NetOp Security Manager Help

Version 9.2

Administrator's GuideVersion 9.22

Copyright© 1981-2009 Netop Business Solutions A/S. All Rights Reserved.Portions used under license from third parties.Please send any comments to:Netop Business Solutions A/SBregnerodvej 127DK-3460 BirkerodDenmarkFax: Int +45 45 90 25 26E-mail: [email protected]: www.netop.com

Netop™ is a trademark of Netop Business Solutions A/S. All other products mentioned inthis document are trademarks of their respective manufacturers. Netop Business SolutionsA/S denies any and all responsibility for damages caused directly or indirectly as a resultof using this document. The content of this document is subject to change withoutnotice. Netop Business Solutions A/S retains the copyright to this document.

The document is optimized for double-sided printing.

Contents

1

Contents

.......................................................................................81 Introduction

.........................................................................................................81.1 Common Controls

...........................................................................................................91.1.1 Window Control

...........................................................................................................91.1.2 Menu and Toolbar Control

...........................................................................................................91.1.3 Table Control

.......................................................................................112 Netop Security Management

.........................................................................................................112.1 Netop Security Management Overview

...........................................................................................................112.1.1 Netop Security Management Functionality

...........................................................................................................122.1.2 Netop Security Management Setup

....................................................................................................122.1.2.1 Security Database Setup

....................................................................................................132.1.2.2 Netop Security Server Setup

...........................................................................................................132.1.3 Netop Security Management Maintenance

.........................................................................................................132.2 Load Netop Security Manager

...........................................................................................................162.2.1 Security Database Wizard

.........................................................................................................202.3 Netop Security Manager Window

...........................................................................................................212.3.1 Title Bar

...........................................................................................................212.3.2 Menu Bar

....................................................................................................212.3.2.1 File Menu

....................................................................................................212.3.2.2 Records Menu

....................................................................................................222.3.2.3 Edit Menu

....................................................................................................222.3.2.4 View Menu

....................................................................................................232.3.2.5 Options Menu

....................................................................................................242.3.2.6 Help Menu

...........................................................................................................242.3.3 Toolbar

...........................................................................................................252.3.4 Filter and Fetching Bar

...........................................................................................................262.3.5 Selection Pane

...........................................................................................................272.3.6 Records Pane

...........................................................................................................272.3.7 Message Panel

...........................................................................................................272.3.8 Status Bar

.........................................................................................................282.4 Manage Security Database Contents

...........................................................................................................282.4.1 Contents Creation Guide

....................................................................................................282.4.1.1 Review Security Policies

....................................................................................................292.4.1.2 Create Role Assignments

....................................................................................................292.4.1.3 View and Manage Data

....................................................................................................302.4.1.4 Scheduled Jobs

....................................................................................................302.4.1.5 Security Log

....................................................................................................302.4.1.6 Netop Log

....................................................................................................302.4.1.7 Active Sessions

...........................................................................................................302.4.2 Security Settings

....................................................................................................312.4.2.1 Role Assignment

..................................................................................................322.4.2.1.1 New

Contents

2

..................................................................................................372.4.2.1.2 New Batch

..................................................................................................392.4.2.1.3 Edit

..................................................................................................392.4.2.1.4 Delete

..................................................................................................392.4.2.1.5 Clear

....................................................................................................402.4.2.2 Role

..................................................................................................412.4.2.2.1 New

..................................................................................................432.4.2.2.2 Edit

..................................................................................................432.4.2.2.3 Delete

....................................................................................................432.4.2.3 Security Policies

..................................................................................................442.4.2.3.1 Security Server Group Name

..................................................................................................452.4.2.3.2 Security Server List

..................................................................................................462.4.2.3.3 Preferred Guest Type

..................................................................................................492.4.2.3.4 Preferred Host Type

..................................................................................................502.4.2.3.5 Logging Options

...........................................................................................................512.4.3 Logging

....................................................................................................522.4.3.1 Security Log

....................................................................................................532.4.3.2 Netop Log

....................................................................................................542.4.3.3 Active Sessions

...........................................................................................................552.4.4 Scheduling

....................................................................................................562.4.4.1 Scheduled Job

..................................................................................................572.4.4.1.1 New

..................................................................................................602.4.4.1.2 Details

..................................................................................................612.4.4.1.3 Edit

..................................................................................................612.4.4.1.4 Delete

...........................................................................................................612.4.5 Netop Definitions

....................................................................................................622.4.5.1 Netop Guest ID

..................................................................................................642.4.5.1.1 New

..................................................................................................672.4.5.1.2 Edit

..................................................................................................672.4.5.1.3 Delete

..................................................................................................672.4.5.1.4 Accessible Hosts

....................................................................................................682.4.5.2 Netop Guest ID Group

..................................................................................................692.4.5.2.1 New

..................................................................................................692.4.5.2.2 Edit

..................................................................................................702.4.5.2.3 Delete

..................................................................................................702.4.5.2.4 Members

....................................................................................................722.4.5.3 Netop Host ID

..................................................................................................732.4.5.3.1 New

..................................................................................................742.4.5.3.2 Edit

..................................................................................................742.4.5.3.3 Delete

..................................................................................................742.4.5.3.4 Permitted Guests

....................................................................................................742.4.5.4 Netop Host ID Group

..................................................................................................752.4.5.4.1 New

..................................................................................................762.4.5.4.2 Edit

..................................................................................................762.4.5.4.3 Delete

Contents

3

..................................................................................................762.4.5.4.4 Members

....................................................................................................762.4.5.5 Netop Properties

...........................................................................................................782.4.6 Windows Definitions

....................................................................................................792.4.6.1 Windows User

..................................................................................................802.4.6.1.1 New

..................................................................................................812.4.6.1.2 Edit

..................................................................................................812.4.6.1.3 Delete



....................................................................................................842.4.6.2 Windows Group

..................................................................................................852.4.6.2.1 New

..................................................................................................862.4.6.2.2 Edit

..................................................................................................862.4.6.2.3 Delete

....................................................................................................872.4.6.3 Windows Workstation

..................................................................................................882.4.6.3.1 New

..................................................................................................892.4.6.3.2 Edit

..................................................................................................892.4.6.3.3 Delete


....................................................................................................902.4.6.4 Windows Workstation Group

..................................................................................................912.4.6.4.1 New

..................................................................................................922.4.6.4.2 Edit

..................................................................................................922.4.6.4.3 Delete

..................................................................................................932.4.6.4.4 Members

....................................................................................................952.4.6.5 Windows Domain

..................................................................................................962.4.6.5.1 New

..................................................................................................972.4.6.5.2 Edit

..................................................................................................972.4.6.5.3 Delete

...........................................................................................................972.4.7 RSA SecurID Definitions

....................................................................................................982.4.7.1 RSA SecurID User

..................................................................................................992.4.7.1.1 New

..................................................................................................1002.4.7.1.2 Edit

..................................................................................................1002.4.7.1.3 Delete


....................................................................................................1002.4.7.2 RSA SecurID Group

..................................................................................................1022.4.7.2.1 New

..................................................................................................1022.4.7.2.2 Edit

..................................................................................................1022.4.7.2.3 Delete

..................................................................................................1032.4.7.2.4 Members

....................................................................................................1042.4.7.3 RSA SecurID Properties

...........................................................................................................1062.4.8 Directory Services Definitions

....................................................................................................1062.4.8.1 Directory Services User

..................................................................................................1082.4.8.1.1 New

..................................................................................................1082.4.8.1.2 Edit

..................................................................................................1092.4.8.1.3 Delete

Contents

4


....................................................................................................1092.4.8.2 Directory Services Group

..................................................................................................1112.4.8.2.1 New

..................................................................................................1112.4.8.2.2 Edit

..................................................................................................1122.4.8.2.3 Delete

....................................................................................................1122.4.8.3 Directory Service

..................................................................................................1142.4.8.3.1 New

..................................................................................................1172.4.8.3.2 Edit

..................................................................................................1182.4.8.3.3 Delete

.........................................................................................................1182.5 Security Database Tables

...........................................................................................................1192.5.1 DWBATH: Scheduled Job

...........................................................................................................1192.5.2 DWCONN: Active Sessions

...........................................................................................................1202.5.3 DWDOMN: Windows Domain

...........................................................................................................1202.5.4 DWDONE: Security Log

...........................................................................................................1202.5.5 DWEVNT: Netop Log

...........................................................................................................1202.5.6 DWGRUH: Netop Host ID Group

...........................................................................................................1212.5.7 DWGRUP: Netop Guest ID Group

...........................................................................................................1212.5.8 DWHOGR: Netop Host ID Group Members

...........................................................................................................1212.5.9 DWHOST: Netop Host ID

...........................................................................................................1212.5.10 DWLDAPGRP: Directory Service Group

...........................................................................................................1222.5.11 DWLDAPPROP: Directory Service Properties

...........................................................................................................1222.5.12 DWLDAPSERV: Directory Service

...........................................................................................................1222.5.13 DWLDAPUSR: Directory Service User

...........................................................................................................1232.5.14 DWMAIN: Role Assignment

...........................................................................................................1232.5.15 DWNTGR: Windows Group

...........................................................................................................1232.5.16 DWNTUS: Windows User

...........................................................................................................1242.5.17 DWPOLI: Security Policies

...........................................................................................................1242.5.18 DWPROP: Netop Properties

...........................................................................................................1242.5.19 DWROLE: Role

...........................................................................................................1252.5.20 DWRSAGRP: RSA SecurID Group

...........................................................................................................1252.5.21 DWRSAPROP: RSA SecurID Properties

...........................................................................................................1252.5.22 DWRSAUSR: RSA SecurID User

...........................................................................................................1252.5.23 DWRSGM: RSA SecurID Group Members

...........................................................................................................1262.5.24 DWSERV: Netop Security Servers

...........................................................................................................1262.5.25 DWTODO: Scheduled Job Actions

...........................................................................................................1262.5.26 DWUSER: Netop Guest ID

...........................................................................................................1272.5.27 DWUSGR: Netop Guest ID Group Members

...........................................................................................................1272.5.28 DWWKGM: Windows Workstation Group Members

...........................................................................................................1272.5.29 DWWKSG: Windows Workstation Group

...........................................................................................................1282.5.30 DWWKST: Windows Workstation

.........................................................................................................1282.6 Netop Security Server Setup

...........................................................................................................1302.6.1 Security Server Tab

...........................................................................................................1302.6.2 Run As Tab

...........................................................................................................1312.6.3 Communication Setup

Contents

5

.........................................................................................................1322.7 Use Netop Security Management

...........................................................................................................1322.7.1 Prerequisites

...........................................................................................................1322.7.2 Maintenance

...........................................................................................................1332.7.3 Security

...........................................................................................................1332.7.4 Database Systems

...........................................................................................................1332.7.5 Additional Tools

....................................................................................................1332.7.5.1 AMPLUS.EXE

....................................................................................................1342.7.5.2 AMPLUS.ZIP

....................................................................................................1342.7.5.3 NETOPLOG.ZIP

.......................................................................................1353 Netop Gateway

.........................................................................................................1353.1 Netop Gateway Functionality

...........................................................................................................1353.1.1 Incoming and Outgoing

...........................................................................................................1363.1.2 Outgoing to Incoming

...........................................................................................................1363.1.3 Networking to Networking

...........................................................................................................1363.1.4 Typically Disabled: Incoming to Outgoing

.........................................................................................................1363.2 Netop Gateway Setup

...........................................................................................................1373.2.1 Netop Gateway and Firewall

...........................................................................................................1383.2.2 Communication Setup

....................................................................................................1403.2.2.1 Device Group

....................................................................................................1413.2.2.2 Netop Net Number

...........................................................................................................1423.2.3 Security Setup

....................................................................................................1433.2.3.1 Grant all Guests Default Access Privileges

....................................................................................................145

3.2.3.2 Grant Each Guest Individual Access Privileges Using NetopAuthentication

....................................................................................................148

3.2.3.3 Grant Each Guest Individual Access Privileges Using Windows SecurityManagement

.........................................................................................................1503.3 Use Netop Gateway

.......................................................................................1524 Netop Name Management

.........................................................................................................1524.1 Netop Name Management Functionality

.........................................................................................................1534.2 Netop Name Server Setup

.........................................................................................................1554.3 Use Netop Name Server

.......................................................................................1575 Advanced Tools

.........................................................................................................1575.1 Netop in Terminal Server Environments

...........................................................................................................1575.1.1 Installation (TSE)

...........................................................................................................1575.1.2 Use (TSE)

....................................................................................................1575.1.2.1 Netop Naming (TSE)

....................................................................................................1585.1.2.2 Netop Communication (TSE)

..................................................................................................1585.1.2.2.1 Netop Gateway Setup (TSE)

..................................................................................................1585.1.2.2.2 Connect out of a TSE

..................................................................................................1585.1.2.2.3 Connect into a TSE

..................................................................................................1595.1.2.2.4 Connect between TSEs

....................................................................................................1595.1.2.3 Netop Module Functionality (TSE)

....................................................................................................1605.1.2.4 Computer Resources Considerations (TSE)

.........................................................................................................1605.2 Netop Guest ActiveX Component

Contents

6

...........................................................................................................1605.2.1 Requirements (ActiveX)

...........................................................................................................1605.2.2 How to Use Netop Guest ActiveX Component

...........................................................................................................1625.2.3 NetopX Connect Window

...........................................................................................................1635.2.4 NetopX Properties Window

....................................................................................................1635.2.4.1 Keys Tab

....................................................................................................1645.2.4.2 Graphics Tab

....................................................................................................1655.2.4.3 Connection Tab

....................................................................................................1665.2.4.4 Name Server Tab

...........................................................................................................1665.2.5 NetopX Remote Control Window

...........................................................................................................1675.2.6 Programmer Information

....................................................................................................1675.2.6.1 NetopX Methods

....................................................................................................1685.2.6.2 NetopX Events

....................................................................................................1685.2.6.3 NetopX Properties

....................................................................................................1695.2.6.4 NetopX Messages

.........................................................................................................1705.3 Netop Scripting ActiveX Control

...........................................................................................................1715.3.1 Create and Delete

...........................................................................................................1715.3.2 StartGuest, Initialize and Uninitialize

...........................................................................................................1735.3.3 Connect and Disconnect

...........................................................................................................1745.3.4 Transfer Files

...........................................................................................................1775.3.5 Examples

...........................................................................................................1805.3.6 Reference

.........................................................................................................1855.4 Netop Remote Control Processes and Windows Security

...........................................................................................................1865.4.1 Netop Processes

...........................................................................................................1865.4.2 Main Host Processes

....................................................................................................1865.4.2.1 Normal Operation

....................................................................................................1875.4.2.2 Replace the Local Security Context

....................................................................................................1875.4.2.3 Disable Main Host Processes Security

...........................................................................................................1875.4.3 Netop Helper Service

....................................................................................................1885.4.3.1 Reload Netop Host with Netop Helper Service

...........................................................................................................1885.4.4 NetopActivity Local Group

.......................................................................................1896 Other Operating Systems

.........................................................................................................1896.1 Netop Remote Control (Linux)

...........................................................................................................1896.1.1 Installation (Linux)

....................................................................................................1896.1.1.1 Install (Linux)

....................................................................................................1906.1.1.2 Uninstall (Linux)

...........................................................................................................1916.1.2 Netop Guest (Linux)

....................................................................................................1916.1.2.1 Load and Unload Netop Guest (Linux)

....................................................................................................1926.1.2.2 Netop Guest Functionality (Linux)

...........................................................................................................1936.1.3 Netop Host (Linux)

....................................................................................................1946.1.3.1 Start and Stop Netop Host Daemon (Linux)

....................................................................................................1946.1.3.2 Display and Hide the Netop Host Window (Linux)

....................................................................................................1956.1.3.3 Netop Host Functionality (Linux)

.........................................................................................................1966.2 Netop Host Manager

...........................................................................................................1976.2.1 Selection Pane

Contents

7

....................................................................................................1986.2.1.1 Host Computer Branch

..................................................................................................1996.2.1.1.1 Profiles Branch

..................................................................................................2016.2.1.1.2 Modem Definitions Branch

....................................................................................................2036.2.1.2 Address Lists Branch

....................................................................................................2046.2.1.3 Guest Users Branch

...........................................................................................................2066.2.2 Attributes Pane

...........................................................................................................2076.2.3 Message Pane

.........................................................................................................2076.3 Netop Remote Control (Solaris)

...........................................................................................................2076.3.1 Installation (Solaris)

....................................................................................................2076.3.1.1 Install (Solaris)

....................................................................................................2086.3.1.2 Uninstall (Solaris)

...........................................................................................................2086.3.2 Netop Guest (Solaris)

....................................................................................................2096.3.2.1 Load and Unload Netop Guest (Solaris)

....................................................................................................2096.3.2.2 Netop Guest Functionality (Solaris)

...........................................................................................................2106.3.3 Netop Host (Solaris)

....................................................................................................2116.3.3.1 Start and Stop Netop Host Daemon (Solaris)

....................................................................................................2116.3.3.2 Display and Hide the Netop Host Window (Solaris)

....................................................................................................2126.3.3.3 Netop Host Functionality (Solaris)

.........................................................................................................2146.4 Netop Remote Control (Mac)

...........................................................................................................2146.4.1 Installation (Mac)

....................................................................................................2146.4.1.1 Install (Mac)

....................................................................................................2156.4.1.2 Uninstall (Mac)

...........................................................................................................2156.4.2 Netop Host (Mac)

....................................................................................................2156.4.2.1 Start and Stop Netop Host Daemon (Mac)

....................................................................................................2156.4.2.2 Display and Hide the Netop Host Window (Mac)

....................................................................................................2166.4.2.3 Netop Host Functionality (Mac)

.........................................................................................................2186.5 Netop Remote Control (OS/2)

...........................................................................................................2186.5.1 Installation (OS/2)

....................................................................................................2186.5.1.1 Install (OS/2)

....................................................................................................2186.5.1.2 Uninstall (OS/2)

...........................................................................................................2196.5.2 Netop Host (OS/2)

....................................................................................................2196.5.2.1 Load and Unload Netop Host (OS/2)

....................................................................................................2216.5.2.2 Netop Host Functionality (OS/2)

.........................................................................................................2226.6 Netop Remote Control (DOS)

...........................................................................................................2226.6.1 Installation (DOS)

...........................................................................................................2226.6.2 Netop Host (DOS)

............................................................................................224Index

Introduction

8

1 Introduction

Welcome to Netop Remote Control, the remote control software from Netop.

We hope that this product will meet your requirements and fulfill your expectations.

If you encounter problems using this product, first consult with its user guides and help systems.

Additional troubleshooting guidance is available from the Netop KnowledgeBase that can be searched fordetailed technical information.

The local supplier of your Netop product is available for advising you on how to obtain maximum benefitfrom it.

As a last resort, submit a support request to Netop Customer & Product Support. We will endeavor toget back to you as soon as possible with a solution to your problem.

Netop Customer & Product Support

This Netop Remote Control Administrator's Guide supplements the Netop Remote Control User’sGuide user documentation with administrator documentation in these chapters:

· Netop Security Management

· Netop Gateway

· Netop Name Management

· Advanced Tools

· Other Operating Systems

Administrator documentation is available only in English.

These on-line help systems are available:

· Netop Guest Help that includes user documentation for Netop Guest is available from Netop Guest(Windows) in the installed language versions English, German, French, Spanish, Italian, Portugueseand Japanese. Netop Guest Help in English is available from Netop Guest (Windows) in otherinstalled language versions and from Netop Guest (Linux) and Netop Guest (Solaris).

· Netop Host Help that includes user documentation for Netop Host is available from Netop Host andextended Hosts (Windows) in the installed language versions English, German, French, Spanish,Italian, Portuguese and Japanese. Netop Host Help in English is available from Netop Host andextended Hosts (Windows) in other installed language versions.

· Netop Security Manager Help that includes administrator documentation for Netop SecurityManagement is available from Netop Security Manager in English.

· Netop Pack'n Deploy Help that includes administrator documentation for Silent Install and NetopDeployment is available from the Netop Pack'n Deploy utility Help menu in English.

For easy reference, this main section includes this user documentation section:

· Common Controls

1.1 Common Controls

This section explains the controls of common elements in the Netop Remote Control user interface. Itincludes these sections:

· Window Control

· Menu and Toolbar Control

· Table Control

http://help.netop.com

http://support.netop.com

Introduction

9

1.1.1 Window Control

Windows with an icon at the title bar left end share these window controls:

Click the title bar left icon, right-click anywhere in the title bar or press ALT+SPACE to show thisstandard window control menu:

Restore: Select this command or click the matching title bar right end button to restore a maximized orminimized window to its normal size.

Move: Select this command to show an arrow-pointed +. Press the keyboard arrow buttons to move thewindow. Press ENTER to end the operation.

Note: Typically, move a window by dragging its title bar.

Size: Select this command to show an arrow-pointed +. Press the keyboard arrow buttons to show adouble arrow at a window edge and move the window edge to resize the window. Press ENTER to endthe operation.

Note: Typically, resize a window by dragging its edges or corners.

Minimize: Select this command or click the matching title bar right end button to minimize the window.The window can minimize into a taskbar button or a notification area button or if inside a window workpanel into a minimized window typically in the lower left corner of the work panel. Click a taskbarminimized window button or double-click a notification area minimized window button to restore thewindow.

Maximize: Select this command or click the matching title bar right end button to maximize the window.

Close: Select this command, click the matching title bar right end button, press ALT+F4 or double-clickthe title bar icon to close the window without applying window selections. If the window represents aloaded program, the program will be unloaded.

1.1.2 Menu and Toolbar Control

Enabled menu commands will appear as black text. Menu commands that are disabled with the currentselection will appear as gray text. If the window is active, place the mouse pointer on a command toshow a hint in the status bar. Commands switching a status On/Off can show a check mark or an icon.If check marked or if the icon appears pressed in, the status is On and selecting the command willswitch the status Off. Executing a command will close the menu.

Drag the left end of a toolbar to move it from its default position below the menu bar to place it alonganother edge of the window below the menu bar and above the status bar or anywhere outside thewindow.

Enabled toolbar buttons will appear in color. Toolbar buttons that are disabled with the current selectionwill appear gray. If the window is active, place the mouse pointer on a toolbar button to show a tool tipwith the button name and a hint in the status bar. A toolbar button switching a status On/Off can appearpressed in. If appearing pressed in, the status is On and clicking the button will switch the status Off.

1.1.3 Table Control

Typically, these controls will be available with tables in window panes:

Resize the pane by resizing the window by dragging its borders. Change the width of a column by

Introduction

10

dragging the right border of its heading. Sort records (ascending/descending) by any column by clickingthe column heading. If table contents extend beyond the pane, the pane will have scrollbars.

Click a record to select and highlight it. Click a record and while pressing SHIFT click another record toselect and highlight both records and records in between. Click a record and while pressing CTRL clickother records to select and highlight clicked records.

Netop Security Management

11

2 Netop Security Management

Netop Security Management provides centralized control of the Guest access privileges of multipleNetop Hosts and extended Hosts.

This main section includes these sections:

· Netop Security Management Overview

· Load Netop Security Manager

· Create or Log On to the Security Database

· Netop Security Manager Window

· Manage Security Database Content

· Security Database Tables

· Netop Security Server Setup

· Use Netop Security Management

2.1 Netop Security Management Overview

Netop Remote Control can protect computers that run Netop Host or extended Host againstunauthorized access and actions from computers that run Netop Guest. Protection can be managedlocally on each Netop Host by Guest Access Security and centrally for multiple Netop Hosts by NetopSecurity Management.

Locally managed Guest Access Security and how Hosts use Netop Security Management is explainedin the User’s Guide Netop Host chapter and the Netop Host Help system Host Tools section GuestAccess Security section.

Centrally managed Netop Security Management is explained in this Netop Security Management mainsection.

This overview section includes these sections:

· Netop Security Management Functionality

· Netop Security Management Setup

2.1.1 Netop Security Management Functionality

Netop Security Management stores Guest access security data for Guest and Host selections in acentral Security Database that is managed from Netop Security Manager.

Netop Security Server services Host requests for Guest Roles with themselves by managing Guestauthentication, querying the central Security Database for security data, determining the applicable Roleand returning it to the Host to apply it:

1. A Guest that connects to a Host will be requested to identify itself by logon credentials.


12

2. The Host will forward the Guest credentials to Netop Security Server requesting the Role of the Guestwith itself.

3. Netop Security Server will manage Guest authentication and query the Security Database for securitydata.

4. Based on returned security data, Netop Security Server will determine the applicable Role and returnit to the Host.

5. The Host will apply the received Role to the Guest.

2.1.2 Netop Security Management Setup

Netop Security Management setup falls into three parts:

· Security Database Setup

· Netop Security Server Setup

· Netop Security Management Maintenance

2.1.2.1 Security Database Setup

Security Database setup is managed from Netop Security Manager that is a database client program.

The Security Database can reside in any Open Database Connectivity (ODBC) enabled database.Creating the Security Database creates tables for these data:

· Security Settings including Role Assignments, Roles and Security Policies.

· Logging including Security Log, Netop Log and Active Sessions.

· Scheduling including Scheduled Jobs.

· Netop Definitions including Netop Guest IDs, Netop Guest ID Groups, Netop Host IDs, Netop Host IDGroups and Netop Properties.

· Windows Definitions including Windows Users, Windows Groups, Windows Workstations, WindowsWorkstation Groups and Windows Domains.

· RSA SecurID Definitions including RSA SecurID Users, RSA SecurID Groups and RSA SecurIDProperties.

· Directory Services Definitions including Directory Services Users, Directory Services Groups andDirectory Services.

Security Policies specify a Security Server Group Name, lists group members in a Security Server List,specifies a Preferred Guest Type and a Preferred Host Type and specifies Logging Options.

The key element in Netop Security Management is the Role Assignment that specifies a Guestselection, a Host selection and the Role of the Guest selection when connected to the Host selection.

· A Guest selection can be a Netop Guest ID or Netop Guest ID Group, a Windows User or WindowsGroup, an RSA SecurID User or RSA SecurID Group, a Directory Services User or Directory ServicesGroup or everybody (any Guest).

· A Host selection can be a Netop Host ID or Netop Host ID Group, a Windows User, Windows Group,Windows Workstation, Windows Workstation Group or Windows Domain or everybody (any Host).

· A Role specifies allowed/not allowed/denied Guest actions on the Host and a Host confirm accessselection.

You can create Role Assignments mutually between multiple Windows Groups and with WindowsDomain computers in a batch operation.

You can create other Role Assignments one by one.

Netop Security Manager can retrieve Windows user, workstation, group and domain information fromavailable Windows user and computer management and directory services user and group information


13

from available Directory Services to create Windows Definitions and Directory Services Definitions RoleAssignments without previously creating Security Database records.

Netop Definitions and RSA SecurID Definitions records must be created in the Security Database tocreate Role Assignments with them.

You can modify two of the four built-in Roles and create additional Roles.

By group memberships, multiple Role Assignments can be available between each Guest and eachHost. The composite of multiple assigned Roles will apply.

Security Database setup is explained in these sections:

· Load Netop Security Manager

· Create or Log On to the Security Database

· Netop Security Manager Window

· Manage Security Database Content

· Security Database Tables

2.1.2.2 Netop Security Server Setup

Netop Security Server is an extended Netop Host with the capability to process Host Role requests.

Install Netop Security Server preferably on multiple computers for load balancing and fault tolerance.

Add Netop Security Servers to the Security Server List.

Log Netop Security Servers on to the central Security Database.

Enable Netop Security Server communication with Hosts that use it.

Netop Security Server setup is explained in this section:

Netop Security Server Setup

2.1.3 Netop Security Management Maintenance

After Security Database Setup and Netop Security Server Setup, Netop Security Management can rununattended with very limited maintenance demands.

Read this section for guidelines:

Use Netop Security Management

2.2 Load Netop Security Manager

You can install Netop Security Manager from the Netop Remote Control CD, see the User’s GuideInstallation chapter or the matching Netop Guest Help or Netop Host Help system section.

Note: To run Netop Security Management with a local test database, install Netop Security Managerand Netop Security Server on the same computer. To run Netop Security Management with a workingSecurity Database, install Netop Security Manager on the workstations of Netop Security Managementadministrators. Its full functionality will be available only if installed on a networked Windows 2003, XP,2000 or NT computer. The Netop Security Manager program amconfig.exe will reside in the directorywhere Netop Security Manager is installed.

To load Netop Security Manager, select Start > All Programs > Netop Remote Control > SecurityManager or run its program file amconfig.exe.

Initially, this window will be shown in front of the Netop Security Manager Window:


14

The pane will show a tip to Netop Security Manager.

Close: Click this button to close the window.

Next Tip: Click this button to show another tip in the pane.

þ Show tips on startup: Leave this box checked to show this window when loading Netop SecurityManager. Uncheck to not show it. If suppressed, you can show it from the Help Menu Tip of the Daycommand.

This window will be shown in front of the empty Netop Security Manager window:

It will log on to a data source to create or open a Netop Security Database in it.

¨ Create local test database: Check this box to disable the fields below to create a local test databaseon your computer.

Note: If you are loading Netop Security Manager for the first time, we recommend that you create a localtest database to try out Netop Security Manager before creating a working Security Database. Creatinga local test database requires administrator rights on the computer. Generally, you should not use thelocal test database as a working Security Database.

Data source []: By default, this field will show Netop_Security_Evaluation to log on to the local testdatabase. To create or log on to a working Security Database, specify the data source name (DSN) ofthe database in which the Security Database shall reside or resides.


15

Username []: Specify in this field the user name required to log on to the database in which the SecurityDatabase shall reside or resides. The local test database requires no user name.

Password []: Specify in this field the matching password. The local test database requires no password.

Change...: Click this button to show the Windows Select Data Source window to select a data sourcewhose name will be shown in the Data source field.

Exit: Click this button to close the window and the Netop Security Manager window behind it to unloadNetop Security Manager.

Logon: Click this button to log on to the specified data source with one of the following results:

· If the specified data source contains Security Database Tables, the Netop Security Manager windowwill be shown.

· If the Create local test database box was checked before clicking Logon, this window will be shown:

It shows that the local test database with the data source name Netop_Security_Evaluation will becreated in the file ameval.mdb that will reside in the path C:\Documents and Settings\AllUsers\Application Data\Danware Data\NSS. Click OK to run the Security Database Wizard to createthe local test database.

· If the specified data source contains no Security Database Tables, the Security Database Wizard willrun to create them.

· If the specified data source cannot be opened, this window will be shown:

It indicates that invalid data source credentials were specified or Security Database Tables arecorrupted. The Security Database Wizard cannot repair corrupted Security Database Tables. If youcannot repair corrupted Security Database Tables manually, delete them and Load Netop Security


16

Manager to create Security Database Tables with the Security Database Wizard.

2.2.1 Security Database Wizard

If no Security Database Tables exist when logging on to the Security Database, the Security DatabaseWizard will run to showthis window:

It specifies the security server group name.

Note: A matching Security Policies window is explained in the Security Server Group Name section.

Group name (private) []: By default, Netop will be specified in this field. Characters will show as dots orasterisks. Leave this name to try out Netop Security Management. To create a working SecurityDatabase, specify another private Group name that should be known only among Netop SecurityManagement administrators.

Confirm group name []: Re-specify in this field the private Group name for confirmation.

Group ID (public) []: This field will show the 32-digit hexadecimal checksum generated from the privateGroup name. This is the Group ID that must be specified on Hosts that use this security server group.

Note: From this window or from the Security Policies Security Server Group Name window, you cancopy the public Group ID to make it available to Hosts. If the private Group name and consequently the


17

public Group ID is changed, Hosts that use this security server group must change their specified GroupID accordingly.

Click Next to show this window:

It specifies security server group members and enables Netop Access Server compatibility.

Note: A matching Security Policies window is explained in the Security Server List section.

To try out Netop Security Management, click Add to create a record of the Netop Security Managercomputer in the pane as shown in the image. To add further members to the group and enable NetopAccess Server compatibility, see the Security Server List section.



18

It specifies the type of credentials that Hosts shall request from connecting Guests if they can.

Note: A matching Security Policies window is explained in the Preferred Guest Type section.

Select one of these options:

¤ Guests enter Windows user name and password: Hosts shall request Windows credentials (Username, Password, Domain) if they can (default selection).

¡ Guests enter Netop Guest ID and password: Hosts shall request Netop credentials (Guest ID,Password).

¡ Guests enter RSA SecurID user name and PASSCODE: Hosts shall request RSA SecurIDcredentials (User name, (password), PASSCODE) if they can.

¡ Guests enter Directory Services user name and password: Hosts shall request directory servicescredentials (User name, password, Directory Server) if they can.

Select the option that matches your preferred Netop Security Management setup:

· Typically, leave the default Windows credentials selection to generally base Role Assignments onGuest Windows Definitions.

· Select Netop credentials to generally base Role Assignments on Guest Netop Definitions.


19

· Select RSA SecurID credentials to generally base Role Assignments on Guest RSA SecurIDDefinitions.

· Select Directory Services credentials to generally base Role Assignments on Guest DirectoryServices Definitions.

Older version Hosts that do not support Windows Definitions, RSA SecurID Definitions or DirectoryServices Definitions can request only Netop credentials. If Netop Security Management shall supportsuch Hosts, Role Assignments based on Guest Netop Definitions must be available in the SecurityDatabase.


It specifies how Hosts shall identify themselves to Netop Security Server if they can.

Note: A matching Security Policies window is explained in the Preferred Host Type section.


¤ Windows user if one is logged on, otherwise workstation: If they can, Hosts shall identify themselvesby any logged on Windows User or if no user is logged on by the Host computer WindowsWorkstation (default selection).


20

¡ Always the workstation: If they can, Hosts shall always identify themselves by the Host computerWindows Workstation.

¡ Netop Host ID: Hosts shall identify themselves by their Netop Host ID.


· Typically, leave the default Windows user/Workstation selection to generally base Role Assignmentson Host Windows Definitions to enable applying different Roles if different users are logged on or nouser is logged on to the Host computer. A Host on which the user name is disabled will identify itselfby the Host computer Windows Workstation.

· Select Always the workstation to generally base Role Assignments on Host Windows Definitions toapply the same Role if a user is logged on to the Host computer or not.

· Select Netop Host ID to generally base Role Assignments on Host Netop Definitions.

Older version Hosts that do not support Windows Definitions will always identify themselves by theirNetop Host ID. If Netop Security Management shall support such Hosts, Role Assignments based ontheir Host Netop Definitions must be available in the Security Database.

Click Finish to end the Security Database Wizard to show the Netop Security Manager Window.

2.3 Netop Security Manager Window

After logon to the Security Database, this window will be shown:

It contains these elements:

· Title Bar

· Menu Bar

· Toolbar


21

· Filter and Fetching Bar

· Records panel with a left Selection Pane and a right Records Pane

· Message Panel

· Status Bar

2.3.1 Title Bar

This is the Netop Security Manager Window title bar:

It will show the name of the logged on to data source.

Window controls are explained in Window Control.

2.3.2 Menu Bar

This is the Netop Security Manager Window menu bar:

Menu and toolbar controls are explained in Menu and Toolbar Control.

It contains these menus:

· File Menu

· Records Menu

· Edit Menu

· View Menu

· Options Menu

· Help Menu

2.3.2.1 File Menu

This is the Netop Security Manager Window File menu:


Exit: Select this command or a Window Control Close control to close the Netop Security ManagerWindow and unload Netop Security Manager.

2.3.2.2 Records Menu

This is the Netop Security Manager Window Records menu:



22

Expanding commands manage Security Database records as explained in Manage Security DatabaseContents.

Reset All: Select this command to show a confirmation window to confirm deleting all Security DatabaseTables and run the Security Database Wizard to create empty Security Database Tables.

EXTREME CAUTION: Selecting this command may waste hours of work and leave Netop SecurityServers unable to service Netop modules that depend on them until security data have been re-created.Select this command only if you are absolutely certain that you want to start all over creating securitydata.

2.3.2.3 Edit Menu

This is the Netop Security Manager Window Edit menu:


Copy Ctrl+C: Select text in the Message Panel and select this command or press CTRL+C to copy theselection to the clipboard.

2.3.2.4 View Menu

This is the Netop Security Manager Window View menu:


Toolbar: This command expands into the commands:

No Toolbar: Select this command to hide the Toolbar.

Large Toolbar: Select this command to show large icons in the Toolbar.

Small Toolbar: Select this command to show small icons in the Toolbar (default selection).

Security Settings: Select this command to check mark/uncheck it to show/hide the Selection PaneSecurity Settings branch (default: check marked to be shown).

Logging: Select this command to check mark/uncheck it to show/hide the Selection Pane Loggingbranch (default: check marked to be shown).

Scheduling: Select this command to check mark/uncheck it to show/hide the Selection PaneScheduling branch (default: check marked to be shown).

