Net Control Admin Guide

  • December 2019
  • PDF
Download

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA

Overview

Download & View Net Control Admin Guide as PDF for free.

More details

  • Words: 33,295
  • Pages: 142
NetControl



Administrator’s Guide

NC-AG-0708-310

Copyright © 2008 NetPro Computing, Inc. Disclaimer NetPro Computing, Inc. (NetPro) makes no representations or warranties, either expressed or implied, with respect to the adequacy of this documentation or the programs which it describes in regard to fitness for any particular purpose or with respect to its adequacy to produce any particular result. The computer programs and documentation are sold “as is”, and the entire risk as to quality and performance is with the buyer. In no event shall NetPro be liable for special, direct, indirect or consequential damages resulting from any defect in the programs, documentation or software. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, in which case the above limitations and exclusions may not apply to you.

Proprietary Rights NetPro has prepared this document for use by NetPro personnel, agents, licensees and customers. The information contained in this document is the property of NetPro. You may not reproduce, translate, or transmit it in any form or by any means, electronically or mechanically, without prior written permission from NetPro.

Disclaimer of Liability NetPro makes no representation or warranties of any kind, either expressed or implied, with respect to the contents of this manual, including but not limited to typographical errors and technical completeness, NetPro reserves the right to revise this publication and to make changes in its content without obligation to notify any person of such revision or changes.

Trademarks NetPro Computing and NetPro are registered trademarks and NetControl, NetControl for Exchange, AccessManager, AccessReporter for Windows, Business Insight, GPOADmin, LogADmin, ReportADmin for ACS and the NetPro logo are trademarks of NetPro Computing, Inc. Microsoft, Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation. Other product names mentioned in this manual may be trademarked: they are used for identification purposes only.

Document Revision History ES-AG-1007-200

October 2007

Enterprise Server 2.0

ES-AG-1107-250

November 2007

Enterprise Server 2.5

ES-AG-1207-260

December 2007

Enterprise Server 2.6

ES-AG-0408-260-A

April 2008

Enterprise Server 2.6 with Business Insight 3.0

ES-AG-0608-260-B

June 2008

Enterprise Server 2.6

NC-AG-0708-310

July 2008

NetControl 3.1

NetPro Computing, Inc. Corporate Office 4747 N. 22nd Street, Suite 400 Phoenix, Arizona 85016 USA Telephone FAX Email Internet

602 346 3600 602 346 3610 [email protected] http://www.netpro.com Sales

USA and Canada International

800 998 5090 +1 602 346 3630

Worldwide Technical Support USA USA (Toll Free) Germany UK France Australia

1 602 346 3670 1 866 9 NETPRO 0800 180 2577 0 0800 047 0197 0800 917881 1 800 773 850

Email

[email protected]

NetControl

i

Table of Contents Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 What’s in this Guide - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2 How to Get Additional Help - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4

Chapter 2: NetControl Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7 Connecting to the NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8 NetControl Console Components- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8

Chapter 3: Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -15 Considerations for Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - 15 Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16

Chapter 4: Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -21 Agents Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22 Considerations for Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24 Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24

Chapter 5: Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -33 Agent Groups Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34 Creating Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36

Chapter 6: Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -41 Computer Lists Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42 Building Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44

Chapter 7: Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -51 Schedules Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52 Defining Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54

Chapter 8: Collectors - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -57 Collectors Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 58 Defining a Collector - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 59

Chapter 9: Active Directory Management Console - - - - - - - - - - - - - - - - - - -63 Active Directory Management Console Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Creating a Custom View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Establishing a Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Creating Provisioning Rules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

64 67 71 73

Table of Contents

ii

NetControl

Configuring Workflow for an ADMC Action - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 85 Modifying Active Directory When Workflow is Applied- - - - - - - - - - - - - - - - - - - - - - - - - - 87

Chapter 10: Workflow - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 89 Workflow Editor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 90 Workflow Pane- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 101 Managing Workflow Requests - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 104 Reviewing and/or Approving Workflow Requests- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 106 Using Microsoft Outlook to View Workflow Items- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 107

Chapter 11: Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 109 Reports Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 110 Generating NetControl Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 111

Appendix A: NetPro Applications Using NetControl Components - - - - - - 121 Appendix B: Email Setup - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123 Configuration Page - NetControl Email Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124 Setting up Email- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Appendix C: Active Directory Users and Computers (ADUC) Extension - 127 Usage Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Using the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Removing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Re-installing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

127 128 128 128

Appendix D: NetControl Troubleshooting - - - - - - - - - - - - - - - - - - - - - - - - 129 NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129 ADMC Functionality - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 131

Table of Contents

NetControl

1

Chapter 1: Introduction NetControl (formerly known as Enterprise Server) provides a centralized interface to configure and manage individual services and provides licensed NetPro applications access to shared services and data. In addition, NetControl’s Active Directory Management Console (ADMC), extends Microsoft’s Active Directory Users and Computers (ADUC) interface to optimize Active Directory management. With ADMC, you can enforce approval processes for tighter security, while providing compliance for regulations. You can also add business logic to automate common Active Directory tasks, giving you greater control and scalability. This document describes the base NetControl console (including ADMC), its components and the shared services that are available. Please refer to the documentation of each individual application for information on the component’s that are made available through the console once the application is deployed (e.g, workflow, collectors, etc.). This chapter provides the following information: •

System Overview



What’s in this Guide



How to Get Additional Help

System Overview The NetControl platform consists of three main components: • NetControl Console • NetControl Service • NetControl Agent The NetControl Console provides the user interface to all functionality of the NetControl Service, the ADMC and licensed NetPro applications that build upon the NetControl platform. Through the console, you can interact with and retrieve information from each deployed application. The NetControl Service is one of the core components of the application. Your ability to gain access to application data or configure the application depends on the communication between the console and the NetControl Service. Since the service is your 'gateway' into the application, the security model of the application is housed here.

Introduction

2

NetControl

As it relates to the application, NetControl Agents do all of the workload processing. They communicate directly with the SQL Database on a configured interval to receive a list of actions that need to be executed upon. Each NetPro application that builds upon the NetControl platform will define the work that needs to be processed on a scheduled basis.

What’s in this Guide This manual assumes you have a working knowledge of Active Directory and consists of the following chapters: Introduction This chapter introduces NetControl and provides a system overview of the NetControl platform. It also describes the contents of this manual and information on obtaining additional assistance from NetPro. NetControl Client Overview Chapter 2 introduces the base NetControl console and includes a description of the menu commands, tool bar buttons, navigation pane, explorer view and object list. Application Security Chapter 3 explains how to implement application security to build a secure deployment. Agents Chapter 4 provides a brief description about agents, describes the Agents pane and the New Agent dialog, and provides instructions on how to deploy an agent. Agent Groups Chapter 5 provides a brief description about agent groups, describes the Agent Groups pane and the New Agent Groups dialog, and provides instructions on how to set up an agent group.

