ;50 ;3 ;
;F:\hermann ;200000 ;1860 ;60 ;4 ;
;F:\hermann2 ;400000 ;3 ;80 ;6 ;
Each line represents a DASD limit resource.
If you do not exclude some columns in the DASD.INI file, you will
find following special columns in the ASCII file:
Column Name Description
------------------------------
OPT to set your options, allowed are
A = Add U = Update D = Delete
RESOURCE_NAME A string containing the directory path. The string
must be the directory path, beginning with the drive
letter and only ending with a backslashe when a root
directory is specified.
MAX The amount of disk space allotted to this directory
by directory limits.
Specified in KB, this field can be set from 1 to 67108863.
Note, however, that subsequent access to the directory
specified is functionally limited to the smaller of the
following:
- Any directory limits restrictions on any parent
directory
- The total free space on the drive
USE The amount (in KB) of disk space already occupied within the
specified directory resource.
This value cannot be set; it is only retrievable.
THRESH The initial alert threshold as a percentage of the total
directory limit space allotted, with values ranging
from 0 to 99.
Zero specifies that no threshold alert is to be generated,
and 99 specifies that an alert is generated when 99 percent
of the allotted directory limit for this directory has
been reached. Note that a minimum of 1 KB of disk space
must be allotted to a threshold; the value obtained by
multiplying the THRESH decimal-point value (where
5 percent is equal to 0.05) by MAX must be at least 1 KB.
This threshold setting generates only one alert when this
boundary is crossed. Subsequent alerts (generated
incrementally after this threshold has been reached
but before the entire limit is reached) are specified
according to the Delta parameter.
DELTA The increment in which alerts are to be generated after the
THRESH threshold has been crossed but before all of the
allotted disk space has been used. This parameter also
is specified as a percentage of the total allotted
directory limit space and can range from 0 upward,
as long as its value is less than 99 - THRESH.
Note that a minimum of 1 KB of disk space must be allotted
to an increment, the value obtained by multiplying the DELTA
decimal-point value (where 5 percent is equal to 0.05) by
MAX must be at least 1 KB.
Comments:
---------
If you plan to manage limits for directories on the server, you must order and
install the appropriate OS/2 FIXPAKS.
These are:
OS/2* 2.10 PJ10428
OS/2* 2.11 PJ13619
OS/2* Version 3.0 No FIXPAK required for DASD Limits.
Restrictions:
-------------
If you want to reorder or suppress the appearance of some columns,
use only the DASD.INI file.
Do not rename the column names in the INI File.
Note:
-----
If you suppress columns which are necessary to set a DASD limit you will
receive an error message during the RXDASD /SET.
------------------------------------------------------------------------------
RXNET.CMD
------------------------------------------------------------------------------
Description:
------------
This program as some functions like the original NET.EXE and demonstrates
how you can write REXX programs without using the NET.EXE commands and get
similar or even better results with faster performance.
Just type RXNET to get a description of the implemented parameters:
Parameter Function
--------------------
ALIAS
FILE gives you information about locked files
GROUPS similar to NET GROUPS
SESSION similar to NET Session
SHARE similar to NET SHARE
START gives you information about all started services
USER similar to NET USER
Restrictions:
-------------
This program allows only browsing data.
------------------------------------------------------------------------------
CHKASSGN.CMD
------------------------------------------------------------------------------
It may happen that certain logon assignments exist even if the corresponding
alias does not.
To address this kind of problem, CHKASSGN checks all your assignments for this
inconsistency and deletes it if you want to.
Comments:
---------
By default, it only checks for inconsistency.
To delete them, you have to provide the /D parameter.
------------------------------------------------------------------------------
Backup/Restore Of Your Domain Definitions
------------------------------------------------------------------------------
To perform a complete backup of your domain definitions you may use LSMT.
To backup the definitions it does not matter in which order you execute the
programs.
But the order does matter if you want to restore the information to a new or
migrated server installation.
You should proceed in following order:
Call To
---------------------------------------------
SETSRVS.CMD set the server characteristics
SETUSERS.CMD define all users (with initial passwords set)
SETPWD.CMD change initial passwords to the old passwords
SETGRPS1.CMD define all groups
SETGRPS2.CMD assign users to groups
SETALIAS.CMD define aliases
SETAPPL.CMD define public applications
| SETSEL.CMD define applications selector
SETACL.CMD define access control lists for all aliases (with or without
apply)
SETASSGN.CMD set the logon assignments
RXACL.CMD set additional ACLs for each server
RXDASD.CMD set DASD limits for each server
------------------------------------------------------------------------------
How to start the programs
------------------------------------------------------------------------------
In this section we will describe how to start the LSMT programs and what
parameters you may use.
----------------------------------------------------------------
Common Start Parameters
----------------------------------------------------------------
All programs are using a common set of parameters and some additional private
parameters.
In this section, we will describe only the commonly used parameters.
Private parameters will be covered in the detailed description of each
program.
/SRV:Servername_of_DC
You must provide the Computername of the primary domain controller
of that domain where you want to retrieve information or apply changes.
