ConsoleOne User Guide
Contents
1. c1help novell_ndsadmin filterview html NDS only The following table summarizes the user management tasks you can perform and lists the ConsoleOne help topics where you can find step by step instructions For background information and limitations on these capabilities in ConsoleOne see NDS Objects on page 11 38 ConsoleOne User Guide Task Summary ConsoleOne Help Topics Creating user To set up a user account you must create a user object in To create a objects NDS This object specifies the user s login name and supplies User object other information used by NDS and NetWare for access c1help control For details see the help topic at the right novell_ndsadm in createuser html Defining a If you want to define user properties ahead of time before Tocreate a template for actually creating one or more user objects you can create a Template creating user user template For details see the help topic at the right object objects c1help novell_ndsadm in createtemplate html Setting up During or after user object creation you can optionally setup To set up optional the user s network computing environment an account account account balance for usage of network services and various login resources features security measures such as passwords time limits and c1help location restrictions For details see the help topics at the right Note If you set up login ti2. C1help novell_schema schemaSyntax_Timestamp htm Typed Name C1help novell_schema schemaSyntax_Typed_Name htm Unknown C1help novell_schema schemaSyntax_Unknown htm Mandatory and Optional Attributes A class is a set of attributes organized in a meaningful way Some of these attributes are mandatory and some are optional A mandatory attribute is one that must be filled in when an object is created For example if a new object is being created based on the User class which has Last Name as a mandatory attribute the new object cannot be created without filling in the last name An optional attribute is one that can be filled in if desired but otherwise can be left out For example if a new object is being created based on the User class which has Fax Number as an optional attribute then the new object can be created with or without specifying a fax number An exception to the rule is that when an optional attribute is used for naming the attribute becomes mandatory NetWare File Systems The following table summarizes the NetWare file system management capabilities of ConsoleOne For instructions on using these capabilities to perform specific tasks see Managing on page 35 For more background information on NetWare file systems see Traditional File Services and Novell Storage Services NSS 20 ConsoleOne User Guide Capability Description Browsing file systems Managing files and
3. User Guide ConsoleOne Legal Notices Novell Inc makes no representations or warranties with respect to the contents or use of this documentation and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose Further Novell Inc reserves the right to revise this publication and to make changes to its content at any time without obligation to notify any person or entity of such revisions or changes Further Novell Inc makes no representations or warranties with respect to any software and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose Further Novell Inc reserves the right to make changes to any and all parts of Novell software at any time without any obligation to notify any person or entity of such changes This product may require export authorization from the U S Department of Commerce prior to exporting from the U S or Canada Copyright O 1993 2000 Novell Inc All rights reserved No part of this publication may be reproduced photocopied stored on a retrieval system or transmitted without the express written consent of the publisher U S Patent Nos 4 555 775 5 157 663 5 349 642 5 455 932 5 553 139 5 553 143 5 594 863 5 608 903 5 633 931 5 652 854 5 671 414 5 677 851 5 692 129 5 758 069 5 758 344 5 761 499 5 781 724 5 781 733 5 784 560 5 787 439 5 818 936 5 828 882 5 832
4. For more information about managing NetWare file systems see NetWare File Systems on page 20 and NetWare Access Control on page 21 Rights are system flags that you can set on individual NDS objects to control access to those objects or to properties associated with those objects When you assign rights you always link them with a specific user group or other NDS object that is the trustee possessor of the rights 12 ConsoleOne User Guide Types of Rights Assignments Type In a trustee assignment you can grant the following three types of rights Purpose ConsoleOne help topic describing these rights Object entry rights All properties rights Specific property rights To enable the trustee to access or manipulate the object as a whole To enable the trustee to access or manipulate all the properties of the object To enable the trustee to access or manipulate a specific property of the object Rights to an NDS entry object c1help novell_ndsadmin entryrights html Rights to an NDS property c1help novell_ndsadmin propertyrights html Rights to an NDS property c1help novell_ndsadmin propertyrights html Object rights and all properties rights are inheritable by default meaning the trustee can exercise them on subordinate objects without having an explicit rights assignment on those subordinate objects Specific property rights are noninheritable by defa
5. NDS trees by creating various types of containers You can c1help also create aliases to provide access to the same objects from multiple locations For details see the help topics at the right Note For general design considerations when organizing an NDS tree see NDS Concepts and Planning http www novell com documentation Ig nw5 usnds basicenu data h0000001 html Customizing You can customize the views in both the left and views right pane in various ways For example you can set a different object than My World at the top of the left pane and you can adjust the column width in the right pane In an NDS tree you can filter objects from view in the right pane For details see the help topics at the right Note Customizations to the left and right pane are lost when you exit ConsoleOne Managing User Accounts novell_ndsadmin createcountry html To create a Locality object c1help novell_ndsadmin createlocality html To create an Organization object c1help novell_ndsadmin createo html To create an Organizational Unit object c1help novell_ndsadmin createou html To create an Alias object c1help novell_ndsadmin createalias html To set the top object in the left pane c1help novell_consoleone settop html To adjust the column width in the right pane cihelp novell_consoleone adjustcol html To filter objects from the right pane
6. see Known Limitations on page 47 Note also the behavior described in Login Time Restrictions for Remote Users on page 29 In ConsoleOne users who have explicit rights to access an NDS object are listed as trustees on the NDS Rights property pages of that object A trustee s assigned rights can be to the object as a whole to all the object s properties or to individual properties If the object that the trustee has rights to is a container the rights can be assigned as either inheritable or noninheritable The NDS Rights property pages also list any filters that block inheritable rights assigned higher in the tree from being exercised on the current object Finally the NDS Rights property pages let you query NDS for any user s effective rights to the current object or to specific properties associated with the object For more information about how NDS rights work see NDS Rights on page 12 In ConsoleOne you can manage the NetWare server and volume objects that are automatically created in your NDS tree during NetWare or NDS installation You can also create additional objects for NetWare servers and volumes that are installed in other NDS trees or that are running earlier NetWare versions Through these objects you can monitor server or volume activity record information about the locations and configurations of the servers and volumes and manage the files folders access control and space allocation on the volumes
7. NetWare Server 33 4 Managing 204 de ies be ROSES Pa a E 35 Basic Management Tasks 35 Managing User Accounts 38 Controlling Access to Resources 40 Managing NetWare File Services 42 Extending the NDS Schema 44 5 TrOuDIeSNOOUNG gt 22e bea ie yews Abee 47 Known Limitations 4886 Lau PT a a be dd oad 47 ConsoleOne Malfunctions or Won t Start 48 Performance Is Sluggish 49 Need a Completely Local Workstation Installation 49 ConsoleOne Doesn t Use My Local Time Zone 50 A Novell Trademarks 51 6 ConsoleOne User Guide About This Guide This guide explains what ConsoleOne is and how to install use and troubleshoot it NOTE This guide covers only the core ConsoleOne features that you get if you download ConsoleOne from the Novell Free Downloads web site http www novell com download For information on ConsoleOne features added by other products see the documentation for those products About This Guide 7 8 ConsoleOne User Guide Understanding This chapter explains what ConsoleOne is what you can do with it and what has changed since the last
8. countries OnLAN PC is a registered trademark of Novell Inc in the United States and other countries Open Data Link Interface and ODI are trademarks of Novell Inc Open Look is a registered trademark of Novell Inc in the United States and other countries Open Networking Platform is a registered trademark of Novell Inc in the United States and other countries NovellTrademarks 57 Open Socket is a registered trademark of Novell Inc in the United States Packet Burst is a trademark of Novell Inc PartnerNet is a registered service mark of Novell Inc in the United States and other countries PC Navigator is a trademark of Novell Inc PCOX is a registered trademark of Novell Inc in the United States and other countries Perform3 is a trademark of Novell Inc Personal NetWare is a trademark of Novell Inc Pervasive Computing from Novell is a registered trademark of Novell Inc in the United States and other countries Portable NetWare is a trademark of Novell Inc Presentation Master is a registered trademark of Novell Inc in the United States and other countries Print Managing Agent is a trademark of Novell Inc Printer Agent is a trademark of Novell Inc QuickFinder is a trademark of Novell Inc Red Box is a trademark of Novell Inc Reference Software is a registered trademark of Novell Inc in the United States and other countries Remote Console is a trademark of Novell Inc Remote
