background image

A collection of installation sources and packages that

is used to inventory and install software on SMS client

computers

SMS packages can be any type of software program

that supports installation using SMS.

SMS Package

An SMS-specific information file used by SMS to

create and deploy SMS packages

The default package definition file (PDF) that is

supplied with pcAnywhere is named pcAnywhere.pdf

Package Definition File

Minimum requirements for SMS deployment

The following resources are required to deploy pcAnywhere using SMS:

Windows NT 4.0 Server with Service Pack 5 or later

SQL Server 6.5 or higher

SMS 2.0 with Service Pack 1 or Service Pack 2 (recommended)

Symantec Packager 1.0 or later with customized packages created for
deployment

All deployment clients must be members of the same domain as the SMS
distribution server, or have a trust relationship set up between the domains with
appropriate permissions that allow the SMS server administrative rights on all
clients.

SMS 2.0 must be installed on Windows NT 4.0 with Service Pack 5 or higher. It is
recommended that you obtain the SMS Service Pack 2 or higher from Microsoft.

For more information about SMS requirements and updates, visit the Microsoft
Web site at the following URL:

//www.microsoft.com/sms

Deploying with SMS

An SMS deployment requires the following steps:

Preparing the Package Definition File

Creating an SMS deployment package

Assigning distribution points

Advertising the package

53

Deploying Symantec pcAnywhere custom installations

Deploying pcAnywhere using SMS 2.0

Summary of Contents for pcAnywhere

Page 1: ...Symantec pcAnywhere Administrator s Guide ...

Page 2: ... of Red Hat Inc in the United States and other countries SSH and Secure Shell are trademarks of SSH Communications Security Inc Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged The product described in this document is distributed under licenses restricting its use copying distribution and decompilation re...

Page 3: ...surance that delivers automatic software upgrade protection Global support that is available 24 hours a day 7 days a week worldwide Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program Advanced features including Technical Account Management For information about Symantec s Maintenance Programs you can visit our Web site at the followi...

Page 4: ...e agreement please contact the maintenance agreement administration team for your region as follows Asia Pacific and Japan contractsadmin symantec com Europe Middle East and Africa semea symantec com North America and Latin America supportsolutions symantec com Additional Enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec prod...

Page 5: ...capabilities each focused on establishing and maintaining the integrity and availability of your IT resources Consulting Services Educational Services provide a full array of technical training security education security certification and awareness communication programs Educational Services To access more information about Enterprise services please visit our Web site at the following URL www sy...

Page 6: ......

Page 7: ... Packager 15 What you can do with Symantec Packager 16 How Symantec Packager works 16 Importing a product module 18 Customizing product settings 18 Selecting product features 20 Including configuration files 21 Integrity stamping a product configuration 24 Serializing a pcAnywhere installation 25 Managing configuration settings globally 27 Setting product installation options 30 Creating a custom ...

Page 8: ...vell NetWare server 58 Writing the NetWare logon script 59 Testing the NetWare logon script 60 Chapter 4 Performing centralized management About centralized management 61 Managing pcAnywhere hosts remotely 61 Installing the pcAnywhere Host Administrator tool 62 Adding the Host Administrator snap in to MMC 63 Creating a configuration group 63 Adding computers to a configuration group 64 Configuring...

Page 9: ...e directory services 86 Setting up directory services in pcAnywhere 86 Setting up the host computer to use directory services 87 Setting up the remote computer to use directory services 88 Chapter 6 Managing security in Symantec pcAnywhere Controlling access to pcAnywhere hosts 89 Limiting connections to specific computer names or IP addresses 90 Leveraging centralized authentication in pcAnywhere...

Page 10: ...Contents 10 ...

Page 11: ... over the previous version of the product and preserve user defined settings A system restart for migrations and upgrades is required on Vista but is only required on Windows 2000 2003 Server XP if system files need to be updated Symantec Packager helps you simplify the process of uninstalling previous versions or distributing preconfigured settings to multiple users See Using Symantec Packager to...

Page 12: ...nverted Serial ID sets No Windows 2000 2003 Server XP 11 x Host items Caller items Remote items Option sets Registry settings AutoTransfer files must be converted No Windows 2000 XP 10 5 x Migrating from pcAnywhere 12 0 2 in Windows 2000 2003 Server XP to Vista Symantec pcAnywhere supports full migration of the full product version and host only version of pcAnywhere 12 0 2 to version 12 1 in Wind...