Example:
GETUSER /SRV:REXXSRV
where REXXSRV = name of the primary domain controller
/OUT:Output_File
This parameter is only used by the GET programs.
Here, you can specify the name of the ASCII file which receives the
retrieved information.
Example:
GETUSER /SRV:REXXSRV /OUT:d:\outfile.csv
/INP:Input_File
This parameter is only used by the SET programs .
Here, you can specify the name of the ASCII file which contains the
setting information.
Example:
GETUSER /SRV:REXXSRV /INP:d:\infile.csv
/T
Trace option.
Set this option to see a more specific output.
/M
Mute option.
This option is used to see a less specific output.
/LOG:Log_File
Specify another filename to log all information.
Example:
GETUSER /SRV:REXXSRV /LOG:d:\myfile.log
/PIP:Name_of_the_Pipe
If you use this parameter, you have to provide the name of a named pipe
to which logging information is sent to.
This named pipe may reside on the same workstation or on any other OS/2
workstation within your LAN which has OS/2 LAN requester and peer
services installed.
Example:
GETUSER /SRV:REXXSRV /PIP:\\PWS71251\PIPE\RXPIPE
where PWS71251 is the NetBIOS name of the PC where the
named pipe is originated and RXPIPE is the name of the pipe.
The basic principles of pipes will be discussed in the section Pipes.
If the programs are missing parameters or do not understand the one you
provided, they will show you a help panel like following:
Example:
+-----------------------------------------------+
| Usage : SETUSERS /SRV:Servername_of_DC |
| |
| [/INP:Input_File] [/T] [/M] |
| [/LOG:Log_File] [/PIP:Name_of_the_Pipe] |
+-----------------------------------------------+
------------------------------------------------------------------------------
Using the Drag & Drop on the OS/2 Warp WorkPlaceShell
------------------------------------------------------------------------------
After creating all necessary objects on the OS/2 Warp WorkPlaceShell using
the 'INSTALL' procedure, the Admin will be able to extract the data
from the (Primary) Domain Controller (PR-DC) and read & interpret them
by double click on it or using his navorit Editor, Text processor or
Spreadsheet, just by dragging and dropping it on the original object of
his/her application.
For example, if you drag & drop the 'USERS.CSV' on the object '<T2> Editor',
it will open automaticaly the editor 'T2.EXE', which has the same
basefunctions as 'TEDIT.EXE' known after a regular Warp installation.
After reviewing, updating, deleting or changing the data, import the data
back to the PR-DC either by excecuting it on the command prompt,
for example 'SETUSERS /SRV:DC_NAME' or just by Drag & Drop it on the
'<Set> to DC' object.
After answering the ComputerName of the PR-DC, a quick check will be done
to assure that ComputerName is a valid PR-DC.
If during the 'SETUSERS' a homedirectory has been specified on another
machine then the PR-DC a warning message will remind the Admin to take
futher action by dragging & dropping a temporary created file 'HOMEACL.CSV'
back on the '<Set> to DC' object.
A new updated file can be request by Drag & Drop one of the 'Output' files
on the '<Get> to DC' object.
By double clicking on '<Get> All definitions', you request all possible
domain controllers data at once, except for 'SELECTOR.CSV' and 'USERS.PWD'.
If you double click on the 'LSMT.LOG', more information will be
shown about errors, information and warnings during one of the LSMT
procedures as explained in the 'The LOG File' chapter above in this manual.
------------------------------------------------------------------------------
Using LSMT to clone a user
------------------------------------------------------------------------------
In this topic we would like to show how to clone a user from an already
well defined user:
- the 'template' user name is 'Jan Hammer'
- the new user name to be cloned is 'Anne Jones' with a password 'BARBIE'
- the name of the Primary Domain Controller is '\\DC1'
- Jan starts a 'HELLO' script file while loging on
- Jan is member of a group 'HOME'
- Jan has a homedirectory driveletter 'Z:' from a server '\\FS2\D$\HOMEDIR\JAN'
- Jan has logon assignments 'H:' to an alias 'HOMEAPPL'
- Jan got an application selected to 'HOMEWORK'
1. Command line driven:
-----------------------
(1) add Anne as a new user:
NET ADMIN \\DC1 /C NET USER ANNE BARBIE /USERCOMMENT:"ANNE_JONES"
/HOMEDIR:Z:\FS2\D$\HOMEDIR\ANNE /SCRIPT:HELLO /ASSIGN H:HOMEAPPL /ADD
Remark 1: use an underscore '_' character in the usercomment option,
(if you want to specify a blank use the '[ALT 255]' trick)
2: the '/ASSIGN' is not supported on Lan Server 3.0
(2) make a directory on the server where resides Anne's Home directory
MD \\FS2\D$\HOMEDIR\ANNE
(3) add Access Control Profiles to the Anne's Home directory
NET ADMIN \\FS2 /C NET ACCESS D:\HOMEDIR\ANNE USERS:N ANNE:RWCXDAP /ADD
Remark: if you get an error NET2221, try the operation later
due to the latency of the Netlogon replicating
(4) add Anne to the group 'HOME':
NET ADMIN \\DC1 /C NET GROUP HOME ANNE /ADD
(5) select the 'HOMEWORK' application to Anne
NET ADMIN \\DC1 /C NET USER ANNE /ASSIGN PUBLIC:HOMEWORKS
Remark: the '/ASSIGN' option is not supported on Lan Server 3.0
2. Using LSMT:
--------------
(1) get all users
GETUSERS /SRV:DC1 /M
(2) get all groups and they members
GETGRPS2 /SRV:DC1 /M
(3) get all logonassignments
GETASSGN /SRV:DC1 /M /GROUP
(4) get all application selectors
GETSEL /SRV:DC1 /M
(5) edit 'USERS.CSV' and look at bitmap 'USERS.BMP'
Take the whole line with Jan's definitions and copy it to next line.