Introduction

NetControl

3

Computer Lists Chapter 6 provides a brief description about computer lists, describes the Computer List pane and the New Computer List dialog, and provides instructions on how to build a computer list. Schedules Chapter 7 provides a brief description about schedules, describes the Schedules pane and the New Schedule dialog, and provides instructions on how to set up a schedule. Collectors Chapter 8 provides a brief description of collectors and the NetControl components that are part of setting up a collector. Please note that the Collector button is available in the navigation pane when NetControl is installed. However, there must be a NetPro application deployed that uses the collectors before data collections can be configured/viewed. Active Directory Management Console Chapter 9 describes the Active Directory Management Console (ADMC), which is part of the base NetControl platform. It describes the ADMC pane and provides instruction on how to perform the various tasks that can be performed from this pane to administer directory information. Workflow Chapter 10 explains how to use the Workflow Editor to set up actions for the workflow queue where a review and approval is required before the action can be committed and deployed in your environment. It also explains the workflow process and how to review/ approve requests using the Workflow pane or Microsoft Outlook. Reports Chapter 11 provides information on the Reports pane and the NetControl reports. It also explains how to run a report using the NetControl console. Appendix A: NetPro Applications Using NetControl Components This appendix provides a table that shows the NetPro applications that can be deployed and the base NetControl components that they use. Appendix B: Email Setup This appendix describes the NetControl Configuration pane where you can set up the email account and SMTP server to be used for email notifications. Appendix C: Active Directory Users and Computers (ADUC) Extension This appendix provides additional information regarding the ADUC extension that is activated when NetControl is installed. Appendix, D: NetControl Troubleshooting This appendix covers some of the known issues with NetControl and provides troubleshooting tips for resolving these issues if they are encountered. Index The Index provides an alphabetical subject listing for the contents of this manual.

Introduction

4

NetControl

How to Get Additional Help NetPro offers a variety of ways to get additional help: • My.netpro.com enables you to perform many tasks that you may have once conducted with the help of a NetPro representative. • 24x7 Technical Support is available through an annual Software Maintenance Contract. • NetPro Professional Services offers a range of professional services to help you through every stage of your technology lifecycle. For more information on using NetControl’s Active Directory Management Console (ADMC), please visit http://www.turbochargedad.com.

My.netpro.com NetPro’s customer portal site enables you to perform many tasks that you may have once conducted with the help of a NetPro representative. Now, you can do them all on the customer section of our website -- https://www.netpro.com. My.netpro.com was designed to provide you with the best possible service and deliver it conveniently and quickly -- when you need it. Here’s what you can do on my.netpro.com: • submit and update support incidents • view your product purchases • view your maintenance purchases • subscribe and/or unsubscribe from NetPro’s news list(s) • request product information and literature • request product evaluation software • search our technical support knowledge base • sign up to participate in the NetPro Beta Program https://my.netpro.com is a completely secure site and you will need login credentials to access the area each time you visit. On your first visit, you will create the credentials to be used every time you return to the site.

Introduction

NetControl

5

24x7 Live Technical Support NetPro offers industry-leading technical support every business day throughout North America and Europe. NetPro’s qualified support technicians can be reached at the addresses and numbers listed below: NetPro 4747 N. 22nd Street, Suite 400 Phoenix, Arizona (USA) 85016 U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO Germany: 0800 180 2577 UK: 0 0800 047 0197 France: 0800 917881 Australia: 1 800 773 850 FAX: 1 602 346 3610 Email: [email protected]

Professional Services NetPro service professionals leverage proven methodologies, industry best practices, and more than 30 years of combined Microsoft management experience to help organizations reach their business-critical goals. To help you get the most from our solutions, NetPro Professional Services offers help with: • Deployment: Choose QuickDeploy for a rapid return on investment or CustomDeploy for end-to-end phased delivery of NetPro solutions based on your specific business needs. • Reporting & Analysis: If you’re looking for specific executive, operational, or compliance reports, we’ll deliver business intelligence tailored to your organizational needs. • Optimization: Make sure you’re getting maximum value from NetPro solutions with help for everything from optimizing your current solution to product training. To learn more about NetPro Professional Services, please contact your NetPro sales representative or [email protected].

Introduction

NetControl

7

Chapter 2: NetControl Overview NetControl provides a centralized interface for managing Active Directory and provides shared resources to other NetPro applications. The resources available through the NetControl Console include: • Application Security provides component level security for all application components. • Configuration provides options for setting up email and configuring certain NetPro applications. • Agents perform the work defined by licensed NetPro applications that build upon the NetControl platform. • Agent Groups are logical or physical groupings of agents used for distributing workload processing. • Computer Lists are a way to group physical computer resources based on explicit or dynamically generated content. • Schedules are reusable components that define when tasks are to be performed. • Collectors define what data is to be collected from various resources. The collectors available are based on the licensed NetPro applications that build upon the NetControl platform. • Active Directory Management Console (ADMC) extends Microsoft’s Active Directory Users and Computers (ADUC) interface to optimize Active Directory management. • Rules can be defined using the ADMC to add business logic to automate common Active Directory tasks. • Workflow allows you to set certain actions that must adhere to a review and approval workflow process. Workflow is available for actions performed in the ADMC as well as some of other licensed NetPro applications that build upon the NetControl platform. • Reports provide a central location for defining the content and generating reports about the NetControl components and some of the deployed NetPro application. This chapter describes the layout of the base NetControl Console and how to access the shared resources, including the following information: •

Connecting to the NetControl Console



NetControl Console Components

NetControl Overview

8

NetControl

Please refer to the documentation for each individual application for information on the additional components that are deployed with each application. To determine the shared components that each licensed NetPro application uses, see Appendix A: NetPro Applications Using NetControl Components on page 121.

Connecting to the NetControl Console From the computer where the NetControl console is installed: 1. Select Start | All Programs | NetPro | NetControl | Console. 2. On the NetPro NetControl Connection dialog box, use the drop-down arrow to select the NetControl server to be used (or from the keyboard, select the down arrow twice).

3. Optionally, select the Remember connection check box to use this server the next time you run NetControl. If selected, the connection dialog is only displayed if the specified NetControl server is not available. NOTE: To disable the Remember Connection setting, use the Help | About menu command to display the About NetPro NetControl dialog and deselect the Remember Connection check box on this dialog. 4. Click the Connect button to connect to the NetControl server.

NetControl Console Components The NetControl console provides the user interface for accessing the shared resources, ADMC and licensed applications that build upon the NetControl platform. The console consists of the following main components, which are pointed out in the illustration below: • Menu Bar – displays the menus for accessing commands. • Tool Bar – provides quick access to commonly used commands. • Explorer View – displays a hierarchy of resource containers (folders) used to organize the resources that can be created and managed. This view is populated based on the button selected in the navigation pane. • Navigation Pane – provides access to the base NetControl resources, ADMC and licensed NetPro applications that use the NetControl platform. The following are the components installed when NetControl is first installed: •

Configuration – provides options for setting up email and configuring certain NetPro applications.



Resources – provides a central location for deploying agents, creating and maintaining agent groups, computer lists and schedules.

NetControl Overview

NetControl

9



Collectors – provides a central location for defining data collections. The resource containers in this pane are based on the licensed NetPro applications that use data collection. For more information, refer to the individual product documentation.



Active Directory - provides access to the ADMC which extends Microsoft’s Active Directory Users and Computers (ADUC) interface to optimize Active Directory management.



Workflow – provides a list of workflow items in the workflow queue if there are actions configured to use workflow. Actions performed using the ADMC and some of the other licensed NetPro applications use the workflow feature.



Reports – provides a central location for defining and generating reports for the NetControl components. There may also be reports for the other deployed NetPro applications.

• Information Panes – the contents of the right-hand pane depends on the button selected in the navigation pane and the node/container selected in the explorer view. This pane may display the objects available in the selected node/container and supporting details or options for configuring the selected component.

NetControl Overview

10

NetControl

Menu Bar The NetControl console menus follow the same convention as standard Windows menus. That is, commands are grouped under a menu on the menu bar. Some of these commands perform an action immediately; others display an additional dialog or launch a wizard where you select various options or specify additional information. The following sections describe the default commands that are available when you install NetControl. As you deploy NetPro applications, there may be additional commands displayed. Refer to the documentation for each individual application for more information about commands specific to each application.

