Printed Study Guide from http://www.Cramsession.com

IntranetWare 4.11 Administration - Cramsession

Minimum Hardware Requirements for an IntranetWare server: Intel 386 processor or higher
20MB RAM
VGA Video adapter and display
NIC (Network Interface Card)
15MB DOS partition
75MB SYS partition
CD-Rom

NDS Container Objects: Root - Top of NDS structure. Tree can only have one root, from where all other objects branch out.
Country - Container which designates the country that this branch of the network resides in.
Organization - Container that typically represents a company.
Alias - Logical NDS pointer. Can only point to Country and Organization objects, when used as a Container object.
Organizational Unit - Container that represents divisions of units.

NDS Leaf Objects: User Template - Template used to create users with predefined rights.
Organizational Role - Defines a position in organization. Used to assign priveleges to anyone in a certain position.
Profile - Contains login script for a group of unrelated users.
Directory Map - Represents a logical pointer to a directory in the server file system. Used to centrally manage drive mappings.
Application - Gives ability to manage applications as NDS objects.
Alias - Logical NDS pointer. Can only point to Container and Leaf objects, when used as a Leaf object.

Context

Context describes what part of the tree an object resides in.
O- Organization container.
OU- Organizational unit container.
CN- Common name of the leaf object.

Typical context format: .CN=Joe.OU=FBI.O=USGovernment

Two types of context available:
Current context - Defines where you are in the tree at the time.
Object context - Defines where an object resides in the tree.

Types of NDS names:
Distinguished name
Object's complete NDS path.
Complete path for Joe: .CN=Joe.OU=FBI.O=USGovernment

Relative distinguished name
Object's NDS path, relative to its current context. Relative distinguished names are not preceded by a dot.
Joe's current context: .OU=FBI.O=USGovernment
Joe's relative distinguished name: CN=Joe

Typeful name
Complete NDS path, which contains descriptors to define the object.
Joe's typeful name: .CN=Joe.OU=FBI.O=USGovernment

Typeless name
Complete NDS path, which does not contain descriptors to define the object.
Joe's typeless name: .Joe.FBI.USGovernment

IntranetWare File System

The file system organizes internal disks into one or more volumes.

To rename a physical volume, change its server definition with INSTALL.NLM.

To rename a logical volume, use NWADMIN.

One server can hold up to 64 volumes
Each volume can span up to 32 hard disks
Each volume can support up to 32 segments

IntranetWare default directory structure:

SYSTEM	Contains OS files, NLMs and NDS programs. By default, access limited to users with Supervisor rights.
PUBLIC	Contains user utilities and commands.
NLS	Contains message and help files for multi-lingual support.
ETC	Sample and miscellaneous files.
QUEUES	Folders which store print data. Used as a medium between a print server and printer. Contains *.QDR directories, which are individualized print queue folders.
DOC	Contains IntranetWare's documentation files.
DOCVIEW	Contains DynaText viewers to view documentation.

NDS and File System Security

W: Write - Grants rights to open and change contents of files.
R: Read - Open files.
M: Modify- Change attributes or rename a file/directory.
F: File Scan- See files/directories, but unable to open/copy.
A: Access Control- Change trustee assignments and IRFs.
C: Create- Create new files and directories.
E: Erase- Delete files and directories.
S: Supervisor- Grants all rights to files and directories.

Supervisor rights cannot be blocked by an IRF for file system security
Supervisor rights can be blocked by an IRF for NDS security.

Rights from NDS to not transfer into the file-system, except for supervisory rights.

Creator is always given supervisor rights to the file/directory they create.
Container is always given RF access to SYS:PUBLIC
User is always given RWCEMF access to their own personal directory.

In NWADMIN:
Rights to Files and Directories is used to assign rights from a user's aspect.
Trustees of this Directory is used to assign rights from a directory's aspect.

IRF (Inherited Rights Filter):
When the filter is applied, the rights specified are the rights allowed to pass through.
If Joe has RF rights, and goes through an IRF with only F specified, Joe keeps only F rights.

Security equivalence:
When one object's access rights are specified to be equivalent of another object's access rights.