Netop Definitions: Select this command to check mark/uncheck it to show/hide the Selection PaneNetop Definitions branch (default: unchecked to be hidden).

Windows Definitions: Select this command to check mark/uncheck it to show/hide the Selection PaneWindows Definitions branch (default: check marked to be shown).

RSA SecurID Definitions: Select this command to check mark/uncheck it to show/hide the Selection


23

Pane RSA SecurID Definitions branch (default: unchecked to be hidden).

Directory Services Definitions: Select this command to check mark/uncheck it to show/hide theSelection Pane Directory Services Definitions branch (default: unchecked to be hidden).

Messages: Select this command to check mark/uncheck it to show/hide the Message Panel (default:check marked to be shown).

Clear Messages (CTRL+M): Select this command or press CTRL+M to delete the Message Panelcontents.

Status Bar: Select this command to check mark/uncheck it to show/hide the Status Bar.

2.3.2.5 Options Menu

This is the Netop Security Manager Window Options menu:


Program Options...: Select this command to show this window:

Number of records to fetch at a time (0-50, 0=all) []: Netop Security Manager fetches Security Databaserecords to the Records Pane in batches. Specify in the field a number in the range (default: 50).

þ Automatic Refresh: Leave this box checked to automatically refresh the Records Pane contentswhenever a record is changed (default: checked).

Note: Refresh will discard the Records Pane contents and fetch Security Database records. Refreshmanually by clicking the Filter and Fetching Bar Refresh button or pressing F5.

¨ Confirm Successful Changes: Check this box to show a window to confirm each successful RecordsPane record change (default: unchecked).

¨ SQL Debug Messages: Check this box to show SQL debug messages in the Message Panel(default: unchecked).


24

2.3.2.6 Help Menu

This is the Netop Security Manager Window Help menu:


Online Help: Select this command or press F1 to open the Netop Security Manager Help system on thetopic of the currently or most recently shown Records Pane.

Help on Viewing: Select this command to open the Netop Security Manager Help system on the Viewand Manage Data topic.

Tip of the Day: Select this command to show the Tip of the Day window.

About Netop Security Manager: Select this command to show this window:

This window specifies the Netop Security Manager version and build number (in parentheses).

These numbers will be asked for if you request support for Netop Security Manager.

2.3.3 Toolbar

From the expanding View Menu Toolbar command, you can hide/show the Netop Security ManagerWindow toolbar and select two toolbar sizes:

Small Toolbar (default selection):

Large Toolbar:


Note: To include Netop Definitions buttons in the toolbar, while the Netop Definitions branch is shown inthe Selection Pane select in the View Menu Small Toolbar or Large Toolbar.

The toolbar can contain these buttons:

New Role Assignment (F2): Click this button, press F2 or select the Role Assignment menu Newcommand to show the Role Assignment Wizard.

New Netop Guest ID (F3): Click this button, press F3 or select the Netop Guest ID menu Newcommand to show the Netop Guest ID window.

New Netop Guest ID Group (F4): Click this button, press F4 or select the Netop Guest ID Groupmenu New command to show the Netop Group window.


25

New Netop Host ID (F6): Click this button, press F6 or select the Netop Host ID menu Newcommand to show the Netop Host ID window.

New Netop Host ID Group (F7): Click this button, press F7 or select the Netop Host ID Groupmenu New command to show the Netop Group window.

New Role (F9): Click this button, press F9 or select the Role menu New command to show theNetop Security Role window.

New Scheduled Job (F10): Click this button, press F10 or select the Scheduled Jobs menu Newcommand to showthe Scheduled Job Wizard.

Edit Selected (Ctrl+E): Select a Records Pane record and click this button, press CTRL+E orselect the record type menu Edit command to show the record editing window.

Delete Selected (Ctrl+D): Select a Records Pane record and click this button, press CTRL+D orselect the record type menu Delete command to show a confirmation window to confirm deletingthe record.

Large Icons: Click this button to make it appear pressed in to show Records Pane records ashorizontal rows of large icons.

Small Icons: Click this button to make it appear pressed in to show Records Pane records ashorizontal rows of small icons.

List: Click this button to make it appear pressed in to show Records Pane records as verticalcolumns of small icons.

Details: Click this button to make it appear pressed in to show Records Pane records in a tablewith details in columns (default selection).

2.3.4 Filter and Fetching Bar

This is the Netop Security Manager Window filter and fetching bar:

It can specify a filter criterion and contains a Refresh button and if more records than are shown in theRecords Pane are available in the Security Database One More Lot and All Remaining record fetchingbuttons.

¨ Where: Check this box to enable the drop-down boxes to the right to specify a filter criterion that willbe applied when fetching records from the Security Database (default: unchecked).

The list of the left drop-down box list will contain the Records Pane Details show column names. Selecta column name in the list to show it in the field to filter fetched records by the selected name column.

The list of the middle drop-down box contains these operators:

· LIKE: Selects records that in the selected column contain the string of characters that is specified inthe right drop-down box field (default selection).

· =: Selects records that in the selected column contain a numerical value that is equal to thenumerical value that is specified in the right drop-down box field.

· >: Selects records that in the selected column contain a numerical value that is larger than thenumerical value that is specified in the right drop-down box field.

· <: Selects records that in the selected column contain a numerical value that is smaller than thenumerical value that is specified in the right drop-down box field.

The list of the right drop-down box will contain strings of characters and numerical values that have beenspecified before (default: none). Select a string or value in the list to show it in the field or specify a newstring or value in the field.

Note: Strings of characters can contain wildcard characters. Use the wildcard characters specified by


26

the Security Database data source type.

Refresh: Click this button or press F5 to discard all Records Pane records and fetch from theSecurity Database applying any filter criterion specified to the left up to the number of recordsspecified in the Program Options window to the Records Pane.

One More Lot: This button will be shown if more records than are shown in the Records Pane areavailable in the Security Database. Click it or press CTRL+PAGEDOWN to fetch from theSecurity Database applying any filter criterion specified to the left up to the number of recordsspecified in the Program Options window to the Records Pane.

All Remaining: This button will be shown if more records than are shown in the Records Paneare available in the Security Database. Click it or press ALT+PAGEDOWN to fetch from theSecurity Database applying any filter criterion specified to the left all remaining records to theRecords Pane.

2.3.5 Selection Pane

This is the Netop Security Manager Window records panel left selection pane:

It contains Records Pane commands in a tree structure.

Note: By default, the Selection Pane will below the Netop Security Management root element showSecurity Settings, Logging, Scheduling and Windows Definitions branches in this order. NetopDefinitions, RSA SecurID Definitions and Directory Services Definitions branches will be hidden. Youcan hide/show branches by selecting View Menu branch name commands.

Collapse expanded branches by clicking [-] buttons. Expand collapsed branches by clicking [+] buttons.

Select an expanded branch command to dim its icon and bold its name to show its records in the Records Pane.


27

2.3.6 Records Pane

This is the Netop Security Manager Window records panel right records pane:

It will show records according to the Selection Pane selection. To show another records pane, select itin the Selection Pane.

Click a Toolbar show button to change how records will be shown. Large Icons, Small Icons and Listbuttons will show records as icons. The Details button will show records in a table with details incolumns. Column names are Security Database table column names that cannot be changed. Tablecontrols are explained in Table Control.

Showing a records pane, records will be fetched from the Security Database according to ProgramOptions window and Filter and Fetching Bar settings to become shown in the records pane.

The contents of the individual records panes are explained in the Manage Security Database Contentssection in the Records Menu order.

2.3.7 Message Panel

This is the Netop Security Manager Window message panel:

It will be shown unless hidden from the View Menu Messages command. It will show Netop SecurityManager messages and can, if selected in the Program Options window, also show SQL debugmessages.

Drag the lower border of the Netop Security Manager Window to adjust the height of the message panel.You can scroll the message panel show with its scrollbars.

Select the View Menu Clear Messages command or press CTRL+M to delete all message panelmessages.

In the message panel, select text or in the message panel context menu select Select All to select theentire message panel contents and in the Edit Menu or context menu select Copy or press CTRL+C tocopy selected text to the clipboard.

2.3.8 Status Bar

This is the Netop Security Manager Window status bar:

It will be shown unless hidden from the View Menu Status Bar command.

When the mouse pointer is over a menu command or a Toolbar button, the left end of the status bar willshow a hint to the command or button.


28

2.4 Manage Security Database Contents

This section explains how to manage the contents of a Netop Security Database from Netop SecurityManager. It includes these sections:

· Contents Creation Guide

· Security Settings

· Logging

· Scheduling

· Netop Definitions

· Windows Definitions

· RSA SecurID Definitions

· Directory Services Definitions

If you are new to Netop Security Management, we recommend that you read the Contents CreationGuide before creating Security Database contents.

2.4.1 Contents Creation Guide

This guide will introduce you to the main tasks of making your Security Database ready to service NetopRemote Control modules installed on the computers of your organization. It contains these sections:

· Review Security Policies

· Create Role Assignments

· View and Manage Data

· Scheduled Jobs

· Security Log

· Netop Log

· Active Sessions

2.4.1.1 Review Security Policies

Before creating any other Security Database contents, you should review the Security Policies createdin the Security Database Wizard to align them with the desired Netop Security Management setup.

The selected Preferred Guest Type and Preferred Host Type will determine which basic Guest and Hostrecords must be created.

If Netop Security Management shall run in a Windows domain environment, typically select the PreferredGuest Type Guests enter Windows user name and password.

If you are upgrading from an old version Netop Access Server setup to a Netop Security Managementsetup, you can select the Preferred Guest Type Guests enter Netop Guest ID and password for a swifttransition, see AMPLUS.EXE. Otherwise, we do not recommend this selection as Security Databasemaintenance will be more demanding with the Netop selection than with the Windows selection.

If your organization applies a policy of RSA SecurID authentication, select the Preferred Guest TypeGuests enter RSA SecurID user name and PASSCODE.

If your organization applies a policy of directory services authentication, select the Preferred Guest Type Guests enter Directory Services user name and password.

Regarding Preferred Host Type, in a Windows domain environment typically select Windows user if oneis logged on, otherwise workstation to enable applying Host computer user dependent RoleAssignments. To apply only Host computer dependent Role Assignments, select Always the


29

workstation.

If you are upgrading from an old version Netop Access Server setup to a Netop Security Managementsetup, you can select the Preferred Host Type Netop Host ID for a swift transition. Otherwise, we do notrecommend this selection.

2.4.1.2 Create Role Assignments

The main objective of creating Security Database contents is to create mutual Role Assignmentsbetween all users and computers that shall be serviced by Netop Security Management.

You can swiftly create Role Assignments mutually between multiple Windows Groups as Guest andHost selection and with Windows Domain computers as Host selection in a batch operation from the Role Assignment menu New Batch command.

You can create Role Assignments one by one between any Guest selection and any Host selectionfrom the Role Assignment menu New command or the Toolbar New Role Assignment button.

While Role Assignments with Windows Definitions and Directory Services Definitions records do notrequire that Guest and Host selection records have been created, Role Assignments with NetopDefinitions and RSA SecurID Definitions require that Guest and Host selection records have beencreated.

Note: You can import a complete old version Netop Access Server setup into to the Security Databaseby using the AMPLUS.EXE program.

Netop Security Manager comes with four built-in Roles of which two can be edited. You can createadditional Roles from the Role menu or from the Toolbar New Role button.

2.4.1.3 View and Manage Data

Security Database data can be shown in the Netop Security Manager Window records panel thatcontains a left Selection Pane and a right Records Pane. Click an element in the Selection Pane toshow its records in the Records Pane.

Note: By default, the Selection Pane will not show Netop Definitions, RSA SecurID Definitions andDirectory Services Definitions elements. You can show them from the View Menu.

Records can be shown as icons (Large Icons, Small Icons or List), but typically they will be shown in atable with Details in columns. Details table contents match the contents of Security Database Tables.

Records are fetched from the security database in lots, the size of which can be set in the ProgramOptions window. If the Security Database contains more records than are currently in the Records Pane,two yellow buttons will be showed next to the Filter and Fetching Bar Refresh button:

Click the left One More Lot button with a down pointer or press CTRL+PAGEDOWN to fetch another lotinto the Records Pane. Click the right All Remaining button with a down pointer and a line or pressALT+PAGEDOWN to fetch all remaining records into the Records Pane.

Click the Refresh button to clear the Records Pane to fetch a new lot of records. In the Program Optionswindow, you can select to refresh automatically when the Records Pane contents have been changed.

You can sort Records Pane data ascending or descending by clicking a column heading. Sortinginitiates a new fetching of records from the Security Database.

You can filter Records Pane records by specifying a filter criterion in the Filter and Fetching Bar.Filtering initiates a new fetching of records from the Security Database.

To edit a Records Pane record, double-click it, select the record type menu Edit command, click theToolbar Edit Selected button or press CTRL+E.

To delete a Records Pane record, select the record type menu Delete command, click the ToolbarDelete Selected button or press CTRL+D.


30

Note: Other options are available in some record type menus.

2.4.1.4 Scheduled Jobs

Scheduled Jobs specify temporary enabling of groups (Windows Groups, Netop Guest ID Groups orNetop Host ID Groups) once or according to a weekly schedule. Create Scheduled Jobs to allow Guestconnections to Hosts only in specified time intervals.

2.4.1.5 Security Log

Administrator actions from Netop Security Manager will be logged in the Security Database. You canshow these loggings in the Security Log to track when changes were made to the Netop SecurityManagement setup. You can clean up the Security Log manually from the Security Log menu andautomatically from the Logging Options window.

2.4.1.6 Netop Log

Netop modules can log their Netop events in the Security Database. You can show these loggings inthe Netop Log. You can clean up the Netop Log manually from the Netop Log menu and automaticallyfrom the Logging Options window.

2.4.1.7 Active Sessions

Provided that Hosts log their session events in the Security Database, the Active Sessions RecordsPane will show which sessions are currently running with logging Hosts. Active Sessions records willrefresh automatically every ten seconds. You can refresh manually from the Active Sessions menu orfrom the Filter and Fetching Bar Refresh button. You can clean up Active Sessions recordsautomatically from the Logging Options window.

2.4.2 Security Settings

You can manage Security Settings records from the Records Menu Security Settings submenu:

that contains these commands:

· Role Assignment

· Role

You can also manage Security Settings records from the Selection Pane Security Settings branch:

that includes these commands:

· Role Assignments

· Roles


31

· Security Policies


2.4.2.1 Role Assignment

Select the Selection Pane Security Settings branch Role Assignments command to show this RecordsPane:


It will show Role Assignments as named icons or table records. The Details selection will show tablerecords with these column contents:

· Guest: Guest selection icon and name.

· Host: Host selection icon and name.

· Role: Role icon and name.

· Enabled: Check mark (enabled) or red dot with white X (disabled).

· ID: Record number (records will be numbered starting from 1).

· Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS.

· CreatedBy: Creator Windows user name.

· Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS.

· ModifiedBy: Modifier Windows user name.

Table controls are explained in Table Control.

Manage Role Assignments from the Records Menu Role Assignment submenu:

- or from the matching Role Assignments Records Pane context menu:


32

It contains these commands:

· New

· New Batch

· Edit

· Delete

· Clear

Note: For a quick start, create Role Assignments between Windows groups and with Windows Domainsfrom the New Batch command.

2.4.2.1.1 New

Select the Role Assignment menu New command, click the Toolbar New Role Assignment button with atraffic light or press F2 to run the Role Assignment wizard to show this window:

This wizard will create a Role Assignment record.

Click Back to show an explanation.

Wizard windows will show options to the left and specifications to the right. Suggested or completedspecifications will be shown in black text. Missing specifications will be indicated by red text.

This window will select a Guest type (suggested: Windows Group). Select a Guest type option to the leftto show it in the right Guest specification after clicking Next.

If on a Windows 2000+ computer you select Windows User or Windows Group, the matching Windows


33

Select... window will be shown after clicking Next. When you have selected a Windows account, theInsert <Account type> as Guest window will be shown.

If you select Everybody, the Select Host Type window will be shown after clicking Next.

Otherwise, this window will be shown after clicking Next:

It will specify a Guest selection.

If a Windows account was selected in a Windows Select... window, disabled left drop-down box fieldswill show the domain and account and the right Guest specification will show the account name prefixedby its relative identifier number (RID) and the domain name.

Otherwise, enabled selection elements will be shown to the left. Only Windows accounts or names ofrecords that have been created in Netop Security Manager will be available for selection. Select activelyan element to specify it in the right Guest specification immediately or after clicking Next.

When you have made a valid selection, click Next to show this window:


34

It will select a Host type (suggested: Windows Group). Select a left Host type option to show it in theright Host specification after clicking Next.

Note: If Everybody was selected in the Select Guest Type window, Everybody will be disabled in thiswindow. However, if you select Everybody in this window, Everybody will be enabled in the Select GuestType window.

If on a Windows 2000+ computer you select Windows User or Windows Group, the matching WindowsSelect... window will be shown after clicking Next. When you have selected a Windows account, theInsert <Account type> as Host window will be shown.

If you select Everybody, the Insert Role Assignment window will be shown after clicking Next.

Otherwise, this window will be shown after clicking Next:


35

It will specify a Host selection.

If a Windows account was selected in a Windows Select... window, disabled left drop-down box fieldswill show the domain and account and the right Host specification will show the account name prefixedby its relative identifier number (RID) and the domain name.

Otherwise, enabled selection elements will be shown to the left. Only Windows accounts or names ofrecords that have been created in Netop Security Manager will be available for selection. Select activelyan element to specify it in the right Host specification immediately or after clicking Next.

Note: If Netop Guest ID or Netop Guest ID Group was selected in the Select Guest Type window andNetop Host ID Group was selected in the Select Host Type window, the Insert Netop Host ID Group asHost window will include the option Unregistered Host IDs that enables a Role Assignment with HostIDs for which no record exists in Netop Security Manager. Selecting this option that is provided forcompatibility with older versions Netop Access Server is not recommended.

When you have made a valid selection, click Next to show this window:


36

It will specify the Role that will apply to the created Role Assignment.

Enter first character below and select from list []: In the field, replace * designating any characters bythe first letters of a Role name to show in the pane below only Role names that begin with these letters.

New: Click this button to show the Netop Security Role window to create a Role.

In the pane, select a Role name to show it in the right Role specification prefixed by the Role recordnumber.

Finish: This button will become enabled when a valid Role Assignment has been specified. Click it toend the wizard to create the Role Assignment record.


37

2.4.2.1.2 New Batch

Select the Role Assignment menu New Batch command to run the Initial Setup wizard to show thiswindow:

This wizard will create Role Assignments between multiple Windows Groups and Windows Domainsand edit built-in Roles in a batch operation. The left section contains selection drop-down boxes and theright pane will contain selection records (initially none).

Domain []: The list of this drop-down box will contain the names of the Windows domains recognized bythe Netop Security Manager computer. Select a domain name in the list to show it in the field.

Windows Group []: The list of this drop-down box will contain the names of the Windows groups in thedomain selected in the Domain drop-down box and <Include access to domain>. Select a Windowsgroup to create Role Assignments with this Windows Group as Guest and Host selections. Select<Include access to domain> to create Role Assignments with the Windows Domain selected in theDomain drop-down box as Host selection.

Note: <Include access to domain> will apply to Hosts that identify themselves to Netop Security Serveras a workstation, not as a user, see Preferred Host Type.

Role []: The list of this drop-down box will contain the names of the roles specified in the Roles RecordsPane. Select a role in the list to show it in the field to apply it to a Windows Group drop-down boxWindows Group selection as Guest selection with all Windows Group and Windows Domain records inthe right pane as Host selection. This selection will not apply to a Windows Group drop-down box<Include access to domain> selection.

Add: Click this button to add a selection in the left drop-down boxes as a record in the right pane.

Del: Select a record in the right pane and click this button to delete it.

The right pane will show records of selected Windows Groups and Windows Domains in a table with


38

these column contents:

· Windows user: Group/domain icon and Windows Group name or Domain.

· Role: For a Windows Group record the Role record ID and RoleName values. For a Domain recordthe Role 0: To be used as Host.

Note: A Windows Group record Role will apply to the Windows Group as Guest selection with allWindows Group and Windows Domain pane records as Host selection.

· Domain: Windows Group or Domain record Windows Domain name.


Note: Role Assignment records and selected Windows Group and Windows Domain records will becreated in the Security Database if they do not already exist.


In this window, you can review or edit two of the four built-in Roles and select to replace existing RoleAssignments.

Standard Role: Click this button to show the Netop Security Role window to review or edit the built-inStandard Role.

Unassigned Hosts’ Role: Click this button to show the Netop Security Role window to review or edit thebuilt-in Unassigned Hosts’ Role.

¨ Clear all existing role assignments before making these new ones: Check this box to replace allexisting Role Assignments by those created in the Initial Setup of Guests and Hosts window.

Click Back to return to the Initial Setup of Guests and Hosts window.

Click Finish to end the wizard to apply selections.


39

2.4.2.1.3 Edit

Select a Role Assignment record and select the Role Assignment menu Edit command, click theToolbar Edit Selected button, press CTRL+E or double-click a Role Assignment record to show thiswindow:

It edits a Role Assignment record.

Guest, Host, Old Role []: These disabled fields will show the record Guest selection name, Hostselection name and Role name.

New role []: This pane will show the names of available Roles. Select one to replace the record Role.

¨ Record is disabled: Check this box to disable the record (default: unchecked). Netop SecurityManagement will not use a disabled Role Assignment record.

Note: Netop Security Management will not use a Role Assignment record that uses a disabled Guestor Host selection record.

2.4.2.1.4 Delete

Select Role Assignment records and select the Role Assignment menu Delete command, click theToolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.

Note: Role Assignment records of deleted Guest or Host selection records will be deleted.

2.4.2.1.5 Clear

Select the Role Assignment menu Clear command to show a confirmation window to confirm deletingall Role Assignment records.

Caution: If no Role Assignment records exist, the Unassigned Hosts' Role will apply to all existing


40

Guest and Host selections.

2.4.2.2 Role

Select the Selection Pane Security Settings branch Roles command to show this Records Pane:


It will show Roles as named icons or table records. The Details selection will show table records withthese column contents:

· RoleName: Role icon and name.

· Rctl: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Remote control (View).

· Keyb: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Use keyboard and mouse.

· Lckm: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Lock keyboard and mouse.

· Blnk: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Blank the screen.

· Clip: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Transfer clipboard.

· Boot: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Execute command.

· Chat: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Request chat.

· Audi: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Request audio-video chat.

· Send: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Send files to Host.

· Recv: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Receive files from Host.

· RunP: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Run programs.

· Prnt: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Redirect print.

· Mana: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Remote management.

· Inve: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Retrieve inventory.

· Smsg: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Send message.

· Mjoi: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Join multi Guest session.

· Madm: Allow (check mark)/Do not allow (red X)/Deny (red dot white X) Act as multi Guest sessionadministrator.

· Conf: Confirm access: No (red X), Yes (check mark) or Yes, with exception (check mark).

· Computer locked: Exception applies (check mark)/Exception does not apply (red X).

· No user logged on: Exception applies (check mark)/Exception does not apply (red X).

· Guest user logged on: Exception applies (check mark)/Exception does not apply (red X).

· Description: Fixed role, Role can be modified, but not deleted or <User specified>.


41







Initially, four built-in Roles exist:

· Full Control: Allows all available Guest actions. Fixed Role that can be neither modified nor deleted.

· No Access: Allows no Guest actions. Fixed Role that can be neither modified nor deleted.

· Standard Role: Allows selected Guest actions (initially Remote control (view), Request chat andReceive files from Host). Role can be modified but not deleted.

· Unassigned Hosts' Role: Will apply if no Role is assigned between existing Security Databaserecords of a Guest selection and a Host selection. Allows selected Guest actions (initially none). Rolecan be modified but not deleted.

Manage Roles from the Records Menu Role submenu:

- or from the matching Role Records Pane context menu:


· New

· Edit

· Delete

2.4.2.2.1 New

Select the Role menu New command, click the Toolbar New Role button with a padlock or press F9 toshow this window:


42

It specifies a Role record.

Name: []: This field will contain the Role name.

Description: []: This field can contain a Role description that will be shown in the Role Records PaneDescription column.

Allow: Check a box to allow the action to a Guest connected to a Host. Uncheck to not allow. Remotecontrol sub-action check boxes will be enabled only if the Remote Control (View) box is checked. Ifmultiple Role Assignments apply, an action being allowed in any applicable Role Assignment willoverride this action not being allowed in other applicable Role Assignments.


43

Deny: Check a box to deny the action to a Guest connected to a Host. Uncheck to not deny. Remotecontrol sub-action check boxes will be enabled only if the Remote Control (View) box is unchecked. Ifmultiple Role Assignments apply, an action being denied in any applicable Role Assignment will overridethis action being allowed in other applicable Role Assignments.

Confirm Access: In addition to the Allow and Deny options you can select the Enable check box toenable Confirm Access for the role. This means that a user on the Host side of a remote control sessionmust confirm access. When you select the Enable check box, the below listed exceptions becomeavailable for selection, so that optionally you can modify Enable - Confirm Access. You can selectConfirm Access - Except when - Computer locked, No user logged on, and/or Guest user logged on(same user logged on on both sides).

However, you might belong to various user groups with different roles. The rights of all roles that youbelong to will apply in combination. If the Confirm Access - Even if - Computer locked, No user loggedon and/or Guest user logged on options are set in this role, these options will then override the Exceptwhen options in all other roles.

If you are for instance an enterprise administrator you want to be able to carry out your work without Confirm Access. To override any roles that involve Confirm Access, you can select the Force disablecheck box.

Note: View the applicable Role of a Guest with a Host in the Who May Remote Control Whom(Accessible Hosts) and Who May Remote Control Whom (Permitted Guests) windows.

Click OK to close the window to create the Role record in the Role Records Pane.

2.4.2.2.2 Edit

Select a Role record and select the Role menu Edit command, click the Toolbar Edit Selected button,press CTRL+E or double-click a Role record to show its properties in the Netop Security Role window toedit them.

Note: You cannot edit the built-in Role records Full Control and No Access. Role Assignments willapply the edited properties of an edited Role record.

2.4.2.2.3 Delete

Select Role records and select the Role menu Delete command, click the Toolbar Delete Selectedbutton or press CTRL+D to show a confirmation window to confirm deleting them.

Note: You cannot delete the built-in Role records Full Control, No Access, Standard Role andUnassigned Hosts’ Role. Role Assignments that use a deleted Role record will be deleted.

2.4.2.3 Security Policies

Select the Selection Pane Security Settings branch Security Policies command to show this RecordsPane:



44

It will show Security Policies as named icons or table records. The Details selection will show tablerecords in a table with these column contents:

· Parameter: Security Policy icon and name/description.

· Setting: (Icon and) value.

Table controls are explained in Table Control. You cannot sort records.

To manage a Security Policy, double-click its record to show the matching window as explained inthese sections:

· Security Server Group Name

· Security Server List

· Preferred Guest Type

· Preferred Host Type

· Logging Options

Note: To adopt Security Policy changes, Netop Security Servers must log off from and on to theSecurity Database.

2.4.2.3.1 Security Server Group Name

Select this Security Policies record:

and click the Toolbar Edit Selected button, press CTRL+E or double-click the record to show thiswindow:

It specifies a security server group private Group name and public Group ID.

Note: A similar window is shown in the Security Database Wizard.


45

Group name (private) []: By default, Netop is specified in this field. Characters will show as dots orasterisks. For a working security database, you should specify another private Group name that shouldbe known only among Netop Security Management administrators.

Confirm group name []: Re-specify in this field the private Group name for confirmation.

Group ID (public) []: This field will show the 32-digit hexadecimal checksum generated from the privateGroup name. This is the Group ID that must be specified on Hosts that use this security server group.

Note: From this window or from the Security Database Wizard Security Server Group Name window,you can copy the public Group ID to make it available to Hosts. If the private Group name andconsequently the public Group ID is changed, Hosts that use this security server group must changetheir specified Group ID accordingly.

2.4.2.3.2 Security Server List



It specifies security server group members and Netop Access Server compatibility.


The pane will show records of the security server group Netop Security Servers in a table with thesecolumn contents:

· Servers: Host icon and Netop Security Server Host ID.

· Running: Security server status: Question mark: Unknown, Check mark: Logged on to the securitydatabase, Red dot with white X: Not logged on to the security database.

· Answer Access Server 6.5 Requests: Traffic light icon and Yes if Netop Access Server compatible, No


46

if not Netop Access Server compatible.

· Access Server Key: Access Server key (authentication key) of a Netop Access Server compatibleNetop Security Server.


[] Add: The field will initially show the Netop Security Manager computer name. Specify in the field theHost ID of a Netop Security Server that shall be a member of the group and click Add to add its record inthe pane.

Remove: Select a record in the pane and click this button to remove it.

Edit: Select a record in the pane and click this button to show this window:

It enables Netop Access Server compatibility.

¨ Enable Netop 6.5 Access Server compatibility: Check this box to enable Netop Access Servercompatibility.

Note: Netop Access Server compatibility is required only if Hosts of a version lower than 7.0 must besupported by Netop Security Management.

Access Server Key []: Specify in this field the Access Server Key (authentication key) that this NetopSecurity Server shall use for authenticating Netop Access Server users.

2.4.2.3.3 Preferred Guest Type




47

It has a Preferred Guest Type tab and a Smart Card tab.

Preferred Guest Type Tab

This tab specifies the type of logon credentials that Hosts shall request from connecting Guests if theycan.

Note: A window with the same contents is shown in the Security Database Wizard.


¤ Guests enter Windows user name and password: Hosts shall request Windows credentials (Username, Password, Domain) if they can (default selection).

¡ Guests enter Netop Guest ID and password: Hosts shall request Netop credentials (Guest ID,Password).

¡ Guests enter RSA SecurID user name and PASSCODE: Hosts shall request RSA SecurIDcredentials (User Name, (Password), PASSCODE) if they can.

¡ Guests enter Directory Services user name and password: Hosts shall request directory servicescredentials (User Name, Password, Directory Server) if they can.



48

· Typically, leave the default Windows credentials selection to generally base Role Assignments onGuest Windows Definitions.

· Select Netop credentials to generally base Role Assignments on Guest Netop Definitions.

· Select RSA SecurID credentials to generally base Role Assignments on Guest RSA SecurIDDefinitions.

· Select Directory Services credentials to generally base Role Assignments on Guest DirectoryServices Definitions.

Older version Hosts that do not support Windows Definitions, RSA SecurID Definitions or DirectoryServices Definitions can request only Netop credentials. If Netop Security Management shall supportsuch Hosts, Role Assignments based on Guest Netop Definitions must be available in the SecurityDatabase.

Smart Card Tab

This tab specifies Guest Smart Card logon options.

Windows Security Management



49

¤ Never log on with Smart Card: Enable only credentials logon (default selection).

¡ Always log on with Smart Card: Enable only Smart Card logon.

¡ Allow both logon with Smart Card and credentials (name, password and domain): Enable credentialsand Smart Card logon.

Directory Services


¤ Never log on with Smart Card: Enable only credentials logon (default selection).

¡ Always log on with Smart Card: Enable only Smart Card logon.

¡ Allow both logon with Smart Card and credentials (name, password and directory server): Enablecredentials and Smart Card logon.


¤ Subject field: Retrieve the user identification from the subject field (default selection).

¡ Subject alternative name field (must be a User Principal Name (UPN)): Retrieve the user identificationfrom the alternative field.

Specify in the field the directory services attribute type name of the certificate field contents only ifdifferent from a user object distinguished name type.

2.4.2.3.4 Preferred Host Type




50

It specifies how Hosts shall identify themselves to Netop Security Server if they can.



¤ Windows user if one is logged on, otherwise workstation: If they can, Hosts shall identify themselvesby any logged on Windows User or if no user is logged on by the Host computer WindowsWorkstation (default selection).

¡ Always the workstation: If they can, Hosts shall always identify themselves by the Host computerWindows Workstation.

¡ Netop Host ID: Hosts shall identify themselves by their Netop Host ID.


· Typically, leave the default Windows user/Workstation selection to generally base Role Assignmentson Host Windows Definitions to enable applying different Roles if different users are logged on or nouser is logged on to the Host computer. A Host on which the user name is disabled will identify itselfby the Host computer Windows Workstation.

· Select Always the workstation to generally base Role Assignments on Host Windows Definitions toapply the same Role if a user is logged on to the Host computer or not.

· Select Netop Host ID to generally base Role Assignments on Host Netop Definitions.

Older version Hosts that do not support Windows Definitions will always identify themselves by theirNetop Host ID. If Netop Security Management shall support such Hosts, Role Assignments based ontheir Host Netop Definitions must be available in the Security Database.

2.4.2.3.5 Logging Options

Select one of these Security Policies records:



51

It specifies logging options.

Clean up log entries older than [] days: Specify in this field a number (default: 7) for the days after whichlog records shall be deleted.

Note: Specify 0 (zero) to not clean up logs automatically.

Clean up active session entries older than [] hours: Specify in this field a number (default: 4) for thehours after which Active Sessions records shall be deleted.

þ Run Scheduler: Uncheck this box to disable scheduling including cleanup and Scheduled Jobs(default: checked).

2.4.3 Logging

You can manage Logging records from the Records Menu Logging submenu:

- or from the Selection Pane Logging branch:


52

that include these commands:· Security Log· Netop Log· Active Sessions

Note: By default, the Selection Pane will show the Logging branch. You can hide and show it from theView Menu Logging command.

2.4.3.1 Security Log

Select the Selection Pane Logging branch Security Log command to show this Records Pane:


It will show security database actions as named icons or table records. The Details selection will showtable records with these column contents:

· Created: Action type icon and time stamp in format YYYY-MM-DD HH:MM:SS.

· CreatedBy: Creator Windows user or workstation name.

· Status: Check mark and Ok (success) or red dot with white X and Err <Number> (failure).

· Action: Action type description and number.

· Operand: Record type icon and description (question mark balloon and 0 if not a record).

· Operator: Question mark balloon and record number (0 if not a record).

· P1: Parameter 1 (action specification).


Manage Security Log records from the Records Menu Security Log submenu:


53

or from the matching Security Log Records Pane context menu:

Delete Older Than...: Select a Security Log record and select this command to show a confirmationwindow to confirm deleting records older than the selected record.

Clear Log: Select this command to show a confirmation window to confirm deleting all Security Logrecords.

Note: The log will be cleaned up automatically according to specified Logging Options.

2.4.3.2 Netop Log

Select the Selection Pane Logging branch Netop Log command to show this Records Pane:


It will show records of Netop events on Netop modules that log on a Netop Security Server that belongsto the Security Database Security Server group. Events can be shown as named icons or table records.The Details selection will show table records with these column contents:

· Created: Netop log icon and time stamp in format YYYY-MM-DD HH:MM.

· EventType: Event code.

· Host: Logging Netop module name.

· Description: Event arguments. Will show ??? if the event has no arguments.

· DtlError: Will show 0 as error logging is not implemented.


54

· ProtocolError: Will show 0 as error logging is not implemented.

· SerialNo: Logging Netop module event number.


Note: Netop event logging is explained in the User’s Guide Common Tools chapter Netop Log sectionand the matching Netop Guest Help and Netop Host Help sections.

Manage Netop Log records from the Records Menu Netop Log submenu:

or from the matching Netop Log Records Pane context menu:

Delete Older Than...: Select a Netop Log record and select this command to show a confirmationwindow to confirm deleting records older than the selected record.

Clear Log: Select this command to show a confirmation window to confirm deleting all Netop Logrecords.

Note: The log will be cleaned up automatically according to specified Logging Options.

2.4.3.3 Active Sessions

Select the Selection Pane Logging branch Active Sessions command to show this Records Pane:


It will show Active Sessions records based on Netop Log Host session event records.


55

Note: Active Sessions records will be shown only to the extent that Netop Hosts log session events ona Netop Security Server that belongs to the Security Database Security Server group. If Netop Hostsession event loggings are incomplete, Active Sessions records may be inaccurate.

Active Sessions can be shown as named icons or table records. The Details selection will show tablerecords with these column contents:

· Guest: Session type icon and Netop Log Description column value of a Netop Host session eventrecord.

· Host: Netop Log Host column value of a Netop Host session event record.

· SessionType: Session type name derived from the Netop Log Netop Host session event record.

· Started: Session start time stamp in format YYYY-MM-DD HH:MM:SS


Manage Active Sessions records from the Records Menu Active Sessions submenu:

or from the matching Active Sessions Records Pane context command:

Refresh: Select this command, press F5 or click the Filter and Fetching Bar Refresh button to retrievefresh Security Database data to refresh Active Sessions records.

Note: Active Sessions records will be refreshed automatically every ten seconds and will be cleaned upautomatically according to specified Logging Options.