Action Menu Exit Use the Exit command to close the NetControl console.

Go Menu Configuration Use the Configuration command to open the Configuration pane to set up email and configure each of the deployed NetPro applications. Resources Use the Resources command to open the Resources pane to deploy agents and create, modify or view agent groups, computer lists and schedules. Collectors Use the Collectors command to open the Collectors pane to define the data to be collected. The resource containers available are based on the NetPro applications that use data collection. Active Directory Use the Active Directory command to open the ADMC to administer directory information. Workflow Use the Workflow command to open the Workflow pane to review/track the items in the workflow queue. Reports Use the Reports command to open the Reports pane to define the content and generate reports.

View Menu Refresh (F5) Use the Refresh command to redisplay the contents on the window.

NetControl Overview

NetControl

11

Help Menu Contents Use the Contents command to display the Contents pane and initial page of the NetControl online help. Search Use the Search command to display the Search pane and initial page of the NetControl online help. Index Use the Index command to display the Index pane and initial page of the NetControl online help. About Use the About command to display general release information about the NetControl Service, NetControl Console and licensed NetPro products.

Tool Bar The tool bar buttons provide quick access to commonly used commands.

Use the Refresh button to redisplay the contents on the window.

Use the Help button to display the online help for the application.

Use the New button to create a new object (e.g., agent group, computer list, schedule) or a new folder for organizing objects. The icon changes depending on the resource container selected in the explorer view.

Use the Permissions button to define the delegated permissions for the resource container selected in the explorer view or the object selected in the object list. Selecting this button will display the Permissions dialog showing the delegated permissions for the selected application component. Depending on the object selected and the NetPro application deployed, a Workflow button may also be displayed on the Permissions dialog which allows you to set up workflow for the selected item.

Use the Delete button to remove the object selected in the object list.

Use the Properties button to display the properties for the object selected in the object list. From this dialog, you can modify the properties previously defined for the selected object.

NetControl Overview

12

NetControl

Use the Start Agent button to start the agent selected in the Agents page. This button is only available on the Agents page of the Resources pane.

Use the Stop Agent button to stop the agent selected in the Agents page. This button is only available on the Agents page of the Resources pane.

Use the Restart Agent button to stop and start the selected agent. This button is only available on the Agents page of the Resources pane.

Explorer View The explorer view is located in the left pane and is populated based on the button selected in the navigation pane. From this pane, you can create objects and organize these objects in resource containers. By right-clicking a folder in the explorer view, you can perform the following tasks: New | Use the New | command to create a new object (e.g., computer list, agent group, schedule). Selecting this command will display the appropriate dialog allowing you to define the new object. The types available depend on the NetPro application(s) deployed to use the NetControl console. Not available on the Reports pane. New | Folder Use the New | Folder command to create a new folder in the explorer view to organize the objects being created. Selecting this command will add a new folder under the currently selected container in the explorer view. Not available on the Reports pane. Run From the Reports pane, use the Run command to define a new report. Selecting this command will display the appropriate report dialog allowing you to define the contents of the report, specify the output options, specify the data source and schedule execution of the report. This command is only available on the Reports pane. Delete Use the Delete command to remove a user-defined container from the explorer view and any child folders and objects created in the selected container. This command is only available for user-defined containers. Not available on the Reports pane. NOTE: You can NOT delete the default parent containers initially displayed when the product is installed. If you select one of these parent containers and select the Delete command, all of the folders or objects that have been added to the selected parent container will be deleted.

NetControl Overview

NetControl

13

Rename Use the Rename command to change the name of the selected user-defined container. This command is only available for user-defined containers. Not available on the Reports pane. Permissions Use the Permissions command to display the delegated permissions for the selected container. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Depending on the object selected and the NetPro application deployed, a Workflow button may also be displayed on the Permissions dialog which allows you to set up workflow for the selected item. See Chapter 8: Workflow on page 53. Refresh Use the Refresh command to retrieve and display the latest information.

Navigation Pane The navigation pane is located in the lower left pane of the console and contains buttons that allow you to access the base NetControl components. As you deploy and license NetPro applications, additional buttons may be displayed. Selecting a button in this pane will populate the resource containers in the explorer view used to organize the objects being created and managed through the NetControl console.

Selecting the arrows at the bottom of the navigation pane displays the following commands allowing you to control the buttons displayed in the navigation pane: Show More Buttons Use the Show More Buttons command to display buttons that have been previously removed from the bottom of the navigation pane using the Show Fewer Buttons command.

NetControl Overview

14

NetControl

Show Fewer Buttons Use the Show Fewer Buttons command to remove the bottom-most button from the navigation pane. Navigation Pane Options Use the Navigation Pane Options command to display the Navigation Pane Options dialog where you can select (check) the buttons to be displayed and change the order of the buttons displayed on the navigation pane. Add or Remove Buttons Use the Add or Remove Buttons command to select the buttons to be hidden/displayed in the navigation pane. You can also resize the navigation pane to hide the bottom-most button(s). To resize this pane, place your cursor at the top of the pane until your cursor is replaced with a double arrow. Hold down the right mouse button and drag the arrow down the screen. As buttons are hidden from the screen they are replaced with an icon which can be selected to open the corresponding NetControl page.

Information Panes The contents of the information panes, located in the right-hand pane depend on the button selected in the navigation pane and the node/container selected in the explorer view. This pane may display the objects available in the selected node/container and supporting details or options for configuring the selected component. The first time the console is launched, the NetControl Email pane will be displayed allowing you to configure the NetControl email settings. However, each subsequent time the console is launched, the pane last displayed when the console was closed will be displayed. Please refer to the individual chapters in this guide for a description of the information panes available and the tasks that can be performed from each.

NetControl Overview

NetConrol

15

Chapter 3: Application Security Delegation of administration allows you to transfer the responsibility for administrative tasks to a lower-level administrator. Application security provides component level security for all application components. By default, users in the Domain Admins group are granted Full Control to NetControl, while users in the Everyone group are granted Read All Properties. These default permissions ensure that only privileged users have the rights to invoke change in NetControl. This chapter provides the following information for building a secure NetControl deployment: •

Considerations for Implementing Application Security



Implementing Application Security

Considerations for Implementing Application Security While every task can be delegated at a granular level, consider the following before changing any security settings: • The internal workings of NetControl’s security model work the same as Active Directory and NTFS security. • Subcontainers can be created in all nodes. These containers serve a dual purpose. Primarily, containers are used to organize content, but they can also be used as a boundary or scope of management for a delegated user. For example, allowing user Domain\Sally to create Security Templates in a single container.

Application Security

16

NetConrol

Implementing Application Security To implement application security: 1. Select a resource container from the explorer view (for example, Agents or Computer Lists) or an object from the object list. 2. Select the Permissions command from the tool bar ( ) or the right-click menu. This will display the Permissions dialog for the selected application component. 3. By default, all application components have the following permissions defined: • Allow | Everyone | Read All Properties | This object and all child objects • Allow | Domain Admins | Full Control | This object and all child objects 4. To add additional permissions select the Add button, which will display the New Permission Entry dialog. 5. On the New Permission Entry dialog, select the permissions to be allowed and/or denied to secure the selected application component. • Account – use the browse button to locate and select a user or group account to be delegated these permissions. • Apply to – select the appropriate option to specify what object types are going to receive the selected permissions (for example, this object only, this object and child objects, or child objects only). • Permissions – select the Allow or Deny check boxes for the permissions to be delegated. • Apply these permissions to immediate objects and/or containers only – optionally select this check box to define the level of effectiveness the selected rights will assume. • Expires on – optionally select this check box and select the date these permissions are to expire. 6. After adding the new permissions entry, use the OK button to save your settings. The new permission will be displayed on the Permissions dialog.

