OS/2 Shareware BBS: 8 Other

home *** CD-ROM | disk | FTP | other *** search

/ OS/2 Shareware BBS: 8 Other / 08-Other.zip / lsmt213c.zip / lsmt.txt < prev next >

Wrap

Text File | 1997-01-28 | 89KB | 2,093 lines

------------------------------------------------------------------------------ * * * L S M T * * * LAN Server Management Tools Author : Alain Rykaert - IBM Belgium (RYKAERTA at BRUVMIS1) - Alain_Rykaert@BE.IBM.COM ------------------------------------------------------------------------------ /===\ /============\ /===\ /===\ /===========\ | | / | | \ / | | | | | | /=========/ | \ / | \===\ /===/ | | | | | \ / | | | | | | \========\ | \/ | | | | | | \ | | | | | | \=========\ | | | | | | | | | | /\ /\ | | | | \=========\ /=========/ | | | \ / | | | | | | | / | | \ / | | | | \=============/ \============/ \===/ \/ \===/ \===/ LAN SERVER MANAGEMENT TOOLS Latest Update: 28JAN97 ------------------------------------------------------------------------------ * * * L S M T * * * LAN Server Management Tools Author : Alain Rykaert - IBM Belgium (RYKAERTA at BRUVMIS1) - Alain_Rykaert@BE.IBM.COM ------------------------------------------------------------------------------ The major purpose of the tools is to help the novice as well as the experienced LAN Server administrator to migrate, update and/or maintain his LAN Server domain(s). The tools allow the administrator to extract the information of his current LAN Server environment into ASCII files, change it and use it to apply these changes to the same or to a newly installed environment. Therefore these tools are useful to: - Backup a LAN Server domain - Restore a backuped version - Migrate (for example from LAN Server 3.0 to 4.0 or WarpServer) - Consolidate - Restructure the actual domain definitions The programs are written in REXX not only to enable you to adjust them to your own needs but also to demonstrate the usability and easiness of REXX. We have written the programs to meet following objectives : The command files have to: - be easy to read and debug by any user who is familiar with REXX - be easy to upgrade to a PM environment by using programs such as VX-Rexx, VisPro-Rexx, GPF-Rexx, DrDialog and so on - provide external customable files for proper convenience such as column length, language and so on - provide error and logging facilities for all activities Overview -------- Most of the base functions we split into different programs for better reading and selective use of the resources. To retrieve information of the existing LAN environment and extract it to an ASCII file, you may use the GETxxx.CMD programs. If there are any changes required, you may edit these flat files directly with your favorite editor, spreadsheet or with a batch program. Prerequisites For Your Editor: ------------------------------ Extracting your LAN Server environment information to an ASCII file results in lines which easily exceed 254 characters. Depending on your definitions, they might even be much larger. Therefore, the editor or spreadsheet program you want to use to view and/or manipulate these ASCII files has to be able to handle files with large lines, and it should at least warn you if any truncation occurs. ( TEDIT.EXE, E.EXE and IBMWORKS support long lines. EPM.EXE does not, but it warns you in case of truncation.) To set the information back to your LAN Server environment, use the SETxxx.CMD programs with the ASCII files as input. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* A T T E N T I O N : *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Before you use the programs in a productive environment, make sure that you have an actual backup of all your running servers. Table of all programs: ---------------------- PRG Name Default Input Default Output Information ------------------------------------------------------------------------------ | INSTALL Install procedure ------------------------------------------------------------------------------ GETALL All information of the DC ------------------------------------------------------------------------------ GETSRVS SERVERS.INI SERVERS.CSV All Servers LSMT.LOG SETSRVS SERVERS.CSV LSMT.LOG SERVERS.CHK ------------------------------------------------------------------------------ GETUSERS USERS.INI USERS.CSV All users settings LSMT.LOG SETUSERS USERS.CSV USERS.CHK LSMT.LOG ------------------------------------------------------------------------------ GETGRPS1 GROUPS.INI GROUPS1.CSV All groups names & comments LSMT.LOG GETGRPS2 GROUPS2.CSV All groups & memberships LSMT.LOG SETGRPS1 GROUPS1.CSV GROUPS1.CHK LSMT.LOG SETGRPS2 GROUPS2.CSV GROUPS2.CHK LSMT.LOG ------------------------------------------------------------------------------ GETALIAS ALIAS.INI ALIAS.CSV All alias definitions LSMT.LOG SETALIAS ALIAS.CSV ALIAS.CHK LSMT.LOG ------------------------------------------------------------------------------ GETACL ACL.CSV All access profiles LSMT.LOG SETACL ACL.CSV ACL.CHK LSMT.LOG ------------------------------------------------------------------------------ GETASSGN ASSGN.CSV Logon assignments for all LSMT.LOG users and aliases SETASSGN ASSGN.CSV ASSGN.CHK LSMT.LOG ------------------------------------------------------------------------------ GETAPPL APPL.INI APPL.CSV All public applications LSMT.LOG SETAPPL APPL.CSV APPL.CHK LSMT.LOG ------------------------------------------------------------------------------ | GETSEL SELECTOR.CSV All applications selector LSMT.LOG | SETSEL SELECTOR.CSV SELECTOR.CHK LSMT.LOG ------------------------------------------------------------------------------ GETPWD USERS.PWD Get all passwords (encrypted) SETPWD USERS.PWD ------------------------------------------------------------------------------ In addition to above, we supply some more applets to demonstrate how you can use REXX within OS/2 and also within your OS/2 LAN Server environment: ------------------------------------------------------------------------------ RXACL RXACL.CSV RXACL.CSV Get/Set ACL's to/from an LSMT.LOG ASCII file ------------------------------------------------------------------------------ RXDASD RXDASD.CSV RXDASD.CSV Get/Set DASD limits to/from RXDASD.INI LSMT.LOG an ASCII file ------------------------------------------------------------------------------ RXNET Simulates some NET.EXE browsing functions with faster output than the original NET.EXE ------------------------------------------------------------------------------ CHKASSGN Checks all you assignments for inconsistency ------------------------------------------------------------------------------ Remark: depending of which procedure has been called, one or more other procedures can be executed undercover such as 'SETCMD.CMD', 'GETCMD.CMD', 'SETHOME.CMD' etc... ------------------------------------------------------------------------------ ///////////////////// Installation Of LSMT \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ------------------------------------------------------------------------------ To install LSMT, you will need following files: Files Description --------------------------- LSMT.TXT this document LSMT.ZIP compressed file, contains all necessary product files PKUNZIP2.EXE available after an OS/2 Lan Requester & Server installation All files must be installed in a common directory on the same disk, (example: Drive letter is D:) Goto the drive D: Create a directory: MD \LSMT Goto this directory: CD \LSMT Copy LSMT.ZIP to this directory: COPY ?:\LSMT.ZIP (replace ?: with the Drive Letter where to get the source file, example A:) Unzip the packed file: PKUNZIP2 LSMT.ZIP Erase LSMT.ZIP from this directory DEL D:\LSMT.ZIP Create the LSMT objects on the WPS INSTALL Now, they are 3 ways to use the LSMT procedures : 1. To get for example all details about the defined Users, execute 'GETUSERS' with the ComputerName of the (primary) Domain Controller. Example: GETUSERS /SRV:BEDCDIE 2. to get all the DC's data chained together such as Users, Alias, Logon Assignments etc... execute 'GETALL' with the ComputerName of the (primary) Domain Controller. Example: GETALL /SRV:BEDCDIE (For details about GETALL and the optional programs go to the topic 'GETALL' 2 pages futher). | 3. to do it by drag & drop, open the 'Outputs' folder and drag for example | the 'USERS.CSV' to the ProgramObject 'Get from DC'. To get more details goto the topic 'Using the Drag & Drop on the OS/2 Warp WorkPlaceShell', the last chapter of the 'LSMT.TXT'. ------------------------------------------------------------------------------ About DLL's: ------------------------------------------------------------------------------ The power of REXX encourages the user to use REXX functions even if they are not delivered with the original REXX code just by adding and loading additional DLLs which contains the required functions. One of the major enhancements of LS 4.0 in contrast to earlier versions is that all LAN Server APIs can be accessed via REXX by external functions in a new DLL (LSRXUT.DLL). There are two DLLs included in LAN Server 4.0: LSRXUT3.DLL