2.4.4 Scheduling

You can manage Scheduling records from the Records Menu Scheduling submenu:

that contains this command:

· Jobs

You can also manage Scheduling records from the Selection Pane Scheduling branch:

that includes this matching command:


56

· Scheduled Jobs

Note: By default, the Selection Pane will show the Scheduling branch. You can hide and show it fromthe View Menu Logging command.

2.4.4.1 Scheduled Job

Select the Selection Pane Scheduling branch Scheduled Jobs command to show this Records Pane:


It will show Scheduled Job records that will enable a group record temporarily within a specified period,optionally according to a weekly schedule.

Scheduled Jobs can be shown as named icons or table records. The Details selection will show tablerecords with these column contents:

· Description: Scheduled Job icon and optionally a description.

· GroupID: Group type icon and name and group record ID column value.

· Domain: Group record Domain column value, if a Windows group.

· StartTime: Start time stamp in format YYYY-MM-DD HH:MM:SS.

· EndTime: End time stamp in format YYYY-MM-DD HH:MM:SS.

· Flags: Weekly schedule hexadecimal number.


· Created: Creation date stamp in format YYYY-MM-DD HH:MM:SS.


· Modified: Modification date stamp in format YYYY-MM-DD HH:MM:SS.



Manage Scheduled Job records from the Records Menu Jobs submenu:


57

or from the matching Scheduled Job Records Pane context menu:


· New

· Details

· Edit

· Delete

2.4.4.1.1 New

Select the Jobs menu New command, click the Toolbar New Scheduled Job button with a clock or pressF10 to run the Scheduled Job wizard to show this window:

This wizard will create a Scheduled Job record.

Wizard windows will show options to the left and specifications to the right. Suggested or completedspecifications will be shown in black text. User messages will be shown in blue text.


58

This window specifies an optional Scheduled Job description and selects a group type.

Description []: Optionally, specify in this field a Scheduled Job description that will be shown in theScheduled Job Records Pane Description column.


¤ Windows group: Create a Windows Group Scheduled Job (default selection).

¡ Guest ID group: Create a Netop Guest ID Group Scheduled Job.

¡ Host ID group: Create a Netop Host ID Group Scheduled Job.

If on a Windows 2000+ computer you select Windows group, the Windows Select Group window will beshown after clicking Next. When you have selected a Windows group, the Select <Type> Group windowwill be shown.

Otherwise, this window will be shown when you click Next:

It specifies a Scheduled Job group selection.

If a Windows group was selected in a Windows Select Group window, the disabled left drop-down boxfields and the right Windows group specification will show the domain and group name.

Otherwise, a drop-down box whose list contains available Security Database group record names will beshown to the left. Actively select a list name to show it in the field to specify it to the right immediatelyor after clicking Next.



59

It specifies a Scheduled Job start date and time and optionally a weekly schedule.


¤ Once on: Specify one date and time interval (default selection).

¡ Checked weekdays starting: Enable the Every section to specify a weekly schedule in a date andtime interval.

[<Date>]: Click the button of this drop-down box to show a calendar. Select a date in the calendar toshow it in the field or edit the date in the field (default: today).

[<Time>]: Select time elements and change them with the up/down buttons or edit the time in the field(default: 7:00:00 AM).

Every: Check weekday boxes to enable at the specified time on checked weekdays.



60

It specifies a Scheduled Job end date and time, if selected in a weekly schedule.

[<Date>]: Click the button of this drop-down box to show a calendar. Select a date in the calendar toshow it in the field or edit the date in the field (default: 28 days from today).

[<Time>]: Select time elements and change them with the up/down buttons or edit the time in the field(default: 6:00:00 PM).

Every: This section will be enabled if a weekly schedule was selected in the Start Date and Timewindow. Check weekdays to disable at the specified time on checked weekdays.

Note: Start Date and Time and End Time window checked weekdays must match. If a valid weeklyschedule has been created, a bar in a lower extension of the window will show it graphically. If yourselections are valid, the Finish button will be enabled.

Click Finish to end the wizard to create the specified Scheduled Job record.

2.4.4.1.2 Details

Select a Scheduled Job record and select the Scheduled Job menu Details command to show recordsof the individual Scheduled Job actions. The Details selection will show table records with these columncontents:

· ExecuteAt: Scheduled Job icon and time stamp in format YYYY-MM-DD HH:MM:SS.

· Action: Check mark 7: Enable or red dot with white X 8: Disable.

· Operand: Group record GroupName column value.

· Operator: If Windows group, group record RID column number. If Netop group, group record ID columnvalue.


61

· P1: Group record GroupName column name.

· P2: If Windows group, group record Domain column value.

· JobID: Scheduled Job record ID column value.




Right-click in the Records Pane and select Back or press CTRL+BACKSPACE to show unexpandedScheduled Job records.

2.4.4.1.3 Edit

Select a Scheduled Job record and select the Scheduled Job menu Edit command, click the ToolbarEdit Selected button, press CTRL+E or double-click a Scheduled Job record to show the recordproperties in the Scheduled Job wizard to edit them.

2.4.4.1.4 Delete

Select Scheduled Job records and select the Scheduled Job menu Delete command, click the ToolbarDelete Selected button or press CTRL+D to show a confirmation window to confirm deleting them.

2.4.5 Netop Definitions

You can manage Netop Definitions records from the Records Menu Netop Definitions submenu:

or from the Selection Pane Netop Definitions branch:

that include these commands:

· Netop Guest IDs

· Netop Guest ID Groups

· Netop Host IDs

· Netop Host ID Groups

· Netop Properties

Note: By default, the Selection Pane will not show the Netop Definitions branch. You can show and hideit from the View Menu Netop Definitions command. Using Netop Definitions, Netop SecurityManagement will identify a connecting Guest by the Netop Guest ID it specifies when logging on to theHost and a connected to Host by the Host ID specified on the Host.


62

2.4.5.1 Netop Guest ID

Click the Selection Pane Netop Definitions branch Guest IDs command to show this Records Pane:


It will show Netop Guest IDs as icons or table records. The Details selection will show table records withthese column contents:

· UserName: Netop Guest ID icon and name.


· Password: Yellow key and asterisks (password specified) or white key and No Password (nopassword specified)

· ForceChange: Check mark (Guest user must specify a new password at next logon) or nothing(password is OK).

· Callback: White phone and No callback (callback is not implemented in Netop SecurityManagement).


· PwdWrong: Number of wrong passwords in last logon attempt.

· PwdNum: Number of recent passwords that cannot be reused.

· PwdChanged: Last password change time stamp in format YYYY-MM-DD HH:MM:SS.

· PwdUsed: Last password use time stamp in format YYYY-MM-DD HH:MM:SS.

· Description: Optional Netop Guest ID description.






Manage Netop Guest ID records from the Records Menu Guest ID submenu:


63

or from the matching Netop Guest ID Records Pane context menu:


· New

· Edit

· Delete

· Accessible Hosts


64

2.4.5.1.1 New

Select the Netop Guest ID menu New command, click the Toolbar New Netop Guest ID button with aNetop Guest icon or press F3 to show this window:

Note: To show Toolbar Netop Definitions buttons, while the Selection Pane shows the Netop Definitionsbranch select the View Menu Large Toolbar or Small Toolbar command.

This window specifies a Netop Guest ID record. It has two tabs:

· General Tab

· Member Of Tab

General Tab

This tab specifies general Netop Guest ID record properties.

[<Netop Guest ID name>]: If creating a Netop Guest ID record, replace the default NEW GUEST ID fieldcontents by the name by which the record Guest shall identify itself. If editing a Netop Guest ID record,you can edit the Netop Guest ID name.

Description []: Optionally, specify in this field a description that will be shown in the Netop Guest IDRecords Pane Details show Description column.

Callback Number []: This field will be disabled as callback options are currently not implemented inNetop Security Management.

Callback Mode

¤ No callback: This option will always be selected to apply no callback.


65

Status

¨ Record is disabled: Check this box to disable the record (default: unchecked).


Password

This section specifies Netop password properties.

Password []: If creating a Netop Guest ID record, this field will be empty. Optionally, specify a password.Characters will showas dots or asterisks. If editing a Netop Guest ID record, this field will typically showdots or asterisks signifying that a password is specified. You can edit the password.

Confirm []: Re-specify in this field a new password for confirmation.

Note: Netop passwords must satisfy Netop Guest ID Password Properties.

þ Change at next logon: If creating a Netop Guest ID record, this box will be checked to request thatthe Guest user changes the password at next logon after which the box will become unchecked. Youcan uncheck and check the box.

Illegal count []: This disabled field will show the number of unsuccessful password attempts in the lastGuest logon.

History count []: This disabled field will show the number of used passwords that cannot be reused.

Last change []: This disabled field will show the last time the password was changed.

Last use []: This disabled field will show the last time the password was used.

Member Of Tab

This tab specifies the Netop Guest ID Group records of which this Netop Guest ID record is a member:


66

This tab specifies the Netop Guest ID Group records of which this Netop Guest ID record is a member:

The pane will show the names of Netop Guest ID Group records of which this Netop Guest ID record is amember (initially none).

Add...: Click this button to show this window:


67

It adds this Netop Guest ID record as a member of Netop Guest ID Group records.

The pane will show the names of Netop Guest ID Group records of which this Netop Guest ID recordis not a member.

Select in the pane Netop Guest ID Group record names and click OK to close the window to add thisNetop Guest ID record as a member of selected Netop Guest ID Group records.

Remove: Select Netop Guest ID Group record names in the pane and click this button to remove thisNetop Guest ID record as a member of selected Netop Guest ID Group records.

2.4.5.1.2 Edit

Select a Netop Guest ID record and select the Netop Guest ID menu Edit command, click the ToolbarEdit Selected button, press CTRL+E or double-click a Netop Guest ID record to show its properties inthe Netop Guest ID window to edit them.

Note: Role Assignments will apply the edited properties of an edited Guest or Host selection record.

2.4.5.1.3 Delete

Select Netop Guest ID records and select the Netop Guest ID menu Delete command, click the ToolbarDelete Selected button or press CTRL+D to show a confirmation window to confirm deleting them.

Note: Role Assignment records that use a deleted Guest or Host selection record will be deleted.

2.4.5.1.4 Accessible Hosts

Select a Netop Guest ID record and select the Netop Guest ID menu Accessible Hosts command toshow the Who May Remote Control Whom (Accessible Hosts) window.


68

2.4.5.2 Netop Guest ID Group

Click the Selection Pane Netop Definitions branch Guest ID Groups command to show this RecordsPane:


It will show Netop Guest ID Groups as icons or table records. The Details selection will show tablerecords with these column contents:

· GroupName: Netop Guest ID Group icon and name.


· Description: Optional Netop Guest ID Group description.







Manage Netop Guest ID Group records from the Records Menu Guest ID Group submenu:

- or from the matching Netop Guest ID Group Records Pane context menu:


69


· New

· Edit

· Delete

· Members

2.4.5.2.1 New

Select the Netop Guest ID Group menu New command, click the Toolbar New Netop Guest ID Groupbutton with a double Netop Guest icon or press F4 to show this window:


This window specifies a Netop Guest ID Group record.

[<Netop Guest ID Group name>]: If creating a Netop Guest ID Group record, replace the default NEWNETOP GUEST ID GROUP field contents by the desired group name. If editing a Netop Guest ID Grouprecord, you can edit the Netop Guest ID Group name.

Description []: Optionally, specify in this field a description that will be shown in the Netop Guest IDGroup Records Pane Details show Description column.

¨ Record is Disabled: Check this box to disable the record (default: unchecked).

Note: Enabled group member records will remain enabled. Netop Security Management will not usea Role Assignment record that uses a disabled Guest or Host selection record.

2.4.5.2.2 Edit

Select a Netop Guest ID Group record and select the Netop Guest ID Group menu Edit command, clickthe Toolbar Edit Selected button, press CTRL+E or double-click a Netop Guest ID Group record to showits properties in the Netop Group window to edit them.



70

2.4.5.2.3 Delete

Select Netop Guest ID Group records and select the Netop Guest ID Group menu Delete command,click the Toolbar Delete Selected button or press CTRL+D to show a confirmation window to confirmdeleting them.

Note: Group member records will not be deleted. Role Assignments that use a deleted Guest or Hostselection record will be deleted.

2.4.5.2.4 Members

Select a Netop Guest ID Group record and select the Netop Guest ID Group menu Members commandto show this window:

It manages Netop Guest ID Group record Netop Guest ID record members.

The title bar will show the Netop Guest ID Group name.

The pane will show Netop Guest ID Group record Netop Guest ID record member icons and names.

Add: Click this button to show this window:


71

It adds Netop Guest ID record members to the selected Netop Guest ID Group record.

The title bar will show the Netop Guest ID Group name.

The pane will show icons and names of Netop Guest ID records that are not members of the NetopGuest ID Group record.

Select in the pane Netop Guest ID records and click OK to add them as members of the Netop GuestID Group record.

Remove: Select in the pane Netop Guest ID records and click this button to remove them as membersof the Netop Guest ID Group record.


72

2.4.5.3 Netop Host ID

Click the Selection Pane Netop Definitions branch Host IDs command to show this Records Pane:


It will show Netop Host IDs as named icons or table records. The Details selection will show tablerecords with these column contents:

· HostName: Netop Host ID icon and name.



· Description: Optional Netop Host ID description.






Manage Netop Host ID records from the Records Menu Host ID submenu:

- or from the matching Netop Host ID Records Pane context menu:


73


· New

· Edit

· Delete

· Permitted Guests

2.4.5.3.1 New

Select the Netop Host ID menu New command, click the Toolbar New Netop Host ID button with a NetopHost icon or press F6 to show this window:


This window specifies a Netop Host ID record. It has two tabs:

· General Tab

· Member Of Tab

General Tab


74

This tab specifies general Netop Host ID record properties.

[<Netop Host ID name>]: If creating a Netop Host ID record, replace the default NEW HOST ID fieldcontents by the Host ID by which the record Host will identify itself to Netop Security Server. If editing a Netop Host ID record, you can edit the Netop Host ID name.

Description []: Optionally, specify in this field a description that will be shown in the Netop Host IDRecords Pane Details view Description column.



Member Of Tab

The functionality of this tab is similar to the functionality of the Netop Guest ID window Member Of tab.

2.4.5.3.2 Edit

Select a Netop Host ID record and select the Netop Host ID menu Edit command, click the Toolbar EditSelected button, press CTRL+E or double-click a Netop Host ID record to show its properties in theNetop Host ID window to edit them.


2.4.5.3.3 Delete

Select Netop Host ID records and select the Netop Host ID menu Delete command, click the ToolbarDelete Selected button or press CTRL+D to show a confirmation window to confirm deleting them.


2.4.5.3.4 Permitted Guests

Select a Netop Host ID record and select the Netop Host ID menu Permitted Guests command to showthe Who May Remote Control Whom (Permitted Guests) window.

2.4.5.4 Netop Host ID Group

Click the Selection Pane Netop Definitions branch Host ID Groups command to show this RecordsPane:



75

It will show Netop Host ID Groups as named icons or table records. The Details selection will show tablerecords with these column contents:

· GroupName: Netop Host ID Group icon and name.


· Description: Optional Netop Host ID Group description.







Note: A default Netop Host ID Group named Unregistered Host IDs with ID = 0 will not be shown in thepane. This group that is included for Netop Access Server compatibility enables an old version AccessServer enabled Netop Host for which no Netop Host ID record exists to use an Access Server enabledNetop Security Server. You can create Role Assignments with this Netop Host ID Group only with NetopGuest ID and Netop Guest ID Group records. You should not use this Netop Host ID Group for any otherpurpose than importing an old version Netop Access Server setup, see AMPLUS.EXE.

Manage Netop Host ID Group records from the Records Menu Host ID Group submenu:

- or from the matching Netop Host ID Group Records Pane context menu:


· New

· Edit

· Delete

· Members

2.4.5.4.1 New

Select the Netop Host ID Group menu New command, click the Toolbar New Netop Host ID Groupbutton with a double Netop Host icon or press F7 to show the Netop Group window whose functionalityis similar with Netop Guest ID Groups and Netop Host ID Groups.

Note: To show Toolbar Netop Definitions buttons, while the Selection Pane shows the Netop Definitions


76

branch select the View Menu Large Toolbar or Small Toolbar command.

2.4.5.4.2 Edit

Select a Netop Host ID Group record and select the Netop Host ID Group menu Edit command, clickthe Toolbar Edit Selected button, press CTRL+E or double-click a Netop Host ID Group record to showits properties in the Netop Group window to edit them.


2.4.5.4.3 Delete

Select Netop Host ID Group records and select the Netop Host ID Group menu Delete command, clickthe Toolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.


2.4.5.4.4 Members

Select a Netop Host ID Group record and select the Netop Host ID Group menu Members command toshow the Netop Group Members window whose functionality is similar with Netop Guest ID Groups andNetop Host ID Groups.

2.4.5.5 Netop Properties

Click the Selection Pane Netop Definitions branch Netop Properties element to show this Records Pane:


It will show Netop Properties as named icons or table records. The Details selection will show tablerecords with these column contents:

· Property: Key icon and property description.

· Setting: Property value.





Table controls are explained in Table Control. You cannot sort records.

Manage Netop Properties records from the Records Menu Netop Properties submenu:


77

- or from the matching Netop Properties Records Pane context command:

Select this command, click the Toolbar Edit Selected button, press CTRL+E or double-click any NetopProperties record to show this window:

It specifies Netop password properties.

Netop password syntax

Minimum password length (0-16) []: Specify in the field a number in the range for the minimum number ofcharacters in the password (default: 0).

Password history length (0-10) []: Specify in the field a number in the range for the number of recentpasswords that cannot be reused (default: 0).

¨ Must begin and end with a character and include a digit: Check this box to require that the passwordbegins and ends with a letter character and includes a numeral character (default: unchecked).

Note: If password syntax requirements are increased, current passwords that do not satisfy theincreased requirements will remain valid until changed.


78

Netop password lifetime

Password lifetime (0-99 days, 0=infinite) []: Specify in the field a number in the range for the maximumnumber of days the password can be used before it must be changed (default: 0).

Lock accounts if not used for (0-99 days, 0=infinite) []: Specify in the field a number in the range for thenumber of days after which a Netop Guest ID record will be disabled if not used (default: 0).

Lock accounts after password failures (0-10, 0=never) []: Specify in the field a number in the range forthe number of unsuccessful password attempts after which the Netop Guest ID record will be disabled(default: 0).

2.4.6 Windows Definitions

You can manage Windows Definitions records from the Records Menu Windows Definitions submenu:

- or from the Selection Pane Windows Definitions branch:

that include these commands:· Windows User· Windows Group· Windows Workstation· Windows Workstation Group· Windows Domain

Note: By default, the Selection Pane will show the Windows Definitions branch. You can hide and showit from the View Menu Windows Definitions command. Using Windows Definitions, Netop SecurityManagement will identify a connecting Guest by the Windows User name it specifies when logging on tothe Host and a connected to Host by its computer Windows logon user name if it identifies itself as auser or by its Windows computer name if it identifies itself as a workstation, see Preferred Host Type.


79

2.4.6.1 Windows User

Select the Selection Pane Windows Definitions branch Users element to show this Records Pane:


It will show Windows Users as named icons or table records. The Details selection will show tablerecords in a table with these column contents:

· RID: Windows User icon and Windows relative identifier number.

· UserName: Windows User name.

· Domain: Windows User domain name.








Manage Windows User records from the Records Menu Windows User submenu:

- or from the matching Windows User Records Pane context menu:


80


· New

· Edit

· Delete

· Accessible Hosts

· Permitted Guests

Note: To create Role Assignments with domain Windows Users, records do not need to exist in theWindows User Records Pane if the Netop Security Manager computer is connected to the WindowsUser domain network.

2.4.6.1.1 New

Select the Windows User menu New command to create Windows User records.

If Netop Security Manager runs on a Windows 2000+ computer, the Windows Select User window willbe shown to select a user to create a Windows User record.

If Netop Security Manager runs on another Windows computer, this window will be shown:

It creates Windows User records.

Domain []: The list of this drop-down box will contain the names of Windows domains recognized by theNetop Security Manager computer. Select a name in the list to show it in the field.

Username []: The list of this drop-down box will contain the names of users in the Windows domain


81

selected in the Domain drop-down box. Select a name in the list to show it in the field.

¨ Record is disabled: Check this box to disable created records (default: unchecked).


Insert Selected: Click this button to create a Windows User record of the user selected in the Usernamedrop-down box.

Insert All Users: Click this button to create Windows User records of all users in the Windows domainselected in the Domain drop-down box.

2.4.6.1.2 Edit

Select a Windows User record and select the Windows User menu Edit command, click the ToolbarEdit Selected button, press CTRL+E or double-click a Windows User record to show this window:

It enables editing the properties of the selected Windows User record.

Domain []: This disabled field will show the Windows User record Domain column value.

Username []: This disabled field will show the Windows User record UserName column value.



2.4.6.1.3 Delete

Select Windows User records and select the Windows User menu Delete command, click the ToolbarDelete Selected button or press CTRL+D to show a confirmation window to confirm deleting them.



82


Select a Windows User, Netop Guest ID, RSA SecurID User or Directory Services User record andselect the matching menu Accessible Hosts command to show this window:

Note: To show this window for an individual selection for which Role Assignments are available only withgroup records, create the individual selection record manually.

It will show the Role Assignments of an individual Guest selection record (Windows User, Netop GuestID, RSA SecurID User or Directory Services User) and its applicable Role rights with any individual Hostselection record (Windows User, Windows Workstation or Netop Host ID) with which Role Assignmentsexist in the security database.

The left pane will show a tree structure with check marked named branches of the selected Guestselection record and the groups of which it is a member. A [+] button indicates that Role Assignmentsexist in the branch. Click a [+] button, press the right arrow key or double-click the branch name toexpand a branch. Click a [-] button, press the left arrow key or double-click the branch name to collapsea branch. You can move the selection with the up/down arrow keys.

You can expand groups into their individual Host selection records. A fully expanded branch will showicons and names of individual Host selection records with which Role Assignments exist in the securitydatabase.

Select an individual Host selection record to show in the right pane the applicable Role rights of theselected Guest selection record with this Host selection record. Right pane icons and abbreviations areexplained in Role.


83


Select a Windows User, Windows Workstation or Netop Host ID record and select the matching menuPermitted Guests command to show this window:

Note: To show this window for an individual selection for which Role Assignments are available only withgroup records, create the individual selection record manually.

It will show the Role Assignments of an individual Host selection record (Windows User, WindowsWorkstation or Netop Host ID) and the applicable Role rights of any individual Guest selection record (Windows User, Netop Guest ID, RSA SecurID User or Directory Services User) with which RoleAssignments exist in the security database.

The left pane will show a tree structure with check marked named branches of the selected Hostselection record and the groups of which it is a member. A [+] button indicates that Role Assignmentsexist in the branch. Click a [+] button, press the right arrow key or double-click the branch name toexpand a branch. Click a [-] button, press the left arrow key or double-click the branch name to collapsea branch. You can move the selection with the up/down arrow keys.

You can expand groups into their individual Guest selection records. A fully expanded branch will showicons and names of individual Guest selection records with which Role Assignments exist.

Select an individual Guest selection record to show in the right pane the applicable Role rights of thisGuest record with the selected Host selection record. Right pane icons and abbreviations are explainedin Role.


84

2.4.6.2 Windows Group

Select the Selection Pane Windows Definitions branch Groups command to show this Records Pane:


It will show Windows Groups as named icons or table records. The Details selection will show tablerecords with these column contents:

· RID: Windows Group icon and Windows relative identifier number.

· GroupName: Windows Group name.

· Domain: Windows Group domain name.








Manage Windows Group records from the Records Menu Windows Group submenu:

- or from the matching Windows Group Records Pane context menu:


85


· New

· Edit

· Delete

Note: To create Role Assignments with domain Windows Groups, records do not need to exist in theWindows Group Records Pane if the Netop Security Manager computer is connected to the domainnetwork.

2.4.6.2.1 New

Select the Windows Group menu New command to create Windows Group records.

If Netop Security Manager runs on a Windows 2000+ computer, the Windows Select Group window willbe shown to select a user group to create a Windows Group record.


It creates Windows Group records.


Group []: The list of this drop-down box will contain the names of groups in the Windows domainselected in the Domain drop-down box. Select a user group name in the list to show it in the field.



Insert Selected: Click this button to create a Windows Group record of the group selected in the Groupdrop-down box.


86

Insert All Groups: Click this button to create Windows Group records of all groups in the domainselected in the Domain drop-down box.

2.4.6.2.2 Edit

Select a Windows Group record and select the Windows Group menu Edit command, click the ToolbarEdit Selected button, press CTRL+E or double-click a Windows Group record to show this window:

It enables editing the properties of the selected Windows Group record.

Domain []: This disabled field will show the Windows Group record Domain column value.

Group []: This disabled field will show the Windows Group record GroupName column value.



2.4.6.2.3 Delete

Select Windows Group records and select the Windows Group menu Delete command, click theToolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingrecords.



87

2.4.6.3 Windows Workstation

Select the Selection Pane Windows Definitions branch Workstations command to show this RecordsPane:


It will show Windows Workstations as named icons or table records. The Details selection will showtable records with these column contents:

· ComputerName: Windows Workstation icon and Windows computer name.

· Domain: Windows Workstation domain name.



· Created: Creation time stamp in format YYYY-MM-DD HH:MM:SS


· Modified: Modification time stamp in format YYYY-MM-DD HH:MM:SS



Manage Windows Workstation records from the Records Menu Workstation submenu:

- or from the matching Windows Workstation Records Pane context menu:


88


· New

· Edit

· Delete

· Permitted Guests

Note: To create Role Assignments with domain Windows computers, records do not need to exist inthe Windows Workstation Records Pane if the Netop Security Manager computer is connected to thedomain network.

2.4.6.3.1 New

Select the Windows Workstation menu New command to create Windows Workstation records.

If Netop Security Manager runs on a Windows 2000+ computer, the Windows Select Computer windowwill be shown to select a Windows computer to create a record of it in the Windows WorkstationRecords Pane.


It creates Windows Workstation records.


Workstation []: The list of this drop-down box will contain the names of computers in the Windowsdomain selected in the Domain drop-down box. Select a name in the list to show it in the field.




89

Insert Selected: Click this button to create a Windows Workstation record of the workstation selected inthe Workstation drop-down box.

Insert All: Click this button to create Windows Workstation records of all computers in the domainselected in the Domain drop-down box.

2.4.6.3.2 Edit

Select a Windows Workstation record and select the Windows Workstation menu Edit command, clickthe Toolbar Edit Selected button, press CTRL+E or double-click a Windows Workstation record to showthis window:

It enables editing the properties of the selected Windows Workstation record.

Domain []: This disabled field will show the Windows Workstation record Domain column value.

Workstation []: This disabled field will show the Windows Workstation record ComputerName columnvalue.

Member of []: This disabled pane will show the Windows Workstation Group records of which theselected Windows Workstation record is a member.



2.4.6.3.3 Delete

Select Windows Workstation records and select the Windows Workstation menu Delete command,click the Toolbar Delete Selected button or press CTRL+D to show a confirmation window to confirmdeleting records.



Select a Windows Workstation record and select the Windows Workstation menu Permitted Guestscommand to show the Who May Remote Control Whom (Permitted Guests) window.


90

2.4.6.4 Windows Workstation Group

Select the Selection Pane Windows Definitions branch Workstation Groups command to show thisRecords Pane:


It will show Windows Workstation Groups as named icons or table records. The Details selection willshow table records with these column contents:

· GroupName: Windows Workstation Group icon and name.

· Domain: Windows Workstation Group domain name.








Manage Windows Workstation Group records from the Records Menu Workstation Group submenu:

- or from the matching Windows Workstation Group Records Pane context menu:


91


· New

· Edit

· Delete

· Members

Note: To create Role Assignments with domain Windows computer groups, records do not need to existin the Windows Workstation Group Records Pane if the Netop Security Manager computer is connectedto the domain network. However, Windows Workstation Group records will initially have no WindowsWorkstation record Members.

2.4.6.4.1 New

Select the Windows Workstation Group menu New command to create Windows Workstation Grouprecords.

If Netop Security Manager runs on a Windows 2000+ computer, the Windows Select Group window willbe shown to select a computer group to create a Windows Workstation Group record.


It creates Windows Workstation Group records.


Group []: The list of this drop-down box will contain the names of groups in the Windows domainselected in the Domain drop-down box. Select a group name in the list to show it in the field.



92


Insert Selected: Click this button to create a Windows Workstation Group record of the computer groupselected in the Group drop-down box.

Insert All Groups: Click this button to create Windows Workstation Group records of all groups in thedomain selected in the Domain drop-down box.

Note: A Windows Workstation Group record will initially have no Windows Workstation recordmembers. You can add members from the Members command.

2.4.6.4.2 Edit

Select a Windows Workstation Group record and select the Windows Workstation Group menu Editcommand, click the Toolbar Edit Selected button, press CTRL+E or double-click a WindowsWorkstation Group record to show this window::

It enables editing the properties of the selected Windows Workstation Group record.

Domain []: This disabled field will show the Windows Workstation Group record Domain column value.

Group []: This disabled field will show the Windows Workstation Group record GroupName column value.



2.4.6.4.3 Delete

Select Windows Workstation Group records and select the Windows Workstation Group menu Deletecommand, click the Toolbar Delete Selected button or press CTRL+D to show a confirmation window toconfirm deleting them.



93

2.4.6.4.4 Members

Select a Windows Workstation Group record and select the Windows Workstation Group menuMembers command to showthis window:

It manages Windows Workstation Group record Windows Workstation record members.

The title bar will show the selected Windows Workstation Group record GroupName and Domain columnvalues.

The pane will show Windows Workstation record members identified by their ComputerName andDomain column values.



94

It adds domain computers as members of the selected Windows Workstation Group record.

The title bar will show the selected Windows Workstation Group record GroupName and Domaincolumn values.

The left pane will shows icons and names of domains recognized by the Netop Security Managercomputer. Select a domain to show its computers in the right pane.

Select domain computers and click OK to close the window to add selected computers as membersof the Windows Workstation Group record.

Note: If Windows Workstation records of computers added as members of a Windows WorkstationGroup do not exist in the Security Database, they will be created.

Remove: Select Windows Workstation records in the pane and click this button to remove them asmembers of the selected Windows Workstation Group record.


95

2.4.6.5 Windows Domain

Select the Selection Pane Windows Definitions branch Domains command to show this Records Pane:


It will show Windows Domains as icons or table records. The Details selection will show table recordswith these column contents:

· DomainName: Windows Domain icon and name.








Manage Windows Domain records from the Records Menu Domain submenu:

- or from the matching Windows Domain Records Pane context menu:


96


· New

· Edit

· Delete

Note: To create Role Assignments with Windows domains, records do not need to exist in the WindowsDomain Records Pane if the Netop Security Manager computer is connected to the domain network.

2.4.6.5.1 New

Select the Windows Domain menu New command to show this window:

It creates Windows Domain records.

Domain []: The list of this drop-down box will contain the names of Windows domains recognized by theNetop Security Manager computer. Select one to show it in the drop-down box field.



Insert Selected: Click this button to create a Windows Domain record of the domain selected in theDomain drop-down box.

Insert All Domains: Click this button to create Windows Domain records of all domains in the Domaindrop-down box list.


97

2.4.6.5.2 Edit

Select a Windows Domain record and select the Windows Domain menu Edit command, click theToolbar Edit Selected button, press CTRL+E or double-click a Windows Domain record to show thiswindow:

It enables editing the properties of the selected Windows Domain record.

Domain []: This disabled field will show the selected Windows Domain record DomainName columnvalue.


Note: Enabled domain Windows Workstation records will remain enabled. Netop SecurityManagement will not use a Role Assignment record that uses a disabled Guest or Host selectionrecord.

2.4.6.5.3 Delete

Select Windows Domain records and select the Windows Domain menu Delete command, click theToolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.

Note: Domain Windows Workstation records will not be deleted. Role Assignments that use a deletedGuest or Host selection record will be deleted.

2.4.7 RSA SecurID Definitions

You can manage RSA SecurID Definitions records from the Records Menu RSA SecurID Definitionssubmenu:

- or from the Selection Pane RSA SecurID Definitions branch:


98

that include these commands:

· RSA SecurID Users

· RSA SecurID Groups

· RSA SecurID Properties

Note: By default, the Selection Pane will not show the RSA SecurID Definitions branch. You can showand hide it from the View Menu RSA SecurID Definitions command. Using RSA SecurID Definitions,Netop Security Management will identify a connecting Guest by the RSA SecurID User name itspecifies when logging on to the Host.

2.4.7.1 RSA SecurID User

Select the Selection Pane RSA SecurID Definitions branch RSA SecurID Users command to show thisRecords Pane:


It will show RSA SecurID Users as named icons or table records. The Details selection will show tablerecords with these column contents:

· UserName: RSA SecurID User icon and name.








Manage RSA SecurID User records from the Records Menu RSA SecurID User submenu:


99

or from the matching RSA SecurID User Records Pane context menu:


· New

· Edit

· Delete

· Accessible Hosts

2.4.7.1.1 New

Select the RSA SecurID User menu New command to show this window:

It creates or edits an RSA SecurID User record.

Name []: Specify in this field the RSA SecurID User name. It will become the RSA SecurID User recordUserName column name.



100


2.4.7.1.2 Edit

Select an RSA SecurID User record and select the RSA SecurID User menu Edit command, click theToolbar Edit Selected button, press CTRL+E or double-click an RSA SecurID User record to show itsproperties in the RSA SecurID User window to edit them.


2.4.7.1.3 Delete

Select RSA SecurID User records and select the RSA SecurID User menu Delete command, click theToolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.



Select an RSA SecurID User record and select this command to show the Who May Remote ControlWhom (Accessible Hosts) window.

2.4.7.2 RSA SecurID Group

Select the Selection Pane RSA SecurID Definitions branch RSA SecurID Groups command to showthis Records Pane:


It will show RSA SecurID Groups as named icons or table records. The Details selection will show tablerecords with these column contents:

· GroupName: RSA SecurID Group icon and name.








101


Note: A built-in RSA SecurID Group named All RSA SecurID Users with ID = 0 will not be shown in thepane.

Manage RSA SecurID Group records from the Records Menu RSA SecurID Group submenu:

- or from the matching RSA SecurID Group Records Pane context menu:


· New

· Edit

· Delete

· Members

Note: Initially, an RSA SecurID Group record will have no RSA SecurID User record members. Addmembers from the Members command.


102

2.4.7.2.1 New

Select the RSA SecurID Group menu New command to show this window:

It creates or edits an RSA SecurID Group record.

Group []: Specify in this field the RSA SecurID Group name. It will become the RSA SecurID Grouprecord GroupName column name.



2.4.7.2.2 Edit

Select an RSA SecurID Group record and select the RSA SecurID Group menu Edit command, clickthe Toolbar Edit Selected button, press CTRL+E or double-click an RSA SecurID Group record to showits properties in the RSA SecurID Group window to edit them.


2.4.7.2.3 Delete

Select RSA SecurID Group records and select the RSA SecurID Group menu Delete command, clickthe Toolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.



103

2.4.7.2.4 Members

Select an RSA SecurID Group record and select the RSA SecurID Group menu Members command toshow this window:

It manages RSA SecurID Group record RSA SecurID User record members.

The title bar will show the selected RSA SecurID Group record GroupName column name.

The pane will show RSA SecurID User record members identified by their UserName column name.



104

It adds RSA SecurID User record members to the selected RSA SecurID Group record.

The title bar will show the RSA SecurID Group GroupName column name.

The pane will show icons and names of RSA SecurID User records that are not members of the RSASecurID Group record.

Select in the pane RSA SecurID User records and click OK to add them as members of the RSASecurID Group record.

Remove: Select in the pane RSA SecurID User records and click this button to remove them asmembers of the RSA SecurID Group record.

2.4.7.3 RSA SecurID Properties

Select the Selection Pane RSA SecurID Definitions branch RSA SecurID Properties command to showthis Records Pane:

Note: By default, the Selection Pane will below the Netop Security Management root element showSecurity Settings, Logging, Scheduling and Windows Definitions branches in this order. Netop


105

Definitions, RSA SecurID Definitions and Directory Services Definitions branches will be hidden. Youcan hide/show branches by selecting View Menu branch name commands.

It will show one RSA SecurID Property as a named icon or a table record. The Details selection willshow one table record with these column contents:

· Property: RSA SecurID Property icon and Use shadow Netop passwords.

· Setting: 0 (disabled) or 1 (enabled).