9. et ea es fe RS A 14 Security Equivalence 14 Effective Rights imNDS gt A r Ds EAR BE LL Eh Bo trees AN E er 15 NDS Schema 4 sen al ed her at us ee de E gore den a du er e 17 Schema Manager Tool 17 Object Classes cuco Re a a IN que te a H ut 18 Object Attriputes s 2 22 a qi Al Rs ue patte eu A mt ee ee AC 18 Attribute S ntax dope ad haw ge ner a Pv ana Nan De debat 18 Mandatory and Optional Attributes 20 NetWare File Systems 20 NetWare Access Control 21 File System Attributes 22 File System Rights 2 fae Ga BA da et Geet AA EGER 22 2 Planning 4 2 82 262 ADA ASA Oe SR ESS 25 System Requirements 25 Workstation Requirements ee 25 Server Requirements a 25 ConsoleOne versus Other Tools 26 Snap ins from Other Products a 28 NDS Schema Extensions 28 Login Time Restrictions for Remote Users 29 3 Setting 2234 00 ee sam hu Ne eee we hee yee eae eke 31 Installing ConsoleOne 31 Starting ConsoleOne on a Windows Workstation 32 Contents 5 Starting ConsoleOne on a
10. example you can select multiple NDS objects of the same type to modify their properties in a single operation You can also move or delete multiple NDS objects at a time For limitations on manipulating objects see Known Limitations on page 47 Understanding 11 Capability Description Organizing NDS objects Managing NDS user accounts Administering NDS rights Managing NetWare server resources through NDS NDS Rights In ConsoleOne you can create all NDS container types such as Country Locality Organization and Organizational Unit This allows you to organize the objects in your tree You can also create object aliases to provide access to an object from multiple locations in the tree For general design considerations when organizing an NDS tree see NDS Concepts and Planning http www novell com documentation Ig nw5 usnds basicenu data h0000001 html In ConsoleOne you set up an NDS user account by creating a user object and then setting properties that control login and the user s network computing environment You can associate login scripts with the user to automate his or her connections to network files printers or other such resources You can set an accounting balance to restrict or track the user s use of individual NetWare servers Using a template object you can define these properties ahead of time before actually creating the user object For limitations on setting up user accounts
11. folders Setting attributes Administering rights Controlling allocation of disk space Viewing and modifying file system information In ConsoleOne you browse NetWare volumes folders and files like any other objects You can browse both traditional NetWare volumes and Novell Storage Services NSS volumes Volumes and folders are container objects that you can open and close by double clicking and files are leaf objects that you can manipulate and define properties for In ConsoleOne you use standard menu options like Cut Copy and Paste to copy and move files and folders within the file system Menu options are also provided for creating renaming and deleting files and folders For limitations on managing files and folders see Known Limitations on page 47 In ConsoleOne system attributes of individual files and folders are listed as properties of those files and folders Using these property pages you can set and remove attributes as needed This enables you to apply certain global access controls on specific files and folders and to define special handling for individual files and folders during processes like data compression backup and migration For more information on file system attributes see NetWare Access Control on page 21 In ConsoleOne users rights to access individual files and folders are listed as properties of those files and folders Filters for blocking the inheritance of rights are al
12. help topics where you can find step by step instructions 40 ConsoleOne User Guide Task Summary ConsoleOne Help Topics Making explicit rights assignments Blocking rights inheritance When a user s default rights and group or role memberships provide insufficient access for the user to complete his or her work you can explicitly grant the user rights to the particular objects properties files and folders that he or she needs to work with For details see the help topics at the right In NDS rights assignments on containers can be inheritable or non inheritable In the NetWare file system all rights assignments on folders are inheritable In both NDS and NetWare you can block such inheritance so that the rights aren t effective on individual subordinate items For details see the help topics at the right To grant or deny explicit rights to an object or property c1help novell_ndsadmin grantrights html NDS To delete a trustee explicit rights assignment c1help novell_ndsadmin delrights html NDS To grant or deny explicit rights to a file or folder c1help novell_fs grantrights html NetWare To delete a trustee assignment c1help novell_fs delrights html NetWare To block inherited rights to an object or property c1help novell_ndsadmin blockrights html NDS To block inherited rights to a file or folder c1 help novell_fs blockrights
13. in available RAM In most cases either tool works fine However ConsoleOne can create any object type defined in your schema including new types you ve added NetWare Administrator can only create object types for which it has custom snap ins In addition ConsoleOne makes it easier to assign and view object names with dots in them such as Dan Jones In most cases either tool works fine However ConsoleOne has some limitations on the user properties you can define in a template Specifically you must use NetWare Administrator to define rights assignments scripted environment setup and volume space restrictions in a user template Task Tool to Use Explanation Manage object properties Manage print services Delete a NetWare server object Check the NDS version on a server Manage NDS partitions and replicas Manage the NDS schema Manage NetWare file systems Set an account balance for a user Set up accounting charges on a NetWare server Manage other Novell services ConsoleOne or NetWare Administrator NetWare Administrator NDS Manager NDS Manager NDS Manager ConsoleOne or NDS Manager ConsoleOne or NetWare Administrator ConsoleOne or NetWare Administrator NetWare Administrator Depends on the service In most cases either tool works fine However ConsoleOne lets you modify multiple objects of any class in a single operation whereas NetWare Administra
14. not continue with the next substep Understanding 23 5b Remove from the current effective rights any rights that are blocked by an inheritance filter at the current level 6 If the current level of the file system is the target file or folder the user s final effective rights are the sum of his or her current effective rights and the current effective rights of each object that the user is security equivalent to If you haven t reached the target file or folder yet return to Step 3 24 ConsoleOne User Guide Planning This chapter specifies the system requirements for ConsoleOne when to use it versus other tools such as NetWare Administrator and how to retain ConsoleOne snap ins installed by other products It also provides basic planning guidelines for extending the NDSTM schema and for managing login time restrictions for remote users System Requirements ConsoleOne can run on a Windows workstation or a NetWare server Workstation Requirements Q Windows 95 98 or NT Q 64 MB RAM with an equal amount of virtual memory swapper space more RAM will improve performance Q 200 MHz or faster processor Q NetWare 5 client software Q 25 MB free disk space for a local installation Server Requirements Q NetWare 5 Support Pack 3 Q 64 MB free RAM 128 MB total recommended To determine the current free memory multiply the Total Cache Buffers shown on the main MONITOR NLM information screen by 4096 Q 200
15. programs generally use running has sufficient RAM as explained in System more memory than comparable native Requirements on page 25 If ConsoleOne has been running programs Under tight memory for a long time you might want to restart it conditions ConsoleOne might gradually slow down particularly when run on the server Need a Completely Local Workstation Installation Possible Cause Solution The product that installed ConsoleOne might Complete the procedure for Installing ConsoleOne on not provide the option to install ConsoleOne page 31 and make sure you choose a local workstation completely locally on a workstation drive to install to Troubleshooting 49 ConsoleOne Doesn t Use My Local Time Zone Possible Cause Solution When running ConsoleOne on a workstation if the TZ environment variable isn t set ConsoleOne displays times in Greenwich Mean Time GMT and interprets any time information you enter as GMT 1 Exit ConsoleOne 2 Set the TZ environment variable as explained below 3 Try running ConsoleOne again To set the TZ environment variable in Windows 95 or 98 add a SET command to the AUTOEXEC BAT file gt restart the workstation To set the TZ environment variable in Windows NT add the variable on the Environment tab in the System control panel Example SET TZ MST7MDT The first three characters of the value specify your time zone and are required They must be i
