------------------------------------------------------------------- USERMGM3.DOC -- 19980326 -- Email thread on NetWare User Management ------------------------------------------------------------------- Feel free to add or edit this document and then email it back to faq@jelyon.com Date: Wed, 5 Nov 1997 10:56:05 +0800 From: "Cordelio C. Sumbillo" Subject: Re: Change ownership for entire subdirectory structure >In NW 4.11, does anyone know if you can change onwership for an entire >subdirectory structure in Nwadmin95.exe? I can do it in Filer and >would like to do it in NWadmin95... Right click on the subdirectory, select Facts and click on the Owner field. Set the owner to the user you want. HTH. --------- Date: Thu, 6 Nov 1997 13:23:11 EST From: Karen Cooper Subject: changing ownership for entire subdirectory structure... I wanted to change ownership for an ENTIRE directory structure. Although I did not ever find a way to do it in nwadmin95 (easily), I knew I could do it in Filer but this was tedious for many users. I forgot I could use FLAG and with a simple command: flag \\server\volume\directory. /name=.user.container /s ------------------------------ Date: Thu, 6 Nov 1997 21:51:35 GMT From: Adrian Cunnelly Subject: Re: 3.12 User reporting >Does anyone know of utilities (free or commercial) that will read the >bindery and offer custom reports for all user accounts (password expire, >last time logged in, groups, etc)? That has all information available >from the bindery plus options to look at disk spaced used, etc? >Everything that I have found will only do one user at a time. WnSyscon will do this and a lot more. You can get a fully working evaluation copy from the website http://www.amcsoft.demon.co.uk Adrian Cunnelly - adrian@amcsoft.demon.co.uk - http://www.amcsoft.demon.co.uk Author of: WnSyscon - Netware 2.x & 3.x administration for Windows NWScnDel - Netware deleted file scanner for Windows --------- Date: Thu, 6 Nov 1997 17:14:01 -0500 From: Rik Thomas Subject: Re: 3.12 User reporting Adrian I have used WnSyscon from version .96 I believe, I just downloaded version 1.0 and the only area that I see that would do something like that is under maintenance. All that does is print out the information, I guess we could capture the txt and put it into a form. We are looking to put this information into a database and do reports.. Also, one user per page is a nice feature! You have a great product by the way, I would suggest adding a function to export the data to a file to incorporate into databases, the last thing I want to do is print this data out until, we have to present the reports. ------------------------------ Date: Thu, 6 Nov 1997 16:58:17 EST From: John Hanna Subject: Auditing follow-up >Also, if anyone uses or has used 3rd party auditing software for NetWare >4.x, I'd be curious to here about them, i.e.: recommendations, warnings, >etc... We are required to start doing a lot of auditing and I think >we'll need more than NetWare's built-in auditing can provide. > >http://www.futureone.com/~opeth/networking.html My warning is NOT to use AuditTrack from OnTechnology of E.G.Software. That one has more problems and bugs than I have ever seen in any one piece of software and there support could not get it straightened out for us. We were having the same problems with it on several servers. I asked this same question a few months ago when I was looking for a replacement for AuditTrack. Someone recommended Novell's Managewise although I haven't had the chance to check it out yet. I switched to using auditcon in the interim. --------- Date: Thu, 6 Nov 1997 18:31:00 -0500 From: Sam Martin Subject: Re[2]: Auditing follow-up We use AuditTrack , and find it useful and stable. --------- Date: Sun, 9 Nov 1997 15:51:00 PST From: "harrington, dana" Subject: audit and audit track I noticed mention of a problem with audit track from ON technology listed I had some problems myself last spring when I installed an eval copy on a trouble free production 3.12 server per orders from my boss Please note this is for information only as I can only state I installed the product and quickly experienced numerous user access problems (much to my dismay) no other changes had been made to the server and, sorry, I don't remember the details tech support from ON technology indicated audit track was not the cause However, once I removed the audit track software and did some fixing, the server has been trouble free They may have a new version, and your mileage may vary ------------------------------ Date: Fri, 7 Nov 1997 11:09:58 +1300 From: "Baird, John" Subject: Re: How can I quickly identify ALL the servers a user has c >(Intranetware 4.11, Client32 2.12, Win95) User Hangs his workstation, >reboots and can't login back in because of a simultaneous connection >error. We have connection limits set to 1. > >How can I easily identify all the servers that user had connections to >without using Monitor? Is there a way in Netware? Does anyone know of >a utility out there that will kill connections based on username for >all connected servers? I don't think you need to identify all servers. The simultaneus connection count is based on the number of addresses in the "NETWORK ADDRESS" attribute. This is updated when a user logs in, but not when a user subsequently authenticates to another server - otherwise a connection limit of 1 would prevent authentications to other servers. Clearing the connection to the server the user originally logged into should fix the problem - this will be the server shown as the user's "Default server" in nwadmin. ------------------------------ Date: Thu, 6 Nov 1997 20:33:12 -0600 From: Joe Doupnik Subject: Re: NW not releasing connections? >The old problem of users who login to our 4.11 network, log out, and >then can't re-login for a long time has reared it's head again. >We can't allow more than 1 simultaneous connection. >Has any more developed on this issue? >Is it worth writing to Novell directly? --------- The horse is extremely well beaten. Novell hears about it all day every day. We do too on this list. There is a problem, Houston, and the workaround is to crawl into the LEM and turn on more than one simultaneous air connection. That should side step the unfortunate rememberance of last used network numbers, and we can coast home on a free return trajectory while the Provo troops fix what broke. Yes, we know, there are license limits to consider. Shorter tempered watching canines might help too. You may certainly write Novell, if you wish. That will ensure the votes are counted and priorities adjusted. Alas, the priority list is pretty long and the pressures are high these days. If