1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Software
  5. 14541094 - pcAnywhere Host & Remote
  6. Administrator's manual

Symantec 14541094 - pcAnywhere Host & Remote Administrator's Manual

Administration guide
Hide thumbs Also See for 14541094 - pcAnywhere Host & Remote:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Manual
Symantec pcAnywhere™
Administrator's Guide

Advertisement

Table of Contents
loading

Related Manuals for Symantec 14541094 - pcAnywhere Host & Remote

Summary of Contents for Symantec 14541094 - pcAnywhere Host & Remote

  • Page 1 Symantec pcAnywhere™ Administrator's Guide...

  • Page 2: Legal Notice

    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION.

  • Page 3: Technical Support

    Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/techsupp/ent/enterprise.html Select your region or language under Global Support, and then select the Licensing and Registration page.
  • Page 4 North America and Latin America: supportsolutions@symantec.com Additional Enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively.
  • Page 5 Consulting Services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.

  • Page 7: Table Of Contents

    Migrating from pcAnywhere 10.x in Windows 98/Me ....13 Upgrading from pcAnywhere 9.2.x in Windows NT/2000/XP ... 14 Upgrading from pcAnywhere 9.2.x in Windows 98/Me ....14 Using Symantec Packager to streamline migrations and upgrades ..14 Chapter 2 Creating custom installation packages About Symantec Packager ..............
  • Page 8 Contents Chapter 3 Deploying Symantec pcAnywhere custom installations About deployment ................ 43 About package installation file locations ........... 44 Deploying installation packages using Web-based deployment ....45 About Web-based deployment requirements ........ 45 Setting up the installation Web server ........46 Customizing the deployment files ..........
  • Page 9 Setting up the host computer to use directory services ....89 Setting up the remote computer to use directory services ....90 Chapter 6 Managing security in Symantec pcAnywhere Controlling access to pcAnywhere hosts ........... 91 Limiting connections to specific computer names or IP addresses ................
  • Page 10 Contents...

  • Page 11: Planning A Migration And Upgrade Strategy

    A system restart for migrations and upgrades is required only if system files need to be updated. Symantec pcAnywhere requires a system restart if you are migrating or upgrading to the new version in Windows 98/Me. Symantec Packager helps you simplify the process of uninstalling previous versions or distributing preconfigured settings to multiple users.
  • Page 12 Planning a migration and upgrade strategy About migrations and upgrades Migration and upgrade strategy matrix Table 1-1 Symantec Operating Restart required Data preserved pcAnywhere system automatically version 11.x Windows Host items NT/2000/2003 Caller items Server/XP Remote items Option sets Registry settings...

  • Page 13: Migrating From Pcanywhere 11.X In Windows Nt/2000/2003 Server/Xp

    Planning a migration and upgrade strategy About migrations and upgrades Migrating from pcAnywhere 11.x in Windows NT/2000/2003 Server/XP Symantec pcAnywhere supports full migration of the full product version and host-only version of pcAnywhere 11.x to version 12.0 in Windows NT/2000/2000/2003 Server/XP.

  • Page 14: Upgrading From Pcanywhere 9.2.X In Windows Nt/2000/Xp

    9.2.x installed, pcAnywhere prompts you to uninstall the program. This is required to ensure proper functionality. To automate this process, you can use Symantec Packager to create a custom installation package to handle the uninstallation and installation process. You can also include preconfigured data files in the package and deploy it to other users.
  • Page 15 Planning a migration and upgrade strategy Using Symantec Packager to streamline migrations and upgrades The product installation does not support Create a custom installation package that preservation of preconfigured product includes preconfigured data files that settings. contain the settings that you need.
  • Page 16 Planning a migration and upgrade strategy Using Symantec Packager to streamline migrations and upgrades...

  • Page 17: Creating Custom Installation Packages

    About Symantec Packager Symantec Packager lets you create, modify, and build custom installation packages that you can distribute to target systems. You can use Symantec Packager to tailor installations to fit your corporate environment by building packages that contain only the features and settings that your users need.

  • Page 18: What You Can Do With Symantec Packager

    What you can do with Symantec Packager Note: Symantec Packager runs on Windows NT/2000/2003 Server/XP Professional platforms only. However, installation packages that are created with Symantec Packager can be installed on all Microsoft 32-bit platforms except for Windows 95/NT 3.51.
  • Page 19 Creating custom installation packages How Symantec Packager works Package creation process Table 2-1 Task Description Reference Import product modules into Product modules contain the “Importing a product Symantec Packager. installation binary and module” on page 20. product template files that are needed to create a custom installation of the product.