Manage the RSA SecurID Property record from the Records Menu RSA SecurID Properties submenu:

or from the matching RSA SecurID Properties Records Pane context command:

Select this command or double-click the RSA SecurID Property record to show this window:

þ Enable Netop password checking for RSA SecurID users: Leave this box checked to request a Netoppassword in addition to the RSA SecurID user name and PASSCODE from a connecting Guest toapply triple-factor security (default: checked).

Note: To apply triple factor security authentication, create for each RSA SecurID User record a shadowNetop Guest ID record whose UserName column name is the RSA SecurID User record UserNamecolumn name to apply the Netop Guest ID record Password column value for additional RSA SecurIDUser authentication.


106

2.4.8 Directory Services Definitions

You can manage Directory Services Definitions records from the Records Menu Directory ServicesDefinitions submenu:

- or from the Selection Pane Directory Services Definitions branch:

that contain these commands:

· Directory Services Users

· Directory Services Groups

· Directory Services

Note: By default, the Selection Pane will not show the Directory Services Definitions branch. You canshow and hide it from the View Menu Directory Services Definitions command. Using Directory ServicesDefinitions, Netop Security Management will identify a connecting Guest by the Directory Services Username it specifies when logging on to the Host.

2.4.8.1 Directory Services User

Select the Selection Pane Directory Services Definitions branch Directory Services Users command toshow this Records Pane:


It will show Directory Services Users as named icons or table records. The Details selection will showtable records with these column contents:


107

· DN: Directory Services User icon and distinguished name.

· Service: Directory Service record ServiceName column value.








Manage Directory Services User records from the Records Menu Directory Services User submenu:

or from the matching Directory Services User Records Pane context menu:


· New

· Edit

· Delete

· Accessible Hosts

Note: To create Role Assignments with Directory Services Users, records do not need to exist in theDirectory Services Users Records Pane if the relevant directory service is specified in the DirectoryService Records Pane and is available.


108

2.4.8.1.1 New

Select the Directory Services User menu New command to show this window:

It creates Directory Services User records.

The pane will show users in available Directory Services. Select a user and click OK to create aDirectory Services User record.



2.4.8.1.2 Edit

Select a Directory Services User record and select the Directory Services User menu Edit command,click the Toolbar Edit Selected button, press CTRL+E or double-click a Directory Services User recordto show this window:


109

It enables editing the properties of the selected Directory Services User record.

Service Name []: This disabled field will show the Directory Services User record Service column value.

Name []: This disabled field will show the Directory Services User record DN column name.



2.4.8.1.3 Delete

Select Directory Services User records and select the Directory Services User menu Delete command,click the Toolbar Delete Selected button or press CTRL+D to show a confirmation window to confirmdeleting them.



Select a Directory Services User record and select this command to show the Who May Remote ControlWhom (Accessible Hosts) window.

2.4.8.2 Directory Services Group

Select the Selection Pane Directory Services Definitions branch Directory Services Groups command toshow this Records Pane:


110


It will show Directory Services Groups as named icons or table records. The Details selection will showtable records with these column contents:

· DN: Directory Services Group icon and distinguished name.

· Service: Directory Service record ServiceName column value.








Manage Directory Services Group records from the Records Menu Directory Services Group submenu:

or from the matching Directory Services Group Records Pane context menu:


· New

· Edit

· Delete

Note: To create Role Assignments with Directory Services Groups, records do not need to exist in theDirectory Services Group Records Pane if the relevant directory service is specified in the DirectoryService Records Pane and is available.


111

2.4.8.2.1 New

Select the Directory Services Group menu New command to show this window:

It creates Directory Services Group records.

The pane will show groups in available Directory Services. Select a group and click OK to create aDirectory Services Group record.



2.4.8.2.2 Edit

Select a Directory Services Group record and select the Directory Services Group menu Edit command,click the Toolbar Edit Selected button, press CTRL+E or double-click a Directory Services Group recordto show this window:


112

It enables editing the properties of the selected Directory Services Group record.

Service []: This disabled field will show the Directory Services Group record Service column value.

Name []: This disabled field will show the Directory Services Group record DN column name.



2.4.8.2.3 Delete

Select Directory Services Group records and select the Directory Services Group menu Deletecommand, click the Toolbar Delete Selected button or press CTRL+D to show a confirmation window toconfirm deleting them.


2.4.8.3 Directory Service

Select the Selection Pane Directory Services Definitions branch Directory Services element to showthis Records Pane:


It will show Directory Services as named icons or table records. The Details selection will show table


113

records with these column contents:


· ServiceName: Directory Service name.

· DnsName: Directory Server DNS name or IP address.


· Port: TCP/IP port number.

· SSL: Check mark (use secure connection) or red X (do not use secure connection).

· BaseDN: Base distinguished name.

· UserDN: Searching user distinguished name.

· Password: Searching user password shown as asterisks.

· UserSearchFilter: User search filter.

· UserAttribFilter: User attribute filter.

· UserBrowseFilter: User browse filter.

· GroupSearchFilter: Group search filter.

· GroupAttribFilter: Group attribute filter.

· GroupBrowseFilter: Group browse filter.

· OuSearchFilter: Organizational unit search filter.






Manage Directory Service records from the Records Menu Directory Service submenu:

or from the matching Directory Service Records Pane context menu:


· New


114

· Edit

· Delete

2.4.8.3.1 New

Select the Directory Service menu New command to run the Directory Service wizard to create aDirectory Service record. This window will be shown:

It specifies the Directory Service connection.

Address []: Specify in this field the Directory Service computer DNS name or IP address.

TCP/IP port number []: Specify in this field 389 for a standard LDAP connection or 686 for a secureLDAP connection (default: 389).

¨ Use a Secure Connection: Check this box to use a secure connection.

Base DN []: Specify in this field the distinguished name from which a search shall start.

Test: Click this button to test the connection to show a test result message.



115

It specifies Directory Service logon credentials.

¨ Anonymous bind: Check this box to disable the other fields to log on without credentials.

Note: If you log on without credentials, you can typically not search a Directory Service for user andgroup information.

User DN []: Specify in this field the distinguished name by which Netop Security Management shallsearch for user and group information.

Password []: Specify in this field the matching password. Characters will show as dots or asterisks.

Confirm []: Re-specify in this field the password for confirmation.

Test: Click this button to test Directory Service logon to show a test result message.



116

It specifies Directory Service filters that speed up the search for user and group information.

Click the Apply Default Values for Specific Service button to show this window:

The drop-down box list contains names of commonly used Directory Service types. Select a name in thelist to show it in the field (default: Microsoft Active Directory). Click OK to close the window to show thedefault filters of the selected Directory Service type in the Filters window fields. If selecting a DirectoryService type does not generate usable filters, specify or modify filters:

User search filter []: Specify in this field the user object class.

User attribute []: Specify in this field the user logon name attribute.

User browse filter []: Specify in this field the user and organizational unit object classes.

Group search filter []: Specify in this field the group object class.

Group member attribute []: Specify in this field the group member attribute.

Group browse filter []: Specify in this field the group and organizational unit object classes.

OU search filter []: Specify in this field the organizational unit object class.



117

It specifies the Directory Service name and status.

Name []: Specify in this field the service name that will become the Directory Service recordServiceName column name.


Note: Netop Security Management will not search a Directory Service whose record is disabled.

Finish: Click this button to end the Directory Service wizard to create the Directory Service record.

2.4.8.3.2 Edit

Select a Directory Service record and select the Directory Service menu Edit command, click theToolbar Edit Selected button, press CTRL+E or double-click a Directory Service record to show thiswindow:


118

This window has four tabs that match Directory Service wizard windows. Edit the tab contents to editthe Directory Service record.

Note: Directory Service searches will apply the edited properties of a Directory Service record.

2.4.8.3.3 Delete

Select Directory Service records and select the Directory Service menu Delete command, click theToolbar Delete Selected button or press CTRL+D to show a confirmation window to confirm deletingthem.

2.5 Security Database Tables

The Security Database Wizard will create these security database tables:

· DWBATH: Scheduled Jobs

· DWCONN: Active Sessions

· DWDOMN: Windows Domain

· DWDONE: Security Log

· DWEVNT: Netop Log

· DWGRUH: Netop Host ID Group

· DWGRUP: Netop Guest ID Group

· DWHOGR: Netop Host ID Group Members

· DWHOST: Netop Host ID

· DWLDAPGRP: Directory Service Group

· DWLDAPPROP: Directory Service Properties

· DWLDAPSERV: Directory Service


119

· DWLDAPUSR: Directory Service User

· DWMAIN: Role Assignment

· DWNTGR: Windows Group

· DWNTUS: Windows User

· DWPOLI: Security Policies

· DWPROP: Netop Properties

· DWROLE: Roles

· DWRSAGRP: RSA SecurID Group

· DWRSAPROP: RSA SecurID Properties

· DWRSAUSR: RSA SecurID User

· DWRSGM: RSA SecurID Group Members

· DWSERV: Netop Security Servers

· DWTODO: Scheduled Job Actions

· DWUSER: Netop Guest IDs

· DWUSGR: Netop Guest ID Group Members

· DWWKGM: Members of Workstation Groups

· DWWKSG: Workstation Groups

· DWWKST: Workstations

2.5.1 DWBATH: Scheduled Job

Security Database Tables store Scheduled Job data in this table that has this key structure:

Key Format Explanation

ID Integer Record number (PRIMARY KEY)

Description Char (64) Optional description

Category Integer Group type number

GroupID Integer Record number in group table

Domain Char (254) Domain name (if applicable)

StartTime Char (20) Start time stamp in format YYYY-MM-DD HH:MM:SS

EndTime Char(20) End time stamp in format YYYY-MM-DD HH:MM:SS

Flags Integer Weekly settings number

Created Char (20) Creation time stamp in format YYYY-MM-DD HH:MM:SS

CreatedBy Char (64) Creator Windows user name

Modified Char (20) Modification time stamp in format YYYY-MM-DD HH:MM:SS

ModifiedBy Char (64) Modifier Windows user name

2.5.2 DWCONN: Active Sessions

Security Database Tables store Active Sessions data in this table that has this key structure:


Guest Char (254) Log record arguments

Host Char (254) Logging Netop module name

SessionType Integer Session type number

Started Char (20) Start time stamp in format YYYY-MM-DD HH:MM:SS


120

2.5.3 DWDOMN: Windows Domain

Security Database Tables store Windows Domain data in this table that has this key structure:



DomainName Char (254) Domain name

Enabled Integer 0 = Disabled, 1 = Enabled





2.5.4 DWDONE: Security Log

Security Database Tables store Security Log data in this table that has this key structure:



CreatedBy Char (64) Creator computer or Windows user name

Status Integer Action result number (0 = OK, 1=Error)

Action Integer Action type number

Operand Integer Action executed on number

Operator Integer Action executed by number

P1 Char (254) Parameter 1 (additional action specification)


2.5.5 DWEVNT: Netop Log

Security Database Tables store Netop Log data in this table that has this key structure:




EventType Char (10) Log record event code

SerialNo Integer Log record event number of each logging Netop module

DtlError Integer DTL error number (0 = no error)

ProtocolError Integer Protocol error number (0 = no error)

Host Char(32) Logging Netop module name

Description Char (160) Log record arguments

2.5.6 DWGRUH: Netop Host ID Group

Security Database Tables store Netop Host ID Group data in this table that has this key structure:



GroupName Char (32) Netop Host ID group name (UNIQUE)







121


2.5.7 DWGRUP: Netop Guest ID Group

Security Database Tables store Netop Guest ID Group data in this table that has this key structure:



GroupName Char (32) Netop Guest ID group name (UNIQUE)







2.5.8 DWHOGR: Netop Host ID Group Members

Security Database Tables store Netop Host ID Group Netop Host ID member data in this table that hasthis key structure:


HostID Integer Netop Host ID table record number (PRIMARY KEY)

GrpId Integer Netop Host ID Group table record number (PRIMARY KEY)





2.5.9 DWHOST: Netop Host ID

Security Database Tables store Netop Host ID data in this table that has this key structure:



HostName Char (32) Netop Host ID name (UNIQUE)







2.5.10 DWLDAPGRP: Directory Service Group

Security Database Tables store Directory Services Group data in this table that has this key structure:



DN Char (254) Distinguished name (UNIQUE)

Service Integer Directory Service table record number




122




2.5.11 DWLDAPPROP: Directory Service Properties

Security Database Tables store Directory Service properties data in this table that has this keystructure:


Property Integer Record number (PRIMARY KEY)

Setting Char (254) Parameter value





2.5.12 DWLDAPSERV: Directory Service

Security Database Tables store Directory Service data in this table that has this key structure:



ServiceName Char (32) Alias name for the service (UNIQUE)

DnsName Char (254) Domain Name System

Port Integer IP port number for the SSL connection

SSL Integer 0 = Disabled, 1 = Enabled

BaseDN Char (254) Base distinguished name

UserDN Char (254) Distinguished name for user object used for searching

Password Char (16) Password for user object used for searching

Enabled Integer Anonymous bind 0 = Disabled, 1 = Enabled

UserSearchFilter Char (60) Filter to limit search for user objects

UserAttribFilter Char (60) Attribute that holds the user name

UserBrowseFilter Char (200) Filter to limit search for user objects and container objects

GroupSearchFilter Char (60) Filter to limit search for group objects

GroupAttribFilter Char (60) Attribute that holds the group name

GroupBrowseFilter Char (200) Filter to limit search for group objects and container objects

OuSearchFilter Char (60) Filter to limit search for container objects





2.5.13 DWLDAPUSR: Directory Service User

Security Database Tables store Directory Services User data in this table that has this key structure:



DN Char (254) Distinguished name (UNIQUE)

Service Integer Directory Service table record number



123





2.5.14 DWMAIN: Role Assignment

Security Database Tables store Role Assignment data in this table that has this key structure:


ID Integer Record number (UNIQUE)

GuestID Integer Guest selection table record number (PRIMARY KEY)

GuestType Integer Guest selection type number (PRIMARY KEY)

HostID Integer Host selection table record number (PRIMARY KEY)

HostType Integer Host selection type number (PRIMARY KEY)

RoleID Integer Roles table record number in






2.5.15 DWNTGR: Windows Group

Security Database Tables store Windows Group data in this table that has this key structure:



RID Integer Domain RID number (UNIQUE)

GroupName Char (254) Windows group name

Domain Char (254) Domain name (UNIQUE)






2.5.16 DWNTUS: Windows User

Security Database Tables store Windows User data in this table that has this key structure:



RID Integer Domain RID number (UNIQUE)

UserName Char (254) Windows user name








124

2.5.17 DWPOLI: Security Policies

Security Database Tables store Security Policies data in this table that has this key structure:


Parameter Char (32) Parameter name (PRIMARY KEY)






2.5.18 DWPROP: Netop Properties

Security Database Tables store Netop Properties data in this table that has this key structure:


Property Integer Parameter name (PRIMARY KEY)






2.5.19 DWROLE: Role

Security Database Tables store Role data in this table that has this key structure:



RoleName Char (32) Role name (UNIQUE)

Rctl Integer Remote control value: 0 = Do not allow, 1 = Allow, 2 = Deny

Keyb Integer Use keyboard and mouse value: 0 = Do not allow, 1 = Allow, 2 = Deny

Blnk Integer Blank screen value: 0 = Do not allow, 1 = Allow, 2 = Deny

Lckm Integer Lock keyboard value: 0 = Do not allow, 1 = Allow, 2 = Deny

Boot Integer Restart Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Clip Integer Transfer clipboard value: 0 = Do not allow, 1 = Allow, 2 = Deny

Send Integer Send files to Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Recv Integer Receive files from Host value: 0 = Do not allow, 1 = Allow, 2 = Deny

Prnt Integer Redirect print value: 0 = Do not allow, 1 = Allow, 2 = Deny

Chat Integer Request chat value: 0 = Do not allow, 1 = Allow, 2 = Deny

Audi Integer Request audio chat value: 0 = Do not allow, 1 = Allow, 2 = Deny

RunP Integer Run program value: 0 = Do not allow, 1 = Allow, 2 = Deny

Conf Integer Value for confirm: 0 = no, 1 = always, 2 = logged on






Mana Integer Remote management value: 0 = Do not allow, 1 = Allow, 2 = Deny

Inve Integer Inventory scan value: 0 = Do not allow, 1 = Allow, 2 = Deny

Smsg Integer Send message value: 0 = Do not allow, 1 = Allow, 2 = Deny


125

Mjoi Integer Join multi Guest session value: 0 = Do not allow, 1 = Allow, 2 = Deny

Madm IntegerAct as multi Guest session Administrator value: 0 = Do not allow, 1 = Allow,2 = Deny

2.5.20 DWRSAGRP: RSA SecurID Group

Security Database Tables store RSA SecurID Group data in this table that has this key structure:



GroupName Char (254) Group name (UNIQUE)






2.5.21 DWRSAPROP: RSA SecurID Properties

Security Database Tables store RSA SecurID Properties data in this table that has this key structure:


Property Integer Record number (PRIMARY KEY)






2.5.22 DWRSAUSR: RSA SecurID User

Security Database Tables store RSA SecurID User data in this table that has this key structure:



UserName Char (254) User name (UNIQUE)






2.5.23 DWRSGM: RSA SecurID Group Members

Security Database Tables store RSA SecurID Group RSA SecurID User member data in this table thathas this key structure:


UserID Integer RSA SecurID Users table record number (PRIMARY KEY)

GroupID Integer RSA SecurID Groups table record number (PRIMARY KEY)





126


2.5.24 DWSERV: Netop Security Servers

Security Database Tables store Security Server List data in this table that has this key structure:


ServerName Char (254) Server name (PRIMARY KEY)

ServerType Integer0 = Security Server only, 1 = Access Server compatible, 999 = SecurityServer group

ASkey Char (32) Access Server key (if applicable)

IsRunning Integer 0 = not running, 1 = running





2.5.25 DWTODO: Scheduled Job Actions

Security Database Tables store Scheduled Job actions data in this table that has this key structure:



JobID Integer Scheduled Job table record number

ExecuteAt Char (20) Execute time stamp in format YYYY-MM-DD HH:MM:SS

Action Integer Action type number

Operand Integer Record number in group table

Operator Integer Action executed by number





2.5.26 DWUSER: Netop Guest ID

Security Database Tables store Netop Guest ID data in this table that has this key structure:



UserName Char (32) Netop Guest ID name (UNIQUE)



Password Char (32) Checksum of password

PwdUsed Char (20) Password last use time stamp in format YYYY-MM-DD HH:MM:SS

PwdChanged Char (20) Password last change time stamp in format YYYY-MM-DD HH:MM:SS

PwdWrong Integer Number of wrong passwords entered

PwdNum Integer Number of recent passwords that cannot be used

Pwd0 Char (32) Old password checksum






127






ForceChange Integer 0 = password change not required, 1 = password change required

Callback Char (254) Fixed callback phone number

CBmode Integer Callback mode: 0 = No, 1 = Fixed, 2 = Roving





2.5.27 DWUSGR: Netop Guest ID Group Members

Security Database Tables store Netop Guest ID Group Netop Guest ID member data in this table thathas this key structure:


UsrID Integer Netop Guest ID table record number (PRIMARY KEY)

GrpId Integer Netop Guest ID Group table record number (PRIMARY KEY)





2.5.28 DWWKGM: Windows Workstation Group Members

Security Database Tables store Windows Workstation Group Windows Workstation member data in thistable that has this key structure:


WkstID Integer Windows Workstation table record number (PRIMARY KEY)

GrpId Integer Windows Workstation Group table record number (PRIMARY KEY)





2.5.29 DWWKSG: Windows Workstation Group

Security Database Tables store Windows Workstation Group data in this table that has this keystructure:



GroupName Char (254) Windows group name








128

2.5.30 DWWKST: Windows Workstation

Security Database Tables store Windows Workstation data in this table that has this key structure:



ComputerName Char (254) Workstation name (UNIQUE)







2.6 Netop Security Server Setup

You can install Netop Security Server from the Netop Remote Control CD, see the User’s GuideInstallation chapter or the matching Netop Guest Help or Netop Host Help system section.

Note: To run Netop Security Management with a local test database, install Netop Security Managerand Netop Security Server on the same computer. To run Netop Security Server with a working SecurityDatabase, for fault tolerance and load balancing install Netop Security Server preferably on multiplenetwork server computers that run continuously. The Netop Security Server program file NSSW32.EXEwill reside in the directory where Netop Security Server is installed.

To load Netop Security Server, select Start > All Programs > Netop Remote Control > Security Server orrun its program file NSSW32.EXE.

The Netop Security Server window:

- resembles the Netop Host window, see the User’s Guide Netop Host chapter or the matching NetopHost Help system section. Set up Netop Security Server as a Host just like Netop Host.

Note: The Netop Host Help system will be available on-line from the Netop Security Server window.


129

Select the Tools menu Security Server Setup command to show this window:

It logs Netop Security Server on to a Security Database.

ODBC Setup

Fields will be disabled when logged on to a Security Database.

Data Source Name (DSN): [] [...]: Specify in this field the path, if applicable, and data source name ofthe Security Database that you want to log on to (default: Netop_Security_Evaluation, the local testdatabase). Click [...] to show the Windows Select Data Source window to select a data source to showits path and name in the field.

User ID: []: Specify in this field the Security Database logon user name. The local test databaserequires no user name.

Password: []: Specify in this field the Security Database logon password. The local test databaserequires no password.

[Logon.../Logoff...]: Click this button to log on to/log off from the Security Database.

Information

Status: The Security Database logon status will be shown. Running means logged on to the SecurityDatabase.

Security Server Group ID: The 32-digit hexadecimal Security Server Group ID will be shown when NetopSecurity Server is logged on to the Security Database.

Note: You cannot copy the Security Server Group ID from this window but from the Security ServerGroup Name window.

This section includes these topics:

· Security Server Tab

· Run As Tab

· Communication Setup


130

2.6.1 Security Server Tab

The Netop Security Server window tab panel contains an additional Security Server tab:

It will show the Netop Security Server and Netop Security Server Group status.

Security Server Status []: This disabled field will show the Netop Security Server Security Databaselogon status.

The pane will show records of group security servers in a table with these column contents:

· Name: Host ID.

· Started: Security Database logon date and time.

· Status: Security Database logon status


Note: On this tab, Security server running means that the security server is logged on to the securitydatabase. It has no relation to the security server communication status that will be shown in the titlebar.

2.6.2 Run As Tab

If Netop Security Server runs on a computer on which no user is logged on, which is typically the casewith server computers, it will have no rights to query a domain controller for Windows user and groupinformation. To achieve these rights, Netop Security Server must run as a Windows account with theserights.

click the Toolbar Program Options button or select the Tools menu Program Options command to showthe Program Options window. Select the Run As tab:


131

It enables running Netop Security Server as a specified Windows account.

¨ Enable: Check this box to enable the fields below (default: unchecked).

User name: []: Specify in this field a Windows user name.

Password: []: Specify in this field the matching password.

Domain: []: Specify in this field the matching domain.

¨ Automatically change to random password every week: Check the box to randomly change thepassword immediately and on a weekly basis to automatically satisfy a password change policy.

Caution: Do not check this box if the specified Windows user name is used by a person, as the personwill not know the randomly generated password. Typically, create a Windows user account exclusivelyfor this purpose.

2.6.3 Communication Setup

Netop Hosts can request security roles for connecting Guests from Netop Security Server by networkingcommunication devices (TCP/IP, IPX or NetBIOS).

To respond to such requests, communication profiles that match the communication profiles used byrequesting Hosts must be enabled on Netop Security Server.

In a typical setup, the TCP/IP communication profile that by default is enabled will satisfy this demand.

Manage Netop Security Server communication profiles from the Toolbar Communication Profiles buttonor Tools menu Communication Profiles command Communication Profile Setup window, see the User'sGuide Netop Host chapter Host Tools section Communication Profiles section or the matching Netop


132

Host Help system section.

Note: The Netop Host Help system will be available on-line from the Netop Security Server window.

2.7 Use Netop Security Management


· Prerequisites

· Maintenance

· Security

· Database Systems

· Additional Tools

2.7.1 Prerequisites

To use Netop Security Management, this must be in place:

1. You must configure a Security Database to specify among other things a private Security ServerGroup Name that generates a public Group ID.

2. At least one Netop Security Server must be in the Security Server List and if also Netop AccessServer enabled Hosts shall be serviced, at least one Netop Security Server in the group must be Access Server enabled.

3. Role Assignments for all relevant Guests with all Hosts that use Netop Security Server must exist inthe security database.

4. If using Windows Definitions, Netop Security Servers with no user logged on to the computer must runas a Windows user account.

5. Netop Security Servers must be logged on to the Security Database.

6. Netop Security Server communication status must be Running using communication profiles thatmatch the communication profiles used by the Hosts using it.

7. Hosts must select Use Netop Security Server and specify the Group ID specified in the SecurityDatabase.

When this is in place, Netop Security Management can run unattended to service security role requestsfrom Hosts.

2.7.2 Maintenance

When installing a new Netop Remote Control version or build, follow this update instruction:

1. Unload all Netop Security Managers and security server group Netop Security Servers.

2. Reinstall all Netop Security Managers and Netop Security Servers without loading them.

3. Load one Netop Security Manager to automatically update security database tables.

4. Load and start all Netop Security Servers.

Note: Do not enable scheduled Web Update on Netop Security Servers.

All cooperating Netop Security Managers and Netop Security Servers should use the same version andbuild to avoid database conflicts.

Administrators should frequently test Netop Security Management performance to see if any settingsneed to be adjusted.

From time to time, administrators must work with Netop Security Manager to manage Scheduled Jobsand adjust Role Assignments with organizational changes.


133

2.7.3 Security

Netop Security Servers should be adequately protected against unauthorized direct and remote access.

The Security Database should also be adequately protected. Advanced database systems typically havetheir own security schemes.

Netop Security Servers generally need only read access to Security Database Tables. However, allNetop Security Servers must have write access to DWDONE: Security Log and DWEVNT: Netop Logtables to log events and to DWUSER: Netop Guest ID to apply password changes.

Netop Security Management administrators need rights to change the contents of Security DatabaseTables, in particular the right to delete records from DWDONE: Security Log and DWEVNT: Netop Logtables to clean up logs.

2.7.4 Database Systems

Netop Security Management has been tested only with a limited range of database systems. Therefore,it may be that administrators will experience problems if implementing Netop Security Management witha database system with which it was not tested.

Although Netop’s responsibility ends with the ODBC interface, we are interested in learning aboutdifficulties in implementing Netop Security Management with different database systems so that we canassist users that encounter similar problems.

2.7.5 Additional Tools

Netop Security Management includes these additional tools:

· AMPLUS.EXE

· AMPLUS.ZIP

· NETOPLOG.ZIP

2.7.5.1 AMPLUS.EXE

AMPLUS.EXE can import a Netop Access Server setup into a Security Database.

From the Netop Access Server Configuration window Main Setup window, you can export Guests, Hostsand Access Profiles into these comma separated values configuration files:

File Name Record Syntax

HOST.TXT <Host ID>,<Comment>,<Host ID Group>

GUEST.TXT <Guest ID>,<Comment>,<Guest ID Group>,<Password>,<Administrator Y/N>,<Enabled Y/N>, <ForceChange Y/N>

PROFILE.TXT <Guest ID Group>,<Host ID Group>,<Rctl Y/N>,<Keyb Y/N>,<Lckm Y/N>,<Boot Y/N>,<Blnk Y/N>,<Prnt Y/N>,<Clip Y/N>,<Chat Y/N>,<Audi Y/N>,<Send Y/N>,<Recv Y/N>,<Conf Y/N/L>,<RunP Y/N>,<Mana Y/N>,<Inve Y/N>,<Smsg Y/N>,<Mjoi Y/N>,<Madm Y/N>

AMPLUS.EXE can import Netop Definitions structured like this into the Security Database by using thiscommand syntax:

AMPLUS -F <Import file name>

Specify the import file like this:

LOGON <ODBC data source name> <User name> <Password>

IMPORT

LOGOFF


134

EXIT

Save the import file as e.g. AMPLUS.IMP.

Place the import file and the GUEST.TXT, HOST.TXT and PROFILE.TXT configuration files in theNetop Security Server program directory where AMPLUS.EXE resides and run this command:

AMPLUS -F AMPLUS.IMP

This will import the Netop Definitions into the Security Database.

2.7.5.2 AMPLUS.ZIP

Netop Security Server and Netop Security Manager use the same interface to the database.

AMPLUS.ZIP contains the C++ source for use with this API.

2.7.5.3 NETOPLOG.ZIP

NETOPLOG.ZIP contains tools for creating your own Netop logging DLL file.

Netop Gateway

135

3 Netop Gateway

This main section explains the functionality of Netop Gateway.

Netop Gateway is a Netop Host with the added capability of routing Netop communication betweendifferent communication devices.

This main section contains these sections:

· Netop Gateway Functionality

· Netop Gateway Setup

· Use Netop Gateway

3.1 Netop Gateway Functionality

Netop Gateway can receive Netop communication that uses one communication device and send itusing another communication device. This ability enables Netop Gateway to provide communicationbetween Netop modules that use mutually incompatible communication devices, typically to connectNetop modules inside a network or terminal server environment with Netop modules outside a networkor terminal server environment.

Netop Gateway functionality categorizes communication devices into these groups:

· Inside communication devices:

· Networking communication devices can communicate among multiple computers in a network orterminal server environment by analogy with communication among people in a conference. Netopsupports the Networking communication devices TCP/IP, IPX, NetBIOS and Terminal Server.

· Outside communication devices:

· Point-to-point communication devices can communicate between two computers that areconnected by a telephone connection or another type of one-to-one communication link such asinfrared. Netop supports the Point-to-point communication devices ISDN (CAPI), Windows modem, Serial and Infrared (IrDA).

· Network point-to-point communication devices can communicate between two computers acrossa network. Netop supports the Network point-to-point communication devices TCP/IP (TCP) andTCP/IP (TCP IPv6).

Note: Netop communication devices are explained in the User's Guide Common Tools chapterCommunication Devices section and in the matching Netop Guest Help and Netop Host Help systemsections.

This section includes these sections:

Incoming and Outgoing

Outgoing to Incoming

Networking to Networking

Typically Disabled: Incoming to Outgoing

3.1.1 Incoming and Outgoing

Netop Gateway on a network computer can route Netop communication between a network computer orterminal server environment Netop module that uses an inside communication devices and a NetopGateway connected Netop module that uses an outside communication device:

Netop Gateway

136

You can edit each Netop Gateway communication profile that uses an outside communication device tosupport only incoming (outside to inside) communication or only outgoing (inside to outside)communication or in some cases also both at the same time.

3.1.2 Outgoing to Incoming

Two Netop Gateways that communicate by an outside communication device can route communicationbetween Netop modules on separate networks or in separate terminal server environments. NetopGateway at one end will route outgoing communication and Netop Gateway at the other end will routeincoming communication.

This setup is typically used between geographically separated corporate entities that communicate by asecure connection directly or across the Internet.

3.1.3 Networking to Networking

Netop Gateway can route Netop communication between Netop modules that use mutuallyincompatible Networking communication devices, see the User's Guide Netop Guest chapter NetopGuest Window section Tab Panel section Quick Connect Tab section Host Section section UnavailableNetworking Communication Devices section or the matching Netop Guest Help system section.

3.1.4 Typically Disabled: Incoming to Outgoing

Typically, Netop Gateway cannot route Netop communication between two outside communicationdevices on the same Netop Gateway or through two Netop Gateways on a network.

This ability is intentionally disabled, as it can cause an uncontrolled propagation of networkcommunication (broadcast storm).

You can apply Netop.ini file DTL section settings that will enable Netop Gateway incomingcommunication to be routed outgoing through another network Netop Gateway.

3.2 Netop Gateway Setup

You can install Netop Gateway from the Netop Remote Control CD, see the User’s Guide Installationchapter or the matching Netop Guest Help or Netop Host Help system section.

If the network is protected by a perimeter firewall, to avoid compromising firewall security install NetopGateway in the firewall demilitarized zone, see Netop Gateway and Firewall.

Netop Gateway

137

To load Netop Gateway, select Start > All Programs > Netop Remote Control > Gateway or run itsprogram file NGWW32.EXE.

The Netop Gateway window:

- resembles the Netop Host window, see the User’s Guide Netop Host chapter or the matching NetopHost Help system section. Set up Netop Gateway as a Host just like Netop Host.

Note: The Netop Host Help system will be available on-line from the Netop Gateway window.

To enable Netop Gateway Functionality, set up communication and security as explained in thesesections:

· Communication Setup

· Security Setup

3.2.1 Netop Gateway and Firewall

Networks are typically protected by a perimeter firewall. To avoid compromising firewall security, NetopGateway must be installed in the firewall demilitarized zone (DMZ) as illustrated in the example below:

Netop Gateway

138

The outside Netop Guest with IP address 192.168.0.1 listens on receive port 1234 with thecommunication devices TCP/IP (TCP) and/or TCP/IP (UDP).

Netop Gateway is installed on a computer in the firewall DMZ with two IP addresses, 192.168.16.3 thatlistens on receive port 5678 with the communication devices TCP/IP (TCP) and TCP/IP (UDP), and192.168.20.4 that listens on receive port 6789 with the communication device TCP/IP (UDP).

The inside Netop Host with IP address 192.168.20.5 listens on receive port 7890 with thecommunication device TCP/IP (UDP).

Firewall Rules

Referring to this setup, these firewall rules must be implemented:

1. Routing shall be allowed between 192.168.0.1:1234 and 192.168.16.3:5678 using TCP or UDP.

2. Routing shall be allowed between 192.168.20.4:6789 and 192.168.20.5:7890 using UDP.

Firewall Setup

Implement firewall rule 1 and test it by connecting from the outside Netop Guest to Netop Gateway.

Implement firewall rule 2 and test it by unloading Netop Gateway, loading Netop Guest on the NetopGateway computer and connecting from the Netop Gateway computer Netop Guest to the inside NetopHost.

On the Netop Gateway computer, unload Netop Guest and reload Netop Gateway. Test bothconnections by connecting from the outside Netop Guest to the inside Netop Host.

To connect by TCP, use the relevant communication profile that uses TCP. To connect by UDP, enablethe relevant communication profile that uses UDP at loading and connect using the communicationprofile <Any initialized communication> to request that Netop Gateway routes the communication toenabled networking communication profiles, see the User’s Guide Netop Guest chapter Netop GuestWindow section Tab Panel section Quick Connect Tab section Unavailable Networking CommunicationDevices section.

Test that you cannot connect from the outside Netop Guest to the inside Netop Host if Netop Gatewayis stopped (communication is disabled).

3.2.2 Communication Setup

Netop Gateway communicates with other Netop modules through communication hardware connectedto the Netop Gateway computer. To service Netop modules on network computers, the Netop Gatewaycomputer must have at least one network connection. To service Netop modules on computerscommunicating through Point-to-point connections, matching communication equipment must beconnected to the Netop Gateway computer.

If multiple external modem connections are demanded for availability and load balancing, multiple NetopGateways with each one or multiple modems will typically be installed on larger networks.

Click the Toolbar Communication Profiles button or select the Tools menu Communication Profilescommand to show this window:

Netop Gateway

139

This window is explained in the User's Guide Netop Host chapter Host Tools section CommunicationProfiles section and in the matching Netop Host Help section.

Netop Gateway will automatically assign to each enabled communication profile a Netop Net Numberthat will be shown to the right.

You can create or edit communication profiles in the Netop Gateway Communication Profile Editwindow:

The upper and lower sections of this window are explained in the User's Guide Common Tools chapterCommunication Devices section. The middle Gateway settings section is included only with NetopGateway.

Netop Gateway

140

Gateway settings

Device group: []: This field will be disabled if an inside communication device is selected in theCommunication information section Communication device drop-down box or if Incoming connectionsonly is selected in the Connection direction section. Otherwise, it will show the Device Group name ofthe communication profile selected in the Communication Profile Setup window when theCommunication Profile Edit window was showed, initially GATEWAY. You can specify another devicegroup name in the field (max. 10 characters).

Note: Device Group names should identify the outside communication profile type to users that connectto Netop Gateway from the network or the terminal server environment.

Netop net (10..127): []: This field will be empty unless a communication profile that was assigned aNetop Net Number is being edited. Optionally, specify in the field a number in the specified range toassign this Netop Net Number to the communication profile. If unspecified, Netop Gateway willautomatically assign an unused Netop Net Number to the communication profile when selected tobecome enabled in the Communication Profile Setup window.

Note: Rules apply to assigning Netop Net Number to communication profiles.

Connection direction

This section will be disabled if an inside communication device is selected in the Communicationinformation section Communication device drop-down box.


¤ Incoming and outgoing connections: Select this option to allow incoming as well as outgoingconnections (default selection unless TCP/IP (TCP) or TCP/IP (TCP IPv6), see the note below).

Note: This option will be disabled if TCP/IP (TCP) or TCP/IP (TCP IPv6) is selected in theCommunication information section Communication device drop-down box.