you can make do by not insisting upon blocking more than one simultaneous login that would be a kindly gesture. Joe D. ------------------------------ Date: Fri, 7 Nov 1997 16:09:41 +0200 From: "David W. Hanson" Subject: Re: Who is logged in where programs? >I have about 20 servers in a 4.1 tree, and when someone is logged into >one of them and I need to clear their connection I have to go through >20 servers to find them. > >Is there a program that will do this for me? The excellent JRBUTILS contain a program called USERS that does this. Parts of the JRBUTILS are available for free, but for the NDS-aware portions, you need to purchase the full package (very much worth the money, IMHO). Check out http://nz.com/webnz/JRBSoftware or contact the author at j.baird@lincoln.ac.nz. ------------------------------ Date: Sun, 9 Nov 1997 13:02:49 +1300 From: "Baird, John" Subject: Re: What happened to PAUDIT? >OK, what happened to PAUDIT in NetWare 4.x? In 3.x, you can enable >accounting and then use PAUDIT to see when users log in and out, >including their MAC address. In 4.x, I enabled accounting through the >server object. However, PAUDIT no longer exists to read the information. >I tried using ATOTAL, but it doesn't give me the information I need. >Anyone know the "new" way to view the information? Good question! Even if Novell have incorporated paudit's functionality elsewhere, its unlikely to be as flexible as Wolfgang Schreiber's paudit2. You can download this from netlab2.usu.edu in the apps directory where it should be in wschreib.zip. Note that you can process accounting logs very much faster by copying them to a local drive first. Paudit2 produces alternating read requests for 2 and 32 bytes which makes processing the log over a network very slow. ------------------------------ Date: Mon, 10 Nov 1997 08:53:55 -0600 From: Joe Doupnik Subject: Re: Read only shared Win311 on Netware >I've inherited a botched 4.1 network with 65 W/S, all diskless. > >It runs a shared Windows 3.11 which appears to have been copied from a local >hard drive. It sort of works as long as you give everybody all rights to >everything. > >I know the setup/A.. setup/N routine, but this does not give what they want. > >They want a single read only shared Win 3.1x so everyone gets the same desktop. >There are about 600 users, none of whom are older than 12, so invidual >desktops are not feasible. > >We RPL with VLM's and NE2000 compatible cards. After some tweaking that >works well. > >I also need to cater for a couple of different video cards. > >I've looked but don't see any mention in any FAQs. If there is a FAQ, can >someone point me to one, or give me any other advice. > >Later Win95. ----------- There isn't much to it. Install Win3.1 on the file server as if the server were your local hard disk. Period. No writing priv's are needed for ordinary users after this. Forget setup /blah. For Win95 please visit netlab1.usu.edu with a web browser and follow the Win95 signs. Different video boards may be a problem if they use their own drivers. The better way out is to use only one kind. Joe D. ------------------------------ Date: Mon, 17 Nov 1997 13:42:20 +0200 From: Mike Glassman - Admin Subject: ManageWise faq URL You can search for answers on the ManageWise FAQ web page (indexed and searchable) at http://www.novell.com/products/managewise/faq/ ------------------------------ Date: Tue, 18 Nov 1997 12:08:11 +1300 From: "Baird, John" Subject: Re: Utility to Create User Accounts from Restored Mail Dire >Following a recent Netware 3.12 server crash we were able to restore >a number of mail directories and an older version of the bindery. > >Is there a utility that can scan through mail directories and >recreate the appropriate account information in the bindery? Very unlikely. If the (previous) owning object is not in the restored bindery, then you can't do things like translate the mail directory name (which corresponds to the bindery object ID) back to an object name, check for a trustee assignment as it won't have been restored, or check the ownership of files in the directory. The owner may possibly be determined from the LOGIN file if you have something in there to identify the owner, although you would normally use %LOGIN_NAME rather than the actual username. If using Pmail, PMAIL.INI will contain the username. ANother possibility is PRINTCON.DAT if present. When you recreate the user, he/she will have a new object ID so you need to copy the contents of the old mail directory to the new one. --------- Date: Tue, 18 Nov 1997 08:00:09 +0200 From: Mike Glassman - Admin Subject: Utility to Create User Accounts from Restored Mail Directories? No luck here I'm afraid. The Bindary information is stored in the bindary and not in the mail Directories. In affect, the mail directories are a direct representation to the user when she/he was created under 3.12. Every time you create a user from scratch, you will get a mail Dir with a different name, where the connection is bindary to email and NOT email to bindary. The best way to manage against such problems as you have just described is to run the BINDFIX utility under System every week or so and backup the *.old bindary files created to a secondary media such as diskette or even WS hard disk. Then if you have another such crash (I hope you don't), you can copy those back to the System Dir and run BINDREST to restore the bindaries to what they were prior to crash. That's the only option. If you run BINDFIX now, you'll notice that the program will ask to erase email Dir's that have no users assosiated with them....this could be a lot of users if the bindaries and the email Dir's don't match. ------------------------------ Date: Tue, 18 Nov 1997 11:24:29 MDT From: Broderick Wood Subject: CRON.NLM & TOOLBOX.NLM I downloaded the cron nlm the other day from NOVELL. Stupid program. Seems to require that the console screen be "on top" in order to operate. Much better is the NOVCRON utility. It's only $50 US and has been working flawlessly for about 3 weeks. I also downloaded the TOOLBOX.NLM from NOVELL. Neat program. Abended my 3.12 server upon load. Don't think these utilities are worth the hassle. Any feedback? --------- Date: Tue, 18 Nov 1997 13:48:58 -0600 From: Mobeen Azhar Subject: Re: CRON.NLM & TOOLBOX.NLM I have used TOOLBOX.NLM without any problem. It was on a Netware 4.11 server though. I had to copy massive amounts of data from one volume to another on the same server, and the speed with which TOOLBOX.NLM did it was fantastic. ------------------------------ Date: Thu, 27 Nov 1997 10:34:27 +1000 From: Michael Bednarek Subject: Re: BATCH FILES >I have a Network running Netware 4.11. On that Network I have a >Volume name Share:. All users have access to that volume to share >files. What I want is a batch file that will erase all files that >have been on that volume more than 14 days. Does anyone have an idea >how to do that ? Am I the only 4DOS user among the subscribers to this list? I can't believe how anyone can use a command line interface efficiently without the aide of 4DOS/4NT/Take Command. Serge's problem can be solved with: del /[d-14] /sxz *.