  • Page 20: Importing A Product Module

    <version>.PMI) on the installation CD. If you install Symantec Packager from the pcAnywhere installation CD, Symantec Packager automatically imports this product module file. If no products appear on the Import Products tab when you open Symantec Packager, you must import the product module manually. To import a product module Open Symantec Packager.

  • Page 21: Customizing Product Settings

    Symantec Packager. Each product configuration file contains the features, installation options, and preconfigured settings that you want to include for that product. Symantec Packager uses this information to construct installation packages. You can edit the default product configuration file or create a new one.

  • Page 22: Selecting Product Features

    Some features in pcAnywhere have dependencies on other components. Although Symantec Packager has a level of built-in dependency checking, it is possible to build a pcAnywhere installation package that does not include all required files.
  • Page 23 Required for all custom product installations. Communication protocols Required for all custom product installations. To select product features In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration. Double-click an existing product to edit it.

  • Page 24: Including Configuration Files

    For product-specific configurations, you must configure these files in the product first, and then add them to the Configuration Files tab in Symantec Packager. Configuration files cannot be edited in Symantec Packager.
  • Page 25 This information is required to launch a host. For more information, see the Symantec pcAnywhere User's Guide. Symantec pcAnywhere configuration files are located in the following folders: Windows 2000/2003 Server/XP \Documents and Settings\All Users\Application Data\Symantec\pcAnywhere Windows NT 4.0...

  • Page 26: Integrity Stamping A Product Configuration

    Warning: Use caution when configuring a registry key file. An incorrect setting could make the operating system or product inoperable. To include a configuration file In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration.

  • Page 27: Serializing A Pcanywhere Installation

    “Implementing policy-based administration” on page 99. To integrity stamp a product configuration In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration. Double-click an existing product to edit it.
  • Page 28 Deploy and install the package. Generating a serial ID file Symantec pcAnywhere lets you generate a security code, or serial ID, which can be embedded into a custom installation. Serial IDs must be a numeric value between 0 and 4,294,967,296.
  • Page 29 Creating custom installation packages Customizing product settings To create a serialized installation file In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration. Double-click an existing product to edit it.

  • Page 30: Managing Configuration Settings Globally

    Preconfigured option sets can be used for custom installation packages created with Symantec Packager. They can also be used as the default preferences for the local computer. Configuring an option set in pcAnywhere Symantec pcAnywhere groups the option set properties by tabs.
  • Page 31 After the package or custom product is installed on the target computer, the option set can be applied on the local computer. To add an option set to a custom installation file In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration.

  • Page 32: Setting Product Installation Options

    If prompted, type a file name, and then click Save. Applying an option set on the local computer Symantec pcAnywhere lets you maintain multiple option set files to accommodate unique configuration requirements. For example, if you work in different locations, you can avoid changing the default settings each time you change locations.
  • Page 33 Packager are installed by default in the Program Files directory under Symantec\pcAnywhere. You can specify a different directory. To change the target installation directory In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration.
  • Page 34 Manager feature in the product configuration. To prompt users to register upon startup In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration.
  • Page 35 If prompted, type a file name, and then click Save. Selecting the default template for host connections Symantec Packager lets you select the host configuration file that you want to use as a template for new host connection items that the user creates after installation.
  • Page 36 To select the default template for remote connections In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration.
  • Page 37 “Creating installation packages” on page 39. To preserve existing configuration settings In the Symantec Packager window, on the Configure Products tab, do one of the following: Create a new product configuration. Double-click an existing product to edit it.

  • Page 38: Creating A Custom Command

    For more information about custom commands, see the Symantec Packager online Help. To create a custom command In the Symantec Packager window, on the Configure Products tab, on the File menu, click New Custom Command. In the Command Editor window, on the Parameters tab, double-click Description.

  • Page 39: Creating Installation Packages

    Package creation is optional for pcAnywhere custom installations. Symantec Packager lets you build the Symantec pcAnywhere product configuration file, which creates an .msi file that can be installed locally. You can deploy the Symantec pcAnywhere .msi file using a third-party deployment tool. The Symantec Packager Deployment Tool does not support MSI deployment.