16. release It also provides basic NDS and NetWare background information for performing management tasks What Is ConsoleOne ConsoleOne is a Java management utility that runs on a Windows workstation or a NetWare server By default it lets you manage NDS objects rights and schema NetWare file system resources and access control If you install other Novell products additional features may be added to ConsoleOne For example if you install NDS 8 LDAP management and NetWare remote console features are added For more information on See Default ConsoleOne features including what has The remaining sections of this chapter changed since the last release ConsoleOne features added by Novell or third The documentation for the products that add the party products features ConsoleOne system requirements System Requirements on page 25 New Features The following sections list new features in this and previous ConsoleOne releases Understanding 9 Version 1 2b This release is available with NDS 8 and the Consolidated Support Pack Version 1 2 Runs on a Windows workstation or a NetWare 5 server replaces ConsoleOne 1 2 and 1 1 Fixes various known defects including some related to using ConsoleOne in non English locales Documentation is packaged separately unbundled from NDS and NetWare This release was available with the initial NDS 8 release for NetWare Runs only
17. simpler than rights in terms of how they operate An attribute is a system flag that you can set or remove on a particular file or folder to instruct the file system to handle that file or folder in a particular way Unlike rights attributes apply the same for all users who attempt an action on the file or folder The set of attributes you can apply is slightly different for files than it is for folders For details see Attributes File clhelp novell_fs fileattrs html and Attributes Folder clhelp novell_fs folderattrs html in the ConsoleOne online help File System Rights Like attributes rights are system flags that you can set on a particular file or folder to control access to that file or folder However unlike attributes rights are linked with a particular user group or other NDS object This object is the possessor of the rights and is called the trustee The particular set of rights held by the trustee is called the rights assignment On a given file or folder you can add multiple rights assignments each associated with a different trustee To see descriptions of the individual file system rights see Rights File System c Lhelp novell_fs rights html in the ConsoleOne online help Rights assignments on a folder are inherited by the trustee to objects within that folder so that the trustee can exercise those rights on subordinate files and folders without having an explicit rights assignment on the subord
18. 275 5 832 483 5 832 487 5 859 978 5 870 739 5 873 079 5 878 415 5 884 304 5 893 118 5 903 650 5 905 860 5 913 025 5 915 253 5 925 108 5 933 503 5 933 826 5 946 467 5 956 718 5 974 474 U S and Foreign Patents Pending Novell Inc 122 East 1700 South Provo UT 84606 U S A www novell com ConsoleOne User Guide January 2000 104 001264 001 Online Documentation To access the online documentation for this and other Novell products and to get updates see www novell com documentation Novell Trademarks For a list of Novell trademarks see the final appendix of this book Third Party Trademarks All third party trademarks are the property of their respective owners Contents About This GUIDO adidas ago NES eee Est AS 7 1 Understanding usais a au EE ml u 9 What Is GonSoleOne s a bu rr i a ae Rea we ik Ra wg aes pute alu le al 9 New Features i 02e vd ww Lieu ren Pee A Bale eee SA 9 Version EZD rt De eth Say ae the Bic ate are RE LE a has deel er ante pha ta Gea a 10 VISION 122 ea Pa ae BE ee E ee oe le de ha ee ae ad oe i 10 Version lise reines Due e Pom ay By E a la APS 11 Version 1 05 28 Ga koe wea bo ee A SS BAKE BREA OR er eh bee ES 11 lp ee 11 NDS Rights 3 24 8 dde a a as ee Be ere pe te a ER e dE de ei a 12 Types of Rights Assignments 13 Inherited Rights Filter 4 4 batu dunes autre ee Pe ee eo 14 Detailer 5 gek do ged Bob TE ien ee ess da er
19. MHS is a trademark of Novell Inc RX Net is a trademark of Novell Inc RX Net 2 is a trademark of Novell Inc ScanXpress is a registered trademark of Novell Inc in the United States and other countries Script Director is a registered trademark of Novell Inc in the United States and other countries Sequenced Packet Exchange and SPX are trademarks of Novell Inc Service Response System is a trademark of Novell Inc Serving FTP is a trademark of Novell Inc SFT is a trademark of Novell Inc SFT III is a trademark of Novell Inc SoftSolutions is a registered trademark of SoftSolutions Technology Corporation a wholly owned subsidiary of Novell Inc Software Transformation Inc is a registered trademark of Software Transformation Inc a wholly owned subsidiary of Novell Inc SPX IPX is a trademark of Novell Inc 58 ConsoleOne User Guide StarLink is a registered trademark of Novell Inc in the United States and other countries Storage Management Services and SMS are trademarks of Novell Inc Technical Support Alliance and TSA are collective marks of Novell Inc The Fastest Way to Find the Right Word is a registered trademark of Novell Inc in the United States and other countries The Novell Network Symbol is a trademark of Novell Inc Topology Specific Module and TSM are trademarks of Novell Inc Transaction Tracking System and TTS are trademarks of Novell Inc Universal Component System is a regist
20. MHz or faster processor Q 25 MB free disk space Planning 25 A 800 x 600 screen resolution ConsoleOne versus Other Tools Task Novell is in the process of migrating all management functions into ConsoleOne However currently you must still use legacy tools like NetWare Administrator for some tasks The following table provides guidelines for specific tasks See also the specific limitations listed in Known Limitations on page 47 Tool to Use Explanation Browse an NDS tree Search for NDS objects Create an NDS object Define a user template ConsoleOne or NetWare Administrator ConsoleOne or NetWare Administrator ConsoleOne or NetWare Administrator ConsoleOne or NetWare Administrator 26 ConsoleOne User Guide In most cases either tool works fine However if the tree is running NDS 8 and has containers with thousands of objects browsing itin ConsoleOne is faster and more consistent whereas NetWare Administrator is slower opening large containers and is limited by available RAM On the other hand if the NDS tree doesn t have very large containers NetWare Administrator has the advantages that you can open multiple trees simultaneously customize and navigate views more easily and save your view preferences In most cases either tool works fine However ConsoleOne displays only the first 2 000 objects returned from a search whereas NetWare Administrator displays as many as can fit
21. NDS Manager instead When creating a user template you can t define trustee rights assignments volume space restrictions or an environment setup script like you can in NetWare Administrator You can however apply a template that already has these properties defined You can set an accounting balance for a user but for the accounting system to work you must also set up service charges on one or more NetWare servers To do that you must use NetWare Administrator For details see the NetWare Administrator online help Additional limitations and quirks are described in the following ConsoleOne help topics Troubleshooting 47 Why can t I recover salvage or purge deleted files c1help novell_fs salvpurge html Why can t a newly created user log in c lhelp novell_ndsadmin usercantlogin html Why are my search results incomplete clhelp novell_ndsadmin badsearch html Why can t I jump to an object by typing its name c lhelp novell_ndsadmin typedown html Why can t I select large sets of objects c1help novell_ndsadmin pagedresults html Why can t I apply mass changes to multivalue properties c1help novell_ndsadmin largeapply html Why is the count of objects wrong c lhelp novell_ndsadmin badcount html Why aren t all object types listed clhelp novell_ndsadmin objectnotlisted html Why aren t all property values liste
22. ase of ConsoleOne Here are some points to consider ConsoleOne 1 2 snap ins are compatible with this release of ConsoleOne but ConsoleOne 1 1 snap ins aren t If your product provides only ConsoleOne 1 1 snap ins you might want to install this release of ConsoleOne in a different place than ConsoleOne 1 1 By default ConsoleOne 1 1 is installed on the NetWare server in SYS PUBLIC MGMT CONSOLE1 Novell products typically install ConsoleOne snap ins on the SYS volume of a NetWare server For example NDS 8 installs ConsoleOne 1 2 an LDAP snap in and a remote console snap in in SYS PUBLIC MGMT CONSOLEONE 1 2 Ifyou install this release of ConsoleOne on the SYS volume of a NetWare server it overwrites ConsoleOne 1 2 and disables ConsoleOne 1 1 However existing ConsoleOne 1 2 snap ins are retained If you install this release of ConsoleOne completely locally on a workstation other products might not be able to find the right place to add snap ins to the installation In such a case it is up to you to move any snap ins from other products into the new installation NDS Schema Extensions Designing the schema of your NDS tree can save time and effort in the long run You can view the base schema in ConsoleOne and determine if it meets your needs or if modifications are required The most common type of modification needed is to add attributes to an existing object class such as User You can only add optional attributes
23. d cl1help novell_ndsadmin valuesnotlisted html Why is the property list in English only clhelp novell_ndsadmin englishproperties html Why can t I print a view clhelp novell_consoleone print html Why aren t my view customizations saved clhelp novell_consoleone viewlost html Why are some fields and options disabled c lhelp novell_consoleone disabled html ConsoleOne Malfunctions or Won t Start Possible Cause Solution The Windows workstation or NT Complete the procedure for Starting ConsoleOne on a Windows server you are starting Workstation on page 32 ConsoleOne on doesn t have the required drive mapping or Novell client DLL files 48 ConsoleOne User Guide Possible Cause Solution The NetWare server you are 1 Atthe server console type JAVA VERSION to check the starting ConsoleOne on doesn t Java version h 1 1 701 a Ea SSES 2 If you get an unknown command message load Java by typing JAVA at the server console gt return to Step 1 Otherwise continue with the next step 3 If the version is less than 1 1 7b download and install the latest Novell JVM for NetWare from the Novell Developer Kit web site http developer novell com ndk gt try starting ConsoleOne again Performance Is Sluggish Possible Cause Solution This is often due to a memory problem Make sure the workstation or server where ConsoleOne is At present Java