¡ Incoming connections only: Select this option to allow only incoming connections (default selection ifTCP/IP (TCP) or TCP/IP (TCP IPv6), see the note above).

¡ Outgoing connections only: Select this option to allow only outgoing connections.

To enable Netop Gateway incoming communication to be routed outgoing through another networkNetop Gateway, add this section to the Netop.ini file, see the User's Guide Common Tools chapterNETOP.INI section [DTL] Section section or the matching Netop Guest Help or Netop Host Helpsystem section:

[DTL]

GWRestrictedBroadcast=0

GWAllowFullBroadcast=1


Device Group

Netop Net Number

3.2.2.1 Device Group

Specify a Device Group name to identify a Netop Gateway outside communication profile to enablenetwork Netop modules to connect outgoing through a network Netop Gateway by this communicationprofile. You can specify any unique name of up to 10 characters, typically the name of thecommunication device used by the communication profile. If different Netop Gateway outsidecommunication profiles available on the same network use the same communication device, add furtherdistinctions to each Device Group name.

Note: Specify the same Device Group name for multiple functionally identical Netop Gateway outsidecommunication profiles on the same network to enable connecting through any available Netop Gateway. Typically, network administrators will specify which Device Group names shall be used.

Netop Gateway

141

Network Netop modules can specify or browse for and select a Device Group name to use any availablenetwork Netop Gateway with an outgoing communication profile with the desired functionality, see theUser's Guide Common Tools chapter Communication Device section Gateway section GatewayCommunication Profile Edit section or the matching Netop Guest Help or Netop Host Help systemsection.

Example

Functionally identical analog modems are connected to multiple Netop Gateway computers on anetwork. Network administrators decide that these connections shall form a Device Group namedAnalog to assign the Device Group name Analog to the communication profiles of all these connections:

A network Netop module that using a communication profile that uses the Gateway communicationdevice specifies or selects the Device Group Analog will connect through the first found Netop Gatewaythat has an outside communication profile with the Device Group name Analog available.

3.2.2.2 Netop Net Number

Netop assigns Netop net numbers to Netop Gateway communication profiles to distinguish them fromeach other. If Netop Gateway runs on multiple computers on a network, these rules apply:

1. The Netop net number assigned to any Netop Gateway communication profile that uses a specificconfiguration of a networking communication device must be the same on the entire network.

2. The Netop net number assigned to any Netop Gateway communication profile that uses an outsidecommunication device must be unique on the entire network and different from the Netop net numberassigned to any Netop Gateway communication profile that uses a networking communication device.

Note: If the Netop net numbers assigned manually or automatically do not satisfy these rules, theymust be changed to satisfy the rules.

Example

Network administrators have decided on these networking communication profile Netop net numbers:

· 100: TCP/IP

· 101: IPX

· 102: NetBIOS

All network Netop Gateways must use these networking communication profile Netop net numbers andany network Netop Gateway communication profile that uses an outside communication device mustuse a unique Netop net number that is different from these numbers.

Netop Gateway

142

Note: The Netop Gateway window tab panel Communication tab has an additional Net column that willshow the Netop net numbers of enabled communication profiles, see the User's Guide Netop Hostchapter Netop Host Window section Tab Panel section Communication Tab section or the matchingNetop Host Help system section.

3.2.3 Security Setup

Netop Gateway security can protect the network against unauthorized access through a Netop Gatewayon which incoming communication profiles are enabled. Netop Gateway security applies not only toNetop Guests that connect to start a session or execute an action with a network Netop Host but alsoto Netop Hosts that connect to request help from a network Netop Guest.

You can set up Netop Gateway security in the Guest Access Security window that on Netop Gateway inaddition to the usual tabs includes a Gateway Access Privileges tab:

Note: The Guest Access Security window is explained in the User's Guide Netop Host chapter HostTools section Guest Access Security section and in the matching Netop Host Help system section.

This tab specifies Netop Gateway security settings.

Gateway access method

The list of the drop-down box contains these options:

· Grant all Guests default access privileges (default selection)

Netop Gateway

143

· Grant each Guest individual access privileges using Netop authentication

· Grant each Guest individual access privileges using Windows Security Management

Select an option in the list to show it in the field. With each selection, the section below will havedifferent contents that are explained in the sections linked to above.

3.2.3.1 Grant all Guests Default Access Privileges

With this selection on the Netop Gateway Guest Access Security window Gateway Access Privilegestab, this Default access privileges assigned section will be shown:

It contains these sections:

Allow Guest to

þ Be routed via the Gateway: This box will be checked and disabled signifying that this Security Roleproperty always applies.

Password

Password: []: Specify in this field a password of up to 16 characters to enable password protection(default: none). Characters will be shown as dots or asterisks.

Confirm password: []: Re-specify in this field the password for confirmation.

Note: Clear both fields to disable password protection.

Netop Gateway

144

Call back


¤ No call back: Do not apply call back (default selection).

¡ Call back to: []: Specify in the field a telephone number or IP address to make the Netop Gatewaydisconnect and connect to the specified telephone number or IP address.

Note: Call back to a specified telephone number or IP address will enable connections only from thespecified Netop module address. Other Netop module address restriction options are explained inthe User's Guide Netop Host chapter Host Tools section Guest Access Security section Grant AllGuests Default Access Privileges section.

¡ Roving call back: This selection will request that the connecting Netop module specifies a telephonenumber or IP address to call back to. When received, the Netop Gateway will disconnect and connectto the specified telephone number or IP address.

Note: Roving call back is typically used to make connection costs payable by the Netop Gatewayorganization, e.g. when a traveling employee connects to the home computer.

When a Netop module connects through a Netop Gateway on which Grant all Guests default accessprivileges is selected, if a password is specified Netop Gateway will request it. If no password is requiredor if the connecting Netop module specifies the correct password, Netop Gateway will route theconnection.

Netop Gateway

145

3.2.3.2 Grant Each Guest Individual Access Privileges Using Netop Authentication

With this selection on the Netop Gateway Guest Access Security window Gateway Access Privilegestab, this Individual Guest access privileges assigned section will be shown:

It contains a pane, buttons and sections.

The pane will show Security Role folders that expand into records of Guest Profiles that have beenassigned the Security Role.

By default, the pane will show the Security Role folder Allow routing that does not expand into anyGuest Profile records. In the image above, a Guest Profile record has been added to the Allow routingSecurity Role folder for illustration. Double-click a Security Role folder to close (collapse) or open(expand) it to show records of Guest Profiles that have been assigned this Security Role. You can moveGuest Profile records up and down, also between Security Role folders, by drag and drop.

If you select a Security Role folder, the Allow Guest to section will be shown to the right.

If you select a Guest Profile record, the Password and Call back sections will be shown to the right. Inthese sections, you can change these properties of the selected Guest Profile record.

Right-click in the pane to show this context menu:

Netop Gateway

146

Note: Add Security Role will be included in the menu only if a Security Role folder is selected.

Add Security Role: Select this command or click the Add Security Role button below to show thiswindow:

It specifies the properties of a Security Role.

Name of Security Role: []: Specify in this field the Security Role name.

Allow Guest to

This section will always contain a disabled checked box that is labeled Be routed via the Gatewaysignifying that this Security Role property always applies.

Note: To organize Guest Profile records in different Security Role folders, you may want to createdifferently named Security Roles. However, all Netop Gateway Security Roles will have the sameproperty.

Add Guest: Select this command or click the Add Guest button below to show this window:

It specifies the properties of a Guest Profile.

Guest ID: []: Specify in this field the name by which the connecting Netop module will identify itself tothe Netop Gateway.

Note: Even a Netop Host or extended Host that requests help through a Netop Gateway must identifyitself by a Guest ID.

Password: See Password.

Delete: Select in the pane a Security Role folder or a Guest Profile record and select this command orclick the Delete button below to show a confirmation window to confirm deleting it.

Netop Gateway

147

Caution: Deleting a Security Role folder will delete all Guest Profile records into which it expands.

Rename: Select in the pane a Security Role folder or a Guest Profile record and select this command toshow this window:

Rename security role/Guest: []: You can edit the name in the field to rename the selected SecurityRole folder or Guest Profile record.

When a Netop module connects through a Netop Gateway that uses Grant Each Guest IndividualAccess Privileges Using Netop Authentication, Netop Gateway will request Netop credentials (Guest IDand Password). If the returned credentials match the credentials of a Guest Profile, Netop Gateway willroute the connection.

Netop Gateway

148

3.2.3.3 Grant Each Guest Individual Access Privileges Using Windows SecurityManagement

With this selection on the Netop Gateway Guest Access Security window Gateway Access Privilegestab, this Individual Guest access privileges assigned section will be shown:

It contains a pane, buttons and sections.

The pane will show Security Role folders that expand into records of Windows Groups and Users thathave been assigned the Security Role.

By default, the pane will show the Security Role folder Allow routing that does not expand into anyWindows Group or User records. In the image above, one Windows Group record and one WindowsUser record have been added to the Allow routing Security Role folder for illustration. Double-click aSecurity Role folder to close (collapse) or open (expand) it to showrecords of Windows Groups andUsers that have been assigned this Security Role. You can move Windows Group and User records upand down, also between Security Role folders, by drag and drop.

If you select a Security Role folder, the Allow Guest to section will be shown to the right.

If you select a Windows Group or User record, the Domain, RAS and Call back sections and theWindows User Manager button will be shown to the right.

Right-click in the pane to show this context menu:

Netop Gateway

149

Note: Add Security Role and Rename will be included in the menu only if a Security Role folder isselected.

Add Security Role: Select this command or click the Add Security Role button below to show theSecurity Role window to add a Security Role folder in the pane.

Note: To organize User and Group records in different Security Role folders, you may want to createdifferently named Security Roles. However, all Netop Gateway Security Roles will have the sameproperty.

Add User: Select this command or click the Add User button below to show on a Windows 2000+computer the Windows Select Users window to select one or multiple Windows users of which recordswill be added to the selected Security Role folder or the Security Role folder of the selected WindowsUser or Group record.

On a Windows NT or 9x computer, this window will be shown:

Which domain is the account in: []: The list of this drop-down box will show the names of the domainsrecognized by the Netop Gateway computer. Select one in the list to show it in the field.

Select the account to add: []: The list of this drop-down box will contain the names of the Windowsusers in the domain whose name is shown in the Which domain is the account in drop-down boxfield. Select one in the list to show it in the field.

Click OK to add a record of the selected Windows user to the selected Security Role folder or theSecurity Role folder of the selected Windows User or Group record.

Add Group: Select this command or click the Add Group button below to show on a Windows 2000+computer the Windows Select Groups window to select one or multiple Windows groups of whichrecords will be added to the selected Security Role folder or the Security Role folder of the selectedWindows User or Group record.

On a Windows NT or 9x computer, the Choose Account window showing groups instead of users will beshown to add a Group record in the pane.

Delete: Select a Security Role folder or a User or Group record in the pane and select this command orclick the Delete button below to show a confirmation window to confirm deleting the selected folder orrecord.

Caution: Deleting a Security Role folder will delete all User and Group records in it.

Rename: Select a Security Role folder and select this command to show the Rename window to renameit.

Netop Gateway

150

Domain

This section will show a description the domain of the selected Windows User or Group record.

RAS

This section will be included only if Netop Gateway runs on a Windows 2003, XP, 2000 or NT operatingsystem computer.

¨ Get call back information from Windows NT Remote Access Service (RAS): Check this box to usecall back information stored in Windows NT Remote Access Service (default: unchecked).

Call back

This section will not be included if the RAS section box is checked. See Call back.

Windows User Manager: This button will be included only if the Netop Gateway runs on a Windows2003, XP, 2000 or NT operating system computer. Click it to show the Windows user manager windowaccording to the rights of the user logged on to Windows on the Netop Gateway computer to manageWindows users and groups.

When a Netop module connects through a Netop Gateway that uses Grant Each Guest IndividualAccess Privileges Using Windows Security Management, Netop Gateway will request Windowscredentials (User name, Password and Domain). Netop Gateway will query Windows SecurityManagement for validation of the returned credentials and for information on the group memberships ofthe identified user. If the identified user matches a User or Group record, Netop Gateway will route theconnection.

3.3 Use Netop Gateway

Communication Setup is straightforward if only one Netop Gateway is available on the network. NameDevice Groups to enable network users to select the right communication device for their outgoingconnections.

If multiple Netop Gateways are available on a network, pay attention to selecting valid Netop NetNumbers.

To protect the network against unauthorized access through Netop Gateway, create a Security Setup.

The Netop Gateway window tab panel includes a Routing tab:

Netop Gateway

151

It will show only incoming routing through Netop Gateway.

The pane will contain table records with these column contents:

· Time: Connect icon, date and time.

· User Name: Connect logon user name if authenticated, otherwise empty.

· Status: Authenticating if Security Setup specified authentication is incomplete, otherwise Routing.

· Communication Profile: Outside communication profile name.


Netop Gateway capacity is limited by the number of enabled outside communication profiles, as eachoutside communication profile can support only one connection at a time.

Netop Name Management

152

4 Netop Name Management

This main section explains Netop Name Management and Netop Name Server functionality.

Netop Name Server is a Netop Host with the added capability of resolving Netop names into IPaddresses.

This main section contains these sections:

· Netop Name Management Functionality

· Netop Name Server Setup

· Running Netop Name Server

4.1 Netop Name Management Functionality

Netop Name Management enables swift Netop connections across large segmented networks includingthe Internet.

Using the communication device TCP/IP, Netop Name Management enables connecting across largesegmented networks by easily remembered Host names or Host user names instead of hard-to-remember IP addresses or by creating elaborate IP broadcast lists.

Note: The TCP/IP communication device is explained in the User's Guide Common Tools chapterCommunication Device section TCP/IP section and in the matching Netop Guest Help and Netop HostHelp system section.

Netop Name Management uses one or for load balancing and fault tolerance preferably two Netop NameServers to resolve Netop names into IP addresses that can be used for connecting across any TCP/IPnetwork including the Internet.

Using Netop Name Management, you can connect by these Netop module names:

· Computer IP address

· Netop Host name (Host ID), if specified

· Netop Host user Windows or network logon name, if enabled

· Netop Guest help service name (help provider name), if enabled

· Netop School class name

· Netop School Student name

Netop users select to use Netop Name Server in communication profiles that use the TCP/IPcommunication device by specifying one or two Netop Name Servers, see the User’s Guide CommonTools chapter Communication Device section TCP/IP section TCP/IP Communication Profile Editsection Advanced TCP/IP Configuration section or the matching Netop Guest Help and Netop Host Helpsystem section. If selected, a yellow pages icon will be shown in the Netop module window status bar.

Netop Name Servers store name information in name spaces. A name space is a virtually privatesegment of the Netop Name Server database that is available only to Netop modules that specify thematching Name Space ID. Users that want to connect to each other by using Netop Name Managementmust agree to specify the same Name Space ID on the Program Options window Host Name tab, seethe User's Guide Netop Guest chapter Guest Tools section Program Options section Host Name Tabsection or the matching Netop Guest Help system section, respectively the Netop Host chapter HostTools section Program Options section Host Name Tab section or the matching Netop Host Helpsystem section.

When communicating, Netop modules that use Netop Name Server automatically identify themselves totheir specified Netop Name Servers by all their available names and their specified Name Space ID.

When a Netop module that uses Netop Name Server connects by specifying a Netop name


153

(automatically accompanied by a Name Space ID), one of the selected Netop Name Servers will resolvethe specified name, if found in the specified name space, into the matching IP address and return it tothe connecting Netop module to automatically connect by the resolved IP address.

Netop Name Servers will at a specified Client refresh rate request that Netop modules that use it refreshstored name information. Stored name information that has not been refreshed within a specified Serverlife time will automatically be deleted. This ensures that the stored name information will be current at alltimes except for Netop modules that changed names or stopped communicating since their nameinformation was last refreshed.

Netop offers the free service of two Netop Name Servers that are accessible across the Internet. NetopName Server is also available for local installation for the exclusive use by an organization.

4.2 Netop Name Server Setup

You can install Netop Name Server from the Netop Remote Control CD, see the User’s GuideInstallation chapter or the matching Netop Guest Help or Netop Host Help system section.

To load Netop Name Server, select Start > All Programs > Netop Remote Control > Name Server or runits program file NNSW32.EXE.

The Netop Name Server window:

- resembles the Netop Host window, see the User’s Guide Netop Host chapter or the matching NetopHost Help system section. Set up Netop Name Server as a Host just like Netop Host.

Note: The Netop Host Help system will be available on-line from the Netop Name Server window.

To edit Netop Name Server properties, in the Program Options window select the Netop Name Servertab:


154

It specifies Netop Name Server settings.

þ Make this Host a Netop Name Server: Leave this box checked to enable Netop Name Serverfunctionality and the commands below (default: checked).

Client refresh rate: [] Minutes: Specify in this field a number in the range 1 to 99 (default: 5).

Server life time: [] Minutes: Specify in this field a number in the range 1 to 99 (default: 6).

Note: The Client refresh rate value determines the interval at which Netop modules must refresh theirname data. The Server life time value determines the maximum age of name data. The Server life timevalue should be slightly larger than the Client refresh rate value.

þ Clear database upon startup: Leave this box checked to delete all name data when Netop NameServer is restarted (default: checked).

Note: The Netop Name Server database uses a Netop proprietary format. You cannot access thedatabase separately.

To communicate with Netop modules, at least one communication profile that uses the TCP/IPcommunication device must be enabled. You can enable multiple differently named communicationprofiles that use different configurations of the TCP/IP communication device to accommodate Netopmodules that use different configurations of the TCP/IP communication device.

Note: The TCP/IP communication device is explained in the User's Guide Common Tools chapterCommunication Device section TCP/IP section and in the matching Netop Guest Help and Netop HostHelp system section.


155

The Netop Name Server window tab panel includes a Name Server tab:

It will show the Netop Name Server status.

Name Server status []: This disabled field will show Running if the Make this Host a Netop Name Serverbox is checked and Stopped if unchecked.

Number of registered names []: This disabled field will show the number of names currently stored in theNetop Name Server database.

4.3 Use Netop Name Server

When set up and started (communication enabled), Netop Name Server can operate fully automaticallyand unattended.

The Number of registered names field contents provide an indication of the condition of the Netop NameServer.

Each Netop module may account for multiple names, e.g. for Netop Guest multiple help service namesand for Netop Host its Host ID and its Windows or network logon user name. IP addresses will not becounted as names.

If you restart Netop Name Server with the Clear database upon startup box checked, the name countshould increase from zero and stabilize after the time set for Client refresh rate.

If users have problems connecting to Netop modules in remote network segments, check that the sameNetop Name Servers are used and that exactly the same Name Space ID is specified at both ends andthat communication profiles match between the Netop modules and with the specified Netop NameServers.

Firewall Problems

To connect through a firewall, the firewall must allow communication through the TCP/IP ports used byNetop Name Server communication.

Some firewalls change the port number of outgoing communication to a random port number to protectnetwork computers against unwanted incoming communication. Consequently, Netop Name Server willreceive and store an invalid port number.


156

In that case, on Netop modules in the Advanced TCP/IP Configuration window check the Ignore portinformation from Name Server box and in the Use port field specify the port number that shall be usedfor connecting.

Note: The Advanced TCP/IP Configuration window is explained in the User's Guide Common Toolschapter Communication Device section TCP/IP section TCP/IP Communication Profile Edit sectionAdvanced TCP/IP Configuration section and in the matching Netop Guest Help or Netop Host Helpsystem section.

Advanced Tools

157

5 Advanced Tools

This main section explains advanced tools for Netop Remote Control running on Windows operatingsystems.

It contains these sections:

· Netop in Terminal Server Environments

· Netop Guest ActiveX Component

· Netop Scripting ActiveX Control

· Netop Remote Control Processes and Windows Security

5.1 Netop in Terminal Server Environments

Microsoft Windows Terminal Server and similar programs enable terminal users to log on to the terminalserver to run installed applications in each their client session. We describe the terminal server (theconsole) and client sessions running on it as the terminal server environment (TSE).

Netop Remote Control can be used between TSE elements, between a TSE element and a computeroutside the TSE and between TSE elements on different terminal servers.

This section contains these sections:

· Installation (TSE)

· Use (TSE)

5.1.1 Installation (TSE)

On a terminal server, you must install Netop Remote Control from the Control Panel utility Add orRemove Programs. To avoid problems, any already installed Netop modules should be unloaded duringinstallation.

You can install Netop Guest, Netop Host and Netop Gateway. If client session Netop modules shallcommunicate with Netop modules outside the TSE, you must install Netop Gateway.

You cannot install Netop Security Server or Netop Name Server on a terminal server.

5.1.2 Use (TSE)

In most respects, TSE Netop modules work like network computer Netop modules that communicate bya networking communication device. However, there are important differences because TSE elementsreside on the same computer and share the same computer resources.


· Netop Naming (TSE)

· Netop Communication(TSE)

· Netop Host Functionality (TSE)

· Computer Resources (TSE)

5.1.2.1 Netop Naming (TSE)

In a TSE, the terminal server console and client sessions share the terminal server computer name andnetwork address.

Netop Host will not be allowed to start communicating if another Netop Host communicates by the samename. Therefore, Client session Netop Hosts should not be named by the Windows computer name (thedefault selection that is recommended for a network computer Netop Host) but preferably by the

Advanced Tools

158

USERNAME environment variable that will name Netop Host by the client session user name. See the User's Guide Netop Host chapter Host Tools section Program Options section Host Name Tab sectionor the matching Netop Host Help system section.

Client session Netop Guests should also use different names because using the same name may undercertain circumstances cause communication to get mixed up to break a connection. See the User'sGuide Netop Guest chapter Guest Tools section Program Options section Logon Tab section or thematching Netop Guest Help system section.

5.1.2.2 Netop Communication (TSE)

Netop modules communicate inside a TSE by the Terminal Server communication device that isavailable only to Netop modules installed on a terminal server, see the User's Guide Common Toolschapter Communication Devices section Terminal Server section or the matching Netop Guest Help orNetop Host Help system section.

Between a client session Netop module and a Netop module that runs on a computer outside the TSE,the preferred communication mode is through a Netop Gateway that runs on the terminal server console.

This section contains these sections:

· Netop Gateway Setup (TSE)

· Connect out of a TSE

· Connect into a TSE

· Connect between TSEs

5.1.2.2.1 Netop Gateway Setup (TSE)

To enable communication between TSE client session Netop modules and Netop modules oncomputers outside the TSE, load and start Netop Gateway on the terminal server console.

For inside communication, enable a communication profile that uses the Terminal Servercommunication device.

For outside communication, enable communication profiles that match the communication profiles usedby outside Netop modules.

Be aware of the Netop Gateway Communication Setup and Security Setup requirements.

5.1.2.2.2 Connect out of a TSE

To connect from a client session Netop module out of the TSE through a terminal server console NetopGateway by a communication profile that uses a networking communication device, enable acommunication profile that uses the Terminal Server communication device and use <Any initializedcommunication> to request that Netop Gateway routes the communication to other enabledcommunication profiles that use a networking communication device.

To connect from a client session Netop module out of the TSE through a terminal server console NetopGateway by a communication profile that uses a point-to-point or network point-to-point communicationdevice, use a communication profile that uses the Gateway communication device, see the User'sGuide Common Tools chapter Communication Devices section Gateway section.

You can also connect directly out of the TSE by a communication profile that uses a networking, point-to-point or network point-to-point communication device, but this method has a drawback: If anotherNetop module in the TSE connects to or browses for the same Netop module using the samecommunication profile, return communication will get mixed up and one or both connections will be lost.

5.1.2.2.3 Connect into a TSE

You can connect into a TSE to client session Netop modules only through a terminal server console Netop Gateway.

Connect by a communication profile that matches one of the terminal server console Netop Gateway

Advanced Tools

159

outside communication profiles.

Connect from Netop Guest to Netop Host

See the User's Guide Netop Guest chapter Netop Guest Window section Tab Panel section QuickConnect Tab section or the matching Netop Guest Help system section.

To connect by networking communication devices, see the Quick Connect Tab section UnavailableNetworking Communication Devices section.

To connect by point-to-point or network point-to-point communication devices, see the other QuickConnect Tab section subsections.

Send a help request from Netop Host to Netop Guest

See the User's Guide Netop Host chapter Host Actions section Request Help section or the matchingNetop Host Help system section.

To connect by networking communication devices, select <Any initialized communication> to requestthat the terminal server console Netop Gateway routes communication to other enabled networkingcommunication devices including the inside communication profile.

To connect by point-to-point or network point-to-point communication devices, select the relevantcommunication profile.

5.1.2.2.4 Connect between TSEs

Connecting between client session Netop modules in different TSEs combines the requirements of Connect out of a TSE and Connect into a TSE.

This is straightforward if the two routing terminal server console Netop Gateways can communicate by acommunication profile that uses a point-to-point or network point-to-point communication device, see thelast illustration in the User's Guide Netop Guest chapter Netop Guest Window section Tab Panelsection Quick Connect Tab section Host Section section Point-to-Point or Gateway section or thematching Netop Guest Help system section.

If the two routing terminal server console Netop Gateways must communicate by a communicationprofile that uses a networking communication device, both must apply the Netop.ini file DTL sectionsettings that will enable incoming to outgoing communication.

5.1.2.3 Netop Module Functionality (TSE)

TSE client session Netop modules have mostly the same functionality as a network computer Netopmodules. However, certain functionalities are different because Netop modules run on the samecomputer.

Blank Display cannot be implemented the Netop way in a TSE and is therefore disabled.

If implemented, Restart Host PC would restart the terminal server computer, which would in most casesbe most undesirable. Therefore, this functionality is disabled.

These Guest Access Security window Guest Policy tab settings can restart the Netop Host computer:

· In the Password section selecting Restart Windows.

· In the Disconnect section selecting Restart Windows.

On a TSE client session Netop Host, both of these settings will cause the client session user to belogged off from the terminal server.

Remote printing features make little sense in a TSE and are disabled.

Note: Client session Netop configuration files are stored in user profile directories, see the User’sGuide Common Tools chapter Netop Configuration Files section or the matching Netop Guest Help orNetop Host Help system section.

Advanced Tools

160

5.1.2.4 Computer Resources Considerations (TSE)

The terminal server console and client session Netop modules share the same computer resources,namely the terminal server computer resources, limited only by restrictions applied to the users loggedon to the terminal server.

This applies to files, installed programs and peripherals such as outside connections and printers.Consider this carefully, particularly when specifying Guest Access Security and Maintenance Passwordsettings for TSE Netop modules.

5.2 Netop Guest ActiveX Component

Netop Guest ActiveX Component is an ActiveX component that enables Netop Guest remote controlfunctionality to an area in a file.


· Requirements (ActiveX)

· How to Use Netop Guest ActiveX Component

· NetopX Connect Window

· NetopX Properties Window

· NetopX Remote Control Window

· Programmer Information

5.2.1 Requirements (ActiveX)

To run Netop Guest ActiveX component on a computer that uses a Microsoft Windows operatingsystem, these system requirements apply:

Computer Intel 80486 processor or higher, or 100 % compatible.

Memory 32 MB.

Platform Windows operating system with Internet Explorer 4.01 or later.

5.2.2 How to Use Netop Guest ActiveX Component

Before using Netop Guest ActiveX Component, read the ReadMe.txt file that resides in the root directoryof the Netop Remote Control CD. This file contains important general information and may containupdate information that was not available when this documentation was last edited.

The Netop Remote Control CD contains in its NRC\ACTIVEX directory the file NetopX.cab thatcontains Netop Guest ActiveX Component.

To use Netop Guest ActiveX Component, it must be embedded in a graphical area in a file that can beshown in a container application. Users with ActiveX programming skills will be able to embed NetopGuest ActiveX Component in a file based on the included Programmer Information.

The Netop Remote Control CD contains in its NRC\ACTIVEX directory also a netopx.htm file thatdemonstrates Netop Guest ActiveX Component. Run (double-click) netopx.htm to show this window:

Advanced Tools

161

Netop Guest ActiveX Component is embedded in the gray area.

Click in the gray area to show NetopX Connect.

Right-click in the gray area to show NetopX Properties.

Advanced Tools

162

5.2.3 NetopX Connect Window

Click an area that contains Netop Guest ActiveX Component to show this window:

From this window, you can connect to Netop Host on another computer.

IP address or computer name []: Specify in this field the Netop Host IP address (if connecting by TCP,UDP or by TCP via Netop Gateway) or Host name (if connecting by UDP or by TCP via Netop Gateway).To use another IP port number than the default 6502, add its number, e.g. 192.168.20.51:1234.

¨ Via Netop Gateway []: To connect by TCP via a Netop Host network Netop Gateway, check this boxand specify the Netop Gateway computer IP address in the field (default: unchecked).

Click OK to typically show a logon window to specify the credentials demanded by Netop Host.

When connected, the clicked area will be replaced by the Netop Host computer screen image, see theUser’s Guide Netop Guest chapter Guest Sessions section Remote Control section Remote ControlDisplay section or the matching Netop Guest Help system section.

Note: When connected, the NetopX Properties Window Connection Tab will show the Host address andIP port number.

Properties: Click this button to show the NetopX Properties Window.

Advanced Tools

163

5.2.4 NetopX Properties Window

Right-click an area that contains Netop Guest ActiveX Component or in another NetopX window click theProperties button to show this window:

It contains these tabs:

· Keys Tab

· Graphics Tab

· Connection Tab

· Name Server Tab

Apply: This button will be enabled if property changes have not been saved. Click it to save propertychanges without closing the window.

5.2.4.1 Keys Tab

This is the NetopX Properties Window Keys tab:

It specifies hot keys (keystroke combinations).

To invoke Press this locally

Advanced Tools

164

Remote Control Dialog ¨ Ctrl ¨ Alt []: Show the NetopX Remote Control Window (default hot key:CTRL+ALT+END).

Ctrl-Alt-Del ¨ Ctrl ¨ Alt []: Send the keystroke combination CTRL+ALT+DEL to NetopHost (default hot key: CTRL+ALT+F7).

Ctrl-Esc ¨ Ctrl ¨ Alt []: Send the keystroke combination CTRL+ESC to Netop Host(default hot key: CTRL+ALT+F8).

Alt-Tab ¨ Ctrl ¨ Alt []: Send the keystroke combination ALT+TAB to Netop Host(default hot key: CTRL+ALT+F9).

You can edit each hot key in the enabled check boxes and drop-down box.The disabled field to the rightwill show the key scan code of the key selected in the drop-down box. Select Other in the drop-downbox to enable the field to specify a key scan code in it.

Note: The effect of sending these keystroke combinations to Netop Host is explained in the User'sGuide Netop Guest chapter Guest Sessions section Remote Control section Title Bar section and inthe matching Netop Guest Help system section.

5.2.4.2 Graphics Tab

This is the NetopX Properties Window Graphics tab:

It specifies Netop Host computer screen image show properties.

¨ Transfer Host screen as bitmap: Check this box to transfer the Netop Host computer screen imageas bitmap, see the User’s Guide Netop Guest chapter Session Tools section Connection Propertiessection Compression/Encryption Tab section or the matching Netop Guest Help system section(default: unchecked).

¨ Stretch screen image to fit window: Check this box to resize the Netop Host computer screen imageto fit within a window size specified by the container application, see the User’s Guide Netop Guestchapter Session Tools section Connection Properties section Display Tab section or the matchingNetop Guest Help system (default: unchecked).

Note: The Microsoft Internet Explorer container application of the NetopX demonstration window doesnot specify a window size.

[] Scroll position X: Specify a number in the field to show the Netop Host computer screen imagescrolled that number of pixels to the left (default: 0).

[] Scroll position Y: Specify a number in the field to show the Netop Host computer screen imagescrolled that number of pixels up (default: 0).

Advanced Tools

165

5.2.4.3 Connection Tab

This is the NetopX Properties Window Connection tab:

It specifies and will show connection properties.

þ Remote keyboard (send all keystrokes): Leave this box checked to while connected send allkeystrokes except CTRL+ALT+DEL to Netop Host if allowed by Netop Host Guest Access Security(default: checked). Uncheck to not send keystrokes for which a hot key is specified on the Keys Tab.

¨ Lock keyboard and mouse on Host: Check this box to while connected disable the Netop Hostcomputer keyboard and mouse if allowed by Netop Host Guest Access Security (default: unchecked).

¨ Blank screen on Host: Check this box to while connected make the Netop Host computer screenturn black to the Netop Host computer user if allowed by Netop Host Guest Access Security (default:unchecked).

Note: These remote control options are explained in the User's Guide Netop Guest chapter GuestSessions section Remote Control section Title Bar section and in the matching Netop Guest Helpsystem section. Guest Access Security is explained in the User's Guide Netop Host chapter HostTools section Guest Access Security section and in the matching Netop Host Help system section.

Connection type


¡ TCP ¨ Encapsulate in HTTP: Use the TCP/IP (TCP) communication device. Check the box to addan HTTP header to data packets and use IP port 80 to facilitate firewall passage (default:unchecked).

Note: The TCP/IP (TCP) communication device is explained in the User's Guide Common Toolschapter Communication Devices section TCP/IP (TCP) section and in the matching Netop GuestHelp and Netop Host Help system sections.

¤ UDP ¨ Use TCP for session if possible: Use the TCP/IP communication device (default selection).Check the box to if possible switch to the TCP/IP (TCP) communication device when a session hasbeen established to speed up communication (default: unchecked).

Note: The TCP/IP communication device is explained in the User's Guide Common Tools chapterCommunication Devices section TCP/IP section and in the matching Netop Guest Help and NetopHost Help system sections.

[] Host address: While connected, this disabled field will show the Netop Host address.

Advanced Tools

166

[] IP port number: This disabled field will show the currently used IP port number (default: 6502).

5.2.4.4 Name Server Tab

This is the NetopX Properties Window Name Server tab:

It specifies Netop Name Management use details.

Note: Fill in this tab only if you want to use Netop Name Management to connect by name resolution,see the User's Guide Common Tools chapter Communication Devices section TCP/IP section TCP/IPSettings section Name Resolution subsection or the matching Netop Guest Help or Netop Host Helpsystem section.

Name Space ID []: Specify in this field the applicable Name Space ID (default: empty).

Primary Address []: Specify in this field the IP or DNS address of the primary Netop Name Server(default: empty).

Secondary Address []: Specify in this field the IP or DNS address of the secondary Netop Name Server(default: empty).

5.2.5 NetopX Remote Control Window

Click in the Netop Host computer screen image and press the Remote Control Dialog hot key (default:CTRL+ALT+END) to show this window:

Advanced Tools

167

Disconnect from Netop Host: Click this button to disconnect.

Properties: Click this button to show the NetopX Properties window.

Write Log: Click this button to save a debug trace named NETOPX.LOG in the container applicationcurrent directory, see the User’s Guide Netop Guest chapter Guest Tools section Debug Trace sectionor the matching Netop Guest Help system section.

Cancel: Click this button to close the window.

5.2.6 Programmer Information


· NetopX Methods

· NetopX Events

· NetopX Properties

· NetopX Messages

5.2.6.1 NetopX Methods

long Connect(BSTR address)

Return Code Explanation

0 OK, connecting

1 Already connected

long ConnectNameServers()


0 OK, connected

1 Invalid name space ID

2 Timeout searching for name servers

3 Found name servers, but error connecting

long Hangup()


None No return codes

long SendDomainUsernamePassword(BSTR Domain, BSTR Username, BSTRPassword)


0 OK

long SendPassword(BSTR Password)


0 OK

long SendUsernamePassword(BSTR Username, BSTR Password)


0 OK

Advanced Tools

168

5.2.6.2 NetopX Events

All parameters named DealtWith should be returned as TRUE (not zero) if you want to override NetopX'sown event handling.

Event ExplanationOnResize(long width, long height) Fired when host resolution changes and on

connection. Parameters are host screen size inpixels.

OnHangup() Fired when connection is hung up.OnScroll(long x, long y) Dummy. Never fired.OnConnect() Fired on successful connection.OnBusy(long* DealtWith) Fired on unsuccessful connection due to busy

host.OnCommunicationError(long* DealtWith) Fired when communication error occurs.OnConnectFailed(long* DealtWith) Fired on unsuccessful connection due to unknown

reason.OnLoginFailed(long* DealtWith) Fired on invalid username or passwords used for

logon.OnDisplayMessageBox(long MessageNo,long* DealtWith)

Fired before NetopX puts up a modal messagebox.Messages are listed below.

OnShowMessage(long MessageNo, long*DealtWith)

Fired before NetopX puts up a non-modalmessagebox. Messages are listed below.