  • Page 40: Adding Products And Commands To A Package Definition

    Package Editor window, as well as any product requirements or conflicts. To add products and commands to a package definition In the Symantec Packager window, on the Configure Packages tab, do one of the following: Create a new package definition.

  • Page 41: Building A Product Configuration File

    Symantec Packager stores the .msi files in the Symantec Packager data directory. You can view these files on the Deploy Packages tab if you edit the Symantec Packager preferences to list supported .msi files.

  • Page 42: Testing Packages

    During installation, Symantec Packager checks for product conflicts and verifies that required products are present on the target computer. The installation fails if Symantec Packager encounters a conflict that it cannot resolve. You should test packages to verify that product requirements are met and that the installation sequence is correct.

  • Page 43: Deploying Symantec Pcanywhere Custom Installations

    Opening an .exe file or supported .msi file on the Deploy Packages tab in Symantec Packager starts the installation process. Ensure that the target computer meets the system requirements for pcAnywhere installation. For more information about using the Deploy Packages tab, see the Symantec Packager Implementation Guide on the pcAnywhere CD.

  • Page 44: About Package Installation File Locations

    Preconfigured package and product installation files are stored in the Packages directory on the Symantec pcAnywhere CD. Packages and product installation files that you create with Symantec Packager are listed on the Deploy Packages tab in Symantec Packager. To view .msi files, you must edit the Symantec Packager preferences to list supported product .msi files.

  • Page 45: Deploying Installation Packages Using Web-Based Deployment

    Deploying installation packages using Web-based deployment Packages that are created with Symantec Packager can be deployed over your corporate intranet using a Web-based deployment tool that is provided by Symantec. All of the source files that are necessary to implement Web-based deployment are included on the Symantec pcAnywhere CD in the Tools/Web Deploy folder.

  • Page 46: Setting Up The Installation Web Server

    Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment Web server and target computer requirements (continued) Table 3-1 Deployment Requirements Target computer Internet Explorer 4.0 or later. Symantec pcAnywhere requires Internet Explorer 6.x or later for installation. Windows Installer 2.0 or later (required only for MSI installations).
  • Page 47 On the Web server, create a directory in which you want to place the deployment files. For example: Deploy From the Packages folder on the Symantec pcAnywhere CD, copy the installation files that you want to make available for deployment to the Webinst subfolder on the Web server. For example: Deploy\Webinst\Webinst Ensure that the default document for the virtual directory is Default.htm.
  • Page 48 Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment The Web-based deployment tool supports Microsoft Internet Information Server (IIS) or Apache HTTP Web Server. The procedures for creating a virtual directory on these servers vary. To create a virtual directory on a Microsoft Internet Information Server Do one of the following to launch the Internet Services Manager: In IIS version 4.0: On the Windows taskbar, click Start >...

  • Page 49: Customizing The Deployment Files

    Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment This file is installed by default in C:\Program Files\ Apache Group\Apache\conf. Type the following lines at the end of the file: DirectoryIndex default.htm <VirtualHost 111.111.111.111> #ServerName machinename DocumentRoot "C:\Client\Webinst"...
  • Page 50 Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment Customizing Start.htm The parameters in the Start.htm file contain information about the Web server and the location of the files that need to be installed. The configuration parameters are located near the bottom of the Start.htm file, inside the <object> tags.
  • Page 51 Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment You can also include additional files to support the deployment of third-party applications. To customize Files.ini for package deployment In a text editor, open Files.ini In the [General] section, edit the line LaunchApplication= so that it references the package executable file that you want to start after the download completes.
  • Page 52 Deploying Symantec pcAnywhere custom installations Deploying installation packages using Web-based deployment To customize Files.ini for MSI deployment In a text editor, open Files.ini In the [General] section, edit the line LaunchApplication= so that it references Launch.bat. For example: LaunchApplication=Launch.bat This launches the MSI installation after the download is complete. You must also edit the Launch.bat file to include the name of the .msi file that you want...

  • Page 53: Testing The Installation On The Web Server

    Edit the line @msiexec -i Package.msi so that it reflects the name of the .msi file that you want to deploy. For example, @msiexec -i Symantec Packager - Host Only.msi Save and close the file. Testing the installation on the Web server To test the installation, go to the Web site (for example, <your web...

  • Page 54: Deploying Pcanywhere Using Sms 2.0

    Deploying Symantec pcAnywhere custom installations Deploying pcAnywhere using SMS 2.0 intranet must be set to Medium so that Symantec ActiveX controls can be downloaded to the client. When the installation is complete, the security level can be restored to its original setting.

