Printed Study Guide from http://www.Cramsession.com

Netware 5 Administration - Guide

Network Definition

Group of computers that communicate and share resources.

Hardware consists of servers, workstations, networks boards, and communication media.

Minimum Hardware Requirements for Netware 5 server

Pentium processor

64MB RAM
35MB DOS partition
200MB SYS partition
VGA Video adapter and display
CD-Rom

Network Board

Login Sequence:

Prompts/Validates Username --->Result: Denied or
Checks Account Restrictions --->Result: Denied or
Prompted for Password --->Result: Denied and Intruder Detection Notified or
Access granted.

Context

Context describes what part of the tree an object resides in.
O- Organization container.
OU- Organizational unit container.
CN- Common name of the leaf object.

Typical context format: .CN=Joe.OU=FBI.O=USGovernment

Two types of context available:
Current context - Defines where you are in the tree at the time.
Object context - Defines where an object resides in the tree.

Types of NDS names:
Distinguished name
Object's complete NDS path.
Complete path for Joe: .CN=Joe.OU=FBI.O=USGovernment

Relative distinguished name
Object's NDS path, relative to its current context. Relative distinguished names are not preceded by a dot.
Joe's current context: .OU=FBI.O=USGovernment
Joe's relative distinguished name: CN=Joe

Typefull name
Complete NDS path, which contains descriptors to define the object.
Joe's typefull name: .CN=Joe.OU=FBI.O=USGovernment

Typeless name
Complete NDS path, which does not contain descriptors to define the object.
Joe's typeless name: .Joe.FBI.USGovernment

NDS Container Objects

Root - Top of NDS structure. Tree can only have one root, from where all other objects branch out.
Country - Container which designates the country that this branch of the network resides in. Must be abbreviated (i.e. US, UK, etc…)
Organization - Container that typically represents a company.
Alias - Logical NDS pointer. Can only point to Country and Organization objects, when used as a Container object.
Organizational Unit - Container that represents divisions of units.

NDS Leaf Objects

Alias - Logical NDS pointer. Can only point to Container and Leaf objects, when used as a Leaf object.

User Template - Template used to create users with predefined rights.
Organizational Role - Defines a position in organization. Used to assign privileges to anyone in a certain position.
Profile - Contains login script for a group of unrelated users.
Directory Map - Represents a logical pointer to a directory in the server file system. Used to centrally manage drive mappings.
Application - Provides ability to manage applications as NDS objects.

NDPS Printing

Single utility that manages all printing in the Netware 5 environment. Downloads all necessary drivers to the workstation. Supports TCP/IP.
NDPS Manager: All agents (object that is the combined printer, print queue and print server) are controlled by the Manager. Controls printing on workstations.
NDPS Gateway: Installed on the Netware 5 server. Acts as agent for non-NDPS aware printers (most today).
NDPS Broker: allows for:

SRS (Service Registry Services) for public access printers to be advertised on the network.
ENS (Event Notification Services) delivers messages to users regarding job status/events.
RMS (Resource Management Services) centrally manages drivers, definition files, banners, and fonts.

Printer Types include;
Public: no NDS object (resides in Broker)
Controlled Access: NDS object uses corresponding NDPS Gateway.

Commands

NWADMIN – Netware Administrator is the GUI used to manage Netware resources

FILER - Used to manage files/directories, display volume information, and save and purge files.
FLAG - Changes file/directory attributes.
NDIR - Used to view files, directories and volumes.
NCOPY – Copies Directory Structure, and Files (including Netware attributes)

RENDIR – Renames directory.

UIMPORT- Used to import users from a database to NDS. (Delimited ASCII file)Sample syntax: UIMPORT LIST.CTL LIST.DAT

CONSOLE1 - Java based management utility (requires Java Runtime Environment). - Can be used to create User, Group, Organization, and Organizational Unit objects.

If not available in Application Launcher then,

Path = servername_SYS:PUBLIC\MGMT\CONSOLE1.EXE

MAP command options

MAP	Displays a list of current drive mappings.
MAP X:=SERVER1\SYS:	Maps the X drive to the SYS volume on SERVER1.
MAP N SERVER1\SYS:	Maps the next available drive to the SYS volume on SERVER1.
MAP DEL X:	Deletes the drive mapping to X:
MAP S2:=SYS:SYSTEM	Makes the SYS:SYSTEM directory the second search drive.
MAP C S2:	Maps the second search drive to a network drive.