OnEditProperties(long* DealtWith) Fired before NetopX puts up its properties dialog.OnSpecialKey(long* DealtWith) Fired before NetopX puts up its remote control

dialog.OnEnterPassword(long Retrying, long*DealtWith)

Fired when NetopX wants a password in the "Grantall Guests Default Privileges" state. Connectionmethod SendPassword() with a password asparameter.

OnEnterUsernamePassword(longRetrying, long* DealtWith)

Fired when NetopX wants a password in the "NetopAuthentication" state. Connection methodSendUsernamePassword() with a password asparameter

OnEnterDomainUsernamePassword(longRetrying, long* DealtWith)

Fired when NetopX wants a password in the"Windows Authentication" state. Connectionmethod SendDomainUsernamePassword() with apassword as parameter

OnEnterConnectInfo(long* DealtWith) Fired before NetopX puts up its connect dialog.Connection method Connect() with acomputername or an IP address as parameter

DebugInfo(BSTR info) Fired in miscellaneous situations. Varies withversions and builds.

OnConnectNameServerFailed(long code,long* DealtWith)

Fired when the name server connection fails.

OnConnectNameServer() Fired when the name server connection succeeds.

5.2.6.3 NetopX Properties

Type Name

boolean isConnected

BSTR hostAddress

boolean stretchScreenToFitWindow

Advanced Tools

169

Type Name

long scrollPositionX

long scrollPositionY

long portNumber

boolean lockKeyboard

boolean blankScreen

BSTR gatewayAddress

long keySpecial

boolean ctrlSpecial

boolean altSpecial

long keyCtrlAltDel

boolean altCtrlAltDel

boolean ctrlCtrlAltDel

boolean bitmapMode

boolean altCtrlEsc

boolean ctrlCtrlEsc

long keyCtrlEsc

boolean altAltTab

boolean ctrlAltTab

long keyAltTab

boolean remoteKeyboard

long commProfile

BSTR nnsNameSpace

BSTR nnsPrimaryNameServer

BSTR nnsAlternateNameServer

5.2.6.4 NetopX Messages

Number NetopX Message

1 Error opening net

2 Error closing net

3 Error browsing on net

4 Connection failed

5 Could not listen

6 Error sending record

7 Error receiving record

8 Hook reports error

9 Hook could not initialize

10 No Hook object

11 Could not allocate memory for small grab bitmap

12 Could not allocate memory for large grab bitmap

13 The Host user clicked the Deny Access button

14 Illegal password

15 Too many illegal passwords entered

16 Password is too long. Max is 16 characters

17 Guest username is too long. Max is 32 characters

18 Error allocating communication memory

19 Switch to Netop authentication or update Host

20 Cancelling ...

21 Communication error

22 Waiting for Host user to confirm access

Advanced Tools

170

Number NetopX Message

23 Host found. Establishing connection ...

24 Session established with host ...

25 Session established with gateway ...

26 Cancelled

27 Old Host detected. Not all functions supported

28 Trying to find host ...

29 Trying to find gateway ...

30 Could not find host

31 Could not find gateway

32 Found host ...

33 Found gateway ...

34 Establishing session with host ...

35 Establishing session with gateway ...

36 Timeout establishing session

37 Host is busy

38 Found non-gateway

39 No dispatch reply from host

40 No dispatch reply from gateway

41 Dispatch reply error

42 Authenticating with host ...

43 Authenticating with gateway ...

44 Exchanging information ...

45 Initializing graphics ...

46 Direct connection failed

47 No host responds

48 Hanging up ...

49 Session ended by host

50 Could not find network

51 Network found ...

52 No access to closed user group

5.3 Netop Scripting ActiveX Control

The object control extension NFMSCRPT.OCX is installed in your Windows system32 directory whenyou install Netop Guest. It allows you to access the Guest's scripting capabilities from any programmingor scripting tool that supports ActiveX automation.

A commonly used tool is Microsoft Visual Basic (VB). The OCX is tested with VB, and examples in thissection are written mostly in VB. An example of a VBscript using an excerpt of the commands availableis:

Rc = Script.Initialize()

Rc = Script.Call("MyDesktop")

Rc = Script.IncludeSubdirectories(True)

Rc = Script.Synchronize("c:\MyDocuments\*.*", "c:\MyDocuments\*.*")

Rc = Script.Hangup()

Rc = Script.Uninitialize()

Scripts as simple as this are more easily created and executed with the script editor in the Netop Guestprogram. Say, however, that you wish to retry all or parts of your operations repeatedly until they have allsucceeded, you must make a more complex algorithm that this editor is not designed for. With

Advanced Tools

171

NFMSCRPT.OCX you can improve the above script to for example:


CallAgain:

Rc = Script.Call("MyDesktop")

Rc = Script.IncludeSubdirectories(True)

RcSync = Script.Synchronize("c:\MyDocuments\*.*", "c:\MyDocuments\*.*")


if (RcSync<>0) Then

WriteLog ("Failed. Trying again in 30 seconds")

WaitSeconds(30)

GoTo CallAgain:

End If


This section contains these topics:

· Creation and Deletion

· Startguest, Initialize and Uninitialize

· Connect and Disconnect

· Transferring Files

· Examples

· Reference

5.3.1 Create and Delete

An NFMscript object is created and eventually destroyed with the means of the programming tool. WithVB, you can use the visual way by right-clicking the object toolbar (the one on the left side), and chooseComponents. A dialog with all available OCXs appears. Check the box with Netop File Manager Script,and click OK. A script icon will be added to your toolbar. Click this icon, then click the location in theform where you want the NFM script object placed, and drag it out. The default visual representation is atree view showing commands as they execute, so even though the control initially shows up blank, itmay be an idea to give it a reasonable size.

Assume you have named your NFMScript object Script. Script.ClearLog() can be used to clearthe treeview log window. If you do not want any visual feedback, you can make the script invisible. Youcan also choose another reporting mode than ReportLog().

Set Script.Visible = False

Rc = Script.ReportSilent()

Rc = Script.ReportStatus()

Rc = Script.ReportLog()

The OCX can handle any number of simultaneous NFMscript objects, but the Netop Guest will limit youto a maximum of 10 active objects at a time. The 11th and all further objects can be created but willalways return error codes from all methods.

5.3.2 StartGuest, Initialize and Uninitialize

NFMSCRPT.OCX is only another way of wrapping up the Netop Guest. Therefore, the Netop Guestprogram has to be running when the OCX executes. The simplest way is to start it manually beforestarting the program or script you are writing using NFMSCRPT.OCX.

You may, however, want to hide the Netop Guest program and consider it an invisible service that is

Advanced Tools

172

needed to run with your application. If you wish that, you can call the StartGuest() function.

In VB you would typically do that in the Form_Load() function for your initial form:

Sub Form_Load()

Dim Rc As Long

Again:

Rc = Script.StartGuest(True)

if (Rc < -12 Or Rc > -11) Then

MsgBox("Can’t start Netop Guest, please exit Host")

GoTo Again

End If

End

If Netop is installed and is working properly, the most likely reason for not being able to start the Guestprogram is that the Host is running. You must manually stop the Host. When the Guest has started,you can send commands to it from any NFMscript object you have created. The first command anyobject should send is the Initialize command that creates connection between the object and the Guest.This will typically happen as a reaction to the click of a button.

Sub Button_Click()


if (Rc <> 0) Then

MsgBox("No connect. Is Netop Guest Running?")

GoTo EndButtonClick

End If

'<... do your stuff...>


EndButtonClick:

End

One reason Initialize might fail and return nonzero might be that the Guest program could not start. It isgood practice to call Uninitialize() when you are returning from your subroutine. This way you willfree the connection to the Guest to be used for others. If you forget Uninitialize(), it will be doneimplicitly for you if you call Initialize() again, but you will be blocking 1 out of 10 connections toyour Guest in the meanwhile.

Uninitialize() returns 0 on success and a nonzero code on error. You need not take any specificaction, if an error is returned. When your application exits, it is good practice to call FreeGuest() thatwill do all needed clean up. Your program will work OK without a call to FreeGuest(), but you will berelying on the program exit to clean everything up.

Note: If you are writing a script for browser use (e.g. Internet Explorer), do not call FreeGuest(), asyou are not the one to decide when Internet Explorer exits.

Sub StopButton_Click()

Rc = Script.FreeGuest()

Stop

End

Summary

StartGuest() may be called once at program start, no matter how many NFMscript objects you wishto create. FreeGuest() should be called on exit, and never in browser scripts. Initialize() mustbe called before any other command. The one exception is StartGuest().

After Uninitialize(), no other commands but FreeGuest() will succeed until the next

Advanced Tools

173

Initialize(). You can have any number of Initialize()..Uninitialize() sessions on thesame object.

5.3.3 Connect and Disconnect

The next thing you have to do is to connect to a Netop Host program running on another computer. The Call() command will establish this connection for you. If it fails, it will return a nonzero error code. If itsucceeds, it will return 0. The argument to Call() is a string that is the name of the Netop phonebook(.dwc) file. In this file is stored the name of a computer and the parameters for how to connect to it. Thephonebook files are the ones shown on the Netop Guest program Phonebook tab. Say you have aphonebook file named Venus.dwc:

Sub Button_Click()


Rc = Script.Call("Venus")

if (Rc <> 0) Then

MsgBox("Venus not responding")

GoTo EndButtonClick

End If

'<... do your stuff...>



EndButtonClick:

End

It is good practice to call Hangup() before you make your next Call(). If you happen to make a newCall() before Hangup(), on the first one it will be hung up automatically. One good reason not toomit calling Hangup() is to save money on your telephone bill. You can make as many Call()s andHangup()s you want on the same object.

Please be aware that the argument to Call() is NOT the name of the computer you wish to connectto. It is the name of a phonebook file. As such files often reside in the Netop phonebook directory, youneed not specify a path if you have the file there. As the Netop default for phonebook filename extensionis .dwc, you need neither pass that, so the three calls below do the same, but the two last areindependent of where Netop is installed.

Script.Call("C:\program files\netop remote control\phbook\venus.dwc")

Script.Call("venus.dwc")

Script.Call("venus")

Script.Call("*")

The fourth call does not know which phonebook file it wants to use. The "*" parameter will cause a fileselection box to pop up, where the end user can select a *.dwc file in the phonebook directory.

Traversing the Phonebook

If you want a control that makes the phonebook files available, other than the independent popup fileselection box made with Script.Call("*"), you can traverse the phonebook directory like forexample below, where a combo box is used:

Sub Combo1_Dropdown()

Dim More As Boolean

More = Script.PhonebookSetFirst()

Do While (More)

Combo1.Add(Script.PhonebookGetName())

More = Script.PhonebookGetName()

Advanced Tools

174

Loop

End Sub

Sub Combo1_Click()

Script.Call(Combo1.Value)

Script.Hangup()

End Sub

If you wish to traverse only a subset of all your phonebook connections, place the ones you want toexpose in a sub folder named for example offices, using the Phonebook tab control in the Netop Guestprogram, then use:

Script.PhonebookSetSubfolderFirst("offices")

Summary

Call() must be called to connect to a Host. After a successful Call(), you can execute othercommands. Do Call("*") to enable dynamic selection.

When done with the Host, call Hangup(). After a Hangup(), no commands that need Host accesswill succeed.

You can have any number of Call()..Hangup() connections on the same object.

5.3.4 Transfer Files

After a Call() and before a Hangup(), you can call the file transfer commands that are:

Script.CopyFromHost (RemoteFileFilter, LocalDirectory)

Script.CopyToHost (LocalFileFilter, RemoteDirectory)

Script.CloneFromHost (RemoteDirectory, LocalDirectory)

Script.CloneToHost (LocalDirectory, RemoteDirectory)

Script.Synchronize (LocalDirectory, RemoteDirectory)

Script.SynchronizeOneway (LocalDirectory, RemoteDirectory, Direction)

Remote indicates files on the remote computer where Netop Host runs, Local is the computer whereyour NFMscript application and Netop Guest run.

File filters must be legal Windows file filters like C:\winnt\*.exe. The name of one single file like C:\config.sys is also a legal file filter. Blanks are allowed in names. The functionality of these commandsis explained in Netop Script.

The dialogs of Netop are not shown during the execution of the commands, unless the command needsits end user to take a decision, for example whether a file should be overwritten or not. But if you call forexample CopyToHost() on a very large file via a slow telephone line, your application is not locked. Inyour script program:

· All events are still processed, so any button can be pressed

· Progress of commands can be caught and monitored

· Cancelling commands is built-in, and can even be customized

Important

The methods in an NFMscript object are not re-entrant. In order to keep your application alive andresponsive, all messages are processed while the method waits for Netop to finish processing themethod. This makes it possible for you to call the same method again while the first call you made hasnot returned yet. Such a call will not work correctly, but return a busy code. It is your application'sresponsibility to ensure that methods in the NFMscript objects are not re-entered into. One very usefulexception to this rule is the three cancel methods.

Cancel

Advanced Tools

175

If you have chosen to have your NFMscript visible in your application, your end user can press theescape key in the script log window. This fires the internal OnCancel() event. The built-in action onthat event is that a message box pops up with an option of four actions:

Continue (Action 0)

Cancel Command (Action 1)

Cancel Call (Action 2)

Cancel Script (Action 3)

Selecting Continue will cause the script to continue as if nothing has happened. In fact, Netop Guestis never notified.

All three other NFMscript cancel replies will send a Cancel() command to Netop. Netop will aspromptly as possible cancel the last command it received from your script, and that script function willreturn with an error. What will happen next is different for each of the three cancel replies.

Selecting Cancel Command will cause the next script command to be issued to Netop. Only onesingle script command is canceled. Cancel Command should be used when for instance one largeirrelevant file blocks a useful transfer of many files.

Selecting Cancel Call will cause all further script commands to be ignored until the next Hangup()command. All commands from the current command until the next Hangup() command will simplyreturn successfully without doing anything. Cancel Call addresses the situation where you forinstance picked the wrong computer to connect to.

Cancel Script works the same way, but until the next Uninitialize() command. It should beused when you want to stop everything and evaluate what to do next.

If you want your own interface for canceling, you can use the three equivalent cancel commands fromthe script interface. Since all events are still being processed during the execution of a command like CopyToHost(), all buttons will respond at any time. From your own cancel button, call:

Script.CancelCommand()

or

Script.CancelCall()

or

Script.CancelScript()

For instance like this, if you designed a button named CancelButton:

Sub CancelButton_Click()

Script.CancelCall()

End Sub

If you want to use the internal cancel event but construct your own actions on that event, fill in the OnCancel() event that the OCX will fire on your script application before putting up its message box.

You can for instance do like the following to make the user dialog less complex by allowing only CancelScript:

Private Sub Script_OnCancel(Action As Long)

rc = MsgBox("Cancel?", vbYesNo)

If rc = vbYes Then Action = 3

If rc = vbNo Then Action = 0

End Sub

In the parameter Action, you return 0 for Continue, 1 for Cancel Command, 2 for Cancel Calland 3 for Cancel Script. Action will arrive to you with a value of -1. If you do not change that value,the built-in message box above will pop up, otherwise not.

Add an Option Dialog

Advanced Tools

176

In parallel with OnCancel(), you will find OnRbuttonDown(). A difference is that this event has nodefault action. It only does what you program. The parameter is available to allow for future extensions.For forwards compatibility, return a zero for no action.

Private Sub Script_OnRbuttonDown(Action As Long)

rc = MsgBox("Include Subdirectories", vbYesNo)

If rc = vbYes Then Script.SetIncludeSubdir(True)

If rc = vbNo Then Script.SetIncludeSubdir(False)

Action = 0

End Sub

Monitor Progress

You can at any time query the progress of a script command. It is however your application’sresponsibility to find a suitable place in your code to do it from. The NFMscript exposes the function:

Script.GetProgress()

- that returns a percentage between 0 and 100. To use this from VB, instance a timer and a progressbar. You can for instance get the progress bar from one of the Microsoft common controls OCXs:

Sub Button_Click()

rc = Script.Call(..)

Timer1.Interval = 500

rc = CopyToHost(....)

Timer1.interval = 0

Script.Hangup()

End Sub

Sub Timer1_Timer()

ProgressBar1.Value = Script.GetProgress()

End Sub

Settings

Netop Script has many parameters for the file transfer commands. All of these have been made availableas methods named Set<NameOfItem>() in the OCX.They are:

SetOverwriteReadonly(BOOL YesNo)

SetOverwriteHidden(BOOL YesNo)

SetOverwriteSystem(BOOL YesNo)

SetOverwriteExisting(BOOL YesNo)

SetRetriesOnTransferError(long Retries)

SetRetriesOnConnectError(long Retries)

SetDeltaFileTransfer(BOOL YesNo)

SetCrashRecovery(BOOL YesNo)

SetCompression(long Level)

SetConnected(BOOL conn)

SetIncludeEmptyDir(BOOL YesNo)

SetIncludeSubDir(BOOL YesNo)

SetIncludeHiddenAndSystem(BOOL YesNo)

SetIncludeOnlyNewer(BOOL YesNo, DATE DateTime)

SetIncludeOnlyExisting(BOOL YesNo)

You may ask why these are methods and not properties, since all they seem to do is to set the value of

Advanced Tools

177

a variable. The reason is that some of them must be implemented as sending real commands to Netop,while others just set a value to be used as an option for another command. For consistency, all settingsare implemented as methods.

Execute

Many methods in NFMSCRPT.OCX correspond to commands in the Netop Script command language.This is the syntax you see in the Netop Guest’s script editor dialog and also in the OCX log window. Ifyou want, you can send commands directly in that command language using:

Rc = Script.Execute(String Command),

The purpose of this OCX is however to relieve you of the burden of a lot of string formatting and eventhandling, so this entry is only published as an extra service for unforeseen circumstances.

5.3.5 Examples

In the directory where Netop Guest is installed, you will find a file named examples.zip. Unzip this file toget the source code and executables for the examples Hello World Script, Visit all Hosts Script andKeep Synchronized Script.

Hello World Script

HelloWorldScript.exe is the simplest possible example. When you press the Start button, it will copy afile to a Host computer. The Visual Basic project HelloWorldScript.vbp is included.

Private Sub Command1_Click()

Dim Rc As Long

Rc = HelloScript.Initialize

Rc = HelloScript.Call("*")

'Move some arbitrary file across. This one is always there

Rc = HelloScript.CopyToHost(HelloScript.GetInstallDir() + "\netop.fac","c:\*.*")

Rc = HelloScript.Hangup

Rc = HelloScript.Uninitialize

End Sub

Private Sub ExitButton_Click()

HelloScript.FreeGuest

Stop

End Sub

Private Sub Form_Load()

HelloScript.StartGuest (True)

End Sub

Visit All Hosts Script

This example has more features. In the beginning, we declare a logical variable, and we start NetopGuest when the program starts up. Next, we cycle through the available phonebook files in thephonebook root directory and write their names in the log. Our intention is to visit all of these hosts oneby one.

Dim More As Boolean


Script.StartGuest True

More = Script.PhonebookSetFirst

Do While More

Script.WriteLog "Will visit " + Script.PhonebookGetFilename

Advanced Tools

178

More = Script.PhonebookSetNext

Loop

End Sub

There is a button labeled Start Visit. When this button is clicked, we show a dialog in which we willshow what we are doing with the Host while executing a CopyToHost() operation. When we arefinished, we stop the dialog and hide it:

Private Sub StartButton_Click()

StartButton.Enabled = False

StopButton.Enabled = True

Script.Initialize

More = Script.PhonebookSetFirst

Do While More

rc = Script.Call(Script.PhonebookGetFilename)

VisitDialog.Show

Script.CopyToHost Script.GetInstallDir + "\netop.fac", "c:\*.*"

VisitDialog.Animation1.AutoPlay = False

VisitDialog.Timer1.Interval = 0

Script.Hangup

VisitDialog.Hide

More = Script.PhonebookSetNext

Loop

StopButton.Enabled = False

StartButton.Enabled = True

Script.Uninitialize

End Sub

The dialog shows the .AVI file with the filecopy animation that also explorer does. The dialog has a timerthat updates a progress bar:


Caption = VisitForm.Script.PhonebookGetFilename

Timer1.Interval = 100

Animation1.Open "d:\netop\v60\filecopy.avi"

Animation1.AutoPlay = True

End Sub

Private Sub CancelButton_Click()

VisitForm.Script.CancelCall

Hide

End Sub

Private Sub Timer1_Timer()

ProgressBar1.Value = VisitForm.Script.GetProgress

ProgressBar1.Refresh

End Sub

Keep Synchronized Script

This is an example that shows timing and repetition using the Wait…() functions.

Initially, the Guest is started, and the initial parameters for the interface and the internal variables are

Advanced Tools

179

set:

Dim Rc As Long

Dim TryAgain As Boolean


Script.StartGuest (True)

TryAgain = True

StartTime.Value = Now

StartDate.Value = Today

End Sub

In the following section, the WaitUntil() function holds execution until the date and time are enteredinto the Microsoft DTPicker controls StartDate and StartTime. Call(“*”) leaves it up to the enduser to pick a phonebook file in a FileDialog, then Synchronize() synchronizes the contents of twodirectories. If the interface’s checkbox is checked, the program will try to repeat the Call() andSynchronize() periodically, until you actively stop it. While inactive, the program will hide itself.

Private Sub StartButton_Click()

Rc = Script.Initialize

Rc = Script.WaitUntil(StartDate.Value, StartTime.Value)

Again:

Rc = Script.Call("*")

If (Rc <> 0) Then GoTo Done

Rc = Script.Synchronize("C:\reports\*.*", "c:\reports\*.*")

If (Rc <> 0) Then MsgBox ("This example assumes a directory C:\REPORTS")

Rc = Script.Hangup

If (Repeat.Value = Checked And TryAgain) Then

If (MsgBox("Now sleep: " + CStr(Interval.Value), vbOKCancel) _

= vbCancel) Then GoTo Done

KeepInSyncForm.Hide

Script.Wait (Interval.Value)

KeepInSyncForm.Show

GoTo Again

End If

Done:

Rc = Script.Uninitialize

End Sub

The button labeled Stop will cancel the repeating cycles:

Private Sub StopButton_Click()

Script.CancelScript

TryAgain = False

End Sub

The button labeled Clear will clear the log. This can be useful if it becomes very long.

Private Sub ClearButton_Click()

Script.ClearLog

Script.WriteLog ("Ready")

End Sub

Advanced Tools

180

The Exit button will free the Guest and stop the program.

Private Sub ExitButton_Click()

Script.FreeGuest

Stop

End Sub

If you hold down the right mouse button, you can clear the log.

Private Sub Script_OnRbuttonDown(Action As Long)

If (MsgBox(“Clear Log?”, vbYesNo) = vbYes) Then

ClearButton_Click

Action = 0

End If

End Sub

5.3.6 Reference

This table explains all the Netop Scripting ActiveX Control API methods.

Note: All NFMscript methods that return a Long, return zero for success (Unless otherwise specified).

Method DescriptionCall (Filename As String)As Long

Call a phonebook entry. See also Hangup() and CancelCall().If Initialize() was not called, it will be called implicitly. Thatwill in turn call StartGuest() if the Guest is not already running.If another Call() is currently active, it will be hung up. If you wanttwo simultaneous Call()s, you must use two NFMscript objects.

CancelCall () As Long Cancel the Call() that is currently active. Typically calledasynchronously from a separate button. The current method (e.g. CopyFromHost) will be canceled and return an error code. Allfollowing methods will return immediately with no error, until yourprogram executes the next Hangup() or Call() method.

CancelCommand () As Long Cancel the method call that is currently active. Typically calledasynchronously from a separate button. The current method (e.g. CopyFromHost) will be canceled and return an error code. Allfollowing methods will execute as if nothing had happened.

CancelScript () As Long Cancel the Call() that is currently active. Typically calledasynchronously from a separate button. The current method (e.g. CopyFromHost) will be canceled and return an error code. Allfollowing methods will return immediately with no error, until yourprogram executes the next Uninitialize() or Initialize()method.

ClearLog () As Long Clears the script object's log window.CloneFromHost (RemoteDirAs String, LocalDir AsString) As Long

Clones the RemoteDir directory to the LocalDir directory. ACall() must be open to the computer with the RemoteDir.RemoteDirA directory on the remote computer where Netop Host runs. Mustend with "\*.*".LocalDirA directory on the local computer where Netop Guest runs. Mustend with "\*.*".

CloneToHost (LocalDir AsString, RemoteDir AsString) As Long

Clones the LocalDir directory to the RemoteDir directory. ACall() must be open to the computer with the RemoteDir.LocalDirA directory on the local computer where Netop Guest runs. Mustend with "\*.*".

Advanced Tools

181

RemoteDirA directory on the remote computer where Netop Host runs. Mustend with "\*.*".

CopyFromHost(RemoteFilter As String,LocalDir As String) AsLong

Clones the files matching RemoteFilter to the LocalDirdirectory. A Call() must be open to the computer with theRemoteFilter.RemoteFilterA valid file filter on the remote computer where Netop Host runs. Anexample could be "C:\DATA\*.XLS".LocalDirA directory on the local computer where Netop Guest runs. Mustend with "\*.*".

CopyToHost (LocalFilterAs String, RemoteDir AsString) As Long

Clones the files matching LocalFilter to the RemoteDirdirectory. A Call() must be open to the computer with theRemoteDir.LocalFilterA valid file filter on the local computer where Netop Guest runs. Anexample could be "C:\DATA\*.XLS".RemoteDirA directory on the remote computer where Netop Host runs. Mustend with "\*.*".

DirGetName () As String Returns the name of the current subdirectory from DirSetFirst/Next().

DirSetFirst (Directory AsString) As Boolean

Initializes the directory search entries, so that the next call to DirGetName() will return the name of the first subdirectory of "Directory" on the remote computer. A Call() must be open tothe remote computer. If there are no such subdirectories, the returnvalue is False. On success, the return value is True.DirectoryA directory on the currently Call()ed remote computer.

DirSetNext () As Boolean Advances to the next directory search entry, so that the next callto DirGetName() will return the name of the next subdirectory. Ifthere are no more subdirectories, the return value is False. Onsuccess, the return value is True.

DriveGetName () As String Returns the name of the current disk drive from DriveSetFirst/Next().

DriveSetFirst () AsBoolean

Initializes the disk drive entries, so that the next call to DriveGetName() will return the name of the first disk drive on theremote computer that you currently have made a Call() to. Ifthere are no disk drives, the return value is False. On success, thereturn value is True.

DriveSetNext () AsBoolean

Advances to the next disk drive entry, so that the next call to DriveGetName() will return the name of the next disk drive. Ifthere are no more drives, the return value is False. On success,the return value is True.

Execute (Command asString) As Long

Execute a script editor command. The format of these commandsresemble the NFMscript methods, see the User's Guide NetopGuest chapter Session Tools section Netop Script sectionCommands section Commands in the Script File section.CommandThe command to execute.

FileGetAccessed () AsDate

Returns the last access date for the file selected with FileGetFirst/Next().

FilGetArchive () asBoolean

Returns the archive flag for the file selected with FileGetFirst/Next().

FileGetCreated () As Date Returns the create date for the file selected with FileGetFirst/

Advanced Tools

182

Next().FileGetHidden () AsBoolean

Returns the hidden flag for the file selected with FileGetFirst/Next().

FileGetModified () AsDate

Returns the modified date for the file selected with FileGetFirst/Next().

FileGetName () As Date Returns the name of the file selected with FileGetFirst/Next().

FileGetReadonly () AsBoolean

Returns the read only flag for the file selected with FileGetFirst/Next().

FileGetSize () As Long Returns the size of the file selected with FileGetFirst/Next().If the size is above 2GB, -1 will be returned.

FileGetSystem () AsBoolean

Returns the system flag for the file selected with FileGetFirst/Next().

FileSetFirst (FileFilterAs String) As Boolean

Initializes the file entries, so that the next call to FileGet…() willreturn a property of the first file on a remote computer matching thegiven file filter. If there are no entries, the return value is False. Onsuccess, the return value is True. There must be an open Call()on the remote computer.FileFilterA legal file filter on the remote computer, e.g. "C:\*.*".

FileSetNext () As Boolean Advances to the next file entry, so that the next call to FileGet…() will return the name of the next remote file. If there are no morefiles, the return value is False. On success, the return value isTrue.

FreeGuest () As Long Frees connection to Netop Guest DLLs and does other clean up.Not mandatory, but it is good practice to call this before yourapplication exits. Do not use this method in conjunction withbrowser scripts.

GetInstallDir () AsString

Returns the Netop install directory on the local computer where theNetop Guest program runs.

GetPhonebookDir () AsString

Returns the phonebook directory. The NETOP.INIPHONEBOOKPATH and DATAPATH settings are respected.

GetProgress () As Long Get the progress of the current method. Typically only useful withCopy, Clone and Synchronize methods. Returns the percentage 0-100 where 100 means done. Useful if you place it in a timer andfeed the result into a progress bar.

Hangup () As Long Disconnect the current Call().Initialize () As Long Initializes a Netop Guest session. Check that the return code is 0

(zero) before calling other methods. See also Uninitialize(). Ifthe Netop Guest is not already running, StartGuest() will becalled implicitly.

PhonebookGetFilename ()As String

Returns the name of the current phonebook file. If there are none,the string returned is "No Phonebook Entries or Error".

PhonebookSetFirst () AsBoolean

Initializes the phonebook entries, so that the next call to PhonebookGetFilename() will return the name of the firstphonebook file. If there are no entries, the return value is False. Onsuccess, the return value is True.

PhonebookSetNext () AsBoolean

Advances to the next phonebook entry, so that the next call to PhonebookGetFilename() will return the name of the nextphonebook file. If there are no more files, the return value is False.On success, the return value is True. Can be used with bothPhonebookSetFirst() and PhonebookSetSubfolderFirst().

PhonebookSetSubfolderFirst (Folder As String) As

Initializes the phonebook entries, so that the next call to PhonebookGetFilename() will return the name of the first

Advanced Tools

183

Boolean phonebook file in a specific subdirectory of the phonebook directory.If there are no entries, the return value is False. On success, thereturn value is True.

RunLocal (Command AsString) As Long

Runs an operating system executable file with parameters on yourlocal computer.CommandThe name of a BAT, COM or EXE file. If you want to use shellcommands, you must give the name of the shell executable. For NTand Win95 it is "cmd.exe", so you can use "cmd /c dir c:\*.*" or"cmd /k rename autoexec.bat autoexec.old".

RunRemote (Command AsString) As Long

Runs an operating system executable file with parameters on aremote computer. A Call() must be open to that computer.Please note that the outcome of this depends on the setup of theremote computer environment, and is 100 % independent of yourlocal computer.CommandThe name of a BAT, COM or EXE file. If you want to use shellcommands, you must give the name of the shell executable. ForWindows it is "cmd.exe", so you can use "cmd /c dir c:\*.*" or "cmd/k rename autoexec.bat autoexec.old".

SetCompression (Level AsLong) As Long

Set the compression level.LevelAn integer number. 0 means no compression, >0 meanscompression

SetCrashRecovery (YesNoAs Boolean) As Long

Instructs Netop whether to apply crash recovery. If a Call() isinterrupted, a partial file can be kept on the target disk. Only usefulif SetDeltaFileTransfer is on, so this method will implicitlyset SetDeltaFileTransfer to True.YesNoIf True, partial files will be kept on the target disk, andSetDeltaFileTransfer will be set, so the valid part does notneed to be retransmitted when you come back. If False, partialfiles will be cleaned up automatically if the connection is lost.

SetDeltaFileTransfer(YesNo As Boolean) AsLong

Instructs Netop whether to apply the Delta File Transfer method forminimizing the amount of data transfer. True is also set bySetCrashRecovery(True), but not cleared bySetCrashRecovery(False).YesNoIf True, Delta File Transfer will be applied when feasible. If False,all file transfers will unconditionally transfer all bytes in all files.

SetIncludeEmptyDir (YesNoAs Boolean) As Long

Instructs Netop whether to include empty directories in file transferoperations.YesNoIf True, empty directories are included. If False, they are notincluded.

SetIncludeHiddenAndSystem(YesNo As Boolean) AsLong

Instructs Netop whether to include hidden and system files in filetransfer operations.YesNoIf True, hidden and system files are included. If False, they arenot included.

SetIncludeOnlyExisting(YesNo As Boolean) AsLong

Instructs Netop whether to include only files that already exist withthe same name on the target computer in file transfer operations.YesNoIf True, only files that already exist with the same name on thetarget computer are transferred. If False, all files are transferred.

SetIncludeOnlyNewer(YesNo As Boolean, Date

Allows you to set a limit to how old files you want to include in filetransfer operations.

Advanced Tools

184

As Date) As Long YesNoIf True, only files that are newer than Date are transferred. IfFalse, all files are transferred.DateFiles with a modify date older than this will be excluded if YesNo isTrue.

SetIncludeSubDir (YesNoAs Boolean) As Long

Instructs Netop whether to include subdirectories of the directories/file filters given as source in file transfer operations.YesNoIf True, subdirectories will be included. If False, subdirectories willbe excluded.

SetOverwriteExisting(YesNo As Boolean) AsLong

Set the action you want when trying to overwrite existing files.YesNoIf True, existing files will be overwritten without warning. If False,existing files will cause a prompt in a dialog.

SetOverwriteHidden (YesNoAs Boolean) As Long

Set the action you want when trying to overwrite hidden files.YesNoIf True, hidden files will be overwritten without warning. If False,hidden files will cause a prompt in a dialog.

SetOverwriteReadonly(YesNo As Boolean) AsLong

Set the action you wish when trying to overwrite read only files.YesNoIf True, read only files will be overwritten without warning. If False,read only files will cause a prompt in a dialog.

SetOverwriteSystem (YesNoAs Boolean) As Long

Set the action you wish when trying to overwrite system files.YesNoIf True, system files will be overwritten without warning. If False,system files will cause a prompt in a dialog.

SetReportLog () As None Make the logging of events in the object's log window be the defaulttreeview representation.

SetReportSilent () AsNone

Disable the logging of events in the object's log window.

SetRetriesOnConnectError(Retries As Long) As Long

Set the number of times you want the file call method toautomatically retry making the connection before returning.RetriesAn integer number between 0 and 9 inclusive.

SetRetriesOnTransferError(Retries As Long) As Long

Set the number of times you want the file transfer method toautomatically retry an operation before returning.RetriesAn integer number between 0 and 9 inclusive.

StartGuest (Minimized AsBoolean) As Long

Starts the Netop Guest executable. If it is already started, StartGuest() will return with no error. If Netop Host is running,StartGuest() will return an error code.MinimizedIf True, the Guest will be attempted started up minimized.Return Codes -11 and -12 mean success.-11: Started OK.-12: Already started.

Synchronize (LocalDir AsString, RemoteDir AsString) As Long

Synchronizes two directories. A Call() must be open to theremote computer.LocalDirA directory on the local computer where the Netop Guest runs.Must end with "\*.*".RemoteDirA directory on the remote computer where the Netop Host runs.Must end with "\*.*".

SynchronizeOneWay(SourceDir As String,TargetDir As String,

Synchronizes two directories, but moves files one way only. A Call() must be open to the remote computer.SourceDir

Advanced Tools

185

ToHost As Boolean) AsLong

The directory from where the files originate. It can be local or remotedepending on ToHost. Must end with "\*.*".TargetDirThe directory to which the files are moved. It can be local or remotedepending on ToHost. Must end with "\*.*".ToHostIf True, files are moved only from Guest to Host. If False, files aremoved only from Host to Guest.

Uninitialize () As Long Uninitializes a Netop Guest session. After Uninitialize(),Initialize() must be called before calling other methods.Uninitialize is not mandatory, but good practice.

Wait (Period As Date) AsLong

Waits a number of hours, minutes and seconds and then returns.PeriodThe number of hours, minutes and seconds that you want themethod to wait before returning. Use WaitSeconds() to specifythe period as seconds.Note: If using AM-PM time notation, 12:00:01 AM will cause a waitof 1 second, not 12 hours and 1 second.

WaitSeconds (Period AsLong) As Long

Waits a number of seconds and then returns.PeriodThe number of seconds that you want the method to wait beforereturning.

WaitUntil (Date As Date,Time As Date) As Long

Waits until a specified local date and time and then returns. For usewith the Microsoft DTPicker object, this method has twoparameters, one for date and one for time.DateThe date you want the method to wait until before returning. If thisvariable has a time part, it will be ignored.TimeThe time of the above date when the method shall return. If thisvariable has a date part, it will be ignored.

WaitUntilAnyDay (Time AsDate) As Long

Waits until the next occurrence of a specified local time and thenreturns. This method is intended for applications that repeat anoperation at the same time every day.TimeThe time of any date when the method will return. If this variable hasa date part, it will be ignored.

WriteLog (Text As String)As Long

Writes a text in the script object's log window, if it is in the default SetReportLog() status.TextA string that shall be appended to the current treeview item in thelog.