  • Page 55: Minimum Requirements For Sms Deployment

    SQL Server 6.5 or higher SMS 2.0 with Service Pack 1 or Service Pack 2 (recommended) Symantec Packager 1.0 or later with customized packages created for deployment All deployment clients must be members of the same domain as the SMS...
  • Page 56 Preparing the Package Definition File A default Package Definition File (pcAnywhere.pdf) is provided with pcAnywhere. This file can be modified to accommodate any package created with Symantec Packager. To use the supplied Package Definition File without modification, do one of the following: For .exe-based packages, rename the pcAnywhere package that you want to...
  • Page 57 Do not select This package does not contain any files. Click Browse to locate the folder that contains the pcAnywhere package that you created with Symantec Packager (or a supplied, preconfigured package). The Create Package from Definition Wizard uses this folder to point to the pcAnywhere package.

  • Page 58: Using Windows Nt/2000/2003 Server/Xp Logon Scripts

    Deploying Symantec pcAnywhere custom installations Using Windows NT/2000/2003 Server/XP logon scripts Windows 9x/Windows NT to distribute the pcAnywhere package to Windows 9x and Windows NT clients. Click Browse, and then and pick the collection to which you want to advertise the installation.
  • Page 59 Deploying Symantec pcAnywhere custom installations Using Windows NT/2000/2003 Server/XP logon scripts @echo off setlocal REM ***** Package Variable -- Change to name of pcA Package ***** Set Package=Package.MSI REM ***** EXE or MSI Variable -- Change to package type (MSI or EXE)

  • Page 60: Testing The Windows Logon Script

    Deploying Symantec pcAnywhere custom installations Using NetWare logon scripts rd pcapkg Net Use Z: /DELETE :End endlocal Testing the Windows logon script Test the completed script on one or two workstations before setting up the script for all users. Windows NT/2000/2003 Server/XP users must have local administrative rights on their computers to install the pcAnywhere package.

  • Page 61: Writing The Netware Logon Script

    Deploying Symantec pcAnywhere custom installations Using NetWare logon scripts Writing the NetWare logon script Use the following sample logon script and deployment batch file to roll out pcAnywhere. The script creates the appropriate drive mappings to the local workstation and launches the deployment batch file. The batch file installs the pcAnywhere package and removes the installation files when complete.

  • Page 62: Testing The Netware Logon Script

    Deploying Symantec pcAnywhere custom installations Using NetWare logon scripts REM ***** Creates a folder in the Temp dir, and copies the package ***** CD %TEMP% MD pcapkg CD pcapkg COPY %Package% c: REM ***** Launches package installation ***** IF %PkgType% == MSI msiexec -i %Package%...

  • Page 63: Performing Centralized Management

    About the Microsoft Distributed Component Object Model (DCOM) About centralized logging About centralized management Symantec pcAnywhere includes the pcAnywhere Host Administrator tool, which lets you remotely manage multiple pcAnywhere hosts on a network. The pcAnywhere Host Administrator tool is a Microsoft Management Console (MMC) snap-in and requires MMC to run.

  • Page 64: Installing The Pcanywhere Host Administrator Tool

    In the Add/Remove Programs window, click Symantec pcAnywhere. Click Change. In the Modify or Remove Symantec pcAnywhere panel, click Next. In the Program Maintenance panel, click Modify, and then click Next. In the Custom Setup panel, under pcAnywhere Tools, click the down arrow next to Host Administrator, and then click This feature will be installed on local hard drive.

  • Page 65: Adding The Host Administrator Snap-In To Mmc

    Administrator tool, you can add it as a snap-in to MMC. MMC is included with the operating system in Windows 2000/2003 Server/XP. If you need to install MMC, you can install it from the Symantec pcAnywhere CD. To add the Host Administrator snap-in to MMC On the Windows taskbar, click Start >...

  • Page 66: Adding Computers To A Configuration Group

    These files contain the connection and security settings needed to support connections between the pcAnywhere Host Administrator console and the host computers that you want to manage. Symantec pcAnywhere provides the following preconfigured host and remote connection items that you can use as templates:...
  • Page 67 In the Remote Properties window, on the Connection Info tab, select one of the following network protocols: TCP/IP NetBIOS In the Remote Properties window, configure the other settings that you want to use. When you are finished, click OK. For more information, see the Symantec pcAnywhere User's Guide.
  • Page 68 A user name and password is required for all host sessions. You can configure other settings. For example, access privileges. For more information, see the Symantec pcAnywhere User's Guide. In the Host Properties window, configure the other settings that you want to use, and then click OK.