* /[d-14] specifies a range for the last 14 days /s deals with subdirectories /x deletes empty subdirectories /z zaps hidden and read-only files 4DOS/4NT/Take Command/... is available (free download) from www.jpsoft.com. Registration is $70 per product, $120 for all six. I couldn't do my job without these. ------------------------------ Date: Tue, 2 Dec 1997 23:57:42 +0200 From: Jirka Hanika Subject: Re: retaining trustee rights It is freeware. It tries to save the attributes and IRM's as well. ftp://ksvi.ms.mff.cuni.cz/usr/users/hanika/public/attri/attri.exe --------- Date: Wed, 3 Dec 1997 03:53:14 -0500 From: Shimshon Farkash Subject: Re: retaining trustee rights NETSCAN.EXE. This program make backup and restore to the trustee. You get an ascii file, you can edit the file and restore. You can find it at : http://www.com-line.com/ --------- Date: Wed, 3 Dec 1997 13:21:54 +0200 From: Mike Glassman - Admin Subject: Re: retaining trustee rights There is a utility at http://support.novell.com called tbackup.exe which will allow you to do this. ------------------------------ Date: Fri, 5 Dec 1997 10:22:53 +1300 From: "Baird, John" Subject: Re: User ID Admin >Has anyone ever created a user to edit just the identification of users >in NDS? We have initiated a set of standards when creating a user, >however, these standards were made after several users had been made. We >would like to create a new NDS user to help manage user id information >like name, phone, address etc. We don't want this user to have admin >rights or even close to it. > >I've tried setting up a user to be a trustee of a context. The user >is configured to have Browse and Create rights to object and then I go >through the selected properties pertaining to ID and grant Read and Write. > >I've also tried to set the rights of the user to other objects. Either >I get a user that has too many rights or too little. The only way to do this currently is to grant the user who will manage the identification information, read/write access to each of the individual attributes they need to modify for each of the users. Rights to individual attributes do not flow down the tree, unlike object rights and [All Attributes Rights], but I've heard a rumor this might change in Moab. There is a program in JRButils which will allow you to assign these rights in one invocation per attribute. ------------------------------ Date: Tue, 16 Dec 1997 12:04:07 +0000 From: "Mr. R. Coates" Subject: Re: Need user/diskspace auditing program >>I'm looking for a program for Netware 3.X that will give me a list >>of all users on a given server and space used on each volume by the >>user. I'm trying to target heavy disk-space hogs. > >There's a utility called Disk Hog that does exactly what you need. Another new toy just about finished is quotachk which munges through a volume and shows the space used & quota for each user who is is using space on that volume. I found a need for this when I realised how easy it is to have quotas setup so that the sum of the quotas exceeds the size of the volume :/ I could do with a beta tester though please? This is for netware 3.11/3.12 - No idea if it'll work under 4.xx though it should do if bindery emulation is enabled. Mail me at roy@mechnet.liv.ac.uk please. ------------------------------ Date: Wed, 17 Dec 1997 22:44:50 +1300 From: "Baird, John" Subject: JRButils v4.0 released JRButils v4.0 was released last week, and jrb400a.zip is now available from the following: host directory netlab2.usu.edu apps risc.ua.edu pub/network/misc ftp.let.rug.nl jrbutils tui.lincoln.ac.nz jrbutils Most of the development has gone into the NDS tools, and v4.0 includes 32 bit versions of almost all programs for use from Win95 and WinNT clients. Details are available from http://www.jrbsoftware.com or by running jrbguide.exe. However, there are enhancements to the bindery based tools in jrb400a.zip such as support for paths in the long name space on the command line, and 3 new programs: 1. Delprop: Can delete a single property from any type of bindery object. Can be useful in situations where SYSCON reports error 0x89EC and fails to complete an operation. 2. Scanprop: Lists properties for any type of bindery object including their type (static/dynamic, item/set), security and whether they have data. Optionally the property data can be displayed and scanprop knows how to decode this for all well known properties, including those NDS attributes visible in bindery mode under NW 4.x. 3. Serv_cmd. Allows various console commands to be issued from a client to NW 4.x servers. These include mounting/dismounting a volume, loading/ unloading an NLM, executing an NCF file, adding a name space, listing loaded modules, listing SET commands. As usual any/all feedback is appreciated. ------------------------------ Date: Tue, 30 Dec 1997 01:10:05 +0100 From: Steinar Kleven To: floyd@direct.ca Subject: Mass user management with NDS and Netware 4.x I just wanted to inform the FAQ readers that there are more than one tool available for mass user management. Look at http://www.ahs.hist.no/distr/NDSm/ , the worlds FIRST Perl interface to NDS and Netware 4.x servers. ------------------------------ Date: Mon, 22 Dec 1997 11:08:15 +1300 From: "Baird, John" Subject: Re: Using PAUDIT on Netware 3.12 >I would like to use PAUDIT to perform some statistical analysis of >the usage of our Netware 3.12 server. Could you please: > >1. Tell me the procedure to enable PAUDIT facility Enable accounting using SYSCON - there is an accounting option at the top of the first menu. >2. Any conern or impact (e.g performance) on the server operations. None that I've noticed. Note that the accounting log file is sys:system\net$acct.dat which will continue to grow in size unless you delete it occasionally. Deleting it requires flagging it to 'normal' first as this is a transactional file. Netware will automatically create a new file next time it logs an entry. >3. What is the output of this facility? NET$ACCT.DAT is a binary file and PAUDIT extracts some/all of the login/out information. Wolfgang Schreiber's PAUDIT2 is far more flexible and you can download this in wschreib.zip from the apps directory on netlab2.usu.edu. The