24. er Guide Trustee Effective Rights Explanation Public Browse object These rights are assigned to Public at the root of the tree and are Read all not blocked or reassigned anywhere in the pertinent branch of the properties tree 3 Adding up the rights of all the trustees we get the following effective rights Browse object Read all properties 4 The Read right implies the Compare right so DJones final effective rights to Acctg_Vol are Browse object Read and Compare all properties NDS Schema The NDS schema defines the classes of NDS objects such as User Printer and Group that can be created in your NDS tree and which information is required or optional at the time the object is created Every type of object in an NDS tree has a class defined for it in the tree s schema The base schema is the schema that ships with NDS Any modifications to the base schema such as adding a new class or attribute are called schema extensions You don t need to extend the schema but you have the ability to do so The Schema Manager tool in ConsoleOne lets you extend the schema as needed to meet your organizational needs For example if your organization requires special footwear for employees and you want to keep track of employee shoe size you can create a new attribute called Shoe Size and add it to the User class Schema Manager Tool Schema Manager is accessed through the Tools menu in ConsoleOne It allows those
25. ered trademark of Novell Inc in the United States and other countries Virtual Loadable Module and VLM are trademarks of Novell Inc Writer s Workbench is a registered trademark of Novell Inc in the United States and other countries Yes It Runs with NetWare logo is a trademark of Novell Inc Yes NetWare Tested and Approved logo is a trademark of Novell Inc ZENworks is a trademark of Novell Inc Novell Trademarks 59 60 ConsoleOne User Guide
26. erver or a Windows workstation Installing ConsoleOne NOTE If you have already installed a product that includes ConsoleOne 1 2b such as NDS 8 you don t need to complete this procedure unless you want to install ConsoleOne completely locally on a workstation and your product doesn t give you that option If your product has already installed ConsoleOne to your satisfaction skip to Starting ConsoleOne on a Windows Workstation on page 32 or Starting ConsoleOne on a NetWare Server on page 33 1 2 Make sure the server or workstation where you will install ConsoleOne meets the System Requirements on page 25 If a previous version of ConsoleOne is running on the workstation or server where you will install ConsoleOne exit that version of ConsoleOne Download the latest release of ConsoleOne from the Novell Free Downloads web site http www novell com download Run the ConsoleOne installer by double clicking the file you just downloaded When the installer prompts you for the location to install ConsoleOne choose a local drive or a drive mapped to a NetWare server Important If you want to retain ConsoleOne snap ins provided by other products as explained in Snap ins from Other Products on page 28 choose a server drive Installing to a server also enables you to run ConsoleOne on any workstation with a drive mapped to the server SettingUp 31 6 When the installation is done restart the works
27. es is trying to access Acctg_Vol in the following tree ACL Public Browse object Inheritable Public Read all prop Inheritable Marketing Write all prop Inheritable Root ACL sa Accounting e Wete all prop n a EAT Djones Write all prop Inheritable a Marketing L 8 DJones ACL DJones zero object Inheritable DJones zero allprop Inheritable Here s how NDS would calculate DJones effective rights 1 DJones is security equivalent to Marketing Root and Public This assumes DJones doesn t belong to any groups or organizational roles and hasn t been explicitly assigned any security equivalences as explained in Security Equivalence on page 14 2 The effective rights of DJones and the objects he is security equivalent to are as follows Trustee Effective Rights Explanation DJones zero object Although DJones is assigned the Write right to all properties at the zero all Accounting container and the assignment is inheritable the properties assignment is replaced by the assignment of zero rights to all properties at Acctg_Vol Marketing zero all Although Marketing is assigned the Write right to all properties at properties the root of the tree and the assignment is inheritable the Write right is blocked by the IRF on the Accounting container Root no rights There are no entries for Root in any of the ACL properties in the pertinent branch of the tree 16 ConsoleOne Us
28. he process used by NDS to calculate a user s effective rights to an NDS object or property For information on that process see Effective Rights in NDS on page 15 To calculate a user s effective rights to a file or folder 1 Check whether the user effectively has the Supervisor right to the NetWare server where the target file or folder resides If so the user effectively has all rights in the file system of that server and you can skip the rest of this process If not continue with the next step 2 Determine which NDS objects the user is security equivalent to For information on how to do this see Security Equivalence on page 14 3 Descend to the next level in the file system along the path to the target file or folder Note that the next level below the NetWare server is the root folder of the volume 4 Check whether the user or any of the objects that the user is security equivalent to is assigned the Supervisor right at the current level If so the user effectively has all rights from this level down in the file system and you can skip the rest of this process If not continue with the next step 5 Do the following for the user and each object that the user is security equivalent to 5a Check whether the user or object is assigned any non Supervisor rights at the current level If so set the effective rights of the user or object to the rights specified in the assignment and then skip to Step 6 If
29. hema schemaSyntax_Class_Name htm Counter C1help novell_schema schemaSyntax_Counter htm Distinguished Name C1help novell_schema schemaSyntax_Distinguished_Name htm Email Address C1help novell_schema schemaSyntax_Email_Address htm Facsimile Telephone Number C Lhelp novell_schema schemaSyntax_Facsimile_Telephone_Numbe htm Hold C lhelp novell_schema schemaSyntax_Hold htm Integer C Lhelp novell_schema schemaSyntax_Integer htm Interval C1help novell_schema schemaSyntax_Interval htm Net Address C1help novell_schema schemaSyntax_Net_Address htm Numeric String C1help novell_schema schemaSyntax_Numeric_String htm Object ACL C1help novell_schema schemaSyntax_Object_ACL htm Octet List C1help novell_schema schemaS yntax_Octet_List htm Octet String C1help novell_schema schemaSyntax_Octet_String htm Path C1help novell_schema schemaS yntax_Path htm Postal Address C1help novell_schema schemaSyntax_Postal_Address htm Printable String C Lhelp novell_schema schemaSyntax_Printable_String htm Understanding 19 Replica Pointer C1help novell_schema schemaSyntax_Replica_Pointer htm Stream C1help novell_schema schemaSyntax_Stream htm Telephone Number C1help novell_schema schemaSyntax_Telephone_Number htm Time C1help novell_schema schemaSyntax_Time htm Timestamp
30. html NetWare Managing 41 Task Summary ConsoleOne Help Topics Granting security equivalence Viewing effective rights Setting file system attributes Users can obtain effective rights both in NDS and in the NetWare file system through security equivalence to other NDS objects such as groups organizational roles and containers Some of these security equivalences are automatic by membership and others are implicit by containment or explicit by assignment For details see the help topics at the right You can query NDS or the NetWare file system for a user s effective rights to any object property file or folder Effective rights include explicit inherited and security equivalence rights For details see the help topics at the right You can set attributes on individual files and folders on NetWare volumes to globally control access to those files and folders Attributes apply the same to all users and take precedence over rights For details see the help topic at the right Managing NetWare File Services To create an administrator over specific properties c1help novell_ndsadmin createadmin html NDS To create a Group object c1help novell_ndsadmin creategroup html NDS To add a user to a group c1help novell_ndsadmin addtogroup html NDS To create an Organizational Role object c1help novell_ndsadmin createrole html NDS To gra
31. inate files or folders You can however place a filter on individual subordinate files and folders to block specific rights from being inherited Such filters apply globally to all trustees holding the specified rights Besides having explicit and inherited rights to a file or folder a user can also have rights to a file or folder through security equivalence to another NDS object For example if a user is a member of an NDS group and that group has been granted certain rights the user effectively has those additional rights through security equivalence For more information see Security Equivalence on page 14 22 ConsoleOne User Guide Effective Rights in NetWare When a user attempts an action on a file or folder on a NetWare volume the NetWare file system calculates that user s effective rights to the file or folder to see if the action is authorized In doing so the system considers the user s explicit rights security equivalences and inherited rights Both ConsoleOne and NetWare Administrator let you query the file system for a user s effective rights to any file or folder so in theory you should never need to calculate effective rights yourself However in practice you need to understand in some detail how this process works so you can effectively administer and troubleshoot rights Following is the process used by the file system to calculate effective rights NOTE This process is similar to but not the same as t