  • Page 69: Configuring A Host Item In Pcanywhere Host Administrator

    Configuring a host item in pcAnywhere Host Administrator The pcAnywhere Host Administrator tool lets you create a host item that you can distribute to the host computers in your configuration group. Symantec pcAnywhere requires that you set up a logon account for users who connect to your computer, and select an authentication method to verify their identities.

  • Page 70: Managing Hosts In A Configuration Group

    Performing centralized management Managing pcAnywhere hosts remotely In the Distribute pcAnywhere Files dialog box, select the computers to which you want to distribute the file. Select the file that you want to distribute. Click OK. Managing hosts in a configuration group Once you have configured the computers in your configuration group, use the pcAnywhere Host Administrator console to start, stop, or connect to any managed host in the group.

  • Page 71: Integrating With Microsoft Systems Management Server

    Management Server (SMS). SMS is a scalable change and configuration management system for Microsoft Windows-based computers and servers. Symantec pcAnywhere provides the support files needed to integrate with SMS. These files are offered only on the Symantec pcAnywhere CD. Importing the package definition file into SMS Symantec pcAnywhere provides a package definition file (pcAnywhere.pdf), which...

  • Page 72: Implementing Dcom In Windows Nt/2000/2003 Server/Xp

    File and print sharing for Microsoft Windows Networks should be installed and enabled on the Windows 98/Me computer. Modifying DCOM settings Symantec pcAnywhere configures DCOM during the installation process. The default settings should be sufficient for pcAnywhere management applications to function normally and maintain a sufficient level of security. However,...

  • Page 73: About Awshim

    Performing centralized management About the Microsoft Distributed Component Object Model (DCOM) administrators can modify the default security settings in DCOM to allow or deny access to a system. Modifying DCOM security settings on a managed computer might require adjustments to the DCOM settings on the administrator computer. Ensure that all managed computers are authenticating on the same Windows NT domain or on trusted domains.

  • Page 74: About Centralized Logging

    The pcAnywhere Host Administrator tool lets you retrieve log files from a host computer on the network . You can then view and process them locally. Symantec pcAnywhere also supports logging to a Simple Network Management Protocol (SNMP) console. SNMP is used to send SNMPv1 traps to a compatible console that records the information.

  • Page 75: About The Pcanywhere Mib File

    Repeat this process for each computer that you want to add. Click OK. Select the events that you want to log. For more information, see the Symantec pcAnywhere User's Guide. Click OK. About the pcAnywhere MIB file The pcAnywhere MIB file outlines the SNMP traps that pcAnywhere can generate.
  • Page 76 Performing centralized management About centralized logging...

  • Page 77: Integrating Pcanywhere With Directory Services

    Chapter Integrating pcAnywhere with directory services This chapter includes the following topics: About directory services Using directory services with pcAnywhere Configuring the directory servers Configuring pcAnywhere to use directory services About directory services The directory services capability in pcAnywhere is an example of a Lightweight Directory Access Protocol (LDAP) client application, which stores and retrieves information about users.

  • Page 78: Configuring The Directory Servers

    Integrating pcAnywhere with directory services Configuring the directory servers When the remote starts, a new application, the directory services browser, launches and connects to an LDAP server. The directory services browser queries all entries that satisfy its filter criteria and displays the entries in a list view. You can then select the host to which you want to connect from this list.

  • Page 79: Configuring Netscape Directory Server 4.0

    Integrating pcAnywhere with directory services Configuring the directory servers In the ObjectClass Name field, type pcaHost In the Available Attributes list, locate the objectclass attribute, and then click Add to include it in the Required Attributes list. In the Available Attributes list, locate the pcaHostEntry attribute, and then add it to the Allowed Attributes list.

