path: root/docs/docbook/projdoc/AdvancedNetworkAdmin.xml

<chapter id="AdvancedNetworkManagement">
<chapterinfo>
	&author.jht;
    <pubdate>April 3 2003</pubdate>
</chapterinfo>

<title>Advanced Network Manangement</title>

<para>
This section attempts to document peripheral issues that are of great importance to network
administrators who want to improve network resource access control, to automate the user
environment, and to make their lives a little easier.
</para>

<sect1>
<title>Remote Server Administration</title>

<para>
<emphasis>How do I get 'User Manager' and 'Server Manager'?</emphasis>
</para>

<para>
Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains',
the 'Server Manager'?
</para>

<para>
Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me
systems.  The tools set includes:
</para>

<itemizedlist>
	<listitem><para>Server Manager</para></listitem> 
	<listitem><para>User Manager for Domains</para></listitem> 
	<listitem><para>Event Viewer</para></listitem> 
</itemizedlist>

<para>
Click here to download the archived file <ulink 
url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink>
</para>

<para>
The Windows NT 4.0 version of the 'User Manager for 
Domains' and 'Server Manager' are available from Microsoft via ftp 
from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink>
</para>

</sect1>
<sect1>
<title>Network Logon Script Magic</title>

<para>
This section needs work. Volunteer contributions most welcome. Please send your patches or updates
to <ulink url="mailto:jht@samba.org">John Terpstra</ulink>.
</para>

<para>
There are several opportunities for creating a custom network startup configuration environment.
</para>

<simplelist>
	<member>No Logon Script</member>
	<member>Simple universal Logon Script that applies to all users</member>
	<member>Use of a conditional Logon Script that applies per user or per group attirbutes</member>
	<member>Use of Samba's Preexec and Postexec functions on access to the NETLOGON share to create
	a custom Logon Script and then execute it.</member>
	<member>User of a tool such as KixStart</member>
</simplelist>

<para>
The Samba source code tree includes two logon script generation/execution tools. See <filename>examples</filename> directory <filename>genlogon</filename> and <filename>ntlogon</filename> subdirectories.
</para>

<para>
The following listings are from the genlogon directory.
</para>

<para>
This is the genlogon.pl file:

<programlisting>
	#!/usr/bin/perl
	#
	# genlogon.pl
	#
	# Perl script to generate user logon scripts on the fly, when users
	# connect from a Windows client.  This script should be called from smb.conf
	# with the %U, %G and %L parameters. I.e:
	#
	#       root preexec = genlogon.pl %U %G %L
	#
	# The script generated will perform
	# the following:
	#
	# 1. Log the user connection to /var/log/samba/netlogon.log
	# 2. Set the PC's time to the Linux server time (which is maintained
	#    daily to the National Institute of Standard's Atomic clock on the
	#    internet.
	# 3. Connect the user's home drive to H: (H for Home).
	# 4. Connect common drives that everyone uses.
	# 5. Connect group-specific drives for certain user groups.
	# 6. Connect user-specific drives for certain users.
	# 7. Connect network printers.

	# Log client connection
	#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
	($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
	open LOG, ">>/var/log/samba/netlogon.log";
	print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n";
	close LOG;

	# Start generating logon script
	open LOGON, ">/shared/netlogon/$ARGV[0].bat";
	print LOGON "\@ECHO OFF\r\n";

	# Connect shares just use by Software Development group
	if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
	{
		print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
	}

	# Connect shares just use by Technical Support staff
	if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
	{
		print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
	}

	# Connect shares just used by Administration staff
	If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
	{
		print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
		print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
	}

	# Now connect Printers.  We handle just two or three users a little
	# differently, because they are the exceptions that have desktop
	# printers on LPT1: - all other user's go to the LaserJet on the
	# server.
	if ($ARGV[0] eq 'jim'
	    || $ARGV[0] eq 'yvonne')
	{
		print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
		print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
	}
	else
	{
		print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
		print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
	}

	# All done! Close the output file.
	close LOGON;
</programlisting>
</para>

<para>
Those wishing to use more elaborate or capable logon processing system should check out the following sites:
</para>

<simplelist>
	<member>http://www.craigelachie.org/rhacer/ntlogon</member>
	<member>http://www.kixtart.org</member>
	<member>http://support.microsoft.com/default.asp?scid=kb;en-us;189105</member>
</simplelist>

<sect2>
<title>Adding printers without user intervention</title>

<para>
Printers may be added automatically during logon script processing through the use of:

<programlisting>
	rundll32 printui.dll,PrintUIEntry /?
</programlisting>

See the documentation in the Microsoft knowledgebase article no: 189105 referred to above.
</para>
</sect2>

</sect1>
</chapter>