and LSRXUT4.DLL. LSRXUT3.DLL is essentially the same as LSRXUT4.DLL with some restrictions originated in the LAN Server 3.0 code. One of the few restrictions is that if you are using a LAN Server 3.0 environment, you cannot use the apply API to copy the actual ACL of the directory to its subdirectories. If the directory resides on a LAN Server 4.0 Server, even if your domain controller has a lower release, the apply will work. The LSRXUT.DLL does not have to be installed at the server itself but on the machine you are planning to use to run the programs. If you are using LAN Requester 3.0, then you should use LSRXUT3.DLL. If you are using LAN Server 4.0 or higher, use LSRXUT4.DLL. In order to provide you with the latest information, we included in our package the most recent versions of LSRXUT3.DLL and LSRXUT4.DLL which will install automatically the correct version by the registration program 'RGLSRXUT.CMD'. In addition to this, there are more DLL's included which we used within our REXX program: DLL file Author Content ------------------------------------------------------------------------------ LSRXUT.DLL Ingolf LAN Server REXX API's actually delivered with OS/2 Lindberg Lan Server 4.0 (we included a more recent version) RXUTILS.DLL Thomas Some general purpose functions Rogers RXNPIPES.DLL Graham Used only if you decide to use piping as an Ewart additional logging mechanism If, during executing, you encounter the following error message: SYS0032: The process cannot access the file because it is being used by another process. One of the DLLs is already in use, and you cannot replace it with the one in your LSMT directory. Just reboot the workstation to 'unlock' the locked DLL's. A suggested way to register all the DLL's are following statemets in the STARTUP.CMD : CALL ?:\LSMT\RGUTIL.CMD CALL ?:\LSMT\RGUTILS.CMD CALL ?:\LSMT\RGLSRXUT.CMD CALL ?:\LSMT\RGNPIPES.CMD where '?:' stands for the driveletter of the drive you installed LSMT ------------------------------------------------------------------------------ The INI Files: ------------------------------------------------------------------------------ For some of our programs, we provide xxx.INI files to enable the user to set several values externally without touching the CMD files. These files allow you to specify which columns you would like to have in your output file and which column width they should occupy. Some programs will not provide this flexibility in making the decision about which columns to see and which column width to use because the content of the columns is subject to change dynamically. In these cases, an INI file can always be just a snapshot of your actual environment. Therefore it needs to be rebuilt anytime you restart the programs because your environment might have been changed, some of the objects represented by the columns no longer exist or others have been added. Example: ALIAS.INI ************************************************* * DO NOT CHANGE THE FIRST 2 COLUMNS ORDER * AND DO NOT CHANGE THE COLUMNS NAMES * OPT ; 3 NAME ; 8 TYPE ; 7 SERVER ; 8 PATH ; 30 REMARK ; 20 * NETNAME ; 8 LOCATION ; 13 MODE ; 17 MAXUSES ; 7 QUEUE ; 10 PRIORITY ; 8 DEVICE_POOL ; 12 * ************************************************* With the INI file, you have following options: - Changing the order of the lines will change the order of the corresponding columns in the output file. - Deleting lines or typing an asterisk '*' in the first column of the line will have the effect that this column will not be displayed in the output file. - Changing the numbers will change the corresponding column width. Restrictions: ------------- - DO NOT CHANGE the column names, these are predefined names used by the API. - Please obey additional restrictions given in the comment lines at the top of each INI file. For those programs which do not provide an INI file, you will be able to delete certain columns in the ASCII files or reorder them. This does not apply for some special columns described for each program in their detailed description. If you delete a column, this implies that you also want to delete the information provided in this column. If you delete some columns or exclude them by placing an asterisk in the first column of the corresponding line in the INI file, you should be aware that the information represented by the column now cannot be set by the SET program because it does not know which value to set. Some of the columns you may not delete because LAN Server needs the information in these columns to complete your setting operation. In this case, you will receive an error message from the API. ------------------------------------------------------------------------------ The ASCII Files: ------------------------------------------------------------------------------ All ASCII files produced by our REXX command files have a common look and feel. In order to use advanced methods in editing those files, we used a format you easily can edit with an ordinary file editor or with your favorite spreadsheet program (for example, IBM Works, part of OS/2 Warp Bonuspak). Nearly every spreadsheet program on the market is able to import a so-called comma-separated value file. Within these files, each row of your spreadsheet is represented by a corresponding line in your CSV file, and vice versa. To decide which lines belong to which column of your spreadsheet, a special character is used as delimiter of each column. In most countries the comma ',' is used as list separator, others are using the semicolon ';'. By default, we decided to use the semicolon ';' as delimiter because some of the values in OS/2 LAN Server (for example, Comments) may contain commas. If you import the ASCII file into your spreadsheet and the data is not separated correctly, try to figure out whether your default list separator is the one we used. IBM Works, for example, uses the list separator defined on the first notebook page of the country settings located by default in the System Configurtation Folder of the OS/2 System folder. Check this option first to see whether it is set correctly. In the top section of each CSV file, you will find a line starting with 'OPT' This line contains the header description of all columns used in this file. Therefore, if you want to know what kind of information is stored in a certain column, just follow the column up or down until you reach a line which starts with OPT. For each column, you will find a descriptive name for the column's content. If you are using a spreadsheet program to change values, you have to save it as a comma-separated value file. Most of the spreadsheet programs save the files by default to their own proprietary format. Each column is separated by ';' (you will not see this separator if you are using a spreadsheet program). If you are not explicitly allowed to change this line (see: "Description Of The Standard Functions"), do not change this line. With respect to the meaning of the semicolon, do not delete semicolons within a row because deleting one semicolon has the effect of shifting all entries one column to the left (and only for this line!). Conversely if you are adding an additional semicolon all entries shift one column to the right. For the same reason, do not use semicolons in your entries, for example in comment fields. * List of all logon assignments ,allowed Options U=update D=delete OPT;USERID ;REXX;WARPAPPL;DOSAPPL;WINAPPL;PUBLIC;IBM4039;OPTRA;MODEM; ;ODIER ; ; V ; ; ; P ; LPT1 ; ;COM4 ; ;PAULI ; R ; W ; ; ; P ; ;LPT3 ; ; ;RYKAERTA; R ; W ; X ; ; P ; LPT3 ; ; ; ;SHIMIZU ; ; W ; ; ; P ; ; ; ; ;TESTINI ; ; ; X ; Y ; P ; LPT1 ; ; ; ;VERNON ; ; W ; ; ; P ; ; ;COM3 ; If you use this table to manipulate your data, the first column is always your option column. The following entries are allowed for the option column: * Indicates that this line is a comment line, it will be ignored. OPT This line contains information about the columns used in this file (change it only on purpose; see "Descritption Of The Standard Functions") A ADD Indicates this is a new entry, add entry to your existing LAN environment (some applications do not distinguish between ADD and UPDATE) U UPDATE Indicates this line contains settings about an already existing entry, and you want to change these settings. D DELETE The whole entry will be deleted from your LAN environment. If there is no entry or just blanks in the option column, this line will not be processed, it will be ignored. Therefore, if you are applying any changes using this file, be sure to set the proper option in the option column; otherwise your changes will not be processed. If you want to change the order or the appearance of one or more of these columns, use the INI file if it is provided (see: "The INI Files"). If there is no INI file, and only then, you may change the order or delete some of the columns by editing the ASCII file. Please respect the restrictions for reorder or deletion in "Description Of The Standard Functions". However, if you delete a column for some programs, this