output from both these programs would need further processing to convert it to a suitable form for statistical analysis. ------------------------------ Date: Thu, 1 Jan 1998 08:58:55 +0200 From: Mike Glassman - Admin Subject: Tips and Tricks Here's a great tip I got from someone regarding the ability to always get the same settings for Nwadmin (all versions). Do you want to save your nwadmin (for win3.11 or win95 or winNT) settings so that all the snap-ins and other configuration settings will look exactly the same from every pc you operate on your network ? All you have to do is to go to your station where all the nwadmin setting are working for you already. the you have to type in the following: nwadmn3x.exe /N or nwadmn95.exe /N or nwadmnnt.exe /N (what ever version of nwadmin you are using). After typing this command the nwadmin parameters are going into your NDS user under the "registry netware editor" property. Now you can run with your user nwadmin from every pc on your network and see the configuration you are used to work with on your PC. ------------------------------ Date: Wed, 7 Jan 1998 21:51:05 +0000 From: Randy Richardson Subject: Re: using long file names for home directories/userid >>>This is interesting. We are concerned about some of our dos >>>programs/batch files and how they will react to long directory >>>names. With the %HOME_DIRECTORY variable substituted for the >>>%LOGIN_NAME directory in our container login scripts we could >>>stay with 8 character directory names. >> >>Not a problem with Novell OSs because a DOS 8.3 file/directory name >>is always created when a Long (and/or NFS, and/or MAC, etc.) name is >>used. > >How does the Novell OS resolve something like this > >userid livingstonj home directory ?? livings~1 >userid livingstonk home directory ?? libings~2 Novell doesn't insert the tilde ("~") character into 8.3 names. Novell adds a digit to only to avoid duplicates (which is more user friendly than the tilde). There is a way to make Windows 95 behave this way by editing the registry if you don't want tildes. A long directory name of "LIVINGSTONJ" is be resolved, by Novell, to "LIVINGSTO" (letter "O"), "LIVINGSTONK" to "LIVINGST0" (number "0"), and a third name of "LIVINGSTONZ" to "LIVINGST1" (the number "1"). Note that in the DOS 8.3 world, when using the name "IntranetWare" with the "CD" or "MD" command, DOS will chop it down to "Intranet" (this works with files too). I've noticed that in some circumstances (depending on the version of Login.Exe) that the variable "%LOGIN_NAME" gets chopped down to the 8.3 format before DOS gets it. This improves the Map command. Test the "%HOME_DIRECTORY" and "%LOGIN_NAME" variables, with the MAP command and the WRITE command (so you can see what you're testing). For example: Write "Home directory: %HOME_DIRECTORY" Map H:=%HOME_DIRECTORY Write "" Write "Login name: %LOGIN_NAME" Map L:=%LOGIN_NAME --------- Date: Fri, 9 Jan 1998 10:12:53 +0000 From: Randy Richardson Subject: Re: using long file names for home directories/userid >>Novell doesn't insert the tilde ("~") character into 8.3 names. >>Novell adds a digit to only to avoid duplicates (which is more user >>friendly than the tilde). There is a way to make Windows 95 behave >>this way by editing the registry if you don't want tildes. > >Can you direct me, please, to the registry key and/or more info? Make Windows truncate long filenames like Novell NetWare does: In "HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\FileSystem" create a binary value named NameNumericTail and set it to 0 (zero). The tildes and numbers of long filenames are no longer displayed - It will only start adding numbers if you have more than one shortname with the same result. I copied this from the internet about a year ago, and I don't remember the URL. ------------------------------ Date: Fri, 9 Jan 1998 15:35:33 -0500 From: Brad Booth Subject: Re: User Audit >My questions for the list: Do any of you do this type of audit? >Why or why not? I'm hoping you can give me some solid rationale why >I should continue or let me know that I'm wasting my time. TIA Although my network is small, I still audit user accounts. The main reasons I do it is for security, ease of admin and to save resources. If the account is not being used it can still receive mail, which can pile up on my SYS volume. Since most of our users have access to sensitive patient data, I don't like having any active account with access to that data go unused. It may be over-kill but it's just one more way a hacker or employee that does not have acess through their accounts to get at private data easily. The more user accounts I have to deal with the longer it takes me to do my job. If I have 20 active users and 200 accounts my NWAdmin screen would be unreal! Now, if I can delete 150 of the 200 I know the list will be much easier to deal with. --------- Date: Fri, 9 Jan 1998 13:15:06 +0000 From: Randy Richardson Subject: Re: User Audit >When I first started managing networks, my boss had me do a monthly >audit on user logins. Any account not accessed within 30 days was >disabled and any account not accessed within 60 days was deleted. A >memo was sent to department heads identifying such accounts. I never >received much of an explanation as to why we ran this audit; it was >just done. Now I'm working for a boss who can't even spell network. >When I send these audits out and users whine about losing their >accounts, he tells me to put them back. I don't have enough >background to explain the importance of this audit. > >My questions for the list: Do any of you do this type of audit? Why >or why not? I'm hoping you can give me some solid rationale why I >should continue or let me know that I'm wasting my time. TIA Audits will also reveal strange activities such as: - Failed login attempts at strange hours - User logins when user is on holidays - People sharing accounts (concurrent logins) Security should always be one of the major priorities for network managers because confidential information (payroll, inventions, legal issues, marketing plans, etc.) can be key to a company's success. Some companies don't take security seriously, and sometimes have security breaches without knowing about it until it's too late. --------- Date: Sat, 10 Jan 1998 17:18:49 +0100 From: "Arthur B." Subject: Re: User Audit >When I first started managing networks, my boss had me do a monthly >audit on user logins. Any account not accessed within 30 days was >disabled and any account not accessed within 60 days was deleted. A >memo was sent to department heads identifying such accounts. I never >received much of an explanation as to why we ran