Netware 5 File System: The file system organizes internal disks into one or more volumes.; To rename a physical volume, change its server definition with NWCONFIG.; To rename a logical volume, use NWADMIN.; NetWare default directory structure:

SYS	Contains OS files, NLMs and NDS programs. By default, access limited to users with Supervisor rights.
PUBLIC	Contains user utilities and commands.
NLS	Contains message and help files for multi-lingual support.
ETC	Sample and miscellaneous files.

DOC	Contains Netware's documentation files.
DOCVIEW	Contains DynaText viewers to view documentation.


Security (File & NDS): W: Write - Grants rights to open and change contents of files.
R: Read - Open files.
M: Modify- Change attributes or renames a file/directory.
F: File Scan- See files/directories, but unable to open/copy.
A: Access Control- Change trustee assignments and IRFs.
C: Create- Create new files and directories.
E: Erase- Delete files and directories.
S: Supervisor- Grants all rights to files and directories.; Supervisor rights cannot be blocked by an IRF for file system security
Supervisor rights can be blocked by an IRF for NDS security.; Rights from NDS do not transfer into the file-system, except for Supervisory rights.; Creator is always given supervisor rights to the File/Directory they create.
Container is always given RF access to SYS:PUBLIC
User is always given RWCEMFA access to their own personal directory.; In NWADMIN:
Rights to Files and Directories is used to assign rights from a user's aspect.
Trustees of this Directory is used to assign rights from a directory's aspect.; IRF (Inherited Rights Filter):
When the filter is applied, the rights specified are the rights allowed to pass through.
If Joe has RF rights, and goes through an IRF with only F specified, Joe keeps only F rights.; Security equivalence:
When one object's access rights are specified to be equivalent of another object's access rights.; Ancestral Inheritance:
By default, any object is security equivalent to its parent container.
Server Security: Implement the following steps to ensure file server security:
1) Restrict physical access to the file server.
2) Lock the file server console using SCRSAVER.NLM
3) Load SECURE CONSOLE to allow NLMs to only be loaded from the SYS:SYSTEM directory.
4) Lead REMOTE.NLM to allow only remote access to the server.
Login Scripts: Execution order for login scripts (also order of use):
1) Container - Script for Organization or Organizational Unit containers used for all users in the container.
2) Profile - Script which contains specific parameters for a group of unrelated users.
3) User - User specific script.
4) Default - Executed for any user without individual user login script.; Users can only be assigned to one profile group.; Sample Syntax: WRITE "Good %GREETING_TIME,%LOGIN_NAME"; Place NO_DEFAULT in the profile or container script to avoid executing a default login script.; Remarks are used to insert a line of text that will be ignored by Netware.
REMARK, REM, ; , or * can be inserted before the line of text to define it as a remarked line. REM MAP F:=SYS:PUBLIC; DOS executables, commands unrecognized by a login script, need to be preceded by # to specify that the script will need to run an external command. #CAPTURE P=HPLJColor5
ZENWORKS 1.0: Distributes applications to users through a single point of administration.; Provides: Location Independence (by use of URLs), Application Fault Tolerance (by use secondary copies of the application), Application Load Balancing (by use of multiple servers), and Roaming Profile Support: (by use of workstation OS detection)

Application Launcher (NAL.EXE): A component that is pushed to the workstation. Determines the proper application launch settings, regardless of client operating system.

SnAppShot: Creates image of current applications/settings and allows distribution.

AOT: Binary file where snapshot info is stored. Accessed by NWADMIN in application object.

Pull distribution: Places application icon (mapped to resources) on the user’s desktop.
Push distribution: The Focused Run feature allows for the user to receive the software locally at a specified interval such as at login.

Alternative Utilities are: Application Explorer (Win95/NT only), NALEXPLD.EXE,
and AXT (text version of AOT)

Policy Package Object: Controls specific to Workstations and Users such as, desktop environment, remote control of workstations, and information through Help Requestor.

User Policies: associated with the following objects: Containers, User Groups, and User.
Workstation Policies: only associated with Containers, Workstation Groups, and Workstations. (Users must register workstations with NDS before they can be treated as objects.)

Only one WIN 95 user package can be associated with the Admin.

Policy rights are applied in the order of object then container.
Client 32: Supports both TCP/IP (Required for Internet) and IPX (Required for older Novell Networks) Protocols.; Requires ODI (Legacy Dos/Win 3.x), or NDIS (Win95, NT) capability.; (This binds multiple protocols to a single card)

Special Thanks to Chris Poulin for contributing the original notes for this Cramsession