32. istrator Setting file and folder attributes allows you to define special handling for individual files and folders during processes like data compression backup and migration For details see the help topic at the right You can restrict the amount of volume space that individual users can use You can also place limits on the size that individual folders can grow to For details see the help topics at the right None To copy files and or folders cthelp novell_fs copy html To move files and or folders cihelp novell_fs move html To create a file or folder c1help novell_fs create html To rename a file or folder cthelp novell_fs rename html To delete files and or folders c1help novell_fs delete html To set file or folder attributes c1help novell_fs setattrs html To restrict a user s volume space c1help novell_fs restrictvol html To restrict a folder s size cthelp novell_fs restrictfolder html To remove a user s space restriction on a volume c1help novell_fs delvolrestr html To remove a folder s size restriction c1help novell_fs delfolderrestr html Managing 43 Task Summary ConsoleOne Help Topics Viewing and You can view and modify information about To view or change file or folder modifying file individual files and folders such as who the information c1help novell_fs system owner i
33. ks in ConsoleOne We assume that you have already set up and started ConsoleOne as explained in Setting Up on page 31 If you encounter problems performing these tasks see Troubleshooting on page 47 Basic Management Tasks In ConsoleOne the network and its resources are presented as a set of objects that are organized into various containers with My World at the top In general you perform tasks by browsing to an object right clicking it and then choosing an action The available actions depend on the type of object For example the New Object action is available only on containers The following table summarizes the basic management tasks you can perform and lists the ConsoleOne help topics where you can find step by step instructions For information on more specific management tasks see the other sections of this chapter Managing 35 Task Summary ConsoleOne Help Topics Browsing and The available network resources are located in finding network The Network container Inside The Network resources container are the NDS trees that you are logged in to plus the Novell Directory Services container which holds the trees that you aren t logged in to If you click a tree that you aren t logged in to you are prompted to log in Once you are in an NDS tree and its objects are listed in the right pane you can use various features to locate the specific objects you want to manage For details see the help t
34. ll Inc in the United States and other countries EXOS is a trademark of Novell Inc Global MHS is a trademark of Novell Inc Global Network Operations Center and GNOC are service marks of Novell Inc Graphics Environment Manager and GEM are registered trademarks of Novell Inc in the United States and other countries GroupWise is a registered trademark of Novell Inc in the United States and other countries GroupWise XTD is a trademark of Novell Inc Hardware Specific Module is a trademark of Novell Inc Hot Fix is a trademark of Novell Inc InForms is a trademark of Novell Inc Instructional Workbench is a registered trademark of Novell Inc in the United States and other countries Internetwork Packet Exchange and IPX are trademarks of Novell Inc IPX SPX is a trademark of Novell Inc IPXODI is a trademark of Novell Inc IPXWAN is a trademark of Novell Inc 52 ConsoleOne User Guide LAN WorkGroup is a trademark of Novell Inc LAN WorkPlace is a registered trademark of Novell Inc in the United States and other countries LAN WorkShop is a trademark of Novell Inc LANalyzer is a registered trademark of Novell Inc in the United States and other countries LANalyzer Agent is a trademark of Novell Inc Link Support Layer and LSL are trademarks of Novell Inc MacIPX is a registered trademark of Novell Inc in the United States and other countries Manage Wise is a registered trademark of No
35. m is a collective mark of Novell Inc Novell Application Launcher is a trademark of Novell Inc Novell Authorized CNE is a trademark and service mark of Novell Inc Novell Authorized Education Center and NAEC are service marks of Novell Inc Novell Authorized Partner is a service mark of Novell Inc Novell Authorized Reseller is a service mark of Novell Inc Novell Authorized Service Center and NASC are service marks of Novell Inc Novell BorderManager is a trademark of Novell Inc Novell BorderManager FastCache is a trademark of Novell Inc Novell Client is a trademark of Novell Inc Novell Corporate Symbol is a trademark of Novell Inc Novell Customer Connections is a registered trademark of Novell Inc in the United States Novell Directory Services and NDS are registered trademarks of Novell Inc in the United States and other countries Novell Distributed Print Services is a trademark and NDPS is a registered trademark of Novell Inc in the United States and other countries Novell ElectroText is a trademark of Novell Inc Novell Embedded Systems Technology is a registered trademark and NEST is a trademark of Novell Inc in the United States and other countries Novell Gold Authorized Reseller is a service mark of Novell Inc 56 ConsoleOne User Guide Novell Gold Partner is a service mark of Novell Inc Novell Labs is a trademark of Novell Inc Novell N Design is a registered trademark of Novell Inc i
36. me restrictions for remote users note the behavior explained in Login Time Restrictions for Remote Users on page 29 novell_ndsadm in setupresources html To set up login security c1help novell_ndsadm in setuplogin html Managing 39 Task Summary ConsoleOne Help Topics Setting up login You can create login scripts to automate users connectionsto To create a scripts network files printers and other such resources You can login script associate a login script with a user the user s container or a c1help user profile For details see the help topics at the right novell_ndsadm in Note For information on login script commands see Login createscript ht Script Commands and Variables ml To create a Profile object c1help novell_ndsadm in createprofile ht ml To assigna profile to a user c1help novell_ndsadm in assignprofile ht ml Controlling Access to Resources You can control access to two types of resources in ConsoleOne NDS objects and properties Access to these resources is controlled by NDS rights as explained in NDS Rights on page 12 Files and folders on NetWare volumes Access to these resources is controlled by NetWare file system rights and attributes as explained in NetWare Access Control on page 21 The following table summarizes the access control tasks you can perform and lists the ConsoleOne
37. ment can t be made inheritable When run on the server only Access local or remote server consoles manage the local file system except rights including the DOS partition edit server configuration files host Java applets Developer only release NDS Objects The following table summarizes the NDS object management capabilities of ConsoleOne For instructions on using these capabilities to perform specific tasks see Managing on page 35 For basic information about the types of objects in an NDS tree see NDS Concepts and Planning http www novell com documentation lg nw5 usnds basicenu data h0000001 html Capability Description Browsing and finding NDS objects Creating and manipulating NDS objects In ConsoleOne the available NDS trees are listed in The Network container The trees you are logged in to appear at the top of the list All other available trees are listed in the Novell Directory Services subcontainer If you try to browse an NDS tree that you aren t logged in to you are prompted to log in Once inside a tree you can expand and collapse branches of the tree and perform searches to find specific NDS objects You can also customize the right pane to hide one or more NDS object types In ConsoleOne you create and manipulate NDS objects using standard menu options like New Properties Rename Move and Delete Where it makes sense you can select multiple objects to perform an action on For
38. n the United States and other countries Novell NE 2 is a trademark of Novell Inc Novell NE 2 32 is a trademark of Novell Inc Novell NE3200 is a trademark of Novell Inc Novell Network Registry is a service mark of Novell Inc Novell Platinum Partner is a service mark of Novell Inc Novell Press is a trademark of Novell Inc Novell Press Logo teeth logo is a registered trademark of Novell Inc in the United States and other countries Novell Replication Services is a trademark of Novell Inc Novell Research Reports is a trademark of Novell Inc Novell RX Net 2 is a trademark of Novell Inc Novell Service Partner is a trademark of Novell Inc Novell Storage Services is a trademark of Novell Inc Novell Support Connection is a registered trademark of Novell Inc in the United States and other countries Novell Technical Services and NTS are service marks of Novell Inc Novell Technology Institute and NTI are registered service marks of Novell Inc in the United States and other countries Novell Virtual Terminal and NVT are trademarks of Novell Inc Novell Web Server is a trademark of Novell Inc Novell World Wide is a trademark of Novell Inc NSE Online is a service mark of Novell Inc NTR2000 is a trademark of Novell Inc Nutcracker is a registered trademark of Novell Inc in the United States and other countries OnLAN LAP is a registered trademark of Novell Inc in the United States and other