this audit; it was >just done. Now I'm working for a boss who can't even spell network. >When I send these audits out and users whine about losing their >accounts, he tells me to put them back. I don't have enough >background to explain the importance of this audit. > >My questions for the list: Do any of you do this type of audit? Why >or why not? I'm hoping you can give me some solid rationale why I >should continue or let me know that I'm wasting my time. What you're doing is called security auditing to some extent. It's difficult to explain. It consumes time, effort and money and when done right has a result equal to zero. Hard to explain to someone that isn't used to figures that stay put at zero. However, this figure can't reach above 0. It can only worsen to negative numbers. Where -100% stands for total loss of security and the money wasted because of that. Loss of security does spell loss of money. Exactly how depends on the specific environment and is thus for you to explore in detail. ------------------------------ Date: Sun, 11 Jan 1998 09:28:07 -0700 From: Joe Doupnik Subject: Re: NIC utilization on INW4 server higher than expected >I was running GHOST image downloads for a dept today from one of our >"image"servers of course, the ACCTON hub in the lab i was doing the >downloads in was showing high utilization on the LEDs but i was surprised >to see the MONITOR utilization on the dept server (INW4 P200 32MEG RAM) >was showing 25% and it was coming from the 3COM NIC at interrupt 11, >even though we were doing nothing on that server ( the image download >was coming from a different server on the same IPX segment) > >Why was the NIC on the dept server so active (sorry, I dont remember which >3OM NIC it is but probably 3C905) ------- The interrupts occur because the board thought traffic was intended for it. That suggests broadcasts are being used by Ghost. Joe D. ------------------------------ Date: Sun, 11 Jan 1998 18:30:01 -0700 From: Hansang Bae Subject: Re: LANALYZER or another simple packet capture device [snip: need protocol analyzer NOW!] I think Novell's site had a trial LanAlyzer for tracking down some problems. I'm not sure how crippled it was. It should be in top 100 Tech quesitons section. In the mean time, perhaps the following will help (I'm not sure why the guy w/ the HP coudn't figure things out though?) High-End: Wandel & Golterman - http://www.wg.com/ HP Internet Advisor - http://www.tmo.hp.com/tmo/datasheets/English/HPInternet_Advisor_Product_Family.html Sniffer - http://www.ngc.com/ Windows-Based: LANSleuth Overview - http://www.ssinc.com/lansleuth/index.html Etherpeek - http://www.aggroup.com/ LANalyzer 4 Windows - http://iamg.novell.com/iamg/products/lfw/lfwtoc.htm NetXray - http://www.cinco.com/ DOS-Based: NDG - http://www.ndg.com.au MG-SOFT - URL http://www.mg-soft.si/ We have available full version of MONET LAN analyzer. Besides that we also have the shareware versions we called - MONET LAN analyzer LITE (trace/debug utility for TCP/IP software developers) - MONET SNMP analyzer (trace/debug utility for SNMP software developers) LANWatch - http://www.ftp.com/product/lw4.html Triticom - http://www.triticom.com/ Klos - http://www.klos.com/ Network Instruments - http://www.netinst.com/ Macintosh-Based: Etherpeek - http://www.aggroup.com/ Neon - http://www.neon.com/ Shareware/Freeware: Packview - http://www.chromatix.com/packview/packview.html Ethload - ftp://ftp.simtel.net/pub/simtelnet/msdos/lan/ netprob2.zip Network analyzer, monitor and packet generator http://www.simtel.net/pub/simtelnet/msdos/lan/netprob2.zip ftp://ftp.simtel.net/pub/simtelnet/msdos/lan/netprob2.zip 110365 bytes NetProb is an efficient and reliable tool for analyzing, monitoring, and generating packets on your Ethernet local area network. It runs on a MS-DOS or Windows 95 PC or a laptop equipped with an Ethernet adapter that supports packet driver. NetProb decodes TCP/IP, AppleTalk, NetWare, NetBEUI packets. NetProb supports powerful packet filtering & triggering capabilities. You can capture, examine, print, save network packets. NetProb provides real time network statistics. You can set various alarms to alert you of certain network conditions. Use NetProb to generate any network packet to isolate hardware or software problems. This is especially useful for load testing under construction networks as well as network hardware/software underdevelopment. Help is context sensitive and is very useful for both the new and experienced NetProb users alike. NetProb is an essential tool for network engineers, system administrators, and hardware/software engineers working with LAN. netprob2.zip (ver 1.31) has replaced netprob1.zip (ver 1.3). Shareware. Uploaded by the author. ------------------------------ Date: Sun, 11 Jan 1998 20:08:52 -0700 From: Joe Doupnik Subject: Re: Disk Full and File Corruption >>Is it true that a netware 3.11 server running with less than 1/10th >>disk capacity would be subject to frequent file corruption? > >The answer is actually no, it isn't true. What is true, is that your >system will work MUCH slower, you will have a lot of disk requests and >I/O lags, all of which might cause data to be corrupted. > >It is never a good idea to allow your disks to get too full. -------- There is more than a grain of truth in the original question. NW 3.11 in particular has a history of getting into trouble when forced to reuse space occuppied by deleted but not yet purged files. It's not the percent free that is of interest, though it is an indicator, but there is no really free space when space is needed. The solution is to run PURGE /A from the root frequently. Use CHKVOL to see how much is in the deleted but not yet purged collection, and FILER to rescue files. Joe D. ------------------------------ Date: Thu, 15 Jan 1998 14:24:47 -0500 From: George Bakos Subject: Re: Looking for a screensaver >Users here have a habit of never logging off their machines. >Is it possible to get a screensaver which looks for the users NW >password to deactivate (as you get in NT)? Its easier to make users computer literate than it is to make computers user literate. Here's what I do to ensure clean backups. It might help your current problem: CRON a nightly DISABLE LOGIN and CLEAR STATION ALL with some friendly messages accompanying. They should get the message and adopt good logout habits, my users did....quickly. ------------------------------ Date: Thu, 15 Jan 1998 23:52:38 +0100 From: Steinar Kleven Subject: Netware FAQ addition (Management with perl) I just wanted to inform you and your FAQ readers that the first remote perl script management tool for NDS / Netware is available for download