implies that you also want to delete the information provided in this column. ------------------------------------------------------------------------------ The Check Files: ------------------------------------------------------------------------------ If for some reason one or more of the lines in your ASCII files could not be processed, for example an error occurred, you will find them collected in the corresponding check file (filetype by default CHK). This makes it easier for you to check the non processed lines for the reason of their failure. Once corrected, you just have to rename this file to .CSV, and process it again. Due to the nature of this file, it will be only created if the SETxxx.CMD fails to process all data. ------------------------------------------------------------------------------ The LOG file: ------------------------------------------------------------------------------ By default there is only one log file (LSMT.LOG) for all provided REXX procedures, so that all logging information is collected in one log. If needed, you can specify another logfile name for each procedure. Every information which will be logged will also be visible on the screen. The following information will be logged: - Information about the originator of the log - Errors - Changes of your LAN environment (add, delete, change) Each log entry gives you following information: - An asterisk '*' in the first column indicates an ERROR log. - Date and time when the entry was set (YYMMDD hh:mm). - UserID of the admin who executed the program which set the log entry. - Name of the program which set log entry. - The function which was executed. - The message of this function APL. - In case of error, the return code in square brackets. 10/17/95 16:56 A948R34 SETUSERS Add User : BERRIT 10/17/95 17:01 A948R33 SETACL New Audit : ALIAS6 - 10/17/95 17:01 A948R33 SETACL New ACP : DOSAPL DOSUSERS - XR 10/17/95 17:01 A948R33 SETACL New ACP : ALIAS6 A948R33 - XR 10/17/95 17:39 A948R34 SETALIAS Update Alias : PRINTER3 - Printer 3 *20/02/96 11:46 ALAINADM SETUSERS Add User : RAMBO [2245 Could not ... ... add UserID ] In the example above, you will see one line with an asterik in the first column which classifies this line as an error logging. At the very end of this line, you see a message enclosed in brackets which is only a fraction of the original return code. If there is a number at the beginning of the text in brackets, you will get more information of the nature of this error if you type at an OS/2 command prompt 'HELP NETxxxx' where xxxx is this number. With an error 2245 you will see following by executing 'HELP NET2245': NET2245: The password is shorter than required. ------------------------------------------------------------------------------ The Idea Of Named Pipes: ------------------------------------------------------------------------------ Named pipes in REXX give you a very sophisticated way to let two or more programs communicate with each other. If two programs are connected via a named pipe, each of them has a dedicated role. One program is responsible to send messages, the other to receive. The sending program is using the pipe just as any other ordinary output device. The major difference is that this output will not be stored anywhere but taken immediately as input for the receiving program. To enable the programs to establish more than one connection at a time, you use names for each pipe to distinguish the connections. Each pipe can be used only between two programs at the same time. If another program wants to write messages to the same pipe, it has to wait until a previous session is closed. Standard REXX does not support named pipes, but we added the RXNPIPES.DLL (written by Graham Ewart) to this package to support the use of named pipes within REXX. To demonstrate the use of named pipes, we provide two typical named pipe programs written in REXX: MNP.CMD Sends messages to a certain pipe. CONSOLE.CMD Receives messages and shows them immediately on the screen. You can use this program as a console console for all our programs which produce log output. CONSOLE2.EXE same function as CONSOLE.CMD but written in C to provide multiple instances (written by Wouter Cloetens) How to install and use Named Pipes with REXX: --------------------------------------------- Here we have 2 possible methods: 1.a. To receive messages, start 'CONSOLE' with following optional parameters: /PIP:Name_of_the_Pipe (default \PIPE\RXPIPE) /LOG:LOF_Filename /TO:Time_Out_Value /SOUND Parameter Description: PIP : Name of pipe to open for receive LOG : Name of the file all the received messages will be logged to TO : the timeout in milliseconds the program waits until the pipe is open SOUND : if set, you may hear the program's heart beat Example: CONSOLE /PIP:\PIPE\MYPIPE /SOUND | 1.b. To receive messages, start 'CONSOLE2' after editing 'CONSOLE2.CFG' | | Remark: CONSOLE2 does not log into a file on disk 2. To send messages, edit MNP.CMD, and fill in the name of the pipe you want to send the messages. 3. Execute 'MNP' with your message: Example: MNP Hello or just pipe your message: Example: echo Hello > \PIPE\RXPIPE 4. To Stop the 'CONSOLE' or 'CONSOLE2': press [CTRL]-[BREAK] The big advantage of pipes is that the sending program (MNP) and the receiving program (CONSOLE or CONSOLE2) may run on different machines within your network. To use this scenario over your network, the machine which runs your CONSOLE or CONSOLE2 programs has to meet following requirements: - The operating system must be OS/2 2.1 or higher. - The piping mechanism needs to share IPC$ and therefore either LAN Requester 3.0 or higher with peer services or LAN Server 3.0 or higher has to be installed. At the PC which sends messages, you have to edit MNP.CMD to type in the named pipe of the receiving computer. Prerequisites for installation of LSMT: --------------------------------------- You have to meet following prerequisites to install LSMT: LAN Server: OS/2 2.11 (or higher) OS/2 LAN Server 3.0 (CSD7045 or higher) and higher LAN Requester: OS/2 2.11 (or higher) OS/2 LAN Requester 3.0 (CSD7045 or higher) and higher ------------------------------------------------------------------------------ Description of the standard functions: ------------------------------------------------------------------------------ In this chapter we describe in detail each LSMT procedure. For each procedure we will show you either a full example ASCII file or just an excerpt if the full file would not fit into this documents boundaries. (three dots '...' indicate that some columns are not shown in this example) Where appropriate you will find a table which includes the description of all columns which are used within the ASCII files. ************ IMPORTANT ************ All the Rexx proceduers are based on the standard OS/2 Lan Server API's. Each function of the LSRXUT.DLL is described in a on-line book, 'LSRXUTIL.INF' Read & use the 'LSRXUTIL.INF' to get all avalaible information about the Lan Server API's by executing: VIEW LSRXUTIL ------------------------------------------------------------------------------ GETALL ------------------------------------------------------------------------------ Chain all GETxxx programs together in following order: GETSRVS : Get all Server(s) definitions GETUSERS : " " Users GETGRPS1 : " " Groups GETGRPS2 : " " Members of the Groups GETALIAS : " " Alias GETACL : " " Access Control Lists GETASSGN : " " Logon Assignments GETAPPL : " " Public & Private Applications GETSEL (*) : " " Application Selectors I will create a folder on the Workplace shell 'Lan Server Management Tools' with all possible outputs in it. Once all objects created, you can drag & drop those files to any favorite editor or spreadsheet you like. If needed, you can execute GETPWD to extract all (encoded) passwords from the (primary) Domain Controller. Remark (*): by default the 'GETSEL' is not included in the chain of all procedures. If needed, you must edit the GETALL.CMD to enable GETSEL If no parameters entered you will receive following : ╔═─────────────────────────────────────────────═╗ │ * LSMT * LSMT * LSMT * LSMT * LSMT * LSMT * │ ├───────────────────────────────────────────────┤ │ Usage : GETALL /SRV:Servername_of_DC │ │ │ │ [/LOG:Log_File] [/PIP:Name_of_the_Pipe] [/M] │ │ │ │ Sample : GETALL /SRV:BEDCDIE │ ├───────────────────────────────────────────────┤ │ Get ALL the Domain Controller definitions │ ╚═─────────────────────────────────────────────═╝ Once the outputs retrieved from your Domain Controller, a shadow of each Data file will be created in the 'OUTPUT' folder into the 'Lan Server Management Tools' folder. Now you double-click on one of the output files or drag it to your favorite editor as we created with the name 'T2 Editor' which will open open 'T2.EXE'. Of course, this editor can be replaced and used by any other like TEDIT.EXE, LPEX, EPM, Lotus 123, IBM Works etc ... If desired, you can start from the command prompt the assiciated procedure to set back some changes