39. n uppercase For example MST means Mountain Standard Time US and Canada EST means Eastern Standard Time US and Canada GST means German Standard Time and so on The fourth character specifies the number of hours offset from GMT and is optional It doesn t matter whether the offset is the number of hours before or after GMT Either way you can use an unsigned number The last three characters specify whether daylight savings is in effect and are optional If used they must be in uppercase For example MDT means Mountain Daylight Time 50 ConsoleOne User Guide Novell Trademarks Access Manager is a registered trademark of Novell Inc in the United States and other countries Advanced NetWare is a trademark of Novell Inc AlarmPro is a registered trademark of Novell Inc in the United States and other countries AppNotes is a registered service mark of Novell Inc in the United States and other countries AppNotes is a registered service mark of Novell Inc in the United States and other countries AppTester is a registered service mark of Novell Inc in the United States and other countries BrainShare is a registered service mark of Novell Inc in the United States and other countries C Worthy is a trademark of Novell Inc C3PO is a trademark of Novell Inc CBASIC is a registered trademark of Novell Inc in the United States and other countries Certified NetWare Administrator in Japanese and CNA J a
40. nt a user security equivalence to an object c1help novell_ndsadmin grantequivalence html NDS To view effective rights to an object or property c1help novell_ndsadmin checkrights html NDS To check effective rights to a file or folder c1help novell_fs checkrights html NetWare To set file or folder attributes c1help novell_fs setattrs html NetWare The following table summarizes the NetWare file system management tasks you can perform and lists the ConsoleOne help topics where you can find step by step instructions For background information and limitations on these capabilities in ConsoleOne see NetWare File Systems on page 20 42 ConsoleOne User Guide Task Summary ConsoleOne Help Topics Browsing file systems Managing files and folders Setting file and folder attributes Controlling allocation of disk space To browse a NetWare file system locate and double click the corresponding volume object in the NDS tree You ll see the files and folders at the root of the volume You can then double click folders to browse further into the file system as needed Once you are in the part of the file system you want to manage you can copy move create rename and delete files and folders as needed For details see the help topics at the right Note You can t recover salvage or purge deleted files in ConsoleOne yet You must still use NetWare Admin
41. ocal Time Zone on page 50 Otherwise skip this step 8 Double click the ConsoleOne icon on the desktop ConsoleOne appears It should look something like this 32 ConsoleOne User Guide KE Novell ConsoleOne OI Xx File Edit View al Help 28 NOVELL_INC DOCD Sy XYZ_TREEAyz_org St NOVELL_INC XYZ_TREE Si ANGST Novell Directory Services E The Network For information on navigating in ConsoleOne and performing management tasks see Managing on page 35 Starting ConsoleOne on a NetWare Server 1 Make sure the latest release of ConsoleOne is installed on the server as explained in Installing ConsoleOne on page 31 2 Do either of the following to start ConsoleOne Type CISTART at the server console Switch to the server GUI gt click the servertop gt ConsoleOne 3 At the login prompt enter your NDS context username and password gt click OK ConsoleOne appears It should look something like this SettingUp 33 EC Novell ConsoleOne uns 28 NOVELL_INC DOCD de XYZ_TREESYZ_0r x NOVELL_INC Pi XYZ_TREE Si ANGST amp Novell Directory Services SS The Network For information on navigating in ConsoleOne and performing management tasks see Managing on page 35 If you encounter problems starting ConsoleOne see Troubleshooting on page 47 34 ConsoleOne User Guide Managing This chapter provides guidance on performing management tas
42. on a Windows workstation replaces ConsoleOne 1 1 on the workstation but not on the server Browse NDS 8 containers with hundreds of thousands of objects gets and displays the objects a page at a time Manage LDAP services available only if NDS 8 is installed Access remote NetWare server consoles from server objects in the NDS tree available only if NDS 8 is installed Search NDS trees by object name type or property value Filter NDS views by object name or type Set any container at the top of the left pane Extend the NDS schema to allow new types of objects and properties including auxiliary classes Create and manage any NDS object type defined in the schema including new types you ve added Modify multiple objects of the same type simultaneously Define templates for creating new user accounts including creation of the home directory Control whether NDS rights assignments are inherited to lower levels in the tree even for specific properties such as Password Management Manage the file system on NetWare volumes including rights attributes and disk space allocation 10 ConsoleOne User Guide Version 1 1 Version 1 0 This release was available with the initial NetWare 5 release Runs on a Windows workstation or a NetWare 5 server Create and manage user group organization and organizational unit objects in NDS Manage NDS rights on any object but rights to specific properties such as Password Manage
43. opics at the right 36 ConsoleOne User Guide To filter objects from the right pane c1help novell_ndsadmin filterview html To jump to an object in the list c1help novell_consoleone find html To goto an object by full name c1help novell_ndsadmin gotoobject html To find an object by type c1help novell_ndsadmin findtype html To find one or more objects by property value c1help novell_ndsadmin findprop html Task Summary ConsoleOne Help Topics Creating and manipulating objects Once you have located the network resources you want to manage you can change their behavior by modifying their object properties You can also delete move and rename objects or create new ones as needed For details see the help topics at the right To create an object c1help novell_consoleone create html To modify an objects properties c1help novell_consoleone modify html To modify multiple objects simultaneously c1help novell_ndsadmin modifymultiple html To rename an object c1help novell_ndsadmin rename html To move one or more objects c1help novell_ndsadmin move html To delete one or more objects c1help novell_ndsadmin delete html Managing 37 Task Summary ConsoleOne Help Topics Organizing Once you are in an NDS tree you can organize it To create a Country object
44. re service marks of Novell Inc Certified NetWare Engineer in Japanese and CNE J are service marks of Novell Inc Certified NetWare Instructor in Japanese and CNI J are service marks of Novell Inc Certified Novell Administrator and CNA are service marks of Novell Inc Certified Novell Engineer is a trademark and CNE is a registered service mark of Novell Inc in the United States and other countries Certified Novell Salesperson is a trademark of Novell Inc Client 32 is a trademark of Novell Inc Novell Trademarks 51 ConnectView is a registered trademark of Novell Inc in the United States and other countries Connectware is a registered trademark of Novell Inc in the United States and other countries Corsair is a registered trademark of Novell Inc in the United States and other countries CP Net is a registered trademark of Novell Inc in the United States and other countries Custom 3rd Party Object and C3PO are trademarks of Novell Inc DeveloperNet is a registered trademark of Novell Inc in the United States and other countries Documenter s Workbench is a registered trademark of Novell Inc in the United States and other countries ElectroText is a trademark of Novell Inc Enterprise Certified Novell Engineer and ECNE are service marks of Novell Inc Envoy is a registered trademark of Novell Inc in the United States and other countries EtherPort is a registered trademark of Nove
45. rk of Novell Inc NetWare RX Net is a trademark of Novell Inc NetWare SFT is a trademark of Novell Inc NetWare SFT III is a trademark of Novell Inc NetWare SNA Gateway is a trademark of Novell Inc NetWare SNA Links is a trademark of Novell Inc NetWare SQL is a trademark of Novell Inc NetWare Storage Management Services and NetWare SMS are trademarks of Novell Inc NetWare Telephony Services is a trademark of Novell Inc NetWare Tools is a trademark of Novell Inc NetWare UAM is a trademark of Novell Inc NetWare WAN Links is a trademark of Novell Inc NetWare TP is a trademark of Novell Inc NovellTrademarks 55 NetWire is a registered service mark of Novell Inc in the United States and other countries Network Navigator is a registered trademark of Novell Inc in the United States Network Navigator AutoPilot is a registered trademark of Novell Inc in the United States and other countries Network Navigator Dispatcher is a registered trademark of Novell Inc in the United States and other countries Network Support Encyclopedia and NSE are trademarks of Novell Inc Network Support Encyclopedia Professional Volume and NSEPro are trademarks of Novell Inc NetWorld is a registered service mark of Novell Inc in the United States and other countries Novell is a service mark and a registered trademark of Novell Inc in the United States and other countries Novell Alliance Partners Progra
46. rkstation is a trademark of Novell Inc NetWare 386 is a trademark of Novell Inc NetWare Access Server is a trademark of Novell Inc NetWare Access Services is a trademark of Novell Inc NetWare Application Manager is a trademark of Novell Inc NetWare Application Notes is a trademark of Novell Inc NetWare Asynchronous Communication Services and NACS are trademarks of Novell Inc NetWare Asynchronous Services Interface and NASI are trademarks of Novell Inc NetWare Aware is a trademark of Novell Inc NetWare Basic MHS is a trademark of Novell Inc NetWare BranchLink Router is a trademark of Novell Inc NetWare Care is a trademark of Novell Inc NetWare Communication Services Manager is a trademark of Novell Inc NetWare Connect is a registered trademark of Novell Inc in the United States NetWare Core Protocol and NCP are trademarks of Novell Inc NetWare Distributed Management Services is a trademark of Novell Inc NetWare Document Management Services is a trademark of Novell Inc NetWare DOS Requester and NDR are trademarks of Novell Inc NetWare Enterprise Router is a trademark of Novell Inc NetWare Express is a registered service mark of Novell Inc in the United States and other countries NetWare Global Messaging and NGM are trademarks of Novell Inc NetWare Global MHS is a trademark of Novell Inc NetWare HostPrint is a registered trademark of Novell Inc in the United States NetWare IPX Ro