  • Page 80: Configuring Novell V5.0 Server

    Integrating pcAnywhere with directory services Configuring the directory servers On the Tasks tab, click Restart the Directory Server. At the prompt, click Yes. Configuring Novell v5.0 server The following procedures only apply if LDAP is installed, configured, and functioning on the Novell server with Novell Directory Services (NDS) 8.0. Administrator rights to the server are needed to perform the following procedures: Configuring the pcaHostEntry Configuring the pcaHost object...
  • Page 81 Integrating pcAnywhere with directory services Configuring the directory servers Creating the pcaHost object in ConsoleOne Follow this procedure to create the pcaHost object. To create the pcaHost object in ConsoleOne Open ConsoleOne from the following location: sys:public\mgmt\ConsoleOne\1.2\bin\ConsoleOne.exe On the Tools menu, click Schema Manager. On the Class tab, click Create.
  • Page 82 Integrating pcAnywhere with directory services Configuring the directory servers In the LDAP attribute field, type pcaHostEntry This entry is case-sensitive and must be entered exactly as it appears above. In the NDS Attribute box, click pcaHostEntry. Click OK. Do one of the following: Click Apply to map other attributes.
  • Page 83 Integrating pcAnywhere with directory services Configuring the directory servers To create an LDIF file In Notepad, type the following lines for each user: DN:cn=user,ou=organization_unit,o=organization Changetype:modify Add:objectclass Objectclass:pcaHost Save this file locally, and then copy it to the following location: sys:system\schema\ At the server prompt, type the following: Load Bulkload.nlm Click Apply LDIF file.

  • Page 84: Configuring Windows Active Directory

    Integrating pcAnywhere with directory services Configuring the directory servers To assign rights to multiple users Click the container in which to place the group. Right-click the container, and then click New > Group. Type a name for the group. Right-click the group name, and then click Properties. On the Members tab, click Add to include other users.
  • Page 85 Integrating pcAnywhere with directory services Configuring the directory servers To add the snap-in On the Windows taskbar, click Start > Run. Type mmc Click OK. On the Console1 toolbar, click Console > Add/Remove Snap-in . In the Add/Remove Snap-in dialog box, click Add. Click Active Directory Schema, and then click Add.
  • Page 86 Integrating pcAnywhere with directory services Configuring the directory servers Creating the pcaHost object Follow this procedure to create the pcaHost object. To create the pcaHost object In the Common Name entry field, type pcaHost This is case-sensitive. In the LDAP Display Name field, type pcaHost In the Unique X500 Object ID field, type the following: 1.3.6.1.4.1.393.100.9.8.2...
  • Page 87 Integrating pcAnywhere with directory services Configuring the directory servers Setting the rights for the pcAnywhere user To set up the rights for the pcAnywhere user, you must first set up view rights, and then set up edit rights. To set up view rights for the user On the Windows taskbar, click Start >...

  • Page 88: Configuring Pcanywhere To Use Directory Services

    Integrating pcAnywhere with directory services Configuring pcAnywhere to use directory services On the Object tab, in the Apply onto list, click Child objects only . Click OK until you close the Security property page. Configuring pcAnywhere to use directory services Configuring pcAnywhere to use directory services involves the following process: Set up directory services in pcAnywhere preferences so that all connection items use the same settings.

  • Page 89: Setting Up The Host Computer To Use Directory Services

    Click OK. Symantec pcAnywhere attempts to connect to the directory server and search for the entry specified in the Name field. If multiple entries are found, users must select the one that represents them. Once the entry is identified, pcAnywhere stores its Distinguished Name in the registry for easy identification, and labels the entry as Verified.

  • Page 90: Setting Up The Remote Computer To Use Directory Services

    Integrating pcAnywhere with directory services Configuring pcAnywhere to use directory services Setting up the remote computer to use directory services When you set up a remote connection to use directory services, the remote looks on the directory server for waiting host connections. Configure the directory server entries before beginning this procedure.

  • Page 91: Managing Security In Symantec Pcanywhere

    “Limiting connections to specific computer names or IP addresses” on page 92. Serialize pcAnywhere installations. Symantec pcAnywhere lets you create custom installation packages with an embedded security code, or serial number. This serial number must be present on both the host and remote computers to make a connection.

  • Page 92: Limiting Connections To Specific Computer Names Or Ip Addresses

    Limiting the number of consecutive times that a remote user can attempt to log on to the host computer helps protect against hacker and denial of service attacks. Symantec pcAnywhere ends the connection if a remote user is not able to log on successfully before reaching the limit.