Page 13: ... only version of pcAnywhere 10 5 x to 12 1 in Windows 2000 2003 Server XP During the installation you are prompted to preserve existing configuration settings This data includes settings for host remote and caller items as well as option sets AutoTransfer files atf that were created in earlier versions of pcAnywhere are preserved However to use the atf files in this version of pcAnywhere you must ...

Page 14: ...e to install in passive or silent mode The product installation requires you to restart the computer to complete the installation process Create a custom installation package that includes preconfigured data files that contain the settings that you need The product installation does not support preservation of preconfigured product settings See Using Symantec Packager to streamline migrations and ...

Page 15: ...packages About Symantec Packager Symantec Packager lets you create modify and build custom installation packages that you can distribute to target systems You can use Symantec Packager to tailor installations to fit your corporate environment by building packages that contain only the features and settings that your users need Symantec products included in installation packages are protected by co...

Page 16: ...files Minimize deployment costs and complexity by installing multiple products at once Simplify application deployment and migration by including custom commands with product installations How Symantec Packager works Symantec Packager uses a phased approach for creating custom installation packages Each phase depends on the output of the previous phase Figure 2 1 shows the process for creating cus...

Page 17: ... package by setting package installation options product installation order and other settings See Creating installation packages on page 36 Configure packages When you build a package Symantec Packager creates an installation file that incorporates the product command and package options that you specified Alternatively Symantec Packager lets you build a product configuration file which creates a...

Page 18: ...Product 3 In the Open dialog box navigate to the folder that contains the product module that you want to import 4 Select the product module and then click Open Symantec Packager imports the product module and returns you to the Import Products tab Depending on the size and complexity of the product module the registration process might be lengthy If you are running Symantec Packager on Windows Vi...

Page 19: ...iguration Files You can customize the following product installation options for pcAnywhere Product description Target location Start online registration at startup Host object to use as a template Host object to start with Windows Remote object to use as a template Run LiveUpdate after installation Preserve existing configuration settings Installation Options After you select the product features...

Page 20: ...ists some of the key product dependencies Table 2 3 Symantec pcAnywhere product dependencies Dependency Feature Required if you want to let users modify configuration settings Exclude pcAnywhere Manager if you want to include integrity management pcAnywhere Manager Requires at least one communication protocol Remote Requires a caller configuration file cif if you configure the product to start a h...

Page 21: ...ing configuration files Symantec Packager lets you include preconfigured data or configuration files so that your users do not have to make configuration changes during or after installation For product specific configurations you must configure these files in the product first and then add them to the Configuration Files tab in Symantec Packager Configuration files cannot be edited in Symantec Pa...

Page 22: ...the connection and security settings needed to connect to another computer remotely For more information see the Symantec pcAnywhere User s Guide Remote connection item files chf Lets you automate file transfer command line and end of session tasks For more information see the Symantec pcAnywhere User s Guide Command queue files Lets you preconfigure the connection and security settings needed to ...

Page 23: ...ne of the following Create a new product configuration Double click an existing product to edit it 2 In the Product Editor window on the Configuration Files tab do one of the following Select the type of preconfigured file that you want to add and then click Add Browse to the configuration file that you want to include and then click Open Symantec pcAnywhere configuration files are added to the li...

Page 24: ...ion with policy management and overall strong security practices such as hardening the operating system See Implementing policy based administration on page 98 To integrity stamp a product configuration 1 In the Symantec Packager window on the Configure Products tab do one of the following Create a new product configuration Double click an existing product to edit it 2 In the Product Editor window...

Page 25: ...elect the feature components that you want to include and then add the serial ID configuration file Build the package Deploy and install the package Generating a serial ID file Symantec pcAnywhere lets you generate a security code or serial ID which can be embedded into a custom installation Serial IDs must be a numeric value between 0 and 4 294 967 296 To let a remote user connect to one or more ...

Page 26: ...le click an existing product to edit it 2 In the Product Editor window on the Features tab do any of the following Check the product features that you want to include in the custom product Uncheck the features that you do not want to include Click the plus sign next to a feature to select or remove its subfeatures To configure a custom product installation or package that includes host and remote ...