from http://www.ahs.hist.no/distr/NDSm This is a Shareware program with a 60 day trial period, and is cheap if you decide to register. The package includes several perl classes that makes it easy to insert and retrieve data from NDS. There is also examples included, and I would like to mention one in particular which creates a user with home directory, rights, volume space restrictions and group membership. This example can be modified in minutes to become a very flexible mass user management system. There is also a perl class included which is designed to work with server / volume tasks. Perl has been THE standard for running sceduled or mass management task on unix platforms for decades. Now it has come to Netware too. This might seem like an add, but I think the Netware customers have a right to know that there are alternatives to the (only?) other MUM tool which has a price tag of 3xxUS$. Let the Netware customers have some freedom to create cusomized utilities. As I see it they only have a few choices. 1. Hire a C/C++ programmer (to expensive). 2. Buy a compiler and start programming (Takes a lot of time). 3. Create some kind of NetBasic scripts, drowning the server. 5. Use existing utilities without the ability to change the way the software works 4. Use perl to make a custom script which can be modified if you got a txt editor at hand (most have), and that run on any workstation with NT or Win95 installed. I began this project because my boss wanted to import/export phone-numbers from NDS on a regular basis, and now it has become a complete management system for sceduled or interactive tasks. What is there to say, this is THE most flexible system for Netware management around. ------------------------------ Date: Tue, 20 Jan 1998 20:40:45 +0000 From: Richard Letts Subject: Re: MAC address tracking: trial and tribulations... >Thanks to all everyone with their suggestions on tracking MAC >address and my 'anonymous' user. I still haven't found them, but I'm >getting some good info and leads. ftp://ftp.salford.ac.uk/network/utils/snaffle.zip This uses the diagnostic services in the client machine to identify any server connections, and if you have a connection to that server, which user they are logged as. Please report problems to me, and I'll look at the code. ------------------------------ Date: Wed, 21 Jan 1998 00:07:11 +0200 From: Neil Price Subject: Re: Use of the SEND command >I was wondering how it is possible for users to send broadcast messages >to each other and have false or other users' names appear on the message >as if the message was sent from them. I remember being baffled by how illiterate users were doing this, and finding it was stunningly simple to do with SESSION.EXE in 3.1x. ------------------------------ Date: Tue, 3 Feb 1998 10:13:59 -0600 From: Brian Scott Subject: Re: SoftTrack From what I remember it did a good job of making charts and graphs. I have not even looked at it in over a year. It's installed and doing it's job without any problems. The best advice I have: Don't compromise. Don't get a metering package that uses TSR's or stub files (they are nothing but trouble). ------------------------------ Date: Thu, 5 Feb 1998 16:08:51 +1300 From: "Baird, John" Subject: Re: NLIST usage >I was looking for a connected user and I used NLIST USER /A /B and >got 61 connections and my list of users connected. I then used NLIST >USER /A without the /B for the Bindery based connections and only >got 29 connections and a some users that weren't in the other >listing. What is the difference? I don't understand how a connected >user can show up in the list using just the /A paramater and not show >up in the list with the /A /B parameters. Anyone with an >understanding of NLIST please tell me what I'm missing. Here is a description of the difference between 'nlist user /a' and 'nlist user /a/b' which I posted to this list a while back. >>The last time I sent a message, I had used NLIST user /a. When I add /b, >>the list is different. For one thing, Mac users appear on the list. >>However I still have questions: >> >>One user who appears on NLIST USER /a does not appear on the list when I >>include the /b parameter. Moreover, according to the information in his >>account, that account has not logged in since 8-13-97. >> >>Why the discrepancy? Why does he even appear on any invoked list of current >>users? >> >>Why does the server itself not appear on the list with /a but twice when /a >>and /b are invoked? >> >>Why does a networked printer appear twice. Does each connection to the >>printer count as a login? >> >>Reason for all these questions: The server has a license for 150 concurrent >>users. Are there licenses being wasted on redundancies? Any fix? Thanks. > >The answers are obvious once you understand the difference between >'nlist user /a' and 'nlist user /a/b'. Unfortunately, Novell dont explain >this (at least I haven't found an explanation), so that essential >management tool - the lanalyser - comes in handy here to see exactly what >nlist is up to. > >'nlist user /a' simply scans all objects of class 'user' in your current >context for those with a "Network address" attribute. The 'a' in /a >stands for active, and this command in theory is listing users in your >current context who are logged in on any of the servers in the tree. But, >as we know the "Network address" attribute values are not always cleared upon >logout, hence the entry for someone last logged in on 8-13-97. > >'nlist user /a/b' does the equivalent of the NW 3.x userlist command. It >actually scans the server's connection tables and so will list connections >for all logged in objects whatever their object class. > >To summarize > > nlist user /a/b nlist user /a > >Object classes Any user >Servers logged into current server any >Scope independent of context current context only >Spurious logins no, shows actual can show spurious ------------------------------ Date: Thu, 19 Feb 1998 14:24:32 +0100 From: Kaveh Vahedipour Subject: Re: New HD on 3.12 Serve >>18. Recreate trustee rights with NINFO. > >What is NINFO and where is it available? NINFO is a tool to backup all netware information from a volume (i.e. trustees, owners etc.). You can find it at: ftp.lstm.ruhr-uni-bochum.de/pub/netware along with a few other useful tools. ------------------------------ Date: Sat, 21 Feb 1998 12:38:15 -0800 From: Anthony Baratta Subject: Re: WHOHASIT >>Can anyone please tell me where I can find the program >>WHOHASIT? I am trying to find out who has a file open on >>my 4.11 server Been watching this with amusment. A quick search of Yahoo, using "whohasit" reveals..... http://statsware.iconnex.com/whohasit/index.html ------------------------------ Date: Sun, 22 Feb 1998 11:00:19 +0200 From: Mike Glassman - Admin Subject: Re: Programs to track users login and out times >Can anyone give me recommendation on ways to log users login and >logout times. Management wants us to track our users. I use something similar to the following, which I also picked up off the list. IF P_STATION="0000F6A03F9A" OR LOGIN_NAME="ADMIN" DOS SET P_STATION=P_STATION DOS SET DAY=DAY DOS SET MONTH=MONTH DOS SET YEAR=YEAR #COMMAND /C WHOAMI>>Y:\USERS\COMMON.ALL\LOG\ADMIN.LOG #COMMAND /C ECHO STATION: %P_STATION>>Y:\USERS\COMMON.ALL\LOG\ADMIN.LOG #COMMAND /C ECHO STATION: %DAY - %MONTH - %YEAR>>Y:\USERS\COMMON.ALL\LOG\ADMIN.LOG #COMMAND /C ECHO --------------------------------------->>Y:\USERS\COMMON.ALL\LOG\ADMIN.L OG DOS SET P_STATION= DOS SET DAY= DOS SET MONTH= DOS SET YEAR= ENDIF Of course, you would perform a similar for all users. And this will only log the Logons. You can also use the inbuilt Auditing software or a third party auditing software for what you want. ------------------------------ Date: Tue, 24 Feb 1998 10:47:03 -0500 From: Darwin Collins Subject: Re: Utility to change User's properties? There are various utilities to do this work on large scale: http://www.fastlane.net/~dcollins http://www.novell.com/corp/programs/ncs/toolkit/main.html http://nz.com/webnz/JRBSoftware/ http://www.hitecsoft.com http://www.prefsys.com/ And you could use UIMPORT too, to make these type of changes... ------------------------------ Date: Sat, 28 Feb 1998 21:48:16 +0800 From: Cordelio Sumbillo Subject: Re: Monitor in 4.10 vs. 4.11 >We have just recently upgraded 2 of our Novell 4.10 servers to 4.11. >I have noticed now that in Monitor under the connections users are >not alphabetized like they were in 4.10. Just wondered if we missed >something during the upgrade or there is possibly a patch for this. Actually, you did not missed anything. You can sort alphabetically by pressing F3, sort options as shown in your monitor console. ------------------------------ Date: Sun, 1 Mar 1998 23:20:44 -0800 From: Randy Richardson Subject: Re: INW Client WinNT truncates username to 8 characters >IntranetWare Client (4.11 I think (someone remind me how to determine the >client's version)) will truncate the username to eight characters. This is >a bad and irksome thing. These login script variables are all related, and may be helpful: - %CN (Common Name) - %LOGIN_NAME (Login Name) - %REQUESTER_VERSION (Requester Version) - %REVISION (Revision, of what I don't know) - %SHELL_VERSION (Shell Version) - %USER_ID (User ID, probably Object ID) --------- Date: Mon, 2 Mar 1998 11:54:37 -0500 From: Debbie Becker Subject: Re: INW Client WinNT truncates username to 8 characters >IntranetWare Client will truncate the username to eight characters. Are you talking about the user login name or the user home directory? If it's the user home directory, you can get around this in the login scripts using the %HOME_DIRECTORY variable instead of %LOGIN_NAME. --------- Date: Mon, 2 Mar 1998 19:52:55 -0500 From: Doug Summers Subject: Re: INW Client WinNT truncates username to 8 characters >>IntranetWare Client will truncate the username to eight characters. Try using %CN. It will handle long usernames. ------------------------------ Date: Thu, 5 Mar 1998 09:00:13 -0500 From: Darwin Collins Subject: Re: Large PC Sites Clients: . Win95 rolled with Image method and Ghost. . Novell Application Launcher (for minor installs, running CD software) . Seagate WinInstall (for some software installs) . Lotus SmartSuite97 (concurrent licensing) . Netscape 3 (now using WinInstall/AppLaunch to do version 4) . Logic Email (MHS based) but perhaps will be going to GroupWise. Server: . Netware 4.11 (we load about 125 to 350 users per server, but, geography and department sizes usually dictate the user count on a server) . Hardware: Compaq Proliant 4500R, 128MB ram, FDDI, Raid5 Helpdesk uses Intel LanDesk. It is a large beast. Hopefully, someday Intel will come up with the update that is faster, smaller, and more reliable. The 'favorite task' for the techs is that when they see a computer confused because of unauthorized installs or modification... they'll format/ re-download the Win95 onto the machine. We do try to use the mantra of 'consistency' and 'standardization', but, everyone feels that they are an exception. ------------------------------ Date: Sun, 8 Mar 1998 13:10:14 +1300 From: "Baird, John" Subject: Re: directory size limits >i have size limits on some of my directories, NW 4.11. The scenario is >this: a user is approaching the limiting size, but they are unaware of >this size limit. They open up a file to work on, make enough changes to >increase the size beyond the directory limit, and then try to save their >document. They then get an error stating that there is an error writing to >the network drive. But the bad thing here is that the document they are >working on has lost all of the data, including all of the original saved >data. How do i fix this, so at least their original data is saved and/or >they get some kind of warning? Unless you are autopurging, the deleted original file will be salvageable assuming the application is attempting to replace the original file with an updated version. One approach to this which should reduce the problem, but not eliminate it is to display the user's free space when logging in. The DQUOTA program in jrb400a.zip from the apps directory on netlab2.usu.edu can be used for this purpose. --------- Date: Sat, 7 Mar 1998 18:36:19 -0800 From: Randy Richardson Subject: Re: directory size limits >>Unless you are autopurging, the deleted original file will be salvageable >>assuming the application is attempting to replace the original file with >>an updated version. > >I was under the impression that files which were overwritten with the same >file name are not recoverable at all. I know this to be true with DOS >based undelete software and I am pretty sure the same is true with Novell. On NetWare volumes, a file is flagged as deleted when they are explicitly deleted (e.g., DOS "DEL" or "ERASE" command) or when they are overwritten by an application that uses the "Create New File (flagged to overwite existing files)" function. Some applications don't follow the conventions of common sense, and open the existing file, truncate it to zero bytes, then write the data. When this happens, no file was actually deleted, so you won't be able to salvage it. The way to fix this is to complain to the software manufacturer and hope they provide a patch. The other possible reason you can't salvage your files is that the file itself, or the current directory, is