to the Domain Controller or try the Drag & Drop option to the object 'Set Back to DC'. Be aware that every modification made by you will 'log' an entry in the 'LSMT.LOG' file for later analyze and feedback. ------------------------------------------------------------------------------ GETDOM.CMD ------------------------------------------------------------------------------ Get all information about the servers in a specific domain. The GETDOM procedure creates an additional Folder with the name of the server into the 'All Servers in Domain' folder with objects pointing to the 'CONFIG.SYS', 'PROTOCOL.INI', 'IBMLAN.INI' etc... of the target server. Into the same folder, additional Program objects request more information from the target server such as System Information, Lan Server Error Logs etc.. Also, an ASCII file in the form of a spreadsheet will be created into the 'Output' folder with the Object name 'DOMAIN.CSV' Sample output: -------------- ;NAME ;OS2 ;BUILD ;MPTS ;LSR ;COMMENT ;ROLE ; ;DC1 ;XR03005 ;8.234 ;WR08200 ;IP08200 ;Domain Controller 1 ;Primary ; ;FS2 ;XR03005 ;8.234 ;WR08200 ;IP08200 ;File Server 2 ;Member ; Each line represents a server. You will find the server name at the begin of each line. Following columns are in the ASCII File: Column Name Description --------------------------------------------------- NAME The Server computer name OS2 The syslevel from the Server OS/2 Base BUILD The buildlevel of the server OS/2 Base MPTS The syslevel from the Server MPTS LSR The syslevel from Lan Requester & Server COMMENT The server comment ROLE The role of this server in the domain Possible values : Primary, Backup, Memeber or Standalone DISC The auto-disconnect value ALERTS The server alerts receiver table. The table can be empty HIDDEN The server hidden attribute setting Restrictions: ------------- In this procedure the column width of each output is not adjustable and therefore there is no DOMAIN.INI file provided. If you need to adjust the Column width, you have to edit/adjust the Rexx procedure. It's obvious that this procedure can be expanded if the need exist to get also the syslevel of CM/2, DB/2, TCP/IP etc ... Just edit the Rexx procedure and make the necessary changes. ------------------------------------------------------------------------------ GETSRVS.CMD / SETSRVS.CMD ------------------------------------------------------------------------------ Get and set all information about the servers in a specific domain. The GET procedure creates an ASCII file in the form of a spreadsheet like the following example: OPT;NAME ;COMMENT ;DISC ;ALERTS;HIDDEN ;ANNDELTA; ... ;ITSCSV00;Domain Controller;Auto-;-none-;Visible;3000 ; ... ;ITSCSV01;Additional Server;120 ;-none-;Visible;3000 ; ... Each line represents a server. You will find the server name at the beginning of each line. If you do not exclude some columns in the SERVERS.INI, file you will find the following columns in the ASCII File: Column Name Description --------------------------------------------------- OPT to set your options, allowed are A = add U = update D = delete NAME The server computer name COMMENT The server comment DISC The auto-disconnect value ALERTS The server alerts receiver table. The table can be empty HIDDEN The server hidden attribute setting ANNDELTA The random announce rate (in milliseconds) ALERTSCHED The alert interval for notifying an administrator of a network event ERRORALERT The number of entries that can be written to the error log file during a interval before notifying an administrator LOGONALERT The number of failed logon attempts to allow a user before notifying an administrator ACCESSALERT The number of failed file accesses to allow before issuing an administrative alert DISKALERT The number of kilobytes of free disk space, at which, an administrator must be notified that the free space is low MAXAUDITSZ Maximum audit file size VERSION_MAJOR The major version number (Version) VERSION_MINOR The minor version number (Release) TYPE The server type. This information is a hexadecimal value and is not interpreted ANNOUNCE The network announce delta (in seconds), which determines how often the server will be announced to other computers on the network ACTIVELOCKS The number of file locks that can be active ALIST_MTIME The last time the access control list was modified AUDITEDEVENTS The audit events setting. This value is unformatted and is presented hexadecimal AUDITING The auditing setting AUTOPATH The server autoprofile location AUTOPROFILE The server auto profile setting CHDEVJOBS The number of serial device jobs that can be pending on a server CHDEVS The number of serial devices that can be shared on the server CHDEVQ The number of serial device queues that can coexist on the server CONNECTIONS The maximum number of connections to netnames that are allowed GLIST_MTIME The last time the group list was modified GUESTACCT The guest account name LANMASK The order in which the network device drivers are served. The value is uninterpreted NETIOALERT The Network I/O error ratio in one tenth of a percent to allow before the administrator is notified NUMADMIN The maximum allowed number of administrators NUMBIGBUF Number of 64KB server buffers that are provided NUMFILETASKS Number of processes that can access the operating system at one time NUMREQBUF The number of server buffers that are provided OPENFILES The number of files (file handles to for example files or pipes) that can be opened at once OPENSEARCH The number of searches that can be opened at once ULIST_MTIME The last time the users list was modified USERS The maximum of users on the server SESSOPENS The number of files that can be opened in one session SESSVCS The maximum number of virtual circuits per client SESSREQS The number of simultaneous requests that a client can make on any virtual circuit SECURITY The security type of the server SHARES The maximum number of netnames a server can accommodate SIZREQBUF The size (in bytes) of each server buffer SRVHEURISTICS The server heuristics settings USERPATH The path name to user directories Comments: --------- GETSRVS provide you a customable INI file where you can decide which columns you want to see and which not to use. Restrictions: ------------- In this version of LSMT, only the following information can be set, therefore do not change the values in the other columns: COMMENT, DISC, ALERTS, HIDDEN, ANNDELTA, ALERTSCHED, ERRORALERT, LOGONALERT, ACCESSALERT, DISKALERT, NETIOALERT, MAXAUDITSZ. If you want to reorder or suppress the apearance of some columns, use only the SERVERS.INI file. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set a server, you will receive an error message during the SETSRVS. ------------------------------------------------------------------------------ GETUSERS.CMD / SETUSERS.CMD ------------------------------------------------------------------------------ The GET procedure creates an ASCII file in the form of a spreadsheet like the following example: OPT;NAME ;PASSWORD;PRIV ;FLAGS;USR_COMMENT ; ... ;GUEST ;**** ;Guest ;SN ;System ID ; ... ;ITSCADMN;**** ;Administrator;S ;ITSC Admin ; ... ;MATHIEU ;**** ;User ;S ;Maurice Mathieu; ... ;ALAINADM;**** ;Administrator;S ;Alain as Admin ; ... ;SHIMIZU ;**** ;Administrator;S ;Toshi Shimizu ; ... Each line represents a user. You will find the user ID at the beginning of each line. If you do not exclude some columns in the USERS.INI, file you will find the following columns: Column Name Description ------------------------------- OPT to set your options, allowed are A = add U = update D = delete PASSWORD The password of this user ID. You may not see the original password of the user, only 4 asterisks to indicate where to change the password if necessary, and what minimum length is required . If you want to set a new password, overtype at least the asterisks with non-blank characters. ATTENTION: If you use this file to set a user password be aware of your security guide lines. After usage of this ASCII file as an input for SETUSERS it is recommended to overtype the password values again with asterisks or just delete this ASCII file, so that no files exists on a machine with readable passwords in it. HOME_DIR Shows you the position of the user's home directory, if there is one. MAX_STORAGE This value is NOT the DASD limit. There only will be an alert sent to the administrator if the amount of data in this directory exceeds the given value. If you want to set DASD limits for this directory, you have to use the NET DASD command or our RXDASD.CMD. PRIV The privilege of this user. Valid Entry Description Guest Guest user User Normal user Admin Administrator USR_COMMENT The user comment which is used by UPM (user profile management). COMMENT The user comment which is used by the command line interface of LAN Server. FULL_NAME This user comment is not used by LAN Server, but may be used by LAN aware programs. SCRIPT_PATH The name of the logon script together with the path specification relative to the NETLOGON SCRIPT parameter. This is not