Page 27: ...mote connections file transfer logging and other functions to improve performance enhance security or manage connections Symantec pcAnywhere lets you create multiple option sets to accommodate unique configuration requirements Preconfigured option sets can be used for custom installation packages created with Symantec Packager They can also be used as the default preferences for the local computer...

Page 28: ...osts Directory Services Contains settings for configuring remote printing Remote Printing Specifies certificate information required for public key encryption Encryption To configure an option set in pcAnywhere 1 In the pcAnywhere Manager window on the left navigation bar click Option Sets 2 Do one of the following To create a new option set on the File menu click New Item Advanced To modify an ex...

Page 29: ... that contains the option set files opt that you created in pcAnywhere select the one that you want to use and then click Open The option set file is added to the list of data and configuration files 4 In the Product Editor window do one of the following Click OK to save your changes and close the Product Editor window Click Apply to save your changes and continue the product configuration 5 If pr...

Page 30: ... a unique description for the product Description Lets you select the directory in which you want to install the product on the target computer See Changing the target installation directory on page 31 Target location Prompts users to register the product when they start the program for the first time See Prompting users to register upon startup on page 32 Start online registration at startup Lets...

Page 31: ...nstallations that you create with Symantec Packager are installed by default in the Program Files directory under Symantec pcAnywhere You can specify a different directory To change the target installation directory 1 In the Symantec Packager window on the Configure Products tab do one of the following Create a new product configuration Double click an existing product to edit it 2 In the Product ...

Page 32: ...ctStart online registration at startup 4 Click OK 5 In the Product Editor window do one of the following Click OK to save your changes and close the Product Editor window Click Apply to save your changes and continue the product configuration 6 If prompted type a file name and then click Save Selecting the default template for host connections Symantec Packager lets you select the host configurati...

Page 33: ...d then click Save Selecting the default template for remote connections Symantec Packager lets you select the remote configuration file that you want to use as a template for new remote connection items that the user creates after installation Remote connection items contain the configuration settings needed to connect to another computer remotely You can select the pcAnywhere program default sett...

Page 34: ...twork You must customize the LiveUpdate configuration file LIVEUPDT HST to include the location of the LiveUpdate Server For more information see the LiveUpdate documentation To update products 1 In the Symantec Packager window on the Configure Products tab do one of the following Create a new product configuration Double click an existing product to edit it 2 In the Product Editor window on the I...

Page 35: ...uct Editor window do one of the following Click OK to save your changes and close the Product Editor window Click Apply to save your changes and continue the product configuration 6 If prompted type a file name and then click Save Creating a custom command In addition to creating custom products you can create custom commands to include in your packages Examples of custom commands include batch fi...

Page 36: ...tches that are required to run the command For example to run the uninstallation program for pcAnywhere 9 0 without requiring user interaction type the fully qualified path to the remove exe file that is located in the pcAnywhere 9 0 program directory followed by the s switch For example C Program Files Symantec pcAnywhere remove exe s You must type a double quotation mark before and after the ful...

Page 37: ...allation that fails Generate a log file to determine whether the package installed successfully Include technical support contact information For more information about configuring package settings see the Symantec Packager online Help Adding products and commands to a package definition Symantec Packager lets you create a custom installation package that includes one or more products or custom co...

Page 38: ... you specified Alternatively Symantec Packager lets you build a product configuration file which creates a Microsoft Installer msi file for a single product installation Building a product configuration file Building a product configuration file lets you create an msi file that you can use for testing or installation Symantec Packager supports MSI installation for pcAnywhere product modules only Y...

Page 39: ... build process stops You must resolve the conflict and then repeat the build process After checking for product conflicts Symantec Packager verifies that product requirements are met This includes verification that all required products are included in the package definition file If Symantec Packager encounters an error the user receives an error message however the build process continues After c...

Page 40: ...mantec Packager checks for product conflicts and verifies that required products are present on the target computer The installation fails if Symantec Packager encounters a conflict that it cannot resolve You should test packages to verify that product requirements are met and that the installation sequence is correct You should also open each installed program to ensure that it functions correctl...

Page 41: ... custom pcAnywhere installations that you create with Symantec Packager and the preconfigured installations that are included on the Symantec pcAnywhere CD using any of the following methods Local computer installation Opening an exe file or supported msi file on the Deploy Packages tab in Symantec Packager starts the installation process Ensure that the target computer meets the system requiremen...