5.4 Netop Remote Control Processes and Windows Security

This section explains the Windows access rights and privileges granted to Netop processes, which isnot related to Netop Host Guest Access Security by Windows Security Management.

It includes these sections:

· Netop Processes

· Main Host Processes

· Netop Helper Service

· NetopActivity Local Group

Advanced Tools

186

5.4.1 Netop Processes

Netop Remote Control processes can be grouped in three categories by the security context in whichthey run, that is the Windows access token assigned to the processes.

Main Host Processes

Main Host processes include the Netop Host or extended Host executable program (NHSTW32.EXEetc.) and some of the internal utility programs run by them.

Because Netop Remote Control is a remote control product rather than a traditional server service, theseprocesses and Guest induced operations such as file transfer are performed in a context nearly identicalto the context of the logged on user, rather than in a context derived from the identity (if any) statedwhen establishing the connection.

For more details, see Main Host Processes.

Netop User Programs

Netop user programs include Netop Guest (NGSTW32.EXE), Netop Security Manager (AMCONFIG.EXE), Netop Installation programs (SETUP.EXE and NDU.EXE), etc.

These are ordinary user programs that run in the security context of the logged on user. They are nottreated any different than e.g. NOTEPAD.EXE.

Netop Helper Service

Netop helper service includes only NHOSTSVC.EXE and only some of its running instances (someother running instances of NHOSTSVC.EXE run as Host processes or Netop user programs).

Netop helper service is the only Netop process that runs in the privileged LocalSystem contextperforming selected privileged operations on behalf of Netop.

For more details, see Netop Helper Service.

5.4.2 Main Host Processes


· Normal Operation

· Replace the Local Security Context

· Disable Main Host Processes Security

5.4.2.1 Normal Operation

The main Host processes include the Host or extended Host executable program (NHSTW32.EXE,NSSW32.EXE, NGWW32.EXE or NNSW32.EXE), utility programs run by the Host (NLDRW32.EXE,NUTIL32B.EXE, VITAWRAP.EXE, some instances of NHOSTSVC.EXE and RUNDLL32.EXE), and insome rare situations the Guest or Student programs (NGSTW32.EXE or NSTDW32.EXE). Programsstarted by Run Program may also run as main Host processes.

These processes form the bulk of the Netop Remote Control Host functionality. They run in the securitycontext of the interactively logged on user, but modified so that the access token also lists membershipof the NetopActivity Local Group. This extra group membership applies only to operations on the samecomputer. Network operations and a few other system operations will ignore it.

When no user is logged on or the logged on user cannot be determined, main Host processes run in thissynthesized local security context:

User ID Anonymous logon (S-1-5-7) (Windows NT or 2000) or Local Service (S-1-5-19)(Windows XP or later).

Groups NetopActivity, EveryOne (S-1-1-0), INTERACTIVE (S-1-5-4), Users (S-1-5-32-545, Windows 2000 and later only), S-1-5-1333028174-1801727600-1093862016-1001, S-1-5-1333028174-1801727600-1093862016-1024 and S-1-

Advanced Tools

187

5-1333028174-1801727600-1093862018-1024

Privileges SeChangeNotifyPrivilege (Traverse folders) and SeShutdownPrivilege (allowsreboot or shutdown through Netop).

Default owner NetopActivity, in a few cases Anonymous logon (S-1-5-7)

Default group NetopActivity

Default ACL LocalSystem – Full Access, NetopActivity – Full Access

Network credentials None

Depending on system configuration, Netop may be running in this local context all the time andimpersonate the logged on user, or it may run as the logged on user and impersonate the local context.

5.4.2.2 Replace the Local Security Context

The local security context described in Normal Operation can be replaced by an actual local or domainaccount by the Run As feature, see the User's Guide Netop Host chapter Host Tools section ProgramOptions section Run As Tab section or the matching Netop Host Help system section.

5.4.2.3 Disable Main Host Processes Security

In some cases, Netop may refuse to function as it should because overzealous security settings do notgrant some needed permission to neither EveryOne, INTERACTIVE nor NetopActivity. To diagnose ifthis is the cause of a problem, you can temporarily disable the security restrictions on the main Hostprocesses.

In the Windows Registry, find the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netop Host for NTService\SecurityLevel

Change the LowLevel key value from 0 to 1.

Caution: Changing this setting requires administrative privileges and creates an obvious security hole,so it should be returned to its default value 0 as soon as the cause of a problem has been identified.

Reload Netop Host with Netop Helper Service. The main Host processes will run with full LocalSystemrights and privileges rather than in the restricted context described in Normal Operation. This gives nonetwork access rights. Also if the Netop Host program is started manually by a user, it may arbitrarilychoose to run as either LocalSystem or that user. To make it run as LocalSystem, on the ProgramOptions window General Tab check the Load Host at Windows Startup box, then Reload Netop Hostwith Netop Helper Service.

The typical resolution of problems that need this setting is to grant the NetopActivity Local Group readpermission to some file, directory or registry key that is needed by Windows to perform a taskrequested by Netop.

Please inform Netop Support about any general permissions needed so that we can update the list ofpermissions granted by default, see NetopActivity Local Group.

5.4.3 Netop Helper Service

This small service has been carefully designed for extra high security. It is the only component of arunning Netop Remote Control installation that runs in the powerful LocalSystem context. The solepurpose and functionality of Netop Helper Service is to perform selected privileged operations on behalfof the other Netop processes so that these larger processes can be run with safer more restrictedprivileges. Netop Helper Service is designed to resist attempts to use it for any other purpose.

Netop Helper Service must be configured to run under the LocalSystem account with permission tointeract with the desktop. Any other configuration will probably fail or actually reduce overall security.Several of the tasks performed by Netop Helper Service are permitted only for the LocalSystem accountand have no administrative option to grant similar permission to a dedicated service account.

Netop Helper Service is located entirely in the program file NHOSTSVC.EXE, but not all processesrunning in this program file are part of Netop Helper Service or run in LocalSystem context. Additionally,

Advanced Tools

188

Netop Helper Service sometimes runs sub-tasks using RUNDLL32.EXE from the system32 directory,but only some of these run with LocalSystem privileges.

Notice that the bulk of Netop Remote Control runs in a much more restricted context, see Main HostProcesses.

Note: The major part of the NHOSTSVC.EXE file is error and log messages, not program code.

5.4.3.1 Reload Netop Host with Netop Helper Service

If you stop Netop Helper Service from the Windows Control Panel, NT Server Manager, MicrosoftManagement Console or other administrative tools, the service will unload the Host or extended Hostbefore the service stops. This action is logged in the Windows Application event log.

If you start or restart Netop Helper Service using the same tools, it will execute the actions it normallyexecutes when Windows starts on the computer. Stopping and starting Netop Helper Service istherefore a useful method for reloading a Host or extended Host remotely or through a batch file such as:

NET STOP “Netop Host for NT Service”

NET START ”Netop Host for NT Service”

Notice that the registry name of Netop Helper Service is Netop Host for NT Service for compatibility witholder Netop versions.

5.4.4 NetopActivity Local Group

The installation of Netop Host or an extended Host creates a Windows local group named NetopActivity.

The purpose of the NetopActivity local group is to contain the permissions required by Netop Host andextended Hosts to function properly on the computer. It has been carefully designed to serve only thispurpose.

The NetopActivity local group intentionally has no members.

Caution: Do not add any members to NetopActivity local group, as this will compromise computersystem security and integrity.

When Netop Host or an extended Host loads on the computer, Netop Helper Service will determinewhich permissions in addition to those granted to NetopActivity local group by default are required for theNetop module to function properly on the computer. These permissions will be granted to NetopActivitylocal group, if available. Netop Helper Service will log events of permissions granted persistently toNetopActivity local group in the Windows event log.

The permissions of the NetopActivity local group will be available to a Netop Host or extended Hostloaded on the computer.

A list of the default permissions granted to NetopActivity local group is published in the NetopKnowledgeBase. It will be revised from time to time based on user input and the developments inWindows operating systems.

Note: Do not confuse the Windows permissions of NetopActivity local group with the Windows SecurityManagement access privileges granted to Netop Guests on Netop Hosts or extended Hosts. These Guest Access Privileges are explained in the User's Guide Netop Host chapter Host Tools sectionGuest Access Security section Guest Access Privileges Tab section Grant Each Guest IndividualAccess Privileges Using Windows Security Management section and in the matching Netop Host Helpsystem section.


Other Operating Systems

189

6 Other Operating Systems

This main section explains the particulars of Netop Remote Control on computers that run on otheroperating systems than Windows.

Note: The User’s Guide and the Netop Guest Help and Netop Host Help systems explain thefunctionality of Netop Remote Control installed on computers that run on Windows operating systems.Functionalities that are identical with Windows and other operating systems are explained there. Thismain section explains functionalities that are different with other operating systems.


· Netop Remote Control (Linux)

· Netop Host Manager

· Netop Remote Control (Solaris)

· Netop Remote Control (Mac)

· Netop Remote Control (OS/2)

· Netop Remote Control (DOS)

6.1 Netop Remote Control (Linux)

Netop Remote Control (Linux) includes Netop Guest (Linux) and Netop Host (Linux).

Netop Guest (Linux) can connect to a remote computer Netop Host by the TCP/IP and TCP/IP (TCP)communication devices to remote control the Netop Host computer and transfer files between thecomputers.

Netop Host (Linux) enables a remote computer Netop Guest to connect by the TCP/IP, TCP/IP (TCP)and Serial (modem) communication devices to remote control the Netop Host (Linux) computer, transferfiles between the computers and run a typed text chat session between the computer users.


· Installation (Linux)

· Netop Guest (Linux)

· Netop Host (Linux)

6.1.1 Installation (Linux)


Install (Linux)

Uninstall (Linux)

6.1.1.1 Install (Linux)

Check on the Netop Requirements website that your computer meets the requirements for runningNetop Remote Control (Linux).

Note: Installing Netop Remote Control (Linux) requires that the user logged on to the computer hassystem user privileges.

Insert the Netop Remote Control CD into the CD drive of your computer to show this window:

http://requirements.netop.com


190

Click Yes to show the Netop Remote Control CD root directory linux.html file Netop Remote Control(Linux) installation and startup instructions.

Read the Netop Remote Control CD root directory ReadMe_EN.txt file General and Linux sections thatcontain important general information and may include update information that was not available whenthe documentation was last edited. The ReadMe file will be available on your computer when NetopRemote Control (Linux) has been installed. Updated builds may include an updated ReadMe file that willreplace an older ReadMe file.

You can install Netop Remote Control (Linux) from these files in the Netop Remote Control CD /NRC/LINUX directory:

· NetopGuest-<Version number>-<Build number>.i386.rpm (used with Red Hat and SuSE)

· NetopGuest-<Version number>-<Build number>.i386.tar.gz (used with other systems)

· NetopHost-<Version number>-<Build number>.i386.rpm (used with Red Hat and SuSE)

· NetopHost-<Version number>-<Build number>.i386.tar.gz (used with other systems)

In a terminal window, execute these commands:

su -

This command will install with system user privileges.

cd /mnt/cdrom/NRC/LINUX

This command will specify the file location on the Netop Remote Control CD. With SuSE, specify media instead of mnt.

perl install.pl

This command will start the interactive installation script.

Select to install Netop Guest (Linux) and/or Netop Host (Linux).

If selected, Netop Guest (Linux) will be installed first. Confirm to read the license agreement.

If selected, Netop Host (Linux) will be installed next. Confirm to read the license agreement. Accept thelicense agreement. Specify the Netop Host (Linux) license number.

Note: On a Trial Version Netop Remote Control CD, trial version license numbers are specified in thelicense.dat file.

When the Netop Host license number has been approved, Netop Host (Linux) will load and start toenable communication.

Note: The ReadMe file specifies which files will been installed.

6.1.1.2 Uninstall (Linux)

Netop Guest (Linux)

If installed with rpm (RedHat/SuSE), in a terminal window execute these commands:

rpm -e NetopGuest

rm -rf /etc/NetopGuest

If installed without rpm (Other), in a terminal window execute these commands:


191

rm -f /usr/bin/NetopGuest

rm -f /usr/bin/dtlspy


Netop Host (Linux)

If installed with rpm (RedHat/SuSE), in a terminal window execute these commands:

rpm -e NetopHost

rm -rf /etc/NetopHost

If installed without rpm (Other), in a terminal window execute these commands:

perl /etc/NetopHost/cfg/uninstall.pl


6.1.2 Netop Guest (Linux)

Netop Guest (Linux) is a client type application that can connect to a remote computer Netop Hostserver type application to access resources on the Netop Host computer.


· Load and Unload Netop Guest (Linux)

· Netop Guest Functionality (Linux)

6.1.2.1 Load and Unload Netop Guest (Linux)

To load Netop Guest (Linux), in a terminal window execute this command:

NetopGuest

to show this window on the graphical screen:


192

Note: The NetopGuest command assumes that the NetopGuest program file resides in the /usr/bindirectory. If NetopGuest resides in another directory, precede the command by the full directory path.

If Netop Guest (Linux) is loaded for the first time, the user will be prompted to specify the Netop Guestlicense number.

Note: On the Trial Version Netop Remote Control CD, trial version license numbers are specified in thelicense.dat file. The user that loads Netop Guest for the first time must have the privileges to create aLICENSE file in the /etc/NetopGuest directory.

When Netop Guest (Linux) is loaded to show the Netop Guest (Linux) window, it can connect to aremote computer Netop Host.

To unload Netop Guest (Linux), select the Netop Guest (Linux) window File menu Exit command or aWindow Control Close control.

6.1.2.2 Netop Guest Functionality (Linux)

The Netop Guest (Linux) window contains the same elements as the Netop Guest (Windows) window,but Netop Guest (Linux) has a more limited functionality than Netop Guest (Windows). Non-functionalwindow elements will be permanently disabled to show gray text and/or icons.

Netop Guest (Linux) can connect to a remote computer Netop Host by the TCP/IP and TCP/IP (TCP)communication devices to remote control the Netop Host computer and transfer files between thecomputers.

Note: To connect by another port number than the Netop default 6502, add the port number to the Hostname or address after a colon, e.g. 192.168.100.1:1234.

select the Help menu Contents command or press F1 to show this window:


193

It shows the Netop Guest Help system that includes all of the Netop Guest Help (Windows) systemcontents plus an Other Operating Systems main section that has the same contents as this mainsection. Select a left Contents tab expanding graphical table of contents element or Index tab keywordto show the matching topic in the right pane.

Note: We recommend that you start by reading the Netop Guest section Connect Guide and HostSecurity Guide sections.

If you encounter problems that you cannot resolve by using Netop Guest Help, try the NetopKnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.

6.1.3 Netop Host (Linux)

Netop Host (Linux) is a server type application that enables a remote computer Netop Guest client typeapplication to connect to access resources on the Netop Host (Linux) computer.

It includes these programs:

· Netop Host Daemon (Linux)

Netop Host Daemon (Linux) will typically run when the computer operating system runs. A user withsystem user privileges can Start and Stop Netop Host Daemon (Linux).

· Netop Host Program (Linux)

Netop Host Program (Linux) will load and typically start when Netop Host Daemon (Linux) loads. Ifstarted, communication will be enabled to enable Netop Guest to connect. A user can typicallycontrol Netop Host Program (Linux) from the Netop Host (Linux) window.

· Netop Host GUI (Linux)

Netop Host GUI (Linux) shows the Netop Host (Linux) window. It will not load to show the Netop Host




194

(Linux) window when Netop Host Program (Linux) loads. A user can load and unload Netop Host GUI(Linux) to Display and Hide the Netop Host Window (Linux).


· Start and Stop Netop Host Daemon (Linux)

· Display and Hide the Netop Host Window (Linux)

· Netop Host Functionality (Linux)

6.1.3.1 Start and Stop Netop Host Daemon (Linux)

Netop Host Daemon (Linux) will start and stop with the computer operating system. A user with systemuser privileges can start, check and stop Netop Host Daemon (Linux) with these terminal windowcommands:

/etc/init.d/NetopHostd start

This command will start Netop Host Daemon (Linux) and load Netop Host Program (Linux).

/etc/init.d/NetopHostd status

This command will return a message of whether Netop Host Daemon (Linux) is running or not.

/etc/init.d/NetopHostd stop

This command will unload Netop Host Program (Linux) and stop Netop Host Daemon (Linux).

6.1.3.2 Display and Hide the Netop Host Window (Linux)

Netop Host GUI (Linux) will not load when Netop Host Program (Linux) loads.

If Netop Host Program (Linux) is loaded, execute this command in a terminal window:

NetopHostGUI

- to show this Netop Host (Linux) window on the graphical screen:

Note: The NetopHostGUI command assumes that the Netop Host GUI (Linux) program file resides inthe /usr/bin directory. If Netop Host GUI (Linux) resides in another directory, precede the command bythe full directory path.


195

To unload Netop Host GUI (Linux) to hide the Netop Host (Linux) window, select the Netop Host (Linux)window File menu Exit command or a Window Control Close control.

6.1.3.3 Netop Host Functionality (Linux)

The Netop Host (Linux) window contains most of theNetop Host (Windows) window elements, but NetopHost (Linux) has a more limited functionality than Netop Host (Windows) and setup is organizeddifferently.

Netop Host (Linux) enables a remote computer Netop Guest to connect by the TCP/IP, TCP/IP (TCP)and Serial (modem) communication devices to remote control the Netop Host (Linux) computer, transferfiles between the computers and run a typed text chat session between the computer users.

Unlike Netop Guest (Linux), no help system is available from the Netop Host (Linux) window.

Functionalities that match Netop Host (Windows) functionalities are explained in the User’s GuideNetop Host chapter.

To change the setup of Netop Host Program (Linux), click the Netop Host (Linux) window toolbarOptions button or select the Tools menu Options command to show this window:

User name []: Specify in this field a valid Linux logon user name.

Note: To change the setup of Netop Host Program (Linux), the user must have the privileges to edit the /etc/NetopHost/NetopHost.xml file.

Password []: Specify in this field the matching Linux logon password.

Click OK to show this window:


196

It is explained in Netop Host Manager.

If you encounter problems that you cannot resolve by using this manual or the User’s Guide, try theNetop KnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.

6.2 Netop Host Manager

Click OK in the Netop Host Manager Logon window to show this window:

It manages Netop Host setup.

Window controls are explained in Window Control.




197

The Netop Host Manager window has three panes:

· An upper left Selection Pane in which you can select a setup element.

· An upper right Attributes Pane in which you can edit the attributes of the setup element selected inthe Selection Pane.

· A lower Message Pane that can show messages from Netop Host Manager to the user.

Note: To ensure that setup changes have been applied, restart Netop Host after setup changes.

6.2.1 Selection Pane

This is the Netop Host Manager window selection pane:

It contains a branch structure of Netop Host setup elements.

Click a branch or setup element to select and highlight it. Press the è key or click a [+] button toexpand a selected expandable branch element. Press the ç key or click a [-] button to collapse aselected collapsible branch element. Press the é or ê key to move up or down in the branch structure.Press the PAGEUP or PAGEDOWN key to move to the top or bottom of the branch structure.

The attributes of a selected setup element will be shown in the Attributes Pane.

The Local Configuration branch expands into these branches:

· Host Computer Branch

· Address Lists Branch

· Guest Users Branch


198

6.2.1.1 Host Computer Branch

This is the Netop Host Manager window Selection Pane Host Computer branch:

It expands into these elements:

Note: In the following explanations, setup element attributes are shown in tables. The default attributevalue is marked with an asterisk.

· General: This branch element expands into:

· Startup: This setup element has this attribute:

Attribute Value

Start at boot Enabled*/Disabled

Note: If Enabled, communication will start when Netop Host Program loads to enable Netop Guestto connect. If disabled, communication will not start when Netop Host Program loads. The NetopHost computer user can typically Start, Stop and Restart communication from Netop Host windowtoolbar action buttons or Action menu commands.

· Communication: This branch element expands into a Profiles branch and a Modem Definitions branch.

· Host Name: This branch element expands into:

· Netop Name Server: This setup element has this attribute:

Attribute Value

Name Space ID <String of characters> (PUBLIC*)

Note: The Name Space ID attribute value will identify a private section of a Netop Name Servername database. Netop modules must specify the same Name Space ID attribute value to connectby Netop Name Management.

· Naming: This setup element has these attributes:

Attribute Value

Naming Mode Computer name*/Enter or leave blank

Host Name <String of characters> (<No value>*)

Note: Computer name will identify Netop Host by its computer name (generally recommended).Enter or leave blank will identify Netop Host by the Host Name attribute value.

· Host Security: This branch element expands into:


199

· Maintenance: This setup element has these attributes:

Attribute Value

Old password <String of characters> (<No value>*) The field will show dots orasterisks.

Password <String of characters> (<No value>*) The field will show dots orasterisks.

Guest access security Enabled*/Disabled

All other configuration Enabled*/Disabled

Program exit and ‘Stop Host’ Enabled*/Disabled

Note: If the Password attribute has a value, maintenance password protection will be enabled. Ifenabled, Netop Host or Netop Host Manager will request the Password attribute value to execute amaintenance password protected action including changing the Password attribute value. Tochange the maintenance password, specify the current maintenance password as the OldPassword attribute value and the new maintenance password as the Password attribute value.Maintenance password is explained in the User's Guide Netop Host chapter Host Tools sectionMaintenance Password section.

6.2.1.1.1 Profiles Branch

This is the Host Computer branch Profiles branch:


Right-click (Mac: CTRL+click) the Profiles branch element to show this context menu:

Tcp: Select this command to create in a branch below the Profiles branch element a Tcp setupelement:

· Tcp - <Name>: This setup element has these attributes:

Attribute Value

Enable Enabled*/Disabled

Name <String of characters> (<Random characters>*)

Receive Port <Receive port number> (6502*)

Send Port <Send port number> (6502*)

Note: A Tcp setup element will be identified after Tcp - by the Name attribute value. Initially, a Tcp -TCP setup element with default other attribute values will be available. You can create multiple Tcpsetup elements. Each Tcp setup element will make a communication profile that uses the TCP/IP(TCP) communication device available to Netop Host, see the User’s Guide Common Tools chapterCommunication Devices section TCP/IP (TCP) section. If the Enable attribute value is Enabled, thecommunication profile will be enabled if Netop Host communication is enabled.

Right-click (Mac: CTRL+click) a Tcp setup element to show this context command:


200

Delete: Select this command to delete the selected Tcp setup element.

Udp: Select this command to create in a branch below the Profiles branch element a Udp setupelement:

· Udp - <Name>: This setup element has these attributes:

Attribute Value

Enable Enabled*/Disabled

Name <String of characters> (<Randomcharacters>*)

Receive Port <Receive port number> (6502*)

Send Port <Send port number> (6502*)

Maximum Transmission Unit (MTU) <Number of bytes> (2600*)

Use Netop Name Server Enabled/Disabled*

Primary Name Server <Netop Name Server DNS name or IPaddress> (nns1.netop.com*)

Secondary Name Server <Netop Name Server DNS name or IPaddress> (nns2.netop.dk*)

Ignore port information from Name Server Enabled/Disabled*

Override port information from Name Server with port <Port number> (6502*)

Note: A Udp setup element will be identified after Udp - by the Name attribute value. Initially, a Udp -TCP/IP setup element with default other attribute values will be available. You can create multipleUdp setup elements. Each Udp setup element will make a communication profile that uses the TCP/IP communication device available to Netop Host, see the User’s Guide Common Tools chapterCommunication Devices section TCP/IP section. If the Enable attribute value is Enabled, thecommunication profile will be enabled if Netop Host communication is enabled.

Right-click (Mac: CTRL+click) a Udp setup element to show this context menu:

New > Broadcast List: Select this command to create in a new branch below the Udp setup elementa Broadcast List setup element:

· Broadcast List - <Name>: This setup element has this attribute:

Attribute Value

Broadcast List Name <Address List setup element Name attribute value> (<Randomcharacters>*)

Note: A Broadcast List setup element will be identified after Broadcast List - by the Broadcast ListName attribute value. Initially, a Broadcast List - My list setup element will be available. You cancreate multiple Broadcast List setup elements. Each Broadcast List setup element will make an IPbroadcast list available to the Udp setup element, see the User’s Guide Common Tools chapterCommunication Devices section TCP/IP section TCP/IP Communication Profile Edit section IPBroadcast List section

Right-click (Mac: CTRL+click) a Broadcast List setup element to show this context command:

Delete: Select this command to delete the selected Broadcast List setup element.

Delete: Select this command to delete the selected Udp setup element.


201

Note: If you delete a Udp setup element, Broadcast List setup elements below it will be deleted.

Serial: This command will be enabled only on a computer that runs on a Linux operating system. Selectit to create in a new branch below the Profiles branch element a Serial setup element:

· Serial - <Name>: This setup element has these attributes:

Attribute Value

Enable Enabled/Disabled*


Null Modem Disabled*

Definition <Modem setup element Name attribute value> (<Random characters>*)

Serial Port <Serial port name> (COM 1*)

Data Rate <Bits per second> (38400*)

Flow Control RTS/CTS*/None/Modem’s preferred

Dial Type Tone*/Pulse

Wait before call back <Seconds> (10*)

Note: A Serial setup element will be identified after Serial - by the Name attribute value. Initially, aSerial - My modem setup element will be available. You can create multiple Serial setup elements.Each Serial setup element will make a communication profile that uses the Serial communicationdevice available to Netop Host, see the User’s Guide Common Tools chapter CommunicationDevices section Serial section. If the Enable attribute value is Enabled, the communication profile willbe enabled if Netop Host communication is enabled. This Netop Host (Linux) version does notsupport Null Modem and call back.

Right-click a Serial setup element to show this context command:

Delete: Select this command to delete the selected Serial setup element.

6.2.1.1.2 Modem Definitions Branch

This is the Host Computer branch Modem Definitions branch:


Right-click the Modem Definitions branch element to show this context menu:

New > Modem: This command will be enabled only on a computer that runs on a Linux operatingsystem. Select this command to create in a new branch below the Modem Definitions branch element aModem setup element:

· Modem - <Name>: This setup element has these attributes:


202

Attribute Value


Dial <Dial modem command string> (ATD?D*)

Hang up <Hang up modem command string> (ATH0S0=0*)

Setup1 <Setup1 modem command string> (AT&F*)

Setup2 <Setup2 modem command string> (AT&C1&D2S10=20*)

Send <Send modem command string> (<No value>*)

Answer <Answer modem command string> (ATS0=1*)

Max Data Rate <Bits per second> (38400*)

RTS/CTS Enabled*/Disabled

Ignore Carrier Signal Enabled/Disabled*

Note: A Modem setup element will be identified after Modem - by the Name attribute value. Initially, aModem - Hayes setup element with default other attribute values will be available. You can createmultiple Modem setup elements. Each Modem setup element will make a modem configurationavailable to Netop Host, see the User’s Guide Common Tools chapter Modem Database and Dialogsection Modem Database section Modem Configuration section.

Right-click a Modem setup element to show this context command:

Delete: Select this command to delete the selected Modem setup element.

Import > Modem: This command will be enabled only on a computer that runs on a Linux operatingsystem. Select this command to show the Choose a file to open window that will show xml files in the /etc/NetopHost directory. Select modems.xml to show this window:

The modems.xml file contains Netop created modem configurations named by modem trade names.Select in the pane a modem name and click OK to create in a new branch below the ModemDefinitions branch element a Modem setup element with the attribute values of the imported modemconfiguration.

Note: modems.xml is the Netop Host version of the Netop Host (Windows) modem database, seethe User’s Guide Common Tools chapter Modem Database and Dialog section Modem Databasesection.


203

6.2.1.2 Address Lists Branch

This is the Netop Host Manager window Selection Pane Address Lists branch:

It expands into these elements:


Right-click (Mac: CTRL+click) the Address Lists branch element to show this context menu:

New > Address List: Select this command to create in a new branch below the Address Lists branchelement an Address List setup element:

· Address List - <Name>: This setup element has this attribute:

Attribute Value


Note: An Address List setup element will be identified after Address List - by the Name attributevalue. Initially, an Address List - My list setup element will be available. You can create multipleAddress List setup elements. Each Address List setup element will be available for other Netop HostManager setup elements.

Right-click (Mac: CTRL+click) an Address List setup element to show this context menu:

New > Address: Select this command to create in a new branch below the selected Address Listsetup element an Address setup element:

· Address - <Name>: This setup element has these attributes:

Attribute Value


Type IP address*/MAC address/DNS address

Note: An Address setup element will be identified after Address - by the Name attribute value.Initially, an Address - <Random characters> setup element will be available. You can createmultiple Address setup elements. Each Address setup element will be an element in the AddressList setup element above. The Name attribute value format must satisfy the Type attribute valueformat requirements.

Right-click (Mac: CTRL+click) an Address setup element to show this context command:

Delete: Select this command to delete the selected Address setup element.

Delete: Select this command to delete the selected Address List setup element.

Note: If you delete an Address List setup element, Address setup elements below it will be deleted.


204

6.2.1.3 Guest Users Branch

This is the Netop Host Manager window Selection Pane Guest Users branch:

It expands into this setup element:


· Guest Security: This setup element has this attribute:

Attribute Value

Mode System authentication*/Netop authentication/Security Server authentication

Note: Select a Mode attribute value to make Netop Host apply it to all connecting Netop Guests.

The Guest Security setup element expands into these elements:

· Security Server Authentication: Netop Host will request Netop Guest ID credentials from aconnecting Netop Guest to request individual authentication and Role Assignment by NetopSecurity Management to apply the returned role to Netop Guest. This branch element expands intothis setup element:

· Security Server: This setup element has this attribute:

Attribute Value

Security Server Group ID <32-digit hexadecimal number>(2D5D8022082B5E58E579E373805EB699*)

Note: The default Security Server Group ID attribute value is the Netop default value. You cancopy the Group ID from the Netop Security Manager window Security Server Group Namewindow.

· Roles: Right-click (Mac: CTRL+click) this branch element to show this context menu:

New > Role: Select this command to create in a new branch below the Roles branch element aRole setup element.

· Role - <Name>: This setup element has these attributes:


205

Attribute Value


Remote Control (View) Enabled*/Disabled

Use Keyboard and Mouse Enabled*/Disabled

Blank Screen Enabled*/Disabled (not available)

Lock Keyboard and Mouse Enabled*/Disabled (not available)

Transfer Clipboard Enabled*/Disabled (not available)

Boot Enabled*/Disabled

Chat Enabled*/Disabled

Audio Chat Enabled*/Disabled (not available)

Send Files to Host Enabled*/Disabled

Receive Files from Host Enabled*/Disabled

Run Programs Enabled*/Disabled (not available)

Redirect Print Enabled*/Disabled (not available)

Confirm Access Never*/Always/Only when logged in

Note: A Role setup element will be identified after Role - by the Name attribute value. Initially, aRole - Full Access setup element with default other attribute values will be available. You cancreate multiple Role setup elements. Each Role setup element will make a (security) roleavailable to Netop Host, see the User’s Guide Netop Host chapter Host Tools section GuestAccess Security section Guest Access Privileges Tab section Grant All Guests DefaultAccess Privileges section. Attributes whose value is marked “(not available)” apply tofunctionalities that are not available on this version Netop Host.

Right-click (Mac: CTRL+click) a Role setup element to show this context command:

Delete: Select this command to delete the selected Role setup element.

· System Authentication: Netop Host will request a user name and password from a connectingNetop Guest to authenticate each Netop Guest individually by Netop Host computer operatingsystem logon credentials. If the Netop Guest specified user name matches a User setup elementName attribute value, Netop Host will apply the User setup element Role attribute value specifiedrole. Right-click (Mac: CTRL+click) this branch element to show this context menu:

New > User: Select this command to create in a new branch below the System Authenticationbranch element a User setup element:

· User - <Name>: This setup element has these attributes:

Attribute Value


Role <Role setup element Name attribute value> (Full Access*)

Note: A User setup element will be identified after User - by the Name attribute value. Initially,a User - root setup element with the Role attribute value Full Access will be available. You cancreate multiple User setup elements.

Right-click (Mac: CTRL+click) a User setup element to show this context command:

Delete: Select this command to delete the selected User setup element.

· Netop Authentication: If no Password attribute value is specified, Netop Host will apply the Role


206

attribute value specified role to all connecting Netop Guests. If a Password attribute value isspecified, Netop Host will request it from all connecting Netop Guests to apply the Role attributevalue specified role to them. This setup element has these attributes:

Attribute Value

Password <String of characters> (<No value>*)

Role <Role setup element Name attribute value> (Full Access*)

6.2.2 Attributes Pane

This is the Netop Host Manager window attributes pane:

It will contain records of the attributes of a setup element selected in the Selection Pane in a table withthese column contents:

· Attribute: Attribute name.

· Value: Attribute value.


Double-click or right-click an attribute record to show an Edit <Type> Attribute window:

In an Edit <Type> Attribute window, you can edit attributes.


207

The window active elements will depend on the attribute value type:

· Boolean (check box)

· String (text field)

· Numeric (number only field)

· Enumerate (drop-down box)

The OK button will be enabled if the attribute value has been changed into a valid value.

Note: When you create a named setup element, Netop Host Manager will automatically assign arandom characters Name attribute value that you can edit into a meaningful name.

6.2.3 Message Pane

This is the Netop Host Manager window message pane:

It can show Netop Host Manager messages to you. Before you click OK to apply setup changes, checkthat you have observed these messages.

6.3 Netop Remote Control (Solaris)

Netop Remote Control (Solaris) includes Netop Guest (Solaris) and Netop Host (Solaris).

Netop Guest (Solaris) can connect to a remote computer Netop Host by the TCP/IP and TCP/IP (TCP)communication devices to remote control the Netop Host computer and transfer files between thecomputers.

Netop Host (Solaris) enables a remote computer Netop Guest to connect by the TCP/IP and TCP/IP(TCP) communication devices to remote control the Netop Host (Solaris) computer, transfer filesbetween the computers and run a typed text chat session between the computer users.


· Installation (Solaris)

· Netop Guest (Solaris)

· Netop Host (Solaris)

6.3.1 Installation (Solaris)


· Install (Solaris)

· Uninstall (Solaris)

6.3.1.1 Install (Solaris)

Check on the Netop Requirements website that your computer meets the requirements for runningNetop Remote Control (Solaris).

Note: Installing Netop Remote Control (Solaris) requires that the user logged on to the computer hassystem user privileges.

Insert the Netop Remote Control CD into the CD drive of your computer.

Read the Netop Remote Control CD root directory ReadMe_EN.txt file General and Solaris sections thatcontain important general information and may include update information that was not available whenthe documentation was last edited. The ReadMe file will be available on your computer when NetopRemote Control (Solaris) has been installed. Updated builds may include an updated ReadMe file that



208

will replace an older ReadMe file.

The Netop Remote Control CD root directory Solaris.txt file contains Netop Remote Control (Solaris)installation and startup instructions.

You can install Netop Remote Control (Solaris) from these files in the Netop Remote Control CD /NRC/SOLARIS directory:

· NetopGuest-<Version number>-<Build number>.SunOS.tar.gz

· NetopHost-<Version number>-<Build number>.SunOS.tar.gz


su -

This command will install with system user privileges.

cd /cdrom/NRC/SOLARIS

This command will specify the file location on the Netop Remote Control CD.

perl install.pl

This command will start the interactive installation script.

Select to install Netop Guest (Solaris) and/or Netop Host (Solaris).

If selected, Netop Guest (Solaris) will be installed first. Confirm to read the license agreement.

If selected, Netop Host (Solaris) will be installed next. Confirm to read the license agreement. Acceptthe license agreement. Specify the Netop Host (Solaris) license number.

Note: On a Trial Version Netop Remote Control CD, trial version license numbers are specified in thelicense.dat file.

When the Netop Host license number has been approved, Netop Host (Solaris) will load and start toenable communication.

Note: The ReadMe file specifies which files will been installed.

6.3.1.2 Uninstall (Solaris)

Netop Guest (Solaris)


rm -f /usr/bin/NetopGuest

rm -f /usr/bin/dtlspy


Netop Host (Solaris)


perl /etc/NetopHost/cfg/uninstall.pl


6.3.2 Netop Guest (Solaris)

Netop Guest (Solaris) is a client type application that can connect to a remote computer Netop Hostserver type application to access resources on the Netop Host computer.


· Load and Unload Netop Guest (Solaris)

· Netop Guest Functionality (Solaris)


209

6.3.2.1 Load and Unload Netop Guest (Solaris)

To load Netop Guest (Solaris), in a terminal window execute this command:

NetopGuest

- to show this window on the graphical screen:

Note: The NetopGuest command assumes that the NetopGuest program file resides in the /usr/bindirectory. If NetopGuest resides in another directory, precede the command by the full directory path.

If Netop Guest (Solaris) is loaded for the first time, the user will be prompted to specify the Netop Guest(Solaris) license number.