PROFILE.CMD. If you specify a CMD file in this column, this command file will be executed during logon before any logon assignments were made and before the PROFILE.CMD will be executed. By default, this CMD has to be in the IBMLAN\REPL\IMPORT\SCRIPTS directory of the server which is processing your logon. If you want to change the location, you can do this by editing the IBMLAN.INI of the 'logon' - server: [netlogon] SCRIPTS = C:\IBMLAN\REPL\IMPORT\SCRIPTS AUTH_FLAGS Flag Description P Print operator privilege is enabled. C Comm operator privilege is enabled. S Server operator privilege is enabled. A Accounts operator privilege is enabled. WORKSTATIONS The workstation restriction for the user LOGON_SERVER The computer to handle logon requests for this user account | ***************** | IMPORTANT NOTICE: | ***************** | If the Lan Administrator adds or updates some users and specifies the | location of the Home Directories away from the Primary Domain Controller | (which we recommend), another file 'HOMEACL.CSV' will be created with a list | of Access Control Profiles which can be read & executed by the | RXACL.CMD procedure or simply by drag & drop back to 'Set Back to the DC' | object. | | This will be reminded during the execution of SETUSERS.CMD if needed. Restrictions: ------------- If you want to reorder or suppress the appearance of some columns, use only the USERS.INI file. The workstation restriction cannot be deleted once set because in the actual version of the LSRXUT.DLL the none value will not be recognized. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set a user, you will receive an error message during SETUSER. ------------------------------------------------------------------------------ GETPWD.CMD / SETPWD.CMD ------------------------------------------------------------------------------ The GET procedure creates an ASCII file with the following information: +----- encoded password ! GUEST:AAD3B435B51404EEAAD3B435B51404EE ITSCADMN:B87209C77290AB876726788D823829CC MATHIEU:C7899238765652CD655678BC866789C2 MBREWER:C8726773CA662589CA6454A3223C782B OSCAR:987B665277C45782B2544567753A6442 SHIMIZU:67655378D7654547E78BCD66889643DC Each line has the form USER ID: PASSWORD. The password of the user ID you will see in this column is encrypted, so you are not able to see the original password. The only conclusion you can make of the values of this column is: if two password entries are identical, then the original passwords are identical. This procedures are not intended to change passwords but to help you migrate passwords from one installation to the other. ATTENTION: ---------- As we mentioned above the passwords are encrypted so you should be careful changing the password encryption within this file, it may result in an unpredictable password if you are not using an already seen encryption. Again the original passwords are NOT identical to the encryption but the encryption represent a unique password. Restrictions: ------------- To get and set the passwords we are using an external program so that the log file output differs from our standard LSMT.LOG. Therefore, by default, we are not using LSMT.LOG. ------------------------------------------------------------------------------ GETGRPS1.CMD & GETGRPS2.CMD / SETGRPS1.CMD & SETGRPS2.CMD ------------------------------------------------------------------------------ The GETGRPS1 procedure create an ASCII file with the Group names & comments, like the following examples: OPT;NAME ;COMMENT ; ;ADMINS ; ; ;ASSIGNEE ;Permanent ITSC Members Group ; ;GUESTS ; ; ;RESIDENTS ;Temporary Residents Group ; ;SERVERS ; ; ;USERS ; ; ;WARPSERV ;Warp Server Residency ; The GETGRPS2 procedure create an ASCII file with the Group names & membership, like the following examples: OPT;USERS ;ADMINS;ASSIGNEE;GUESTS;RESIDENT;SERVERS;USERS;WARPSERV; ;GUEST ; ; ; X ; ; ; ; ; ;ITSCADMN; X ; ; ; ; ; ; ; ;ITSCSV00; ; ; ; ; X ; ; ; ;ITSCSV01; ; ; ; ; X ; ; ; ;MATHIEU ; ; X ; ; X ; ; ; ; ;MBREWER ; ; X ; ; X ; ; ; ; ;OSCAR ; ; ; ; X ; ; ; ; ;SHIMIZU ; X ; X ; ; ; ; ; ; This file gives you the information which users belong to which groups and vice versa. Each line represents a user id and each column a group id. If you look at a line, it consists of a user name at the beginning and for each group this UserID belongs to there will be a 'X' marked in the corresponding group column. Therefore if you read this file horizontally it will provide you with the information in what groups this certain users is a member. But if you read the same file vertically you will find out all users for a certain group. If you want to add a UserID to a group add an 'X' where the corresponding user id row and group id column are crossing. Mark the row with 'U' in the option column and process SETGRPS2. If you want to delete a group membership just overtype an existing 'X' with blank and proceed as above. In respect to these two different CSV files, you have 2 different SET programs: Program Description ---------------------------- SETGRPS1.CMD Sets the basic information about groups (name and comment). SETGRPS2.CMD Sets the relationship between users and groups. Restrictions: ------------- If you want to reorder or suppress the appearance of some columns in the GROUPS1.CSV, use only the GROUPS.INI file. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set a group, you will receive an error message during SETGRPS1 or SETGRPS2. ------------------------------------------------------------------------------ GETALIAS.CMD / SETALIAS.CMD ------------------------------------------------------------------------------ The Get procedure retrieves all alias definitions made in a certain domain. +------- used by file aliases only | OPT;NAME ;TYPE ;SERVER ;PATH ;REMARK ;...;QUEUE ;...; ;APPL-FLG;Files ;\\ITSCSV00;F:\SHARED\FLG;Freelance ;...;Unknown;...; ;DISK-CD ;Files ;\\ITSCSV00;H:\ ;CD-ROM ;...;Unknown;...; ;DISK-MO ;Files ;\\ITSCSV00;G:\ ;Magn.Optic;...;Unknown;...; ;DISK-NVL;Files ;\\ITSCSV00;E:\NOVELL ;Novell Drv;...;Unknown;...; ;PUBLIC ;Files ;\\ITSCSV01;F:\PUBLIC ;PUBLIC ;...;Unknown;...; ;WARPSERV;Files ;\\ITSCSV00;E:\WARPSERV ;Warp Srv ;...;Unknown;...; OPT;NAME ;TYPE ;SERVER ;PATH ;REMARK ;...;QUEUE ;...; ;IBM4039 ;Printer;\\ITSCSV01;Unknown ;IBM 4039 ;...;IBM4039;...; ;IBM4079 ;Printer;\\ITSCSV01;Unknown ;IBM 4079 ;...;IBM4079;...; | used by print aliases only -------+ Each line represents an alias: you will find the alias name at the beginning of each line. If you do not exclude some columns in the ALIAS.INI, file you will find the following columns in the ASCII File: Column Name Description ------------------------------ OPT to set your options, allowed are A = add U = update D = delete NAME The alias name TYPE The alias type SERVER The name of the server where the resource described by this alias resides. The name is used with the leading '\\' characters PATH The path (for files alias only) REMARK The alias remark LOCATION The alias location MODE When the alias is shared MAXUSES The maximum number of users who can have redirection to the resource identified by this alias QUEUE The queue name (for serial or printer alias only) PRIORITY The serial device priority DEVICE_POOL The serial device pool Comments: --------- If you use the SET program to delete an alias you will be reminded to check afterwards whether there still exist logon assignments to this deleted alias (see "CHKASSGN.CMD). Restrictions: ------------- If you want to reorder or suppress the appearance of some columns, use only the ALIAS.INI file. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set an alias, you will receive an error message during SETALIAS. ------------------------------------------------------------------------------ GETACL.CMD / SETACL.CMD ------------------------------------------------------------------------------ The GET procedures retrieves the access control list for all existing aliases and only for these. The information will be stored in an ASCII file in the form of a spreadsheet like the following: OPT;ALIAS ;AUDIT ;ADMINS;ASSIGNEE;GUESTS ;RESIDENT;SERVERS;USERS ;... ;APPL-FLG;-none-; ; ; ; ; ;RWCXDAG;... ;DISK-CD ;-none-; ; ; ; ; ; RXG ;... ;DISK-NVL; ; ; ; ; ; ; ;... ;PUBLIC ;-none-; ;RWCXDAPG;RWCXDAPG; ; ; ;... ;WARPSERV;-none-; ; ; ; ; ; ;... ;IBM4039 ;-none-; CPG ; CPG ; CPG ; CPG ; ; CPG ;... ;IBM4079 ;-none-; ; CPG ; ; CPG ; ; ;... The output is always sorted by group and user ids: +--- group ids ---+ +--- user ids ---+ | | | | OPT;ALIAS ;AUDIT ;ADMINS ;SERVERS ;LOCAL ;USERS ;ALAINADM;HERMADM ; ;OS2TOOLS ;-none-;CDRWXPG ; ; ; ; R ; RW | | | | | | audit for +------access control profiles for---+-------+ | this ACL each group and user +----------------------for this alias In this case, except for the first three columns, each column represents a group or user ID, and each row represents an alias. If you read the file line by line, you will get all access control profiles (ACP, the rights a group or user ID has) for an certain alias. The summary of all ACPs gives you the access control list (ACL) of this alias. You will find the name of the alias in the column with the title ALIAS. If you read the file column by column, you will get all ACPs a certain group or user has defined for all aliases in the domain. Column Name Description ------------------------------ OPT You will see this column in your output, but no values will be initially set. This column is only used by the SET programs. The SETACL.CMD allows you to use more options in the ASCII file than just A, D and U. If you change or add an ACL of an file alias, you have the choice to apply this ACL to all subdirectories of this alias: Option Description A Add an ACL with the values in this line (you may also use U). AA (Only for file aliases) Same as A(dd), but the ACL will be applied to all subdirectories. U Update an ACL with the values in this line. UA (Only for file aliases) Same as U(pdate), but the ACL will be applied to all subdirectories. D DELETE: delete the ACL for this alias. ALIAS Here, you will find all the alias names you have defined in your environment. They appear in following order (each alphabetically sorted): All file aliases All print aliases All serial aliases. AUDIT Describes what kind of audit is active for this alias Valid Values Description A All access attempts will be audited. O Audit successful file opens. W Audit successful file writes and successful directory creates. D Audit successful file deletes or truncates and successful directory deletes. P Audit successful file and directory access control profile change. o Audit failed file opens. w Audit failed file writes and failed directory creates. d Audit failed file deletes or truncates and failed directory deletes. p Audit failed file and directory access control profile change. N or -none- No auditing is performed. All other In each column, you will find the ACP of a certain group or user id. The columns appear in following order (each alphabetically sorted): All groups All user IDs. Valid Values Description N None A Attribute R Read W Write C Create X Execute D Delete P Permissions G This is a group permission. The G parameter is not required to be specified The access profile for a combination alias/user or alias/group will be deleted if you update the alias line and, - The corresponding ACP entry for the user or group is blank or - The group ID or user ID is not in the list because you deleted it or - The group ID or user ID is not in the list because you used one of the parameters /USER or /GROUP with the GETACL command. Therefore, the access control profile will have exactly the values you set in this line. (WYSIWYG, what you see is what you get.) Comments: --------- Due to the nature of the ASCII file, you do not have any INI file used by the GET program to change the order or suppress the output of certain columns. Anyway, you may delete or change the order of the columns within the ASCII file before you use it as input for the SET program. If you change the column name of a group or user ID column, the program still works as long as it is a valid group or user ID. Attention: ---------- If you delete or rearange columns with an ASCII editor and not with a spreadsheet program, such as IBM works, make sure that the column delimiters (;) are also deleted or moved. Restrictions: ------------- Do not change, delete, reorder, or rename the first three columns (OPT, ALIAS, AUDIT). ------------------------------------------------------------------------------ GETASSGN.CMD / SETASSGN.CMD ------------------------------------------------------------------------------ The GET procedure retrieves all logon profiles for all users and all existing aliases. The information will be stored in an ASCII file in the form of a spreadsheet like the following: * Do not delete or change the order of the first 2 Columns OPT;USERID ;APPL-FLG;DISK-CD;DISK-NVL;PUBLIC;WARPSERV;IBM4039;IBM4079; * Members Of Group: ADMINS ;ITSCADMN; ; ; ; ; ; ; ; ;SHIMIZU ; F ; L ; N ; P ; S ; LPT2 ; ; * Members Of Group: ASSIGNEE ;MATHIEU ; F ; ; ; P ; ; LPT3 ; LPT4 ; ;MBREWER ; ; ; ; P ; ; ; ; ;SHIMIZU ; F ; L ; ; P ; S ; LPT2 ; ; * Members Of Group: GUESTS ;GUEST ; ; ; ; P ; ; ; ; * Members Of Group: RESIDENTS ;MATHIEU ; F ; ; ; P ; ; LPT3 ; ; ;MBREWER ; ; ; ; P ; ; ; ; ;OSCAR ; F ; ; ; P ; S ; ; LPT2 ; The output is sorted by File, Print and Serial aliases: File Printer Serial Alias Alias Alias +----------------------+ +------+ | | | | | | OPT;USERID ;WARPAPPL;DOSAPL;WINAPL;PUBLIC;IBM4039;OPTRA;MODEM; ;ODIER ; V ; ; ; P ; LPT1 ; ;COM4 ; ;PAULI ; W ; ; ; P ; ;LPT3 ; ; ;RYKAERT ; W ; ; ; P ; LPT3 ; ; ; ;SHIMIZU ; W ; ; ; P ; ; ; ; ;TESTINI ; ; X ; Y ; P ; LPT1 ; ; ; ;VERNON ; W ; ; ; P ; ; ;COM3 ; | | | | | +-------------logon profile---------------+ +-----------------------for this user Type of Alias Valid Values ---------------------------- File All valid drive letters for logon assignments (without colon) Print All valid ports for parallel logon assignments (without colon) Serial All valid ports for serial logon assignments (without colon) Attention: ---------- The logon profile for a combination user/alias will be deleted if you update the user line and, - The corresponding logon assignment entry is blank or - The user ID is not in the list because you deleted it Therefore, the logon profile will have exactly the values you set in this line. * List of all logon assignments ,allowed Options u=update d=delete OPT;USERID ;REXX;WARPAPPL;DOSAPL;WINAPL;PUBLIC;IBM4039;OPTRA;MODEM; ;ODIER ; ; V ; ; ; P ; LPT1 ; ;COM4 ; ;PAULI ; R ; W ; ; ; P ; ;LPT3 ; ; ;RYKAERT ; R ; W ; X ; ; P ; LPT3 ; ; ; ;SHIMIZU ; ; W ; ; ; P ; ; ; ; ;TESTINI ; ; ; X ; Y ; P ; LPT1 ; ; ; ;VERNON ; ; W ; ; ; P ; ; ;COM3 ; If you delete column DOSAPL in the ASSGN.CSV file and you use this file as input for SETASSGN, the following will be processed, besides others: - The Logon Assignment X of user ID TESTINI for DOSAPL will be deleted. - The Logon Assignment X of user ID RYKAERT will not be deleted because only the ID 'TESTINI' was marked with U for update. Only lines with an valid option will be processed. Comments: --------- Due to the nature of the ASCII file (see :The ASCII Files), you do not have any INI file used by the GET program to change the order or suppress the output of certain columns. Anyway, you may delete or change the order of the columns within the ASCII file before you use it as input for the SET program. If you change the column name of a group or user ID column, the program still works as long as it is a valid alias name. Attention: ---------- If you delete or rearrange columns with an ASCII editor and not with a spreadsheet program, such as IBM Works, make sure that the column delimiters (;) are also deleted or moved. Restrictions: ------------- Do not change, delete, reorder, or rename the first two columns (OPT, USERID). ------------------------------------------------------------------------------ GETAPPL.CMD / SETAPPL.CMD ------------------------------------------------------------------------------ The Get procedure retrieves all public applications definitions made in a certain domain. The information will be stored in an ASCII file in the form of a spreadsheet like the following: OPT;NAME ;REMARK ;COMMAND ;COMMAND_PARMS ; ... ;CUADRAW ;Drawing ;CUADRAW ; ; ... ;FREELANC;Freelance ;FLG.EXE ; ; ... ;LANMSG ;DLR Messg. ;DMPC ;%XSLCNF% CMM_MAIN.EXE; ... ;P2P ;Person 2 Per;P2PLAN.CMD; ; ... ;PMCAMERA;Screen Capt.;PMCAM200 ; ; ... ;VIRSCAN ;Virus Scan ;DISKG ; ; ... Each line represents an public application, you will find the publication name at the beginning of each line. If you do not exclude some columns in the APPL.INI, file you will find the following columns in the ASCII File: Column Name Description ------------------------------ OPT to set your options, allowed are A = add U = update D = delete NAME The application name REMARK The application remark COMMAND The command that starts the application COMMAND_PARMS The application start parameters APP_ALIAS_OR_DRV The alias or drive where the application resides. It specifies a drive letter, followed by a colon (:), if the application resides on the user's local machine or it specifies an existing alias if the application resides on a server APP_PATH_TO_DIR The remaining path to the application WRKDIR_DRIVE Specifies the drive that the working directory is to be assigned to when the application is started. A value of * indicates that the system should choose a drive when the application is started APP_DRIVE Applies to DOS public applications only. It is used to specify the drive that is current when the application runs. A value of * indicates that the system should choose a drive letters WRKDIR_ALIAS_OR_DRV Specifies the directory that is made current when the application runs. If the working directory is on the local machine, it specifies the drive, where the directory is located. If the working directory is remote, it specifies an existing alias where the directory is located WRKDIR_PATH_TO_DIR The remaining path to the working directory PROMPT Prompt for parameters INTERFACE The interface type APPTYPE The application type RES_COUNT The number of application resource list that follows. A value of zero indicates that the application does not require any redirected devices when it runs Restrictions: ------------- If you want to reorder or suppress the appearance of some columns, use only the APPL.INI file. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set an application, you will receive an error message during SETAPPL. ------------------------------------------------------------------------------ GETSEL.CMD & SETSEL.CMD ------------------------------------------------------------------------------ The GETSEL procedure create an ASCII file with the Applications & selectors like the following examples: OPT;USERS ;L123;EXCEL;PMDRAW;OFFICE; ;RYKAERT ; ; ; X ; X ; ;OSCAR ; X ; X ; ; X ; ;SHIMIZU ; ; ; X ; ; This file gives you the information which users belong to which an application is selected. Each line represents a user id and each column an application id. If you look at a line, it consists of a user name at the beginning and for each application this UserID belongs to there will be a 'X' marked in the corresponding application column. Therefore if you read this file horizontally it will provide you with the information in what kind of application a user will see in his/her 'Networkc Application' folder. If you want to add a UserID to an application, add an 'X' where the corresponding user id row and application id column are crossing. Mark the row with 'U' in the option column and process SETSEL. If you want to delete an application selection just overtype an existing 'X' with blank and proceed as above. The default input/output file is 'SELECTOR.CSV' ------------------------------------------------------------------------------- Description Of Additional Tools ------------------------------------------------------------------------------ RXACL.CMD ------------------------------------------------------------------------------ If you use the /Get parameter this procedure retrieves all access control lists defined on a certain server. To get all directory ACLs you have to set the /DIR parameter. To get all file related ACLs you have to set the /FILE parameter. The information will be stored in an ASCII file in the form of a spreadsheet like the following: ;\\ITSCSV01\C$\IBMLAN\DOSLAN\DOS;GUESTS;RG ;\\ITSCSV01\C$\IBMLAN\DOSLAN\DOS;USERS;RG ;\\ITSCSV01\C$\IBMLAN\DOSLAN\NET;GUESTS;RG ;\\ITSCSV01\C$\IBMLAN\DOSLAN\NET;USERS;RG ;\\ITSCSV01\C$\IBMLAN\REPL\IMPORT\SCRIPTS;ADMINS;RXG ;\\ITSCSV01\C$\IBMLAN\REPL\IMPORT\SCRIPTS;USERS;RXG ;\\ITSCSV01\C$\SPOOL\IBM4019X;ASSIGNEE;CPG Every line in this file represents an access control list: The empty space at the beginning gives you the ability to place an option like A = add, U = update or D = delete. The next entry is the full path of the resource where the ACL is defined on using the universal name convention (UNC). After that follows a combination of a ID (group ids and UserID ids) and the grants which are given to that particular id. Again the value G represents the grant to a group id and needs not to be specified. Restrictions: ------------- This procedure does not provide a header information within the ASCII files. ------------------------------------------------------------------------------ RXDASD.CMD ------------------------------------------------------------------------------ Description: ------------ The procedure retrieves (/GET) or sets (/SET) all DASD limit information defined on a certain server. The information will be stored in an ASCII file in the form of a spreadsheet like the following: OPT;RESOURCE_NAME ;MAX ;USE ;THRESH;DELTA; ;F:\alain ;100000 ;3 ;50 ;3 ; ;F:\hermann ;200000 ;1860 ;60 ;4 ; ;F:\hermann2 ;400000 ;3 ;80 ;6 ; Each line represents a DASD limit resource. If you do not exclude some columns in the DASD.INI file, you will find following special columns in the ASCII file: Column Name Description ------------------------------ OPT to set your options, allowed are A = Add U = Update D = Delete RESOURCE_NAME A string containing the directory path. The string must be the directory path, beginning with the drive letter and only ending with a backslashe when a root directory is specified. MAX The amount of disk space allotted to this directory by directory limits. Specified in KB, this field can be set from 1 to 67108863. Note, however, that subsequent access to the directory specified is functionally limited to the smaller of the following: - Any directory limits restrictions on any parent directory - The total free space on the drive USE The amount (in KB) of disk space already occupied within the specified directory resource. This value cannot be set; it is only retrievable. THRESH The initial alert threshold as a percentage of the total directory limit space allotted, with values ranging from 0 to 99. Zero specifies that no threshold alert is to be generated, and 99 specifies that an alert is generated when 99 percent of the allotted directory limit for this directory has been reached. Note that a minimum of 1 KB of disk space must be allotted to a threshold; the value obtained by multiplying the THRESH decimal-point value (where 5 percent is equal to 0.05) by MAX must be at least 1 KB. This threshold setting generates only one alert when this boundary is crossed. Subsequent alerts (generated incrementally after this threshold has been reached but before the entire limit is reached) are specified according to the Delta parameter. DELTA The increment in which alerts are to be generated after the THRESH threshold has been crossed but before all of the allotted disk space has been used. This parameter also is specified as a percentage of the total allotted directory limit space and can range from 0 upward, as long as its value is less than 99 - THRESH. Note that a minimum of 1 KB of disk space must be allotted to an increment, the value obtained by multiplying the DELTA decimal-point value (where 5 percent is equal to 0.05) by MAX must be at least 1 KB. Comments: --------- If you plan to manage limits for directories on the server, you must order and install the appropriate OS/2 FIXPAKS. These are: OS/2* 2.10 PJ10428 OS/2* 2.11 PJ13619 OS/2* Version 3.0 No FIXPAK required for DASD Limits. Restrictions: ------------- If you want to reorder or suppress the appearance of some columns, use only the DASD.INI file. Do not rename the column names in the INI File. Note: ----- If you suppress columns which are necessary to set a DASD limit you will receive an error message during the RXDASD /SET. ------------------------------------------------------------------------------ RXNET.CMD ------------------------------------------------------------------------------ Description: ------------ This program as some functions like the original NET.EXE and demonstrates how you can write REXX programs without using the NET.EXE commands and get similar or even better results with faster performance. Just type RXNET to get a description of the implemented parameters: Parameter Function -------------------- ALIAS FILE gives you information about locked files GROUPS similar to NET GROUPS SESSION similar to NET Session SHARE similar to NET SHARE START gives you information about all started services USER similar to NET USER Restrictions: ------------- This program allows only browsing data. ------------------------------------------------------------------------------ CHKASSGN.CMD ------------------------------------------------------------------------------ It may happen that certain logon assignments exist even if the corresponding alias does not. To address this kind of problem, CHKASSGN checks all your assignments for this inconsistency and deletes it if you want to. Comments: --------- By default, it only checks for inconsistency. To delete them, you have to provide the /D parameter. ------------------------------------------------------------------------------ Backup/Restore Of Your Domain Definitions ------------------------------------------------------------------------------ To perform a complete backup of your domain definitions you may use LSMT. To backup the definitions it does not matter in which order you execute the programs. But the order does matter if you want to restore the information to a new or migrated server installation. You should proceed in following order: Call To --------------------------------------------- SETSRVS.CMD set the server characteristics SETUSERS.CMD define all users (with initial passwords set) SETPWD.CMD change initial passwords to the old passwords SETGRPS1.CMD define all groups SETGRPS2.CMD assign users to groups SETALIAS.CMD define aliases SETAPPL.CMD define public applications | SETSEL.CMD define applications selector SETACL.CMD define access control lists for all aliases (with or without apply) SETASSGN.CMD set the logon assignments RXACL.CMD set additional ACLs for each server RXDASD.CMD set DASD limits for each server ------------------------------------------------------------------------------ How to start the programs ------------------------------------------------------------------------------ In this section we will describe how to start the LSMT programs and what parameters you may use. ---------------------------------------------------------------- Common Start Parameters ---------------------------------------------------------------- All programs are using a common set of parameters and some additional private parameters. In this section, we will describe only the commonly used parameters. Private parameters will be covered in the detailed description of each program. /SRV:Servername_of_DC You must provide the Computername of the primary domain controller of that domain where you want to retrieve information or apply changes. Example: GETUSER /SRV:REXXSRV where REXXSRV = name of the primary domain controller /OUT:Output_File This parameter is only used by the GET programs. Here, you can specify the name of the ASCII file which receives the retrieved information. Example: GETUSER /SRV:REXXSRV /OUT:d:\outfile.csv /INP:Input_File This parameter is only used by the SET programs . Here, you can specify the name of the ASCII file which contains the setting information. Example: GETUSER /SRV:REXXSRV /INP:d:\infile.csv /T Trace option. Set this option to see a more specific output. /M Mute option. This option is used to see a less specific output. /LOG:Log_File Specify another filename to log all information. Example: GETUSER /SRV:REXXSRV /LOG:d:\myfile.log /PIP:Name_of_the_Pipe If you use this parameter, you have to provide the name of a named pipe to which logging information is sent to. This named pipe may reside on the same workstation or on any other OS/2 workstation within your LAN which has OS/2 LAN requester and peer services installed. Example: GETUSER /SRV:REXXSRV /PIP:\\PWS71251\PIPE\RXPIPE where PWS71251 is the NetBIOS name of the PC where the named pipe is originated and RXPIPE is the name of the pipe. The basic principles of pipes will be discussed in the section Pipes. If the programs are missing parameters or do not understand the one you provided, they will show you a help panel like following: Example: +-----------------------------------------------+ | Usage : SETUSERS /SRV:Servername_of_DC | | | | [/INP:Input_File] [/T] [/M] | | [/LOG:Log_File] [/PIP:Name_of_the_Pipe] | +-----------------------------------------------+ ------------------------------------------------------------------------------ Using the Drag & Drop on the OS/2 Warp WorkPlaceShell ------------------------------------------------------------------------------ After creating all necessary objects on the OS/2 Warp WorkPlaceShell using the 'INSTALL' procedure, the Admin will be able to extract the data from the (Primary) Domain Controller (PR-DC) and read & interpret them by double click on it or using his navorit Editor, Text processor or Spreadsheet, just by dragging and dropping it on the original object of his/her application. For example, if you drag & drop the 'USERS.CSV' on the object '<T2> Editor', it will open automaticaly the editor 'T2.EXE', which has the same basefunctions as 'TEDIT.EXE' known after a regular Warp installation. After reviewing, updating, deleting or changing the data, import the data back to the PR-DC either by excecuting it on the command prompt, for example 'SETUSERS /SRV:DC_NAME' or just by Drag & Drop it on the '<Set> to DC' object. After answering the ComputerName of the PR-DC, a quick check will be done to assure that ComputerName is a valid PR-DC. If during the 'SETUSERS' a homedirectory has been specified on another machine then the PR-DC a warning message will remind the Admin to take futher action by dragging & dropping a temporary created file 'HOMEACL.CSV' back on the '<Set> to DC' object. A new updated file can be request by Drag & Drop one of the 'Output' files on the '<Get> to DC' object. By double clicking on '<Get> All definitions', you request all possible domain controllers data at once, except for 'SELECTOR.CSV' and 'USERS.PWD'. If you double click on the 'LSMT.LOG', more information will be shown about errors, information and warnings during one of the LSMT procedures as explained in the 'The LOG File' chapter above in this manual. ------------------------------------------------------------------------------ Using LSMT to clone a user ------------------------------------------------------------------------------ In this topic we would like to show how to clone a user from an already well defined user: - the 'template' user name is 'Jan Hammer' - the new user name to be cloned is 'Anne Jones' with a password 'BARBIE' - the name of the Primary Domain Controller is '\\DC1' - Jan starts a 'HELLO' script file while loging on - Jan is member of a group 'HOME' - Jan has a homedirectory driveletter 'Z:' from a server '\\FS2\D$\HOMEDIR\JAN' - Jan has logon assignments 'H:' to an alias 'HOMEAPPL' - Jan got an application selected to 'HOMEWORK' 1. Command line driven: ----------------------- (1) add Anne as a new user: NET ADMIN \\DC1 /C NET USER ANNE BARBIE /USERCOMMENT:"ANNE_JONES" /HOMEDIR:Z:\FS2\D$\HOMEDIR\ANNE /SCRIPT:HELLO /ASSIGN H:HOMEAPPL /ADD Remark 1: use an underscore '_' character in the usercomment option, (if you want to specify a blank use the '[ALT 255]' trick) 2: the '/ASSIGN' is not supported on Lan Server 3.0 (2) make a directory on the server where resides Anne's Home directory MD \\FS2\D$\HOMEDIR\ANNE (3) add Access Control Profiles to the Anne's Home directory NET ADMIN \\FS2 /C NET ACCESS D:\HOMEDIR\ANNE USERS:N ANNE:RWCXDAP /ADD Remark: if you get an error NET2221, try the operation later due to the latency of the Netlogon replicating (4) add Anne to the group 'HOME': NET ADMIN \\DC1 /C NET GROUP HOME ANNE /ADD (5) select the 'HOMEWORK' application to Anne NET ADMIN \\DC1 /C NET USER ANNE /ASSIGN PUBLIC:HOMEWORKS Remark: the '/ASSIGN' option is not supported on Lan Server 3.0 2. Using LSMT: -------------- (1) get all users GETUSERS /SRV:DC1 /M (2) get all groups and they members GETGRPS2 /SRV:DC1 /M (3) get all logonassignments GETASSGN /SRV:DC1 /M /GROUP (4) get all application selectors GETSEL /SRV:DC1 /M (5) edit 'USERS.CSV' and look at bitmap 'USERS.BMP' Take the whole line with Jan's definitions and copy it to next line. Overwrite 'JAN' to 'ANNE', '****' to Anne's password etc... Put an 'A' in the 'OPT' column (6) edit 'GROUPS2.CSV' and look at bitmap 'GROUPS2.BMP' Put an 'A' in the 'OPT' and a 'X' in the 'HOME' column (7) edit 'ASSGN.CSV' and look at bitmap 'ASSGN.BMP' Put an 'A' in the 'OPT' and a 'H' in the 'HOMEAPPL' column (8) edit 'SELECTOR.CSV' and look at bitmap 'SELECTOR.BMP' Put an 'A' in the 'OPT' and a 'X' in the 'HOMEWORKS' column (9) set Anne into the User Database SETUSERS /SRV:DC1 /M (10) set the Access Control Profiles for the Anne's Home directory RXACL /SRV:DC1 /SET /INP:HOMEACL.CSV (11) set Anne into the Groups-Member Database SETGRPS2 /SRV:DC1 /M (12) Give Anne her Logon Assignments SETASSGN /SRV:DC1 /M (13) Select Anne's applications SETSEL /SRV:DC1 /M (14) Look at the 'LSMT.LOG' for audit, warnings or possible errors Look at bitmap 'LSMTLOG.BMP' 3. Which API's were used ? -------------------------- (1) get all users NetEnumerate(NETUSER, 'USERID', '\\'SRVNAME) NetGetInfo(NETUSER, 'USERINFO', '\\'SRVNAME, USERID) (2) get all groups and they members NetEnumerate(NETGROUP, 'GROUPS', '\\'SRVNAME) NetGetInfo(NETAPP, 'MEMBER', '\\'SRVNAME, USERID) (3) get all logonassignments NetEnumerate(NETGROUP, 'GroupInfo', '\\'SRVNAME) NetGetInfo(NETGROUPUSERS, 'USERID', '\\'SRVNAME, GroupInfo.i) NetEnumerate(NETALIAS, 'ALIASFiles' , '\\'SRVNAME,1) NetEnumerate(NETALIAS, 'ALIASPrint' , '\\'SRVNAME,2) NetEnumerate(NETALIAS, 'ALIASSerial', '\\'SRVNAME,4) NetGetInfo(NETLOGONASN, 'LASSINFO', '\\'SRVNAME, USERID) (4) get all application selectors NetEnumerate(NETAPP, 'APPLNAME', '\\'SRVNAME) NetEnumerate(NETUSER, 'USERS', '\\'SRVNAME) NetGetInfo(NETAPPSEL, 'ApplSelInfo', '\\'SRVNAME, USERID) (9) set Anne into the User Database NetAdd(NETUSER2, 'USERINFO', '\\'SRVNAME) NetGetInfo(NETGROUP, 'ServerModalInfo', '\\'NewServerName) NetGetInfo(NETACCESS, 'Access', '\\'NewServerName, LocalDrive) NetGetInfo(NETUSER, 'UserInfo', '\\'NewServerName, UserInfo.Name) (10) set the Access Control Profiles for the Anne's Home directory NetAdd(NETACCESS, 'ACL', '\\'SRVNAME, HOMEDIR) (11) set Anne into the Groups-Member Database NetGetInfo(NETAPP, 'USERGROUPS', '\\'SRVNAME, USERID) NetAdd(NETGROUPSUSERS, '\\'SRVNAME, GROUP, USERID) NetDelete(NETGROUPSUSERS, '\\'SRVNAME, GROUP, USERID) (12) Give Anne her Logon Assignments NetGetInfo(NETLOGONASN, 'OldAssgn', '\\'SRVNAME, UserID) NetDelete(NETLOGONASN, '\\'SRVNAME, UserID) NetAdd(NETLOGONASN, '\\'SRVNAME, AliasName, Assign.i.device,,UserID) (13) Select Anne's applications NetGetInfo(NETAPP, 'ApplInfo', '\\'SRVNAME, APPL) NetGetInfo(NETAPPSEL, 'ApplSelInfo', '\\'SRVNAME, USERID) NetAdd(NETAPPSEL, '\\'SRVNAME, APPL, USERID, ApplInfo.AppType) NetDelete(NETAPPSEL, '\\'SRVNAME, USERID, APPL)