Page 42: ...re using SMS 2 0 on page 52 Logon scripts Package and product installations created with Symantec Packager can be distributed to Windows 2000 2003 Server XP Vista and Novell NetWare target computers using a logon script See Using Windows 2000 2003 Server XP Vista logon scripts on page 56 See Using NetWare logon scripts on page 58 About package installation file locations Preconfigured package and ...

Page 43: ...of the download location The Web based deployment tool supports the deployment of Symantec Packager packages and Microsoft Installer msi files Symantec Packager lets you create a package installation file as a self extracting executable exe file or create a custom product installation for a single product as an msi file About Web based deployment requirements Table 3 1 lists the minimum requiremen...

Page 44: ...You must have administrator rights to install pcAnywhere Target computer Setting up the installation Web server To set up the Web server complete the following tasks in the order in which they are listed Copy the installation files to the Web server Configure the Web server Copying the installation files to the Web server You must copy the installation files required to support Web based deploymen...

Page 45: ...he installation files to the Web server 1 On the Web server create a directory in which you want to place the deployment files For example Deploy 2 From the Packages folder on the Symantec pcAnywhere CD copy the installation files that you want to make available for deployment to the Webinst subfolder on the Web server For example Deploy Webinst Webinst 3 Ensure that the default document for the v...

Page 46: ...ual Directory 4 Click Next to begin the Virtual Directory Creation Wizard 5 In the Alias text box type a name for the virtual directory for example ClientInstall and then click Next 6 Type the location of the installation folder for example C Client Webinst and then click Next 7 For access permissions select Read only and then click Next 8 Do one of the following to complete the virtual directory ...

Page 47: ...ks are omitted Apache services might not start For the DocumentRoot Customizing the deployment files You must edit the following files to deploy and install packages using the Web based deployment tool Contains the parameters for the Web server and the location of the files that need to be installed This file resides in the root of the Webinstall directory Start htm Contains the file name paramete...

Page 48: ...ue for this parameter does not need to be changed unless you have renamed Files ini ConfigFile The subdirectory that contains the source files to be downloaded locally This subdirectory contains the package and Files ini for example Webinst ProductFolderName The minimum hard disk space requirement The default value is appropriate MinDiskSpaceInMB The abbreviation for the product The default value ...

Page 49: ...it references the name of the package that you want to deploy For example File1 Symantec pcAnywhere Full Product exe Long file names are supported 5 For each additional file add a new Filen filename line where n is a unique number and filename is the name of the file 6 Save and close the file Customizing Files ini for MSI deployment Modify Files ini to contain the names of the msi files that you w...

Page 50: ...h bat file For example File1 Launch bat 5 Delete the semicolon next to the line File2 to uncomment the entry 6 Edit the line File2 so that it references the name of the msi file that you want to deploy For example File2 Symantec pcAnywhere Host Only msi Long file names are supported 7 For each additional file add a new Filen filename line where n is a unique number and filename is the name of the ...

Page 51: ...l If the installation fails note any error messages that are displayed Use the following guidelines to troubleshoot the problem If there is a problem with the parameters in Start htm an error message shows the path of the files that the Web based installation is trying to access Verify that the path is correct If there is a problem in Files ini for example a file not found error compare the File1 ...

Page 52: ...e client installation as follows For Internet Information Server http Server_name Virtual_home_directory Webinst where Server_name is the name of the Web based server Virtual_home_directory is the name of the alias that you created and Webinst is the folder that you created on the Web server For example http Server_name ClientInstall Webinst For Apache Web Server http Server_name Webinst where Ser...

Page 53: ...Packager 1 0 or later with customized packages created for deployment All deployment clients must be members of the same domain as the SMS distribution server or have a trust relationship set up between the domains with appropriate permissions that allow the SMS server administrative rights on all clients SMS 2 0 must be installed on Windows NT 4 0 with Service Pack 5 or higher It is recommended t...

Page 54: ...equired TRUE Creating an SMS deployment package You must create an SMS Package and configure a distribution for each type of pcAnywhere installation that you want to perform on the client computers To create an SMS deployment package 1 Use Symantec Packager to create a product installation msi file or package installation exe file as appropriate or use one of the supplied preconfigured pcAnywhere ...