  • Page 93: Leveraging Centralized Authentication In Pcanywhere

    Click OK. Leveraging centralized authentication in pcAnywhere Symantec pcAnywhere requires you to create a caller logon account for each remote user or user group who connects to the host computer and to select an authentication method for verifying the user's identity. This information is required for all host sessions to prevent unauthorized access.
  • Page 94 Setting up Windows NT authentication for global users Symantec pcAnywhere lets you configure a server using NT authentication to support callers from the local administrator user group and any global groups that are included in the local group.
  • Page 95 Managing security in Symantec pcAnywhere Controlling access to pcAnywhere hosts This configuration option is less time-consuming than adding an individual account for each administrator to the local administrator group. This feature is supported only for Windows NT authentication. To set up Windows NT authentication for global users In the pcAnywhere Manager window, on the left navigation bar, click Hosts.
  • Page 96 Managing security in Symantec pcAnywhere Controlling access to pcAnywhere hosts Novell-based authentication types (continued) Table 6-2 Novell-based Explanation Implementation in authentication types pcAnywhere Novell LDAP Validates a user or group by Users must log on to the checking a user list stored in LDAP server, and then they an LDAP 3.0-compliant...

  • Page 97: Protecting Session Security

    Protecting session security Symantec pcAnywhere provides a number of options to protect the privacy of a session and prevent users from performing specific tasks that might interfere with the host session. These security measures provide an additional layer of security, but are most effective when used in combination with stronger security features in pcAnywhere.
  • Page 98 You can do the following: Cancel the host or continue to wait for connections. Log off the host user. Restart the host computer. Lock the computer. For more information, see the Symantec pcAnywhere User's Guide.

  • Page 99: Maintaining Audit Trails

    Depending on your environment, you can send information about events that occurred during a session to a pcAnywhere generated log file, the Windows Event Log, or a Simple Network Management Protocol (SNMP) console. Symantec pcAnywhere supports centralized logging, so you can archive the logs on a secure, central server.

  • Page 100: Implementing System Policy In Windows 98/Me/Nt4

    For more information about the System Policy Editor, see the online documentation for your operating system. Symantec pcAnywhere defines policy settings in an administrative template. After you start the System Policy Editor, you can import the pcAnywhere.adm file. “Importing the pcAnywhere administrative template”...

  • Page 101: Managing User Policies

    Open. In the Policy Template Options window, click OK. Managing user policies Symantec pcAnywhere lets you control whether users can access certain portions of the user interface or perform certain functions in pcAnywhere. Table 6-5 lists information about the policy settings that pcAnywhere lets you...
  • Page 102 Managing security in Symantec pcAnywhere Implementing policy-based administration Location of pcAnywhere policy settings Table 6-5 Folder Description Actions Contains policy settings to prohibit users from doing the following: Launching the pcAnywhere Manager window, which is the main user interface for pcAnywhere...
  • Page 103 Managing security in Symantec pcAnywhere Implementing policy-based administration Location of pcAnywhere policy settings (continued) Table 6-5 Folder Description UI Changes\Remote Objects Contains policy settings to prohibit users from doing the following: Editing remote objects Creating remote objects Changing the directory location of remote objects...
  • Page 104 Under User Configuration, click the plus sign next to Administrative Templates to expand the list. Click the plus sign next to Symantec pcAnywhere to expand the list. Open the folder that contains the policy settings that you want to edit.
  • Page 105 Managing security in Symantec pcAnywhere Implementing policy-based administration Under Symantec pcAnywhere, expand a list by clicking the plus sign next to the policy type that you want to edit. Select the policy settings that you want to enable. Enabling a policy setting typically prevents users from viewing or performing a task.
  • Page 106 Managing security in Symantec pcAnywhere Implementing policy-based administration...
  • Page 107 Index Numerics connection item files (continued) remote 25 .bhf files 25, 68 connection items .chf files 25, 67 host 35 .cif files 25, 68 remote 36 .cqf files 25 custom commands .sid files 28 adding to package definition files 40 overview 38 custom installations.
  • Page 108 92 adding products to 40 building 41 importing into SMS 71 viewing product requirements 40 license agreements Packager. See Symantec Packager Symantec Packager 17 packages LiveUpdate 36 adding configuring files 24 login scripts adding custom commands 38...
  • Page 109 36 SNMP traps 99 remote templates 36 logging 74 serializing 27 Start.htm file 50 setting global options 30 Symantec Packager testing 42 customizing products 21 pcAnywhere Tools importing product modules 20 Host Administrator 63 process overview 18 pcAnywhere.adm file 100–101...

This manual is also suitable for:

PcanywherePcanywhere - v 12.0 automation guide

Table of Contents