Ancestral Inheritance:
Any object is security equivalent to its parent container.

Clients for IntranetWare

Client 32 file requirements for Windows 95:

NIOS.VXD	Core Client32 component, running as a VXD (virtual device driver).
LSLC32.NLM	Link Support Layer for protocol switchboarding.
x.LAN	NIC driver. Specific driver for card, where x= specific file name relative to the card's driver.
CMSM.NLM	Media Support Module in the ODI architecture.
ETHERTSM.NLM	Provides Ethernet topology support.
IPX.NLM	Communications protocol language.
CLIENT32.NLM	Module for all Client32 services.

Client 32 file requirements for DOS:

NIOS.EXE	Core Client32 component, running as a EXE (executable).
LSLC32.NLM	Link Support Layer for protocol switchboarding.
x.LAN	NIC driver. Specific driver for card, where x= specific file name relative to the card's driver.
IPX.NLM	Communications protocol language.
CLIENT32.NLM	Module for all Client32 services.
CONFIG.SYS	Must have LASTDRIVE statement to specify the last drive letter that is available for network use.
AUTOEXEC.BAT	Must activate C:\NWCLIENT\STARTNET.BAT.
STARTNET.BAT	Initializes ODI and VLM drivers.
NET.CFG	Customizes ODI and VLM settings.

Preferred Server, Context, NDS Tree and login settings are specified in the NET.CFG file when using Client32 for DOS, and in the Network Properties page when using Client32 for Windows 95.

Login Scripts

Execution order for login scripts:
1) Container - Script for Organization or Orginizational Unit containers, used for all users in the container.
2) Profile - Script which contains specific paramaters for a group of unrelated users.
3) User - User specific script.
4) Default - Executed for any user who does not have an individual user login script.

Users can only be assigned to one profile group.

Place NO_DEFAULT in the profile or container script to avoid executing a default login script.

Remarks are used to insert a line of text which will be ignored by IntranetWare.
REMARK, REM, ; , or * can be inserted before the line of text to define it as a remarked line.
REM MAP F:=SYS:PUBLIC

DOS executables, commands unrecognized by an IntranetWare login script, need to be preceded by # to specify that the script will need to run an external command.
#CAPTURE P=HPLJColor5

File Server Security

Implement the following steps to ensure file server security:
1) Restrict physical access to the file server.
2) Lock the file server console from within MONITOR.
3) Load SECURE CONSOLE to allow NLMs to only be loaded from the SYS:SYSTEM directory.
4) Lead REMOTE.NLM to allow only remote access to the server.

To enable RMF for remote access:
Type at the console LOAD REMOTE.
Type either:
LOAD RSPX - to allow remote management across a LAN
LOAD RS232 - to allow remote management through dialup access.

LDREMOTE can be loaded to encrypt passwords.

Commands

FILER - Used to manage files/directories, display volume information, and salve and purge files.
FLAG - Changes file/directory attributes.
NDIR - Used to view files, directories and volumes.
NLIST - Displays information about NDS objects.

Know how to use the following commands and all of their options.

MAP command options

MAP	Displays a list of current drive mappings.
MAP X:=SERVER1\SYS:	Maps the X drive to the SYS volume on SERVER1.
MAP N SERVER1\SYS:	Maps the next available drive to the SYS volume on SERVER1.
MAP DEL X:	Deletes the drive mapping to X:.
MAP S2:=SYS:SYSTEM	Makes the SYS:SYSTEM directory the second search drive.
MAP C S2:	Maps the second search drive to a network drive.

CAPTURE command options

/SH	Displays a list of current LPT mappings.
/S SERVER1	Specifies that you are mapping to SERVER1 as the server you will be printing to.
/Q=HPLJCOLOR5	Specifies that you are mapping the the queue HPLJCOLOR5.
/C	Specifies the number of copies you would like printed each time.
/B	Enables a banner to be printed before each job to decipher who sent the print job.
/NB	Disables banner printing.
/CR	Print job will be saved to a text file, instead of a being printed.
/L=1	Specifies LPT1 as the mapped local port.
/NOTI	Will send a message to user after the print job is sent.