Page 55: ... 3 Click Finish to complete the Distribution Point Wizard Advertising the package To send the pcAnywhere installation to the clients an advertisement of one or more of the packaged installations must be created Note Advertisements created using the EXE based installer require user intervention Users are prompted to choose a temporary directory on the local client computer to extract the installati...

Page 56: ...ges and the implementation of logon scripts You must have administrator rights on the domain to perform these tasks To set up the Windows server 1 On the server create a folder called PCAHOME 2 Share the folder and use the default share name of PCAHOME 3 Set the permissions of this share so that all users have Read access 4 Copy the pcAnywhere package to the PCAHOME share Writing the Windows logon...

Page 57: ...rive to the network share net use z FSName PCAHOME REM Checks for pcA in default folder If exist c progra 1 Symant 1 pcanyw 1 anywhere bin GOTO End REM Creates a folder in the Temp dir and copies the package C CD TEMP MD pcapkg CD pcapkg Z COPY Package C REM Launch Package Installation C IF PkgType MSI msiexec i Package IF PkgType EXE Package REM Cleanup del Package CD 57 Deploying Symantec pcAnyw...

Page 58: ...Setting up the Novell NetWare server The server must be configured to allow for the storage of pcAnywhere packages and the implementation of logon scripts You must have administrator rights to perform these tasks To set up the Novell NetWare server 1 Map drive Z to the SYS volume If you use another drive letter substitute the appropriate drive letter 2 In the Z LOGIN folder create a folder called ...

Page 59: ...them as necessary to work in your particular environment NetWare logon script REM Default mappings MAP 1 SYS REM Maps a drive to the network share MAP Z SYS LOGIN PCA REM Launches the deployment batch file Cmd c z deploy bat Exit Deployment batch file echo off setlocal REM Package Variable Change to name of pcA Package Set Package Package MSI REM EXE or MSI Variable Change to package type MSI or E...

Page 60: ...kage REM Cleanup del Package CD rd pcapkg End endlocal Testing the NetWare logon script Test the completed script on one or two workstations before setting up the script for all users Windows 2000 2003 Server XP Vista users must have local administrative rights on their computers to install the pcAnywhere package Deploying Symantec pcAnywhere custom installations Using NetWare logon scripts 60 ...

Page 61: ... you remotely manage multiple pcAnywhere hosts on a network The pcAnywhere Host Administrator tool is a Microsoft Management Console MMC snap in and requires MMC to run Symantec pcAnywhere supports integration with Microsoft Systems Management Server It also supports centralized event logging using the SNMP monitor See Integrating with Microsoft Systems Management Server on page 69 See About centr...

Page 62: ...lick Start Settings Control Panel 2 In the Control Panel window double click Add Remove Programs 3 In the Add Remove Programs window click Symantec pcAnywhere 4 Click Change 5 In the Modify or Remove Symantec pcAnywhere panel click Next 6 In the Program Maintenance panel click Modify and then click Next 7 In the Custom Setup panel under pcAnywhere Tools click the down arrow next to Host Administra...

Page 63: ... Administrator snap in to MMC 1 Do one of the following On the Windows 2000 2003 Server XP taskbar click Start Programs pcAnywhere Host Administrator On the Windows Vista taskbar click Start All Programs pcAnywhere Host Administrator 2 To start MMC on the Windows taskbar click Start Run and then type mmc 3 Click OK 4 On the Console menu click Add Remove Snap in 5 In the Add Remove Snap in dialog b...

Page 64: ...In the left pane right click the system that contains the computers that you want to add and then click Add Systems to Configuration Groups 3 In the Add Systems to Configuration Groups dialog box select the computers that you want to add 4 Under Select Destination Group s select the configuration group to which you want to add the computers 5 Click OK Configuring administrator host and remote conn...

Page 65: ... connection item contains the connection and security information needed to connect to a host computer from the pcAnywhere Host Administrator console This file has a chf extension You can add this file to the CMS folder to use it with the pcAnywhere Host Administrator tool or include it in a packaged installation To create a new administrator remote item 1 In the pcAnywhere Manager window on the l...

Page 66: ...Anywhere Manager window on the left navigation bar click Hosts 2 On the File menu click New Item Advanced 3 In the Host Properties window on the Connection Info tab select one of the following network protocols TCP IP SPX NetBIOS 4 On the Callers tab select the authentication type that you want to use 5 Under Caller list click the New Item icon 6 In the Caller Properties window type the logon info...