Overwrite 'JAN' to 'ANNE', '****' to Anne's password etc...
Put an 'A' in the 'OPT' column
(6) edit 'GROUPS2.CSV' and look at bitmap 'GROUPS2.BMP'
Put an 'A' in the 'OPT' and a 'X' in the 'HOME' column
(7) edit 'ASSGN.CSV' and look at bitmap 'ASSGN.BMP'
Put an 'A' in the 'OPT' and a 'H' in the 'HOMEAPPL' column
(8) edit 'SELECTOR.CSV' and look at bitmap 'SELECTOR.BMP'
Put an 'A' in the 'OPT' and a 'X' in the 'HOMEWORKS' column
(9) set Anne into the User Database
SETUSERS /SRV:DC1 /M
(10) set the Access Control Profiles for the Anne's Home directory
RXACL /SRV:DC1 /SET /INP:HOMEACL.CSV
(11) set Anne into the Groups-Member Database
SETGRPS2 /SRV:DC1 /M
(12) Give Anne her Logon Assignments
SETASSGN /SRV:DC1 /M
(13) Select Anne's applications
SETSEL /SRV:DC1 /M
(14) Look at the 'LSMT.LOG' for audit, warnings or possible errors
Look at bitmap 'LSMTLOG.BMP'
3. Which API's were used ?
--------------------------
(1) get all users
NetEnumerate(NETUSER, 'USERID', '\\'SRVNAME)
NetGetInfo(NETUSER, 'USERINFO', '\\'SRVNAME, USERID)
(2) get all groups and they members
NetEnumerate(NETGROUP, 'GROUPS', '\\'SRVNAME)
NetGetInfo(NETAPP, 'MEMBER', '\\'SRVNAME, USERID)
(3) get all logonassignments
NetEnumerate(NETGROUP, 'GroupInfo', '\\'SRVNAME)
NetGetInfo(NETGROUPUSERS, 'USERID', '\\'SRVNAME, GroupInfo.i)
NetEnumerate(NETALIAS, 'ALIASFiles' , '\\'SRVNAME,1)
NetEnumerate(NETALIAS, 'ALIASPrint' , '\\'SRVNAME,2)
NetEnumerate(NETALIAS, 'ALIASSerial', '\\'SRVNAME,4)
NetGetInfo(NETLOGONASN, 'LASSINFO', '\\'SRVNAME, USERID)
(4) get all application selectors
NetEnumerate(NETAPP, 'APPLNAME', '\\'SRVNAME)
NetEnumerate(NETUSER, 'USERS', '\\'SRVNAME)
NetGetInfo(NETAPPSEL, 'ApplSelInfo', '\\'SRVNAME, USERID)
(9) set Anne into the User Database
NetAdd(NETUSER2, 'USERINFO', '\\'SRVNAME)
NetGetInfo(NETGROUP, 'ServerModalInfo', '\\'NewServerName)
NetGetInfo(NETACCESS, 'Access', '\\'NewServerName, LocalDrive)
NetGetInfo(NETUSER, 'UserInfo', '\\'NewServerName, UserInfo.Name)
(10) set the Access Control Profiles for the Anne's Home directory
NetAdd(NETACCESS, 'ACL', '\\'SRVNAME, HOMEDIR)
(11) set Anne into the Groups-Member Database
NetGetInfo(NETAPP, 'USERGROUPS', '\\'SRVNAME, USERID)
NetAdd(NETGROUPSUSERS, '\\'SRVNAME, GROUP, USERID)
NetDelete(NETGROUPSUSERS, '\\'SRVNAME, GROUP, USERID)
(12) Give Anne her Logon Assignments
NetGetInfo(NETLOGONASN, 'OldAssgn', '\\'SRVNAME, UserID)
NetDelete(NETLOGONASN, '\\'SRVNAME, UserID)
NetAdd(NETLOGONASN, '\\'SRVNAME, AliasName, Assign.i.device,,UserID)
(13) Select Anne's applications
NetGetInfo(NETAPP, 'ApplInfo', '\\'SRVNAME, APPL)
NetGetInfo(NETAPPSEL, 'ApplSelInfo', '\\'SRVNAME, USERID)
NetAdd(NETAPPSEL, '\\'SRVNAME, APPL, USERID, ApplInfo.AppType)
NetDelete(NETAPPSEL, '\\'SRVNAME, USERID, APPL)