47. s and when the file or folder was last viewfileinfo html information modified You can view similar information To view or change volume information c1help novell_fs viewvolinfo html about volumes both traditional and NSS including information about the system features enabled on volumes and current usage statistics For details see the help topics at the right Extending the NDS Schema The following table summarizes the NDS schema management tasks you can perform and lists the ConsoleOne help topics where you can find step by step instructions For background information on these capabilities in ConsoleOne see NDS Schema on page 17 Task Summary ConsoleOne Help Topics Viewing the To view the schema of an NDS tree select the tree None schema or one of its objects gt click Tools gt Schema Manager You ll see a list of all the object classes and attrioutes Double click a class or attribute to see information about it Extending object You can create new attributes and add them as To create an attribute classes optional attributes to existing object classes This is c1help the only modification allowed to existing classes For novell_schema details see the help topics at the right schemaCreate_an_A ttribute htm To add an optional attribute to a class c1help novell_schema schemaAdd_an_Opti onal_Attribute_to_a_ C htm 44 ConsoleOne User Guide Task Summar
48. so listed as properties of individual files and folders Using these property pages you can set rights assignments edit rights filters and view individual users effective calculated rights This enables you to control access to the file system on a user by user basis For more information on file system rights see NetWare Access Control on page 21 In ConsoleOne restrictions on the amount of volume space that individual users can use are listed as properties of volume objects Limits on the size that individual folders can grow to are listed as properties of those folders Using these property pages you can set up and remove such restrictions as needed to manage the allocation of disk space in the file system In ConsoleOne information about individual files and folders such as who the owner is and when the file or folder was last modified is listed as properties of those files and folders Similar information about volumes both traditional and NSS including information about the system features enabled on volumes and current usage statistics is listed as properties of volume objects Using these property pages you can view and modify such information as needed to monitor and control file system activity NetWare Access Control The NetWare file system uses two mechanisms to control users access to files and folders on NetWare volumes Understanding 21 Attributes Rights File System Attributes Attributes are
49. t supplies the initial set of attributes additional attributes if any and containment rules Classes are named like NDS object types User Printer Group yet they are just structure and rules no content Object Attributes If a class is like a form then an attribute is one field on the form When you create an attribute you give it a name such as employee number and a syntax From then on it is available in the attribute list NOTE In other parts of ConsoleOne besides Schema Manager attributes are generally called properties Attribute Syntax An attribute s syntax is the type of data it can contain such as string A Z 0 9 or number 999 to 999 Once an attribute is created you can t change its syntax you have to delete the attribute and recreate it with the correct syntax The syntaxes you can choose from when creating an attribute are listed below A description of each is provided in the Schema Manager online help Back Link C lhelp novell_schema schemaS yntax_Back_Link htm Boolean C1help novell_schema schemaSyntax_Boolean htm 18 ConsoleOne User Guide Case Exact String C1help novell_schema schemaSyntax_Case_Exact_String htm Case Ignore List C1help novell_schema schemaSyntax_Case_Ignore_List htm Case Ignore String C1help novell_schema schemaSyntax_Case_Ignore_String htm Class Name C Lhelp novell_sc
50. tation if the installer prompts you to do so If you encounter problems during installation see Troubleshooting on page 47 Starting ConsoleOne on a Windows Workstation NOTE This procedure applies to starting ConsoleOne for the first time on a Windows workstation or an NT server After the first time you can just double click the ConsoleOne icon on the desktop 1 If the latest release of ConsoleOne is already set up on the workstation skip to Step 7 Otherwise continue with the next step 2 Map a drive with a letter not a UNC path to the server volume where ConsoleOne is installed 3 Run SETUP EXE located on the server volume in PUBLIC MGMT CONSOLEONE 1 2 INSTALL 4 Follow the instructions on the screen to complete the ConsoleOne setup Note The setup program configures the workstation to run ConsoleOne using the server drive mapping but it doesn t install ConsoleOne locally Depending on your Novell client version it may install a couple of newer client DLL files and prompt you to restart the workstation 5 When the setup is done restart the workstation if you are prompted to do so 6 Check that you still have a drive mapped to the server volume where ConsoleOne is installed If not create a permanent drive mapping to the server volume 7 If you want ConsoleOne to use your local time zone rather than GMT Greenwich Mean Time set the TZ environment variable as explained in ConsoleOne Doesn t Use My L
51. this case only Marketing from exercising the Write all properties right on the Accounting container and on the subordinate Acctg_Vol object Note that the IRF doesn t apply to DJones since his Write right is assigned on the current object rather than higher in the tree Note also that the IRF wouldn t apply if a trustee were granted higher in the tree the Write right to a specific property rather than to all properties During installation of NDS the following default rights assignments are made User Admin is granted the Supervisor right at the root of the tree This effectively gives the administrator all rights in the NDS tree and in any NetWare file systems accessible from the tree The Public trustee is granted the Browse right at the root of the NDS tree This enables all objects by security equivalence to Public to browse the tree If you want users to have rights beyond these defaults you must make trustee assignments or grant security equivalences Note that some object creation operations make additional rights assignments by default both in NDS and in the NetWare file system For details see the online help for the utility you are using Security Equivalence Besides having explicit and inherited rights to an NDS object a user can also have rights by security equivalence to another NDS object For example if a user is a member of a group and that group has been granted certain rights the user effectively has
52. those additional rights by security equivalence A user is automatically security equivalent to the groups and organizational roles that he or she belongs to and is implicitly security equivalent to the Public trustee and to each container above the user in the tree including 14 ConsoleOne User Guide Root In addition you can explicitly grant a user security equivalence to any NDS object by adding that object to the user s Security Equals property Effective Rights in NDS When a user attempts an action on an NDS object or property NDS calculates that user s effective rights to the object or property to see if the action is authorized In doing so NDS considers the user s explicit rights inherited rights and security equivalences Both ConsoleOne and NetWare Administrator let you query NDS for a user s effective rights to any object or property so in theory you should never need to calculate effective rights yourself However in practice you need to understand in some detail how this process works so you can effectively administer and troubleshoot NDS rights Following is the process used by NDS to calculate effective rights NOTE This process is similar to but not the same as the process used by the NetWare file system to calculate a user s effective rights to a file or folder on a NetWare volume For information on that process see Effective Rights in NetWare on page 23 To calculate a user s effective rights
53. to existing classes No other modifications are allowed If you need to create an entirely new class of objects select as the inheritance class a class that has as many of the needed attributes as possible and then add any other attributes you need The additional attributes can be added as mandatory naming or optional attributes 28 ConsoleOne User Guide Login Time Restrictions for Remote Users On the Login Time Restrictions property page of user objects in ConsoleOne you can restrict the times when users can be logged in to NDS By default there are no login time restrictions If you set a login time restriction for a user and he or she is logged in when the restricted time arrives the system issues a warning to log out within five minutes If the user is still logged in after five minutes he or she is logged out automatically and loses any unsaved work If a user logs in remotely from a different time zone than the server processing the login request any login time restrictions that have been set for the user are not adjusted for the time difference For example if you restrict a user from logging in Mondays from 1 00 a m to 6 00 a m and the user logs in remotely from a time zone that is one hour later than the server the restriction effectively becomes 2 00 a m to 7 00 a m for that user Planning 29 30 ConsoleOne User Guide Setting Up This chapter explains how to install and start ConsoleOne on a NetWare s