Page 67: ...m right click Connection Items and then click New Be A Host 3 Type a name for this connection item 4 Click OK 5 Configure the host connection item specifying the caller information and other settings that you want to use For more information see the Symantec pcAnywhere User s Guide Distributing pcAnywhere configuration files The pcAnywhere Host Administrator tool lets you distribute pcAnywhere con...

Page 68: ... your configuration group to expand it 3 Under Systems right click the computer that you want to manage and then click All Tasks 4 Select one of the following Starts a host session on the selected host computer Start Specific Host Starts a host session on the Host Administrator computer Start Admin Host Starts a host session on the computer on which you most recently started a host session Start L...

Page 69: ...g applications on a BackOffice server see the SMS documentation To import the package definition file into SMS 1 Insert the Symantec pcAnywhere CD into the CD ROM drive 2 In the SMS Administrator console in the left pane right click Packages and then click New Package From Definition 3 In the Create Package from Definition Wizard when prompted for the name of a package file click Browse to locate ...

Page 70: ...cAnywhere management applications to function normally and maintain a sufficient level of security However administrators can modify the default security settings in DCOM to allow or deny access to a system Modifying DCOM security settings on a managed computer might require adjustments to the DCOM settings on the administrator computer Ensure that all managed computers are authenticating on the s...

Page 71: ...STARTREMOTE STOPHOST The B and C parameters specify the Be a Host and Call a Host items that are contained in the CMS folder in the pcAnywhere directory The H parameter identifies the name or address of the host computer on which the action is performed The R parameter is only used with STARTREMOTE to specify the name of the host computer to which the remote connects Whenever a remote is started a...

Page 72: ...ogs activities on network devices and equipment such as adapters routers and hubs This information can then be sent to any management console that supports SNMP traps for example MMC or SMS The event console usually has a way to automate actions depending on the incoming SNMP trap and the variable that it contains The capabilities of the automated action typically referred to as a rule or action v...

Page 73: ...e MIB file outlines the SNMP traps that pcAnywhere can generate Use the pcAnywhere MIB file as a tool to help build automated responses to pcAnywhere events that occur on the network The pcAnywhere MIB file is located in the following directory Program Files Symantec pcAnywhere CMS pca_trap mib 73 Performing centralized management About centralized logging ...

Page 74: ...Performing centralized management About centralized logging 74 ...

Page 75: ...n the Internet or intranet The benefit of using directory services with pcAnywhere is increased speed Normally when you launch a remote connection it scans the network for waiting pcAnywhere hosts This can be time consuming and the results can vary depending on the size of the network and whether the host is on a different subnet LDAP registered hosts provide instant results to remote queries Usin...

Page 76: ... class describes the information that the LDAP server needs to store for each host that a user starts Once the custom object class is available modify all existing entries to store values that belong to the new object class The custom pcAnywhere object class must be called pcaHost and must contain a single binary attribute called pcaHostEntry For example objectclass pcaHost pcaHostEntry binary Con...

Page 77: ...orm this task To configure Netscape Directory Server 4 0 1 Start the Netscape Console 4 0 application 2 In the left tree view open the item that represents this server 3 Open the Server Group 4 Double click the Directory Server item 5 On the Configuration tab in the left tree view open the Database item 6 Click the Schema sub item 7 On the Attributes tab click Create 8 In the Attribute Name field ...

Page 78: ...g rights Creating the pcaHostEntry in ConsoleOne Follow this procedure to create the pcaHostEntry To create the pcaHostEntry in ConsoleOne 1 Log on to the LDAP server that contains the LDAP group object 2 Open ConsoleOne from the following location sys public mgmt ConsoleOne 1 2 bin ConsoleOne exe 3 On the Tools menu click Schema Manager 4 On the Attribute tab click Create 5 Click Next 6 In the At...

Page 79: ...rit From box 10 Click Next Objectclass appears in the Add These Attributes window 11 Click Next 12 Double click the pcaHostEntry and add it to the Add These Attributes window 13 Click Next Review the summary for the new class to be created 14 Click Finish Mapping the LDAP attribute to the NDS attribute Follow this procedure to map the LDAP attribute to the NDS attribute To map the LDAP attribute t...