Note: On a Trial Version Netop Remote Control CD, license numbers are specified in the license.dat file.The user that loads Netop Guest (Solaris) for the first time must have the privileges to create a LICENSEfile in the /etc/NetopGuest directory.

When Netop Guest (Solaris) is loaded to show the Netop Guest (Solaris) window, it can connect to aremote computer Netop Host.

To unload Netop Guest (Solaris), select the Netop Guest (Solaris) window File menu Exit command ora Window Control Close control.

6.3.2.2 Netop Guest Functionality (Solaris)

The Netop Guest (Solaris) window contains the same elements as the Netop Guest (Windows) window,but Netop Guest (Solaris) has a more limited functionality than Netop Guest (Windows). Non-functionalwindow elements will be permanently disabled to show gray text and/or icons.

Netop Guest (Solaris) can connect to a remote computer Netop Host by the TCP/IP and TCP/IP (TCP)communication devices to remote control the Netop Host computer and transfer files between the


210

computers.

Note: To connect by another port number than the Netop default 6502, add the port number to the Hostname or address after a colon, e.g. 192.168.100.1:1234.

Press the F1 key or select the Help menu Contents command to show this window:

It shows the Netop Guest Help system that includes all of the Netop Guest Help (Windows) systemcontents plus an Other Operating Systems main section that has the same contents as this mainsection. Select a left Contents tab expanding graphical table of contents element or Index tab keywordto show the matching topic in the right pane.

Note: We recommend that you start by reading the Netop Guest section Connect Guide and HostSecurity Guide sections.

If you encounter problems that you cannot resolve by using Netop Guest Help, try the NetopKnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.

6.3.3 Netop Host (Solaris)

Netop Host (Solaris) is a server type application that enables a remote computer Netop Guest clienttype application to connect to access resources on the Netop Host (Solaris) computer.


· Netop Host Daemon (Solaris)

Netop Host Daemon (Solaris) will typically run when the computer operating system runs. A user withsystem user privileges can Start and Stop Netop Host Daemon (Solaris).

· Netop Host Program (Solaris)




211

Netop Host Program (Solaris) will load and typically start when Netop Host Daemon (Solaris) loads. Ifstarted, communication will be enabled to enable Netop Guest to connect. A user can typicallycontrol Netop Host Program (Solaris) from the Netop Host (Solaris) window.

· Netop Host GUI (Solaris)

Netop Host GUI (Solaris) shows the Netop Host (Solaris) window. It will not load to show the NetopHost (Solaris) window when Netop Host Program (Solaris) loads. A user can load and unload NetopHost GUI (Solaris) to Display and Hide the Netop Host Window (Solaris).


· Start and Stop Netop Host Daemon (Solaris)

· Display and Hide the Netop Host Window (Solaris)

· Netop Host (Solaris) Functionality

6.3.3.1 Start and Stop Netop Host Daemon (Solaris)

Netop Host Daemon (Solaris) will start and stop with the computer operating system. A user withsystem user privileges can start, check and stop Netop Host Daemon (Solaris) with these terminalwindow commands:

/etc/init.d/NetopHostd start

This command will start Netop Host Daemon (Solaris) and load Netop Host Program (Solaris).

/etc/init.d/NetopHostd status

This command will return a message of whether Netop Host Daemon (Solaris) is running or not.

/etc/init.d/NetopHostd stop

This command will unload Netop Host Program (Solaris) and stop Netop Host Daemon (Solaris).

6.3.3.2 Display and Hide the Netop Host Window (Solaris)

Netop Host GUI (Solaris) will not load when Netop Host Program (Solaris) loads.

If Netop Host Program (Solaris) is loaded, execute this command in a terminal window:

NetopHostGUI

- to show this Netop Host (Solaris) window on the graphical screen:


212

Note: The NetopHostGUI command assumes that the NetopHostGUI program file resides in the /usr/bin directory. If NetopHostGUI resides in another directory, precede the command by the full directorypath.

To unload Netop Host GUI (Solaris) to hide the Netop Host (Solaris) window, select the Netop Host(Solaris) window File menu Exit command or a Window Control Close control.

6.3.3.3 Netop Host Functionality (Solaris)

The Netop Host (Solaris) window contains most of theNetop Host (Windows) window elements, butNetop Host (Solaris) has a more limited functionality than Netop Host (Windows) and setup is organizeddifferently.

Netop Host (Solaris) enables a remote computer Netop Guest to connect by the TCP/IP and TCP/IP(TCP) communication devices to remote control the Netop Host (Solaris) computer, transfer filesbetween the computers and run a typed text chat session between the computer users.

Unlike Netop Guest (Solaris), no help system is available from the Netop Host (Solaris) window.

Functionalities that match Netop Host (Windows) functionalities are explained in the User’s GuideNetop Host chapter.

To change the setup of Netop Host Program (Solaris), click the Netop Host (Solaris) window toolbarOptions button or select the Tools menu Options command to show this window:


213

User name []: Specify in this field a valid Solaris logon user name.

Note: To change the setup of Netop Host Program (Solaris), the user must have the privileges to editthe /etc/NetopHost/NetopHost.xml file.

Password []: Specify in this field the matching Solaris logon password.




214

If you encounter problems that you cannot resolve by using this manual or the User’s Guide, try theNetop KnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.

6.4 Netop Remote Control (Mac)

Netop Remote Control (Mac) includes Netop Host (Mac).

Netop Host (Mac) enables a remote computer Netop Guest to connect by the TCP/IP and TCP/IP(TCP) communication devices to remote control the Netop Host (Mac) computer, transfer files betweenthe computers and run a typed text chat session between the computer users.


Installation (Mac)

Netop Host (Mac)

6.4.1 Installation (Mac)


· Install (Mac)

· Uninstall (Mac)

6.4.1.1 Install (Mac)

Check on the Netop Requirements website that your computer meets the requirements for runningNetop Remote Control (Mac).

Note: Installing Netop Remote Control (Mac) for use outside the current computer session requires thatthe user logged on to the computer has administrator rights.


Read the Netop Remote Control CD root directory ReadMe_EN.txt file General and Mac sections thatcontain important general information and may include update information that was not available whenthe documentation was last edited. The ReadMe file will be available on your computer when NetopRemote Control (Mac) has been installed. Updated builds may include an updated ReadMe file that willreplace an older ReadMe file.

The Netop Remote Control CD root directory Mac.txt file contains Netop Remote Control (Mac)installation and startup instructions.

You can install Netop Remote Control (Mac) from these files in the Netop Remote Control CD /NRC/MAC directory:

· /10_1/netophost101.pkg.sit for MAC OS X 10.1

· /10_2/netophost.pkg.sit for MAC OS X 10.2

· /10_3/netophost.pkg.sit for MAC OS X 10.3

Run the file that matches your computer operating system to install the netophost.pkg file, typically onthe desktop.

Run the netophost.pkg file to show the Install Netop Host window that will guide you through installation.Accept the license agreement. Specify the licensee name and Netop Host license number.

Note: On a Trial Version Netop Remote Control CD, trial version license numbers are specified in thelicense.txt file.

When the Netop Host license number has been approved, Netop Host (Mac) will load and start to enablecommunication.

Note: The ReadMe file specifies which files have been installed.





215

6.4.1.2 Uninstall (Mac)

In the Applications/NetopHost directory, run the netophost_uninstall.pkg file to show the Uninstall NetopHost window that will guide you through uninstallation that runs like an installation.

Note: Uninstalling a general use installation requires that the user logged on to the computer hasadministrator rights.

6.4.2 Netop Host (Mac)

Netop Host (Mac) is a server type application that enables a remote computer Netop Guest client typeapplication to connect to access resources on the Netop Host (Mac) computer.


· Netop Host Daemon (Mac)

Netop Host Daemon (Mac) will typically run when the computer operating system runs. A user withsystem user privileges can Start and Stop Netop Host Daemon (Mac).

· Netop Host Program (Mac)

Netop Host Program (Mac) will load and typically start when Netop Host Daemon (Mac) loads. Ifstarted, Netop Host communication will be enabled to enable Netop Guest to connect. A user cantypically control Netop Host Program (Mac) from the Netop Host (Mac) window.

· Netop Host GUI (Mac)

Netop Host GUI (Mac) shows the Netop Host (Mac) window. It will not load to show the Netop Host(Mac) window when Netop Host Program (Mac) loads. A user can load and unload Netop Host GUI(Mac) to Display and Hide the Netop Host Window (Mac).


· Start and Stop Netop Host Daemon (Mac)

· Display and Hide the Netop Host Window (Mac)

· Netop Host Functionality (Mac)

6.4.2.1 Start and Stop Netop Host Daemon (Mac)

Netop Host Daemon (Mac) will start and stop with the computer operating system. A user withadministrator rights can start, stop and restart Netop Host Daemon (Mac) with these terminal windowcommands:

SystemStarter start NetopHost

This command will start Netop Host Daemon (Mac) and load Netop Host Program (Mac).

SystemStarter stop NetopHost

This command will unload Netop Host Program (Mac) and stop Netop Host Daemon (Mac).

SystemStarter restart NetopHost

This command will unload Netop Host Program (Mac), stop and start Netop Host Daemon (Mac) andload Netop Host Program (Mac).

6.4.2.2 Display and Hide the Netop Host Window (Mac)

Netop Host GUI (Mac) will not load when Netop Host Program (Mac) loads.

If Netop Host Program (Mac) is loaded, select Applications/NetopHost/NetopHostGUI to show thiswindow:


216

Note: A NetopHostGUI shortcut will typically be available on the desktop.

To unload Netop Host GUI (Mac) to hide the Netop Host (Mac) window, quit the NetopHostGUIapplication.

6.4.2.3 Netop Host Functionality (Mac)

The Netop Host (Mac) window contains most of theNetop Host (Windows) window elements, but NetopHost (Mac) has a more limited functionality than Netop Host (Windows) and setup is organizeddifferently.

Netop Host (Mac) enables a remote computer Netop Guest to connect by the TCP/IP and TCP/IP(TCP) communication devices to remote control the Netop Host (Mac) computer, transfer files betweenthe computers and run a typed text chat session between the computer users.

No help system is available from the Netop Host (Mac) window. Functionalities that match Netop Host(Windows) functionalities are explained in the User’s Guide Netop Host chapter.

To change the setup of Netop Host Program (Mac), click the Netop Host (Mac) window toolbar Optionsbutton or select the Tools menu Options command to show this window:


217

User name []: Specify in the field a valid Mac logon user name.

Note: To change the setup of Netop Host Program (Mac), the user must have the privileges to edit the /etc/NetopHost/NetopHost.xml file.

Password []: Specify in the field the matching Mac logon password.



If you encounter problems that you cannot resolve by using this manual or the User’s Guide, try the

Netop KnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.




218

6.5 Netop Remote Control (OS/2)

Netop Remote Control (OS/2) includes Netop Host (OS/2) that is a slightly modified Netop for OS/2version 6.5 Netop Host.

Netop Host (OS/2) enables a remote computer Netop Guest to connect to remote control the NetopHost (Mac) computer, transfer files between the computers and run a typed text chat session betweenthe computer users. The Netop Host (OS/2) computer user can request help from a Netop Guest thatoffers help services.

The TCP/IP, TCP/IP (TCP), IPX, NetBIOS, ISDN (CAPI), Serial and APPC communication devices areavailable.


· Installation (OS/2)

· Netop Host (OS/2)

6.5.1 Installation (OS/2)


· Install (OS/2)

· Uninstall (OS/2)

6.5.1.1 Install (OS/2)

Check on the Netop Requirements website that your computer meets the requirements for runningNetop Remote Control (OS/2).

Note: Installing Netop Remote Control (OS/2) requires that the user logged on to the computer hasadministrator rights.


Read the Netop Remote Control CD root directory ReadMe_EN.txt file General and OS/2 sections thatcontain important general information and may include update information that was not available whenthe documentation was last edited. The ReadMe file will be available on your computer when NetopRemote Control (OS/2) has been installed. Updated builds may include an updated ReadMe file that willreplace an older ReadMe file.

The Netop Remote Control CD root directory OS2.txt file contains Netop Remote Control (OS/2)installation and startup instructions.

In the Netop Remote Control CD /NRC/OS2/EN directory, run (double-click) the SETUP.EXE file toshow the Select Install Components window. Specify the destination directory. Specify the licenseename and Netop Host license number.

Note: On a Trial Version Netop Remote Control CD, trial version license numbers are specified in thelicense.txt file.

Select startup options to start installation. When installation has completed, you will typically beprompted to reboot the computer to load and start Netop Host (OS/2) to enable communication.

Note: The ReadMe file specifies which files have been installed. Alternative installation methods areexplained in the Netop Host (OS/2) help system.

6.5.1.2 Uninstall (OS/2)

To uninstall Netop Host (OS/2), delete the directory in which it is installed and remove any matchingCONFIG.SYS file statements.



219

6.5.2 Netop Host (OS/2)


· Load and unload Netop Host (OS/2)

· Netop Host Functionality (OS/2)

6.5.2.1 Load and Unload Netop Host (OS/2)

After a typical installation, Netop Host (OS/2) will load and start when OS/2 starts to show this window:

If this window is shown in front of the Host (OS/2) window:

- click the Host (OS/2) window toolbar rightmost Communication Profiles button to show theCommunication Profile Setup window. Check boxes to select communication profiles for enabling. Clickthe Host (OS/2) window toolbar leftmost Start button to enable selected communication profiles.

If the Host (OS/2) window title bar shows Running, a remote computer Netop Guest can connect toNetop Host (OS/2).

If Netop Host (OS/2) is not loaded, you can load it in different ways:

· From a Desktop Folder or Icon

A typical Netop Host (OS/2) installation will create a Netop desktop folder that will contain theNHOST2.EXE file typically as an icon:

Double-click this icon to load Netop Host (OS/2). You can create a shadow of this icon on thedesktop.

· From a Directory


220

Run (double-click) the NHOST2.EXE file in the directory in which Netop Host (OS/2) is installed toload Netop Host (OS/2).

· From a Command

In a command window, specify this command:

<Netop directory path>nhost2

- to load Netop Host (OS/2).

You can add these switches to the nhost2 command (leave a space before each switch):

Switch Function-C:<Communication profile> Enable <Communication profile> in addition to other enabled

communication profiles.-L[:<Number>] Enable selected communication profiles, optionally with a delay

of <Number> seconds.-R Unload Netop Host.-R:<Host ID> Replace the current Host ID by <Host ID>.-GA+, -GA- -GA+: Notify a connecting Netop Guest of the MAC/IP address

of the currently connected Netop Guest (default action).-GA-: Do not notify a connecting Netop Guest of the MAC/IPaddress of the currently connected Netop Guest.

-FRAMES:<Number> Grab <Number> Host screen image sections at a time totransfer the Host image to the Guest (default: 20).

-SLEEP:<Number> Wait <Number> milliseconds between each grabbing of frames(default: 10)

-STEALTH Hide the Host (OS/2) window when Netop Host (OS/2) loads,see the help system Program Options section.

Examples

NHOST2 -L

Explanation: Load Netop Host (OS/2) and start it enabling selected communication profiles.

NHOST2 -L:20 -R:JOHN

Explanation: Load Netop Host (OS/2) and start it enabling selected communication profiles with a 20seconds delay replacing the current Host ID by JOHN.

Win-OS/2 Full Screen Support

Netop Host (OS/2) supports remote control of the full screen Windows 3.1 user interface if NHOST2W.EXE is loaded.

A typical Netop Host (OS/2) installation will add this C:\CONFIG.SYS statement:

DEVICE=C:\NETOP\NHOST2W.SYS

You can load NHOST2W.EXE manually or add it to the RUN= line in your Win-OS/2 WIN.INI file, forexample:

RUN=<Netop directory path>\NHOST2W.EXE

These options will automatically load NHOST2W.EXE when you start the program manager in a fullscreen Win-OS/2 session.

Unload

To unload Netop Host (OS/2), select the Host (OS/2) window File menu Exit command or a WindowControl Close control.


221

6.5.2.2 Netop Host Functionality (OS/2)

The Host (OS/2) window contains most of theNetop Host (Windows) window elements, but Netop Host(OS/2) has a more limited functionality than Netop Host (Windows).

Netop Host (OS/2) enables a remote computer Netop Guest to connect to remote control the NetopHost (Mac) computer, transfer files between the computers and run a typed text chat session betweenthe computer users. The Netop Host (OS/2) computer user can request help from a Netop Guest thatoffers help services.

The TCP/IP, TCP/IP (TCP), IPX, NetBIOS, ISDN (CAPI), Serial and APPC communication devices areavailable.

Select the Help menu Help Index command to show this window:

Netop Host (OS/2) includes a context sensitive help system that explains available Netop Host (OS/2)functionalities. In the Help Index window, double-click a help topic title or when showing a Netop Host(OS/2) window press F1 to show context sensitive help in the Host - On-Line help window. Werecommend that you start by reading the Host Startup Guide section.

Note: Netop Host (OS/2) functionality is quite similar to Netop Host (Windows) functionality, so you canalso take some guidance from the User's Guide Netop Host section.

If you encounter problems that you cannot resolve by using the help system or the User's Guide, try the


222

Netop KnowledgeBase. If that does not provide a solution, submit a support request to Netop Support.

6.6 Netop Remote Control (DOS)

Netop Remote Control (DOS) includes Netop Host (DOS) that is the RemPC module of Netop for DOS(Network) version 4.32.

Netop Host (DOS) enables a remote computer Netop Guest to connect by the RemPCIPX v. 4.3 orRemPCNB v. 4.3 communication device to remote control the Netop Host (DOS) computer and run atyped text chat session between the computer users.


· Installation (DOS)

· Netop Host (DOS)

6.6.1 Installation (DOS)

Check on the Netop Requirements website that your computer meets the requirements for runningNetop Remote Control (DOS).


Read the Netop Remote Control CD root directory ReadMe_EN.txt file General and DOS sections thatcontain important general information and may include update information that was not available whenthe documentation was last edited.

The Netop Remote Control CD root directory DOS.txt file contains Netop Remote Control (DOS)installation and startup instructions.

To install Netop Host (DOS), copy these Netop Remote Control CD \NRC\DOS\REMPC\ files to acomputer directory:

· REMPC.BAT: Default Netop Host program file that will detect available communication and load NetopHost accordingly.

· REMPCIPX.COM: IPX Netop Host program file.

· REMPCNB.COM: NetBIOS Netop Host program file.

· REMPCTST.COM: Communication detection program file used by REMPC.BAT.

6.6.2 Netop Host (DOS)

Before loading Netop Host (DOS), set up computer network communication by IPX and/or NetBIOS.

To load Netop Host (DOS) manually, execute this command:

<Installed directory path>rempc <Host name>

Note: The command is not case sensitive.

This will run REMPC.BAT to detect available network communication and load Netop Host (DOS)accordingly using the <Host name> name. REMPC.BAT will select IPX if available, otherwise NetBIOSif available. To use only IPX, replace rempc by rempcipx. To use only NetBIOS, replace rempc byrempcnb.

If Netop Host (DOS) loads, the computer will return a confirmation and a command prompt:

If Netop Host (DOS) cannot load, the computer will return an error message.





223

You can set up the computer to load Netop Host (DOS) at computer start by adding the load commandto the AUTOEXEC.BAT file.

When Netop Host (DOS) is loaded, a remote computer Netop Guest can connect to it.

When Netop Host (DOS) is unconnected, the computer screen upper right corner will show a greenrectangle with a flashing white asterisk. When Netop Host (DOS) is connected, a red/white flashingrectangle with a + will be shown.

You can extend the load command by these parameters (insert one space before each parameter):

Parameter Function#<Password> Requests <Password> from connecting Guests. Each connecting Guest has three

password attempts. If exceeded, the Host will reject further connection attemptsuntil reloaded.

*<Group name> If using NetBIOS, a Guest can connect only if its Guest ID is <Group name>./B:<Number> <Number> specifies the number of buffer blocks of 516 bytes in the range 1 to 40

(default: 4). The number of buffer blocks may affect transfer speed./C Enables typed text chat in the RemPC Chat Mode window. When connected, the

Host computer user can start a chat session by pressing CTRL+ALT+C./G Enables remote control of 800 x 600 pixels 16 colors Super VGA mode Host

computer applications./K:<Number> <Number> specifies keyboard and mouse control:

0: No keyboard and mouse control.1: Advanced keyboard 1 control (default selection).2: Advanced keyboard 2 control.3: Standard keyboard control.Note: If Guest computer keystrokes come out wrong on the Host computer screen,specifying another valid <Number> value may solve the problem.

/L Enables the Guest to lock the Host computer keyboard and mouse./M Enables remote control of a DOS mouse./Q Enables the Host computer user to confirm access. The Host computer will beep

when a Guest connects. To allow access, press CTRL+ALT+A. To deny access,press any other key.

/S:<Number> <Number> specifies the Host stack size in the range 100 to 10240 Bytes (default:200). The stack size may affect remote control of Host applications.

/U Enables public Host name for the Host to respond to broadcast communication.

To show available load command parameters on the screen, execute this command:

<Installed directory path>rempc /?

To unload Netop Host (DOS), execute this command:

<Installed directory path>rempc /R

Index

224

Index

A

About Netop Security Manager window 24

Accessible Hosts 67, 82, 100, 109

Active Sessions 54

Add Group command 149

Add Netop Guest ID to Netop Guest ID Group window 67

Add User command 149

Additional Tools 133

Address List setup element 203

Address Lists Branch 203

Address setup element 203

Advanced Tools 157

All Remaining button 26

Allow Guest to section 143

Always the workstation selection 20, 50

AMPLUS.EXE 133

AMPLUS.ZIP 134

Answer Access Server 6.5 Requests 45

Attributes Pane 206

B

Broadcast List setup element 200

C

Call back section 144, 150

Choose Account window 149

Clear 39

Clear database upon startup check box 154

Clear Messages command 23

Client refresh rate field 154

Common Controls 8

Communication branch element 198

Communication Setup 131, 138

Computer Resources Considerations (TSE) 160

ComputerName column 87

Connect and Disconnect 173

Connect between TSEs 159

Connect into a TSE 158

Connect out of a TSE 158

Index

225

Connection direction section 140

Connection Tab 165

Container application 160

Contents Creation Guide 28

Copy command 22

Create and Delete 171

Create local test database check box 14

Create Role Assignments 29

Credentials window 115

D

Data source field 14

Database Systems 133

Default access privileges assigned section 143

Delete 39, 43, 61, 67, 70, 74, 76, 81, 86, 89, 92, 97, 100, 102, 109, 112, 118

Delete Selected button 25

Description column 40, 53, 56, 62, 68, 72, 75

Details 60

Details button 25

Device Group 140

Device group field 140

Directory Service 112

Directory Service window 118

Directory Service wizard 114

Directory Services credentials selection 18

Directory Services Definitions 106

Directory Services Definitions branch 106

Directory Services Definitions command 23

Directory Services Group 109

Directory Services Group window 112

Directory Services User 106

Directory Services User window 109

Disable Main Host Processes Security 187

Display and Hide the Netop Host Window (Linux) 194

Display and Hide the Netop Host Window (Mac) 215

Display and Hide the Netop Host Window (Solaris) 211

DN column 107, 110

Domain column 79, 84, 87, 90

Domain drop-down box 37, 80, 85, 88, 91, 96

Domain section 150

DomainName column 95

Index

226

DWBATH: Scheduled Jobs 119

DWCONN: Active Sessions 119

DWDOMN: Windows Domain 120

DWDONE: Security Log 120

DWEVNT: Netop Log 120

DWGRUH: Netop Host ID Group 120

DWGRUP: Netop Guest ID Group 121

DWHOGR: Netop Host ID Group Members 121

DWHOST: Netop Host ID 121

DWLDAPGRP: Directory Service Group 121

DWLDAPPROP: Directory Service Properties 122

DWLDAPSERV: Directory Service 122

DWLDAPUSR: Directory Service User 122

DWMAIN: Role Assignment 123

DWNTGR: Windows Group 123

DWNTUS: Windows User 123

DWPOLI: Security Policies 124

DWPROP: Netop Properties 124

DWROLE: Roles 124

DWRSAGRP: RSA SecurID Group 125

DWRSAPROP: RSA SecurID Properties 125

DWRSAUSR: RSA SecurID User 125

DWRSGM: RSA SecurID Group Members 125

DWSERV: Netop Security Servers 126

DWTODO: Scheduled Actions 126

DWUSER: Netop Guest IDs 126

DWUSGR: Netop Guest ID Group Members 127

DWWKGM: Members of Workstation Groups 127

DWWKSG: Workstation Groups 127

DWWKST: Workstations 128

E

Edit 39, 43, 61, 67, 69, 74, 76, 81, 86, 89, 92, 97, 100, 102, 108, 111, 117

Edit <Type> Attribute window 206

Edit Menu 22

Edit Selected button 25

Enable incoming to outgoing communication 140

End Time window 60

Examples 177

Index

227

F

File Menu 21

Filter and Fetching Bar 25

Filters window 116

Full Control 41

G

Gateway Access Privileges tab 142

Gateway settings section 140

General branch element 198

General tab 64, 73

Grant All Guests Default Privileges 143

Grant Each Guest Individual Access Privileges Using Netop Authentication 145

Grant Each Guest Individual Access Privileges Using Windows Security Management 148

Graphics Tab 164

Group drop-down box 85, 91

Group ID (public) field 45

Group ID public field 16

Group name (private) field 16, 45

GroupName column 68, 84, 90, 100

Guest Profile window 146

Guest Security setup element 204

Guest Users Branch 204

Guests enter Directory Services user name and password selection 47

Guests enter Netop Guest ID and password selection 47

Guests enter RSA SecurID user name and password selection 47

Guests enter Windows user name and password selection 47

H

Hello World Script 177

Help Menu 24

Help System 221

Host (OS2) window 219

Host Address field 165

Host Choose communication profiles (OS/2) window 219

Host column 53

Host Computer Branch 198

Host Help Index window 221

Host Name branch element 198

Host Security branch element 198

How to Use Netop Guest ActiveX Component 160

Index

228

I

ID column 41, 56, 68, 75, 84, 100

Import (modem definition) window 202

Incoming and Outgoing 135

Incoming connections only selection 140

Individual Guest access privileges assigned section 145, 148

Initial Setup of Guests and Hosts window 37

Initial Setup of Roles window 38

Initial Setup wizard 37

Insert <Account type> as Guest window 33

Insert <Account type> as Host window 35

Insert Directory Services Group window 111

Insert Directory Services User window 108

Insert Reference to Domain window 96

Insert Role Assignment window 36

Insert Windows Group (Workstation) window 91

Insert Windows Group window 85

Insert Windows User window 80

Insert Workstation window 88

Inside 135

Inside communication 158

Install (Linux) 189

Install (Mac) 214

Install (OS/2) 218

Install (Solaris) 207

Installation (DOS) 222

Installation (Linux) 189

Installation (Mac) 214

Installation (OS/2) 218

Installation (Solaris) 207

Installation (TSE) 157

Introduction 8

IP Port Number field 166

J

Jobs menu 57

K

Keep Synchronized Script 178

Keys Tab 163

Index

229

L

Large Icons button 25

Large Toolbar command 22

List button 25

Load and Unload Netop Guest (Linux) 191

Load and Unload Netop Guest (Solaris) 209

Load and Unload Netop Host (OS/2) 219

Load Netop Security Manager 13

Locate window 114

Logging 51

Logging branch 52

Logging command 22

Logging Options 50

Logging Options window 51

Logon button 15

Logon to Database window 14

M

Main Host Processes 186

Maintenance 132

Maintenance setup element 199

Make this Host a Netop Name Server check box 154

Manage Security Database Contents 28

Member Of Tab 65, 74

Members 70, 76, 93, 103

Menu and Toolbar Control 9

Menu Bar 21

Message Pane 207

Messages command 23

Messages Panel 27

Modem Definitions Branch 201

Modem setup element 201

N

Name Server Tab 166

Naming setup element 198

Netop Communication (TSE) 158

Netop credentials selection 18

Netop Definitions 61

Netop Definitions branch 61

Netop Definitions command 22

Index

230

Netop Gateway 135

Netop Gateway and Firewall 137

Netop Gateway Communication Profile Edit window 139

Netop Gateway Communication Profile Setup window 139

Netop Gateway Functionality 135

Netop Gateway Setup 136

Netop Gateway Setup (TSE) 158

Netop Gateway window 137

Netop Group Add Members window 71

Netop Group Members window 70

Netop Group window 69

Netop Guest (Linux) 191

Netop Guest (Linux) window 192

Netop Guest (Solaris) 208

Netop Guest (Solaris) window 209

Netop Guest ActiveX Component 160

Netop Guest Functionality (Linux) 192

Netop Guest Functionality (Solaris) 209

Netop Guest Help (Linux) window 193

Netop Guest Help (Solaris) window 210

Netop Guest ID 62

Netop Guest ID Group 68

Netop Guest ID Password Properties window 77

Netop Guest ID window 64

Netop Helper Service 187

Netop Host (DOS) 222

Netop Host (Linux) 193

Netop Host (Linux) window 194

Netop Host (Mac) 215

Netop Host (Mac) window 216

Netop Host (OS/2) 219

Netop Host (Solaris) 210

Netop Host (Solaris) window 212

Netop Host computer screen image 162

Netop Host Daemon (Linux) 193

Netop Host Daemon (Mac) 215

Netop Host Daemon (Solaris) 210

Netop Host Functionality (Linux) 195

Netop Host Functionality (Mac) 216

Netop Host Functionality (OS/2) 221

Index

231

Netop Host Functionality (Solaris) 212

Netop Host Functionality (TSE) 159

Netop Host GUI (Linux) 193

Netop Host GUI (Mac) 215

Netop Host GUI (Solaris) 211

Netop Host ID 72

Netop Host ID Group 74

Netop Host ID selection 20, 50

Netop Host ID window 73

Netop Host Manager 196

Netop Host Manager (Linux) window 196

Netop Host Manager (Mac) window 217

Netop Host Manager (Solaris) window 213

Netop Host Manager Logon (Linux) window 195

Netop Host Manager Logon (Mac) window 217

Netop Host Manager Logon (Solaris) window 213

Netop Host Manager window 196

Netop Host Program (Linux) 193

Netop Host Program (Mac) 215

Netop Host Program (Solaris) 210

Netop in Terminal Server Environments 157

Netop Log 53

Netop Name Management 152

Netop Name Management Functionality 152

Netop Name Server 152

Netop Name Server Setup 153

Netop Name Server setup element 198

Netop Name Server tab 154

Netop Name Server window 153

Netop Naming (TSE) 157

Netop net field 140

Netop Net Number 141

Netop Processes 186

Netop Properties 76

Netop Properties for Domain window 97

Netop Properties for Role Assignment window 39

Netop Properties for Windows (Workstation) Group window 92

Netop Properties for Windows Group window 86

Netop Properties for Windows User window 81

Netop Properties for Workstation window 89

Index

232

Netop Remote Control (DOS) 222

Netop Remote Control (Linux) 189

Netop Remote Control (Mac) 214

Netop Remote Control (OS/2) 218

Netop Remote Control (Solaris) 207

Netop Remote Control Processes and Windows Security 185

Netop RSA SecurID Properties window 105

Netop Scripting ActiveX Control 170

Netop Security Management 11

Netop Security Management flowsheet 11

Netop Security Management Functionality 11

Netop Security Management Overview 11

Netop Security Management Setup 12

Netop Security Manager Window 20

Netop Security Role window 42

Netop Security Server Setup 13, 128

Netop Security Server Setup window 129

Netop Security Server window 128

NetopActivity Local Group 188

NETOPLOG.ZIP 134

NetopX Connect window 162

NetopX demonstration window 161

NetopX Events 168

NetopX graphical area 160

NetopX Messages 169

NetopX Methods 167

NetopX Properties 168

NetopX Properties Connection tab 165

NetopX Properties Graphics tab 164

NetopX Properties Keys tab 163

NetopX Properties Name Server tab 166

NetopX Properties Window 163

NetopX Remote Control Window 166

Network_point-to-point 135

Networking 135

Networking to Networking 136

New 32, 41, 57, 64, 69, 73, 75, 80, 85, 88, 91, 96, 99, 102, 108, 111, 114

New Batch 37

New Netop Guest ID button 24

New Netop Guest ID Group button 24

Index

233

New Netop Host ID button 25

New Netop Host ID Group button 25

New Role Assignment button 24

New Role button 25

New Scheduled Job button 25

No Access 41

No Toolbar command 22

Normal Operation 186

NSM data source cannot be opened window 15

Number of registered names field 155

O

ODBC Microsoft Access Setup window 15

One More Lot button 26

Options Menu 23

Other Operating Systems 189

Outgoing to Incoming 136

Outside 135

Outside communication 158

P

Password column 62

Password section 143

Permitted Guests 74, 83, 89

Point-to-point 135

Preferred Guest Type 46

Preferred Host Type 49

Prerequisites 132

Profiles Branch 199

Program Options window 23

Programmer Information 167

R

RAS section 150

Records Menu 21

Records Pane 27

Reference 180

Refresh button 26

Reload Netop Host with Netop Helper Service 188

Remote Control Dialog hot key 164

Rename window 147

Replace the Local Security Context 187

Index

234

Requirements (ActiveX) 160

Review Security Policies 28

RID column 84

Role 40

Role Assignment 31

Role Assignment wizard 32

Role setup element 204

RoleName column 40

Roles branch element 204

RSA SecurID credentials selection 18

RSA SecurID Definitions 97

RSA SecurID Definitions branch 98

RSA SecurID Definitions command 22

RSA SecurID Group 100

RSA SecurID Group Members Add window 104

RSA SecurID Group Members window 103

RSA SecurID Group window 102

RSA SecurID Properties 104

RSA SecurID User 98

RSA SecurID User window 99

Run As Tab 130

Running Netop Security Management 13

S

Scheduled Job wizard 57

Scheduled Jobs 56

Scheduling 55

Scheduling branch 55

Scheduling command 22

Security 133

Security Database Setup 12

Security Database Tables 118

Security Database Wizard 16

Security Database Wizard Preferred Guest Type window 18

Security Database Wizard Preferred Host Type window 19

Security Database Wizard Security Server Group Name window 16

Security Database Wizard Security Server List window 17

Security Log 52

Security Policies 43

Security Policies Preferred Guest Type Tab 47

Security Policies Preferred Host Type window 49

Index

235

Security Policies Security Server List window 45

Security Policy Security Server Group Name window 44

Security Role window 146

Security Server Authentication branch element 204

Security Server Group Name 44

Security Server List 45

Security Server setup element 204

Security Server Tab 130

Security Settings 30

Security Settings branch 30

Security Settings command 22

Security Setup 142

Security_Policies Smart Card Tab 48

Select <Type> Group window 58

Select Guest Type window 32

Select Host Type window 34

Selection Pane 26, 197

Serial setup element 201

Server Properties window 46

Service column 107, 110

Service Name window 117

ServiceName column 113

Small Icons button 25

Small Toolbar command 22

Standard Role 41

Start and Stop Netop Host Daemon (Linux) 194

Start and Stop Netop Host Daemon (Mac) 215

Start and Stop Netop Host Daemon (Solaris) 211

Start Date and Time window 59

StartGuest, Initialize and Uninitialize 171

Startup setup element 198

Status Bar 27

Status Bar command 23

T

Table Control 9

TCP option 165

Tcp setup element 199

Temporary Access window 57

Tip of the Day window 14

Title Bar 21

Index

236

Toolbar 24

Toolbar command 22

Transferring Files 174

Typically Disabled: Incoming to Outgoing 136

U

UDP option 165

Udp setup element 200

Unassigned Hosts' Role 41

Uninstall (Linux) 190

Uninstall (Mac) 215

Uninstall (OS/2) 218

Uninstall (Solaris) 208

Use (TSE) 157

Use Netop Gateway 150

Use Netop Name Server 155

Use Netop Security Management 132

User setup element 205

UserName column 62, 79, 98

Username drop-down box 80

V

Via Netop Gateway check box 162

View and Manage Data 29

View Menu 22

Visit All Hosts Script 177

W

Who May Remote Control Whom (Accessible Hosts) window 82

Who May Remote Control Whom (Permitted Guests) window 83

Window Control 9

Windows credentials selection 18

Windows Definitions 78

Windows Definitions branch 78

Windows Definitions command 22

Windows Domain 95

Windows Group 84

Windows Group drop-down box 37

Windows group selection 58

Windows User 79

Windows user if one is logged on, otherwise workstation selection 50

Windows User Manager button 150

Index

237

Windows user/workstation selection 19

Windows Workstation 87

Windows Workstation Group 90

Windows Workstation Group Members Add window 94

Windows Workstation Group Members window 93

Workstation drop-down box 88

NetOp Security Manager Help

Documents

Transcript of NetOp Security Manager Help