flagged with the NetWare "Purge" attribute. ------------------------------ Date: Tue, 17 Mar 1998 13:28:18 +1200 From: "Baird, John" Subject: Re: Operator Rights: NDS/NW4.11 >Can someone tell me if there are any rights that are granted to a Console >Operator on a NW4.11server that are any different to NW3 servers? > >I know what the NW3 rights are, but not for NW4. The Help lists a few >examples that are the same as NW3, and then says "and so on" . > >I need to know as Console Operator is required to run some utils, i.e. >JRB's KILLCONN, but I do not wish to give these rights without >understanding what else this implies. The concept of being a "Console Operator" isn't well documented under 4.x but it seems to be basically as per NW 3.x. There are some extra APIs available under 4.x allowing console operators to retrieve server connection and other information from a client workstation. Apart from that I'm not aware of any extra functionality. One point I have noted is that if you make an organizational role a console operator, the role occupants do not become console operators. I'll attach a list of tasks that a console operator can do. Its not complete - it contains those things I could remember when someone else asked me about console operators recently. - Downing the server - Viewing Netware version info (other than that held in NDS) - Enable/disable logins - Enable/disable TTS - Clear connections when the CO is also a manager of the user whose connection is being cleared - List who has a particular file open - List the files held open by a particular connection - List certain connection statistics such as bytes read, bytes written, total NCP requests. - Determine whether connections are licensed/unlicensed. - View certain server details - check the help in serv_cmd. --------- Date: Tue, 17 Mar 1998 19:09:00 +0100 From: Camaszotisz Gyorgy Subject: Re: Operator Rights: NDS/NW4.11 >Okay, here's a stupid follow-on question. How do you make some a >"console operator". Or, more importantly, stop someone from being >a "console operator". My assumption was that if some one had access >to the console or had the RConsole p/w and knew the commands, they >were a "console operator". There's no logging in or authentication >at the console, so the console doesn't know or care who's typing at >the keyboard. This is where physical security and p/w protection >comes into play. Go and discover the Operators page for server objects in NetWare Administrator. They are so called "console operators". Don't mix that with someone having physical access to the actual keyboard and monitor. Second, Novell's standard utilities use internal non-documented API calls and structures. If you want to make a little program let's say for returning LAN interface statistics (similar as the one found in monitor.nlm), you must log in (even in NLM) as a user with console operator privileges. If not, the function will return error 0x89C6 NO_CONSOLE_PRIVILEGES. ------------------------------ Date: Tue, 17 Mar 1998 21:11:00 -0800 From: Randy Richardson Subject: Re: MAJOR INW4 network redesign for a college campus >The question is how to either consolidate or break this out into different >servers > >The pressure is to consolidate for simplification, but i like the idea of >putting different apps on different servers - open to disscusion here Standardization on drive letters and duplication of applications across various servers is the strategy I've used. For example: - Drive I: = Map rooted to SYS:APPS - Drive S: = Map rooted to SYS:SHARED - All applications are installed on drive I:, and duplicated across all servers - Databases and shared documents are stored on specific servers, and get specific drive letters, but drive S: always points to the same server as the user's home directory Various methods can be used to indentify the physical location of each computer, and groups can be used to correspond with this information. The easiest method is to rely on the default server setting in your client configuration. If your users change the default server setting, a quick-and-dirty solution is to insert a "SET NWAREA=" statement in Autoexec.Bat that identifies the associated group by naming the area, then use this information to map the I: drive to the server for this area. ------------------------------ Date: Fri, 20 Mar 1998 16:53:01 +0100 From: Hans Nellissen Subject: Automated directory deleting >I have 200 sub directories under a main directory. These are user >directories. I want to clean the contents out of each sub directory >without have to type deltree/y f:\directory\subdirectory\ 200 times. >Can anyone show me a batch file that will do this? If you know which subdirectory you can do a dos-bat-file like this: @echo off for %%X in (subdir1, subdir2, subdir3 ...) do deltree /y f:\Users\%%X As each DOS command line must be < 125 characters you must use multiple lines. --------- Date: Fri, 20 Mar 1998 08:56:47 -0800 From: Randy Richardson Subject: Re: Automated directory deleting Oops! Careful, this one will actually remove each subdirectory listed, which is not what was wanted. Try the following (and don't include the commas): @echo off For %%X in (dir1 dir2 dir3) do DelTree /Y F:\Users\%%X\*.* The requirement is to keep the directories, but just clear the contents of each directory. ------------------------------ Date: Thu, 26 Mar 1998 17:18:43 -0600 From: Jon Scarbrough Subject: Re: Home Directory We have been using the JRB utilities to create and modify objects with great success. It is such a small expense for the great benefit. We have created 5000 student ids with no problem. We have a batch file that uses the creatobj command. That command will use a user template object in the context where ids are being created. We obviously set the volume quotas in this user template as well as where their home directory will be created. It has worked very well. In cases where we needed to ensure that the home directory was set, the user had the appropriate rights and the value was set in the user object, JRB comes to the rescue again with sethome2. We can use the listobj file to create a list of userids in the specified context and then manipulate that file so that each userid is fed to the sethome2 command. We abandoned uimport because we would spend 1 week hoping the tree would settle down. The creatobj command has a delay switch that allows you to not create the next user object until synchronization has occurred. Our initial run was for about 3000 ids that were created in one day with a 25-30 second delay. Every user id was created successfully, had proper home directories, volume quotas, etc. ------------------------------