Page 80: ... the NDS class to the LDAP class 1 Double click the LDAP Group icon 2 On the Class Map tab click Add 3 In the LDAP class field type pcaHost This entry is case sensitive and must be typed exactly 4 In the NDS Attribute box click pcaHost 5 Click OK 6 Do one of the following Click Apply to map other attributes Click OK to finish Creating an LDIF file Follow this procedure to create an LDIF file Note ...

Page 81: ...igning rights to an individual user Follow this procedure to assign rights to an individual user To assign rights to an individual user 1 Select the LDAP server 2 Right click a user and then click Trustees of the object 3 Click the user 4 Click Assigned Rights 5 Click Add a Property 6 Uncheck Show Only Properties Of This Object Class 7 Click pcaHostEntry 8 Click OK 9 Click the write access rights ...

Page 82: ...the write access rights to apply to this user group 14 Click OK Configuring Windows Active Directory The Windows 2000 server with Active Directory must be installed and configured before configuring pcAnywhere for Windows 2000 Active Directory To implement Windows Active Directory in pcAnywhere you must extend the schema on the server This process involves the following tasks Adding the snap in Cr...

Page 83: ...caHostEntry attribute To create the pcaHostEntry attribute 1 In the left pane expand the Active Directory schema item The Classes and Attribute subfolders should now be available 2 Right click the Attributes folder and then click Create Attribute Continue through the resulting warning message 3 In the Common Name entry field type pcaHostEntry This is case sensitive 4 In the LDAP Display Name field...

Page 84: ... 9 Click OK The pcaHostEntry should appear as an optional attribute 10 Click Finish Associating the pcaHost object with the user object class Follow this procedure to associate the pcaHost object with the user object class To associate the pcaHost object with the user object class 1 In the left pane of Console1 expand the Class folder 2 Right click the user object class and then click Properties 3...

Page 85: ... the Security tab click Add 5 Click the Everyone group 6 Click Add 7 Click OK 8 In the Allow column select Read Only 9 On the organizational unit s property page click Advanced 10 Select the Everyone group that you just added 11 Click View Edit 12 On the Object tab in the Apply onto list click Thisobjectandallchildobjects 13 Click OK until you close the Security property page Setting up edit right...

Page 86: ...rvices for a remote connection item Setting up directory services in pcAnywhere Configure the directory server entries before beginning this procedure To set up directory services in pcAnywhere 1 In the pcAnywhere Manager window on the Edit menu click Preferences 2 In the pcAnywhere Options window on the Directory Services tab click Add 3 In the Display Name field type a name that clearly describe...

Page 87: ...ed on the server Setting up the host computer to use directory services When you set up a host connection to use directory services pcAnywhere searches the directory server for the specified common name when you launch the host connection If it finds a corresponding entry it updates it with the connection information and current status of the host As the status changes the host updates its entry i...

Page 88: ... then click Properties 3 On the Settings tab click Use directory services 4 Select a directory server in the list The list contains only the directory servers that have been preconfigured and verified 5 Click Filter to set the initial filter settings The Filter Page narrows the results Fill out some or all of the fields Only the entries matching those criteria are returned You can use wildcard cha...

Page 89: ...sts that are available for remote access and by implementing secure remote access server RAS and Virtual Private Network VPN solutions in place of individual dial up devices The following are some of the methods that pcAnywhere provides to control access to pcAnywhere hosts Limit connections to specific computer names or IP addresses See Limiting connections to specific computer names or IP addres...

Page 90: ...f time that a remote user has to successfully log on to the host computer helps protect against hacker and denial of service attacks For more information see the Symantec pcAnywhere User s Guide Prompt to confirm connections If you enable this option pcAnywhere notifies the host user that someone is attempting to connect The host user has the option to allow or deny the connection For more informa...

Page 91: ...horized access Symantec pcAnywhere supports a number of centralized authentication types including Active Directory Novell Directory Services Novell Bindery NT and RSA SecurID giving you the flexibility of using the authentication measures already in place on your network Using two factor authentication Symantec pcAnywhere supports RSA SecurID two factor authentication SecurID validates users agai...

Page 92: ...SA SecurID authentication the host and remote computers must be running Symantec pcAnywhere 11 0 x or later Using Microsoft Windows based authentication types Table 6 1 includes information about the authentication types available for Microsoft Windows based platforms Table 6 1 Microsoft Windows based authentication types Implementation in pcAnywhere Explanation Microsoft Windows based authenticat...