54. to an object or property 1 Determine which objects the user is security equivalent to 2 For the user and each object that the user is security equivalent to determine its effective rights as follows 2a Starting at the root of the tree check whether the user or object is assigned any inheritable rights If so use these rights as the initial effective rights 2b Descend a level in the tree along the branch containing the target object or property 2c Remove any rights that are blocked by inherited rights filters at this level 2d Check whether the user or object is assigned any inheritable rights at this level If so apply the assigned rights by adding any that correspond to types not yet in the effective rights and by replacing any that correspond to types already in the effective rights 2e Check whether the current level is the target object or the object containing the target property If so continue with the next substep If not return to Step 2b 2f Check whether the user or object is assigned any noninheritable rights at this level If so apply the assigned rights by adding any that Understanding 15 correspond to types not yet in the effective rights and by replacing any that correspond to types already in the effective rights 3 Add up the effective rights of the user and the objects that the user is security equivalent to 4 Add any rights that are implied by the other rights For example suppose DJon
55. tor lets you do this only on user objects NetWare Administrator provides custom property pages for more object types than ConsoleOne but ConsoleOne lets you generically edit any property defined in your schema including properties you ve added Not available in ConsoleOne yet Not available in ConsoleOne yet Not available in ConsoleOne yet Not available in ConsoleOne yet In most cases either tool works fine However you must use ConsoleOne to create auxiliary classes and to assign ASN1 identifiers to classes and attributes You must use NDS Manager to generate schema reports In most cases either tool works fine However you must use NetWare Administrator to salvage or purge deleted files Either tool works fine However for the accounting system to actually work you must also set up accounting charges on one or more NetWare servers Not available in ConsoleOne yet Some Novell services have not shipped ConsoleOne snap ins yet For example at the time of this publishing you must use NetWare Administrator to manage DNS DHCP ZENworks GroupWise BorderManager Novell Replication Services Novell Distributed Print Services and NetWare for SAA Planning 27 Snap ins from Other Products If you installed or will install a product that includes ConsoleOne snap ins and you want to retain those snap ins in this release of ConsoleOne make sure those snap ins are installed in the same place as this rele
56. ult meaning they can only be exercised on the current object However you can override these defaults if you are making the rights assignment on a container This lets you grant a trustee the ability for example to manage specific properties in an entire branch of the tree Each rights assignment is stored as a separate entry in the ACL property of the object that the rights assignment controls access to Each ACL entry includes the trustee name the assigned rights the rights type and the inheritability setting The following diagram shows examples of ACL properties for three objects in a tree Root e Accounting aa Marketing L 8 DJones ACL Public Browse object Public Read all prop Marketing Write all prop ACL IRF Wate all prop DJones Write all prop ACL DJones zero object DJones zero all prop Inheritable Inheritable Inheritable Inheritable Inheritable Inheritable Understanding 13 Inherited Rights Filter Default Rights In the above diagram note the ACL for the Accounting container The first entry in the ACL specifies IRF as the trustee name Such an entry represents an inherited rights filter IRF An IRF blocks inheritable rights assigned higher in the tree from being exercised on the current object and its subordinates An IRF applies globally to all trustees holding the type of rights specified in the IRF For example in the above tree the IRF prevents all trustees in
57. uter is a trademark of Novell Inc NetWare LANalyzer Agent is a trademark of Novell Inc NetWare Link Services Protocol and NLSP are trademarks of Novell Inc NetWare Link ATM is a trademark of Novell Inc NetWare Link Frame Relay is a trademark of Novell Inc 54 ConsoleOne User Guide NetWare Link PPP is a trademark of Novell Inc NetWare Link X 25 is a trademark of Novell Inc NetWare Loadable Module and NLM are trademarks of Novell Inc NetWare LU6 2 is trademark of Novell Inc NetWare Management Agent is a trademark of Novell Inc NetWare Management System and NMS are trademarks of Novell Inc NetWare Message Handling Service and NetWare MHS are trademarks of Novell Inc NetWare MHS Mailslots is a registered trademark of Novell Inc in the United States and other countries NetWare Mirrored Server Link and NMSL are trademarks of Novell Inc NetWare Mobile is a trademark of Novell Inc NetWare Mobile IPX is a trademark of Novell Inc NetWare MultiProtocol Router and NetWare MPR are trademarks of Novell Inc NetWare MultiProtocol Router Plus is a trademark of Novell Inc NetWare Name Service is trademark of Novell Inc NetWare Navigator is a trademark of Novell Inc NetWare Peripheral Architecture is a trademark of Novell Inc NetWare Print Server is a trademark of Novell Inc NetWare Ready is a trademark of Novell Inc NetWare Requester is a trademark of Novell Inc NetWare Runtime is a tradema
58. vell Inc in the United States and other countries Media Support Module and MSM are trademarks of Novell Inc Mirrored Server Link and MSL are trademarks of Novell Inc Mobile IPX is a trademark of Novell Inc Multiple Link Interface and MLI are trademarks of Novell Inc Multiple Link Interface Driver and MLID are trademarks of Novell Inc My World is a registered trademark of Novell Inc in the United States and other countries N Design is a registered trademark of Novell Inc in the United States and other countries Natural Language Interface for Help is a trademark of Novell Inc NDS Manager is a trademark of Novell Inc NE 2 is a trademark of Novell Inc NE 2 32 is a trademark of Novell Inc NE 2T is a trademark of Novell Inc NE1000 is a trademark of Novell Inc NE150O0T is a trademark of Novell Inc NE2000 is a trademark of Novell Inc NE2000T is a trademark of Novell Inc NE2100 is a trademark of Novell Inc NE3200 is a trademark of Novell Inc NE32HUB is a trademark of Novell Inc NEST Autoroute is a trademark of Novell Inc NetExplorer is a trademark of Novell Inc NetNotes is a registered trademark of Novell Inc in the United States and other countries NovellTrademarks 53 NetSync is a trademark of Novell Inc NetWare is a registered trademark of Novell Inc in the United States and other countries NetWare 3270 CUT Workstation is a trademark of Novell Inc NetWare 3270 LAN Wo
59. with supervisor rights to a tree normally user Admin to extend the schema of that tree Before selecting it from the Tools menu select the tree or an object within the tree whose schema you want to modify For instructions on using Schema Manager to perform specific tasks see Managing on page 35 The Schema Manager tool in ConsoleOne has some features that aren t available in the Windows based Schema Manager tool in NDS Manager Create auxiliary classes Understanding 17 Object Classes An auxiliary class is an ad hoc set of attributes that another application associates with particular object instances rather than with an object class as a whole For example LDAP applications use auxiliary classes Assign ASN 1 identifiers to classes and attributes ASN 1 identifiers let you uniquely identify each class and attribute in your schema For more information see ASNI ID c1help novell_schema schemaASN 1 htm in the Schema Manager online help WARNING You should assign only registered ASN1 identifiers to classes and attributes Otherwise skip the ASN1 ID field when creating a class or attribute A class is like a template or form for creating an NDS object An NDS object is an actual record in the NDS database built according to the specifications of a particular class When you create an NDS object you select a class and then fill in the required data Each class has a name some flags an inheritance class tha
60. y ConsoleOne Help Topics Creating new object classes Deleting unused object classes and attributes You can create entirely new object classes as needed For details see the help topics at the right You can delete unused object classes and attributes that you previously added For details see the help topics at the right To create a class c1help novell_schema schemaCreate_a_Cl ass htm To delete a class cthelp novell_schema schemaDelete_a_Cla ss htm To delete an attribute c1help novell_schema schemaDelete_an_At tribute htm Managing 45 46 ConsoleOne User Guide Troubleshooting This chapter gives solutions to problems you might encounter when setting up and using ConsoleOne If this information doesn t solve your problem you can either contact technical support or check for a ConsoleOne update that fixes the problem To get free technical support go to the Novell Support web site http support novell com or contact the vendor from whom you purchased the software For direct charged Novell technical support call 1 800 NETWARE To check for ConsoleOne updates go to the ConsoleOne web site http www novell com products ConsoleOne Known Limitations ConsoleOne isn t yet functionally equivalent to NetWare Administrator and NDS Manager The following are known limitations You can t delete NetWare server objects Use
Download Pdf Manuals
Related Search