Application Security

NetConrol

17

Permissions Dialog The Permissions dialog is displayed when the Permissions tool bar button or right-click menu command is selected for an application component. Use this dialog to view and/or modify the permissions to be delegated to the selected application component. By default, users in the Domain Admins group are granted Full Control to NetControl, while users in the Everyone group are granted Read All Properties. The default permissions are displayed in the Permissions dialog.

Permissions list box This list box displays the permissions to be applied to the selected application component. It includes the following information for each permission: Type This column displays the type of permission being delegated: Allow or Deny Account This column displays the name of the user or group account to be delegated each permission listed. Permission This column displays the name of the permission being delegated. Apply To This column displays the objects to which each permission applies: this object only, this object and child objects or child objects only. Inherited From For child objects, this column displays the parent object from which the permissions where inherited. Expires On If applicable, this column displays the date when the permissions will expire.

Application Security

18

NetConrol

Add Use the Add button to add permissions to the list box. Selecting this button will display the New Permission Entry dialog allowing you to select the permission(s) to be included. This dialog also allows you to specify the user or group account, the object types that are to receive the permission(s), the level of effectiveness the rights will assume, and if applicable an expiration date. Remove After permissions have been added and are displayed in the Permissions list box, use the Remove button to remove a permission entry from the list box. Select the permission entry to be removed and select the Remove button.

New Permission Entry Dialog The New Permissions Entry dialog is displayed when the Add button is selected on the Permissions dialog when assigning application security. From this dialog, specify the access permissions to be applied to the selected component (for example, deny access for deploying agents).

Account Use the browse button to specify a user or group account to be granted or denied access permissions to the selected application component. Selecting the browse button will display the native Select User or Group dialog allowing you to locate and select a user or group account.

Application Security

NetConrol

19

Apply to This drop-down text box allows you to specify the object types that are to be granted the selected permissions. By default, the permissions selected will be applied to this object and all child objects; however, you can use the drop-down menu to change this setting. Valid entries are: •

This object only



This object and all child objects (default)



Child objects only

Permissions list box This list box displays the permissions that can be granted or denied. From this list box, select the appropriate access permissions: •

Full Control



Read All Properties



Write All Properties



Modify Permissions



Delete



Delete Subtree



Create All Child Objects



Delete All Child Objects



Create Folders



Delete Folders



Create (for example, Schedule, Agent Group)



Delete (for example, Computer List, Agent Group)

Clear Use the Clear button to clear any check marks from the Permissions list box. Apply these permissions to immediate objects and/or containers only Select this check box to apply the permissions to the selected object and/or container only. That is, if this option is checked, the permissions will not apply to any subordinate objects or containers. Expires on To create a temporary (expiring) permission assignment, select this check box and use the arrow to view a calendar grid to select the date when these permissions are to expire.

Application Security

NetControl

21

Chapter 4: Agents Using the Resources pane in the NetControl console, you can deploy and maintain agents. NetControl agents distribute the workload processing as defined by each individual NetPro application. Agents communicate directly with the SQL Server database on a configured interval to receive a list of actions that need to be executed upon. Refer to the documentation for each deployed NetPro application to determine if it uses NetControl agents. This chapter provides the following information and procedures: •

Agents Pane



Considerations for Deploying Agents



Deploying Agents

Agents

22

NetControl

Agents Pane The Agents pane is displayed when Agents is selected in the explorer view of the Resources pane. From this pane you can deploy agents and view the status of deployed agents.

Explorer View The explorer view displays a hierarchy of folders created to organize your agents. Agents List The agents list displays a list of deployed agents for the container selected in the explorer view. The following information is displayed for each agent: •

Server – the name of the server where an agent was deployed



Comment – the comment or descriptive text entered when the agent was deployed



Status – the current status of the agent (for example, Offline, Copying File, Installing, Updating, Running)



Version - the current version of each agent deployed

Right-click an object in the agents list to perform tasks related to the selected object. Move to Use the Move to command to move the selected agent to a different folder in the explorer view. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the agent is to be moved.

Agents

NetControl

23

Delete Use the Delete command to remove the selected agent from the agents list. Permissions Use the Permissions command to display the delegated permissions for the selected agent. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to display the properties set for the selected agent. Selecting this command will display the Properties dialog allowing you to view or modify the security permissions assigned to the selected agent. Details View The details view displays information regarding the jobs (for example, data collection, report) that are assigned to the agent selected in the object list. The following information is displayed: •

Name – the name assigned to the job when it was created



Comment – the comment or descriptive text entered when the job was defined



Type – the type of job run on the selected agent



Run Date – the date the associated job ran



Elapsed Time – the amount of time it took to run the associated job



Status – the current status of the job

Right-clicking in the agents list pane (not an object in the list) or details view pane will display the following commands allowing you to change the content displayed in the agents list/details view pane: New | Agent Use the New | Agent command to deploy a new agent. View Expand the View command and select one of the following options to change how the objects in the agents list are displayed: •

Tiles



Icons



List



Details (default)

Arrange By Expand the Arrange By command and select the appropriate option to change the sort order for the displayed objects. The sort options available are based on the container selected in the explorer view. More specifically, the options will match the column headings in the agents list.

Agents

24

NetControl

Arrange By | Show in Groups Use the Arrange By | Show in Groups command to group the objects in the list based on the sort method selected. A check mark in front of this command will display the objects in groups with corresponding headings. Refresh Use the Refresh command to retrieve and display the latest information.

Considerations for Deploying Agents Prior to deploying agents, carefully consider the following items: • Agent(s) will be running with elevated privileges, so ensure you have followed Microsoft’s Best Practices for Securing Service Accounts. • Consider grouping agents based on geographical location and the security required to access the managed content: •

Deploying agents close to the objects being managed will help reduce the amount of WAN traffic.



If you have highly sensitive data that will be managed or are required to operate under the principals of least privilege, then grouping resources by security level is paramount.

• Review the default application security and start granting access as required to interested parties (See Chapter 3: Application Security on page 15 for information on building a secure deployment). For example: •

Restrict who can modify agent groups



Restrict who can deploy agents

Deploying Agents Prior to deploying agents, please review ‘Considerations for Deploying Agents’ on page 24. To deploy agents: 1. Select Resources from the navigation pane. 2. Select Agents from the explorer view. 3. Select the New | Agent tool bar button or right-click menu command. This will display the New Agent Deployment dialog allowing you to specify the computers where an agent is to be deployed. 4. On the Servers page of this dialog, use the appropriate Add option to deploy an agent to an individual computer or to all computers in a computer list. • Use the Add | Computer option to deploy an agent to an individual computer. Selecting this option will display the native Select Computers dialog allowing you to specify the computer to be included. • Use the Add | Computer List option to deploy an agent to all the computers in a given computer list. Selecting this button will display the Select a Computer List dialog allowing you to select the computer list to be used.

Agents

NetControl

25

5. On the Servers page, also enter a descriptive comment and the logon credentials for the account the agent is to run as. 6. Open the Agent Groups page to add the agent(s) to an agent group. On this page, select the Add button to display the Select an Agent Group dialog where you can select or create an agent group to which the agent is to be assigned. 7. After specifying where agents are to be deployed, select the OK button to close the dialog and start the deployment process. The status of the deployed agents will be displayed in the Agents object list.

New Agent Deployment Dialog The New Agent Deployment dialog is displayed when the New | Agent tool bar button or rightclick menu command is selected from the Agents pane. From this dialog, you can specify the computers to which agents are to be deployed. You can deploy agents to an individual computer or all computers in a computer list. You can also assign these agents to agent groups as part of the deployment process. This dialog consists of two tabbed pages: • Servers – use the Servers page to specify the server to which agents are to be deployed and the user account the agent is to run as. • Agent Groups – use the Agent Groups page to assign the deployed agents to one or more agent groups.

Servers Page From the Servers page, specify the server(s) to which an agent is to be deployed. The information entered on this page will be displayed in the Agents object list when Agents is selected in the explorer view.

Agents

26

NetControl

Servers list box The servers list box displays the servers or computer lists to which a NetControl Agent Service is to be deployed. In addition to the server's/computer list's name, this list box also displays the type: Computer or Computer List. Use the appropriate Add option to add a computer or computer list to the list box. Add | Computer Use the Add | Computer option to add an individual server to the servers list box. Selecting this option will display the native Select Computers dialog allowing you to specify the computer to which an agent is to be deployed. Add | Computer List Use the Add | Computer List option to add a computer list to the servers list box. Selecting this option will display the Select a Computer List dialog allowing you to select a previously defined computer list or create a new computer list. When a computer list is selected, an agent will be deployed to all servers in the computer list. Remove Use the Remove button to remove the selected computer or computer list from the list box. If an agent has already been deployed, this command will also remove the agent from the selected machine(s). Select the computer or computer list to be removed and select the Remove button. NOTE: If an agent is removed before it completes any assigned jobs, the agent coordinator will reassign these unfinished jobs to another agent in the agent group. Comment Optionally, enter a description or comment regarding the agent(s) being deployed. Log on As: Account Enter or use the browse button to specify the user account that the agent is to run as. Selecting the browse button will display the native Select User dialog allowing you to locate and select the user account to be used. NOTE: This account must have access to the database and the rights to perform whatever tasks the agent is going to be asked to do. For example, if the agent is to delegate Active Directory permissions, this account must have the rights to modify permissions over the appropriate Active Directory objects. Log on As: Password Enter the password associated with the specified user account.

Agents

NetControl

27

Agent Groups Page Use the Agent Groups page to add the newly deployed agent(s) to one or more agent groups. Group agents to provide load balancing and fault tolerant processing centers. Distributing all tasks across the processing group, ensures tasks are processed as quickly as possible. Additionally, the processing group creates fault tolerance, so if an agent becomes unavailable, all unfinished work is redistributed across the processing center.

Agent Group list box The agent group list box displays the agent group(s) to which the agent(s) being deployed are to be assigned. Use the Add and Remove buttons to add/remove agent groups to/from this list. Add Use the Add button to add agent groups to the list box. Selecting this button will display the Select an Agent Group dialog allowing you to select one or more agent groups from a list of previously defined agent groups or to create a new agent group. Remove After agent groups have been added and are displayed in the agent group list box, use the Remove button to remove an agent group from the list box. If an agent is already assigned to an agent group in the list, this command will also remove that agent from the selected agent group. Select the agent group to be removed and select the Remove button.

Agents

28

NetControl

Select a Computer List Dialog The Select a Computer List dialog is displayed when the Add | Computer List option is selected on the Servers page of the New Agent Deployment dialog. From this dialog, select the computer list(s) to which NetControl Agents are to be deployed. That is, an agent will be deployed to all the servers included in the computer list. This dialog is also displayed when the Add | Computer List option is selected on the Computers page of the New Collector dialog. When accessed from this dialog, select the computer list(s) from which data is to be collected.

Explorer View The explorer view, in the left pane, displays a hierarchy of the folders created to organize computer lists. Click the node next to a container or double-click a container to expand the folder structure to locate the computer list(s) to be used. Select a container to view the computer lists created in the selected container. Right-click the Computer List folder (or other user-defined folder) in the explorer view to display the following commands: New | Computer List Use the New | Computer List command to create a new computer list. Selecting this command will display the New Computer List dialog allowing you to define a new computer list. New | Folder Use the New | Folder command to create a new folder for organizing your computer lists. Selecting this command will add a new folder under the currently selected container in the explorer view. Delete Use the Delete command to remove a user-defined container from the explorer view and any child containers or objects created in the selected container. This command is only available for user-defined containers.

Agents

NetControl

29

Rename Use the Rename command to change the name of the selected container. This command is only available for user-defined containers. Permissions Use the Permissions command to display the delegated permissions for the selected container. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Refresh Use the Refresh command to retrieve and display the latest information on the dialog.

Object List The object list, in the right pane, is populated based on the folder selected in the explorer view. From this list box, select the computer list(s) to which an agent is to be deployed. Right-click a computer list in the object list to display the following commands: Delete Use the Delete command to remove the computer list from the object list. Properties Use the Properties command to display the properties set for the selected computer list. Selecting this command will display the Properties dialog allowing you to view or modify the computers included in the selected computer list. NOTE: This dialog contains the same tabbed pages as the New Computer List dialog. See ‘Computer Lists Pane’ on page 40 for a description of this dialog.

Select an Agent Group Dialog The Select an Agent Group dialog is displayed when the Add button is selected on the Agent Groups page of the New Agent Deployment dialog. From this dialog, select the agent group(s) to which the deployed agents are to be added.

Agents

30

NetControl

Explorer View The explorer view, in the left pane, displays a hierarchy of the folders created to organize agent groups. Click the node for a container or double-click a container to expand the folder structure to locate the agent group(s) to be included. Select a container to display the agent groups created in the selected container. Right-click the Agent Groups folder (or other user-defined folder) in the explorer view to display the following commands: New | Agent Group Use the New | Agent Group command to create a new agent group. Selecting this command will display the New Agent Group dialog allowing you to define a new agent group. New | Folder Use the New | Folder command to create a new folder. Selecting this command will add a new folder under the currently selected container in the explorer view. Delete Use the Delete command to remove a user-defined container from the explorer view and any child containers or objects created in the selected container. Rename Use the Rename command to change the name of the selected container. This command is only available for user-defined containers. Permissions Use the Permissions command to display the delegated permissions for the selected container. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Refresh Use the Refresh command to retrieve and display the latest information on the dialog.

Agents

NetControl

31

Object List The object list, in the right pane, is populated based on the folder selected in the explorer view. From this list box, select the agent group(s) to be added to the agent group list box back on the originating dialog. That is, the newly deployed agent will be assigned to this agent group. Right-click an agent group in the object list to display the following commands: Move to Use the Move to command to move the selected object to a different folder. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the object is to be moved. Delete Use the Delete command to remove the agent group from the object list. Permissions Use the Permissions command to display the delegated permissions for the selected object. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to display the properties set for the selected agent group. Selecting this command will display the Properties dialog allowing you to view or modify the agents included in the selected agent group. NOTE: This dialog contains the same tabbed pages as the New Agent Group dialog. See ‘Creating Agent Groups’ on page 33 for a description of this dialog.

Agents

NetControl

33

Chapter 5: Agent Groups Using the Resources pane in the NetControl console, you can create and maintain agent groups. An agent group is a collection of one or more servers running the NetControl Agent Service. Workload for an agent group is distributed across all agents in the processing group thus allowing for process load balancing. The NetControl application provides no restrictions for grouping. Agents can be grouped based on geographical location, applications, or resource security level. Most often, geography and security level determine how agents are grouped. This ensures that processing does not occur across the WAN and that agents will be provided the proper level of security to the underlying data. One agent in an agent group will assume the role of the coordinator. The coordinator will check and verify that each agent in the agent group is updating within the allowed update notification interval. In the event of agent failure, the coordinator will redistribute the unfinished workload of the failed agent to the remaining agents in the agent group. Fault tolerance is built in at the agent and coordinator level—if the coordinator fails, another agent in the agent group will assume that role. Refer to the documentation for each deployed NetPro application to determine if it uses agent groups to organize agents. This chapter provides the following information and procedures: •

Agent Groups Pane



Creating Agent Groups

Agent Groups

34

NetControl

Agent Groups Pane The Agent Groups window is displayed when Agent Groups is selected in the explorer view of the Resources pane. From this pane you can define agent groups and view where these agent groups are being used.

Explorer View The explorer view displays a hierarchy of folders created to organize your agent groups. Agent Groups List The agent groups list displays a list of agent groups created under the container selected in the explorer view. The following information is displayed for each agent group: •

Name – the name assigned to the agent group when it was created



Comment – the comment or descriptive text entered when the agent group was created

Right-click an object in the agent groups list to perform tasks related to the selected object. Move to Use the Move to command to move the selected agent group to a different folder in the explorer view. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the agent group is to be moved. Delete Use the Delete command to remove the agent group from the agent groups list.

Agent Groups

NetControl

35

Permissions Use the Permissions command to display the delegated permissions for the selected agent group. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to display the properties set for the selected agent group. Selecting this command will display the Properties dialog allowing you to view or modify the security permissions applied to the selected agent group. Details View The details view displays information about the resource components (for example, collectors, schedules, etc.) that are associated with the agent group selected in the object list. The following information is displayed: •

Name – the name of the resource component linked to the selected agent group



Comment – the comment or descriptive text entered when the resource component was created



Type – the type of resource component linked to the selected agent group

Right-click in the agent groups list pane (not an object in the list) or details view pane to display the following commands allowing you to change the content displayed in the agent groups list/ details view pane: New | Agent Group Use the New | Agent Group command to create a new agent group. View Expand the View command and select one of the following options to change how the objects in the object list are displayed: •

Tiles



Icons



List



Details (default)

Arrange By Expand the Arrange By command and select the appropriate option to change the sort order for the displayed objects. The sort options available are based on the container selected in the explorer view. More specifically, the options will match the column headings in the agent groups list. Arrange By | Show in Groups Use the Arrange By | Show in Groups command to group the objects in the list based on the sort method selected. A check mark in front of this command will display the objects in groups with corresponding headings.

Agent Groups

36

NetControl

Refresh Use the Refresh command to retrieve and display the latest information.

Creating Agent Groups You can create an agent groups and assign agents to this group at a later time or you can create agent groups and assign agents to the group at creation time. You can add or remove agents to existing agent groups at any time. NOTE: Agents can belong to more than one agent group. To create an ‘empty’ agent group: Creating an 'empty' agent group allows you to assign deployed agents to this group at a later time. For example, by creating an ‘empty’ agent group before deploying agents, you can assign agents to this group as part of the deployment process. 1. Select Resources from the navigation pane. 2. Select Agent Groups from the explorer view. 3. Select the New | Agent Group tool bar button. (Or right-click Agent Groups and select the New | Agent Group menu command.) This will display the New Agent Group dialog where you can name the agent group. 4. On the General page, enter a descriptive name and an optional comment to describe the agent group. 5. After entering a name and description, use the OK button to close the dialog and create the 'empty' agent group. The newly created agent group will be displayed in the Resources object list when Agent Groups is selected in the explorer view. To create an agent group with agents: 1. Select Resources from the navigation pane. 2. Select Agent Groups from the explorer view. 3. Select the New | Agent Group tool bar button or right-click menu command. This will display the New Agent Group dialog where you can name and specify the agents that are to belong to this agent group. 4. On the General page, enter a descriptive name and an optional comment to describe the agent group. 5. Open the Agents page and select the Add button. This will display the Select an Agent dialog allowing you to select the agent(s) to be added to the agent group. 6. On the Agents page, you can also update the Update Notification time as desired. This interval is used by the coordinator to determine if the other agents in the group are updating within the specified time. 7. After entering a name and selecting the agents to be added, use the OK button to close the dialog and create the agent group. The newly created agent group will be displayed in the Resources object list when Agent Groups is selected in the explorer view.

Agent Groups

NetControl

37

To add (or remove) an agent to an agent group: 1. Open the Resources pane and select Agent Groups from the explorer view. 2. Expand the folder structure in the explorer view and locate the agent group to which agents are to be added or removed. 3. In the object list, right-click the agent group and select Properties. 4. This will display the Properties dialog for that agent group. Use the Agents page of this dialog to add (or remove) an agent to the selected agent group.

New Agent Group Dialog The New Agent Group dialog is displayed when the New | Agent Group tool bar button or the right-click menu command is used when Agent Groups (or a subordinate folder) is selected in the explorer view of the Resources pane. This dialog consists of two tabbed pages: • General – use the General page to enter a name and description for the new agent group. • Agents – use the Agents page to specify the agents to be included in the agent group.

General Page From the General page, specify the general information for the agent group. The information entered on this page will be displayed in the Resources object list when Agent Groups is selected in the explorer view.

Name Enter a descriptive name for the new agent group. Example: US New York Mid-Town Data Center File Servers

Agent Groups

38

NetControl

Comment Optionally, enter a description or comment for the new agent group. Example: Agents in this agent group have been granted privileged access only to set permissions on all file servers in the Mid-Town Data Center location for New York City. (Note a separate agent group has been defined for the Financial Center.)

Agents Page From the Agents page, specify the servers to which a NetControl Agent has been deployed that are to be included in the agent group.

Agent list box This list box displays the agented servers to be included in the new agent group. It includes the server name and any comments that were entered when the agent was deployed. Add Use the Add button to add an agent to the agent group. Selecting this button will display the Select an Agent dialog allowing you to select the agent(s) to be included. Remove After agents have been added and are displayed in the Agent list box, use the Remove button to remove an agent from the list box (and the agent group). Select the agent to be removed and select the Remove button. Update Notification minutes The Update Notification interval is used by the coordinator to determine if all of the agents in the selected agent group are updating within the specified time. The default interval is 5 minutes.

Agent Groups

NetControl

39

Select an Agent Dialog The Select an Agent dialog is displayed when the Add button is selected on the Agents page of the New Agent Group dialog. From this dialog, select the agent(s) to be included in the new agent group.

Explorer View The explorer view, in the left pane, displays a hierarchy of the folders created to organize deployed NetControl Agents. Click the node next to the container or double-click a container to expand the folder structure to locate the agent(s) to be included. Select a container to display the agents deployed under the selected container. Right-click the Agents folder (or subfolder) in the explorer view to display the following commands: New | Agent Use the New | Agent command to deploy a NetControl Agent to a specified server. Selecting this command will display the New Agent Deployment dialog allowing you to select the server(s) to which an agent is to be deployed. Refer to ‘New Agent Deployment Dialog’ on page 25 for a description of the New Agent Deployment dialog. New | Folder Use the New | Folder command to create a new folder to organize the deployed agents. Selecting this command will add a new folder under the currently selected container in the explorer view. Delete Use the Delete command to remove a user-defined container from the explorer view and any child containers or objects created in the selected container. This command is only available for user-defined containers. Rename Use the Rename command to change the name of the selected user-defined container. This command is only available for user-defined containers.

Agent Groups

40

NetControl

Permissions Use the Permissions command to display the delegated permissions for the selected container. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Refresh Use the Refresh command to retrieve and display the latest information on the dialog.

Object List The object list, in the right pane, is populated based on the folder selected in the explorer view. From this list box, select the agent(s) to be included in the agent group. Right-click an agent in this list box to display the following commands: Start Use the Start command to start the agent service. Stop Use the Stop command to stop the agent service. Move to Use the Move to command to move the selected object to a different folder. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the object is to be moved. Remove Use the Remove command to remove the agent service from the selected sever. Permissions Use the Permissions command to display the delegated permissions for the selected object. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to view the properties defined for the selected agent. Selecting this command will display the Properties dialog for the agent allowing you to modify the server credentials as well as the agent group(s) to which this agent is currently assigned. NOTE: This dialog contains the same tabbed pages as the New Agent Deployment dialog with the exception of the Change Service credentials check box. See ‘New Agent Deployment Dialog’ on page 23 for a description of the information provided in this dialog.

Agent Groups

NetControl

41

Chapter 6: Computer Lists Using the Resources pane in the NetControl console, you can create and maintain computer lists. A computer list is a way to group physical computer resources based on explicit or dynamically generated content. When using the LDAP query or Script options, the computer list will be regenerated each time the computer list is used. The benefit of using dynamically generated computer lists, is that when new servers come online matching the criteria defined, they are automatically added to the computer list. This eliminates the need to manually add new servers each time. Refer to the documentation for each deployed NetPro application to determine if it can use computer lists. This chapter provides the following information and procedure: •

Computer Lists Pane



Building Computer Lists

Computer Lists

42

NetControl

Computer Lists Pane The Computer Lists pane is displayed when Resources is selected in the navigation pane and Computer Lists is selected in the explorer view of the Resources pane. From this pane you can define computer lists and see to which components it is linked.

Explorer View The explorer view displays a hierarchy of folders created to organize your computer lists. Computer Lists View The computer lists view displays a list of computer lists created under the container selected in the explorer view. The following information is displayed for each computer list: •

Name – the name assigned to the computer list when it was created



Comment – the comment or descriptive text entered when the computer list was created

Right-click an object in the computer list view to perform tasks related to the selected object. Move to Use the Move to command to move the selected computer list to a different folder in the explorer view. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the computer list is to be moved.

Computer Lists

NetControl

43

Delete Use the Delete command to remove the selected computer list from the computer lists view. Permissions Use the Permissions command to display the delegated permissions for the selected computer list. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to display the properties set for the selected computer list. Selecting this command will display the Properties dialog allowing you to view or modify the security permissions applied to the selected computer list. Details View The details view displays information about the resource component to which the computer list selected in the computer list view is linked. The following information is displayed: •

Linked To – the name of the resource component associated with the selected computer list



Comment – the comment or descriptive text entered when the linked resource component was created



Type – the type of resource component linked to the selected computer list

Right-click in the computer lists pane (not an object in the list) or details view pane to display the following commands allowing you to change the content displayed in the computer list/ details view pane: New | Computer List Use the New | Computer List command to create a new computer list. View Expand the View command and select one of the following options to change how the objects in the computer list view are displayed: •

Tiles



Icons



List



Details (default)

Arrange By Expand the Arrange By command and select the appropriate option to change the sort order for the displayed objects. The sort options available are based on the container selected in the explorer view. More specifically, the options will match the column headings in the computer lists view.

Computer Lists

44

NetControl

Arrange By | Show in Groups Use the Arrange By | Show in Groups command to group the objects in the list based on the sort method selected. A check mark in front of this command will display the objects in groups with corresponding headings. Refresh Use the Refresh command to retrieve and display the latest information.

Building Computer Lists Using the Resources pane, you can create computer lists using one of three methods: • creating an explicit list • generating a list based on an LDAP query • generating a list based on a script To build an explicit computer list: 1. Select Resources from the navigation pane to open the Resources pane. 2. Select Computer Lists from the explorer view. 3. Select the New | Computer List tool bar button or right-click menu command. This will display the New Computer List dialog where you can name and build the computer list. 4. On the General page, enter a descriptive name and an optional comment to describe the computer list. 5. Proceed to the Computers page, and in the Type box select Computers. 6. Select the Add button to display the native Select Computers dialog. From this dialog, select the computers to be included in this computer list. 7. After entering a name and specifying the computers to be included in the list, use the OK button to close the dialog and save the computer list. 8. The newly created computer list will be displayed in the object list when Computer Lists is selected in the explorer view. To build a dynamic computer list based on an LDAP query: 1. Select Resources from the navigation pane to open the Resources pane. 2. Select Computer Lists from the explorer view. 3. Select the New | Computer List tool bar button or right-click menu command. This will display the New Computer List dialog where you can name and build the computer list. 4. On the General page, enter a descriptive name and an optional comment to describe the computer list. 5. Proceed to the Computers page, and in the Type box select LDAP query and fill in the requested information: • Container – optionally enter or use the browse button to select the container to be searched. • Scope – select the scope (entire subtree or immediate children only).

Computer Lists

NetControl

45

6. Use the Generate button to build the LDAP query. Selecting this button will display the native Find Computers dialog allowing you to specify the criteria to be used in the query. After entering the criteria to be included in the LDAP query, select the OK button. The LDAP query will be displayed in the text box back on the New Computer List dialog. For example, to query Active Directory for all domain controllers with names ending with DC001, enter the following information to create the LDAP query: On the Find Computers dialog, enter: Computer Name: *DC001 Role: Domain Controller Back on the Computers tab, the Filter text box should read: (primaryGroupID=516)(name=*DC001) 7. Optionally use the Test button to search Active Directory using the query generated. A results dialog will be displayed listing the computers that currently match the criteria specified. 8. After entering a name and generating the LDAP query to be used to build the computer list, use the OK button to close the dialog and save the computer list. 9. The newly created computer list will be displayed in the object list when Computer Lists is selected in the explorer view. To build a dynamic computer list based on a script: 1. Select Resources from the navigation pane to open the Resources pane. 2. Select Computer Lists from the explorer view. 3. Select the New | Computer List tool bar button or right-click menu command. This will display the New Computer List dialog where you can name and build the computer list. 4. On the General page, enter a descriptive name and an optional comment to describe the computer list. 5. Proceed to the Computers page, and in the Type box select Script. 6. In the Language box, select the type of script to be created: VBScript (default) or JScript. 7. In the text box, enter the script to be executed. For example, to query all workstations or servers running Windows 2003 R2 with names ending in MEM01 and DC01, you could enter the following VB script: Function GetComputerList() Dim Results() i = 0 Set rootDSE = GetObject(“LDAP://RootDSE”) defaultNC = rootDSE.Get(“defaultNamingContext”) Set oCommand = CreateObject(“ADODB.Command”) Set oConnect = CreateObject(“ADODB.Connection”) oConnect.Provider = “ADsDSOObject” OConnect.Open “Active Directory Provider” oCommand.ActiveConnection = oConnect sContainer = “

Computer Lists

46

NetControl

sFilter = “(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystemVersion=5.2 \283790\29)(|(cn=*MEM01)(cn=*DC01)))” sAttrib = “cn” sQuery = sContainer & “;” & sFilter & “;” & sAttrib & “;subtree” oCommand.CommandText = sQuery Set oRecordSet = oCommand.Execute Do until oRecordSet.EOF i = i + 1 ReDIM PRESERVE Results(i) Results(i) = oRecordSet.Fields(“cn”).value oRecordSet.MoveNext Loop oConnect.Close GetComputerList = Results End Function

8. Optionally use the Test button to run the script to generate the computer list. A results dialog will be displayed listing the computers that currently match the criteria specified. 9. After entering a name and the script to be used to build the computer list, use the OK button to close the dialog and save the computer list. 10.The newly created computer list will be displayed in the object list when Computer Lists is selected in the explorer view.

New Computer List Dialog The New Computer List dialog is displayed when the New | Computer List tool bar button or right-click menu command is used when Computer Lists (or subordinate folder) is selected in the explorer view of the Resources pane. This dialog is also displayed when the New | Computer List right-click menu command is selected from the Select a Computer List dialog. From this dialog you will define computer lists which can then be used to deploy agents or assigned to jobs that need to be performed. This dialog consists of two tabbed pages: • General – use the General page to enter a name and description for the computer list. • Computers – use the Computer page to define the computers to be included in the new computer list.

Computer Lists

NetControl

47

General Page From the General page, specify the general information for the computer list. The information entered on this page will be displayed in the Resources object list when Computer Lists is selected in the explorer view.

Name Enter a descriptive name for the new computer list. Comment Optionally, enter a description or comment for the new computer list.

Computers Page From the Computers page, specify the type of list to be created and enter the required information to build the list. Type Use the drop-down menu to select the type of computer list to be built: •

Computers – Select this option to generate a static list consisting of an explicit list of computers.



LDAP Query – Select this option to dynamically generate a list of computers based on the criteria defined by an LDAP query.



Script – Select this option to dynamically generate a list of computers base on the criteria defined in a script.

The options on the dialog box will change depending on the type selected.

Computer Lists

48

NetControl

Computers

The following options are displayed when the Computers option is selected: Computers list box This list box displays the computer(s) to be included in the new computer list. Use the Add and Remove buttons to add/remove computers to/from this list box. Add Use the Add button to add a computer to the computer list. Selecting this button will display the native Select Computers dialog allowing you to select the machine(s) to be included. Remove After computers have been added and are displayed in the Computers list box, use the Remove button to remove a computer from the list box (and from the computer list). Select the computer to be removed and select the Remove button. LDAP Query

The following options are displayed when the LDAP Query option is selected: Container Optionally, use the browse button to locate a container to be searched.

Computer Lists

NetControl

49

Scope By default, the entire subtree will be searched, however, you can use the drop-down menu to search the immediate child only. Filter This text box will be populated after the LDAP query is created using the Generate button. After generating the query, this text box will display the LDAP query created based on the information specified in the Find Computers dialog. Generate Use the Generate button to specify the criteria to be used in the LDAP query. Selecting this button will display the native Find Computers dialog allowing you to specify the criteria to be used. Test Optionally, use the Test button to search Active Directory using the query generated. A results dialog will be displayed listing the computers that currently match the criteria specified in the LDAP query. Script

The following options are displayed when the Script option is selected. Script text box In this text box, enter the script to be used to create the computer list. Language Select the language to be used to create the script. By default, VBScript is selected; use the drop-down menu to change the language of the script to JScript if desired. Test Optionally, use the Test button to search Active Directory using the script entered. A results dialog will then be displayed listing the computers that currently match the criteria specified in the script.

Computer Lists

NetControl

51

Chapter 7: Schedules Using the Resources pane in the NetControl console, you can create and maintain schedules. In NetControl, jobs are designed to run based on a user-specified interval. Often times, administrators want many operations to occur at the same time (for example, every night at midnight). Schedules allow you to express the preferred time(s) for operations to occur. Then you can link the appropriate jobs to the defined schedule. That is, all operations that occur at midnight can be defined by a single management point. Schedules also provide the flexibility to disable scheduled tasks in the event of a required maintenance window. Additionally, if all jobs that occur at midnight need to move to 1:00 AM, due to a time change, the schedule can be adjusted once and all linked jobs will be updated. Refer to the documentation for each individual NetPro application to determine if your application can use the scheduling feature. This chapter provides the following information and procedure: •

Schedules Pane



Defining Schedules

Schedules

52

NetControl

Schedules Pane The Schedules pane is displayed when Resources is selected in the navigation pane and Schedules is selected in the explorer view of the Resources pane. From this pane you can define schedules and see to which components/jobs it is linked.

Explorer View The explorer view displays a hierarchy of folders created to organize your schedules. Schedules List The schedules list displays a list of schedules created under the container selected in the explorer view. The following information is displayed for each schedule: •

Name – the name assigned to the schedule when it was created



Comment – the comment or descriptive text entered when the schedule was created

Right-click an object in the schedules list to perform tasks related to the selected object. Move to Use the Move to command to move the selected object to a different folder in the explorer view. Selecting this command will display the Select a Folder dialog allowing you to select the folder to which the object is to be moved. Delete Use the Delete command to remove the selected schedule from the schedules list.

Schedules

NetControl

53

Enabled Use the Enabled command to enable and disable the selected schedule. A check mark to the left of the Enabled command means the schedule is enabled. Permissions Use the Permissions command to display the delegated permissions for the selected schedule. Selecting this command will display the Permissions dialog allowing you to view, add or remove permissions. For more details on implementing application security and the Permissions dialog, see Chapter 3: Application Security on page 15. Properties Use the Properties command to display the properties set for the selected schedule. Selecting this command will display the Properties dialog allowing you to view or modify the security permissions applied to the selected schedule. Details View The details view displays information about the resource component (for example, collector, agent, schedule) to which the schedule selected in the object is linked. The following information is displayed: •

Linked To – the name of the resource component associated with the selected schedule



Comment – the comment or descriptive text entered when the linked resource component was created



Type – the type of resource component linked to the selected schedule

Right-click in the schedules list pane (not an object in the list) or details view pane to display the following commands allowing you to change the content displayed in the schedules list/ details view pane: New | Schedule Use the New | Schedule command to create a new schedule. View Expand the View command and select one of the following options to change how the objects are displayed: •

Tiles



Icons



List



Details (default)

Arrange By Expand the Arrange By command and select the appropriate option to change the sort order for the displayed objects. The sort options available are based on the container selected in the explorer view. More specifically, the options will match the column headings in the schedules list.

Schedules

54

NetControl

Arrange By | Show in Groups Use the Arrange By | Show in Groups command to group the objects in the list based on the sort method selected. A check mark in front of this command will display the objects in groups with corresponding headings. Refresh Use the Refresh command to retrieve and display the latest information.

Defining Schedules Using the Resources pane, you can create schedules that define the desired time(s) for operations to occur. These schedules can then be linked to the appropriate jobs. This resource eliminates the need to define a schedule each time a job is to be executed. To define a new schedule: 1. Select Resources from the navigation pane to open the Resources pane. 2. Select Schedules from the explorer view. 3. Select the New | Schedule tool bar button or right-click menu command. This will display the New Schedule dialog where you can name and define the details of the schedule. 4. On the General page, enter a descriptive name and an optional comment to describe the schedule. 5. On the Details page, use the following controls to define the details of the schedule: • Type: Select Daily, Weekly or Monthly • Occurs: Select Once at