Page 93: ... each administrator to the local administrator group This feature is supported only for Windows NT authentication To set up Windows NT authentication for global users 1 In the pcAnywhere Manager window on the left navigation bar click Hosts 2 Do one of the following To add a new connection item on the File menu click New Item Advanced To modify an existing connection item in the right pane under H...

Page 94: ... using a list stored in a Novell Directory Service NDS Users must log on to the LDAP server and then they can browse for user names Validates a user or group by checking a user list stored in an LDAP 3 0 compliant directory service Novell LDAP Using Web based authentication types Table 6 3 includes information about the Web based authentication methods that are available Table 6 3 Web based authen...

Page 95: ...ork HTTPS Caller Authentication Users must log on to the LDAP server and then they can browse for user names Validates a user by checking a list stored in an LDAP 3 0 compliant directory service Netscape LDAP Caller Authentication Protecting session security Symantec pcAnywhere provides a number of options to protect the privacy of a session and prevent users from performing specific tasks that mi...

Page 96: ... match the encryption of the computer with the higher encryption level Strong encryption Symantec pcAnywhere automatically secures logon information by using symmetric encryption to encrypt the user ID and password Logon information might not be encrypted if either the host or remote uses a previous version of pcAnywhere that is not configured to use symmetric encryption Logon encryption Protect t...

Page 97: ...ion options For more information see the Symantec pcAnywhere User s Guide Maintaining audit trails Event logging helps you monitor session activities and track information for auditing purposes You can track who connected to a host and session duration as well as important security information such as authentication or logon failures Depending on your environment you can send information about eve...

Page 98: ...tings in an administrative template After you add the Group Policy snap in to MMC you must import the pcAnywhere adm file into MMC See Importing the pcAnywhere administrative template on page 98 Importing the pcAnywhere administrative template Symantec pcAnywhere provides administrative templates for Windows 2000 2003 Server XP Vista to support registry based policy management The pcAnywhere adm f...

Page 99: ...s of the user interface or perform certain functions in pcAnywhere Table 6 5 lists information about the policy settings that pcAnywhere lets you control Table 6 5 Location of pcAnywhere policy settings Description Folder Contains policy settings to prohibit users from doing the following Launching the pcAnywhere Manager window which is the main user interface for pcAnywhere Launching host objects...

Page 100: ...entify the host computer UI Changes Host Objects Contains policy settings to prohibit users from doing the following Editing remote objects Creating remote objects Changing the directory location of remote objects Viewing or editing specific property pages UI Changes Remote Objects Contains policy settings to prohibit users from doing the following Editing option set objects and global pcAnywhere ...

Page 101: ...cy object for which you want to set policies 3 In the console window in the left pane click the plus sign next to the group policy object that you want to manage to expand the list 4 Under User Configuration click the plus sign next to Administrative Templates to expand the list 5 Click the plus sign next to Symantec pcAnywhere to expand the list 6 Open the folder that contains the policy settings...

Page 102: ...Managing security in Symantec pcAnywhere Implementing policy based administration 102 ...

Page 103: ...on groups 63 conflicts viewing 37 connection item files host 22 connection item files continued remote 22 connection items host 32 remote 33 custom commands adding to package definition files 37 overview 35 custom installations See packages D DCOM modifying security settings 70 overview 69 requirements Windows 2000 2003 Server XP Vista 70 dcomcnfg exe file 71 dependencies viewing 37 deployment cus...

Page 104: ...Novell deployment 58 for Windows deployment 56 login scripts continued testing 58 60 M management shims 71 MIB 73 Microsoft Management Console See MMC migration about 11 from pcAnywhere 10 x 13 from pcAnywhere 11 x 13 of packages 13 MMC about Group Policy snap in 98 adding computers 64 adding configuration groups 63 adding Host Administrator snap in 63 managing policies 101 N Netscape Directory Se...

Page 105: ...files building 38 product modules importing 18 product requirements 37 R registry keys 23 remote items adding to packages 22 configuring 64 remote management 61 S SecurID 91 security ID adding to packages 26 generating 25 serial ID adding to packages 26 generating 25 SMS deployment of packages 53 importing pcAnywhere files 69 using AwShim 71 using MIB 73 SNMP traps 97 logging 72 Start htm file 48 ...

Reviews: