1 <chapter id="AdvancedNetworkManagement">
4 <pubdate>April 3 2003</pubdate>
7 <title>Advanced Network Management</title>
10 This section documents peripheral issues that are of great importance to network
11 administrators who want to improve network resource access control, to automate the user
12 environment and to make their lives a little easier.
16 <title>Features and Benefits</title>
19 Often the difference between a working network environment and a well appreciated one can
20 best be measured by the <emphasis>little things</emphasis> that make everything work more
21 harmoniously. A key part of every network environment solution is the
23 manage MS Windows workstations, remotely access the Samba server, provide customized
24 logon scripts, as well as other housekeeping activities that help to sustain more reliable
29 This chapter presents information on each of these areas. They are placed here, and not in
30 other chapters, for ease of reference.
36 <title>Remote Server Administration</title>
39 <para><quote>How do I get `User Manager' and `Server Manager'?</quote></para>
42 <indexterm><primary>User Manager</primary></indexterm>
43 <indexterm><primary>Server Manager</primary></indexterm>
44 <indexterm><primary>Event Viewer</primary></indexterm>
45 Since I do not need to buy an <application>NT4 Server</application>, how do I get the `User Manager for Domains'
46 and the `Server Manager'?
50 <indexterm><primary>Nexus.exe</primary></indexterm>
51 Microsoft distributes a version of these tools called <filename>Nexus.exe</filename> for installation
52 on <application>Windows 9x/Me</application> systems. The tools set includes:
56 <listitem>Server Manager</listitem>
57 <listitem>User Manager for Domains</listitem>
58 <listitem>Event Viewer</listitem>
62 Download the archived file at <ulink noescape="1" url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE.</ulink>
66 <indexterm><primary>SRVTOOLS.EXE</primary></indexterm>
67 The <application>Windows NT 4.0</application> version of the `User Manager for
68 Domains' and `Server Manager' are available from Microsoft <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">via ftp</ulink>.
74 <title>Remote Desktop Management</title>
77 There are a number of possible remote desktop management solutions that range from free
78 through costly. Do not let that put you off. Sometimes the most costly solution is the
79 most cost effective. In any case, you will need to draw your own conclusions as to which
80 is the best tool in your network environment.
84 <title>Remote Management from NoMachine.Com</title>
87 <indexterm><primary>NoMachine.Com</primary></indexterm>
88 The following information was posted to the Samba mailing list at Apr 3 23:33:50 GMT 2003.
89 It is presented in slightly edited form (with author details omitted for privacy reasons).
90 The entire answer is reproduced below with some comments removed.
94 I have a wonderful Linux/Samba server running as pdc for a network. Now I would like to add remote
95 desktop capabilities so users outside could login to the system and get their desktop up from home or
100 Is there a way to accomplish this? Do I need a Windows Terminal Server? Do I need to configure it so
101 it is a member of the domain or a BDC,PDC? Are there any hacks for MS Windows XP to enable remote login
102 even if the computer is in a domain?
106 Answer provided: Check out the new offer of <quote>NX</quote> software from
107 <ulink noescape="1" url="http://www.nomachine.com/">NoMachine</ulink>.
111 It implements an easy-to-use interface to the Remote X protocol as
112 well as incorporating VNC/RFB and rdesktop/RDP into it, but at a speed
113 performance much better than anything you may have ever seen.
117 Remote X is not new at all, but what they did achieve successfully is
118 a new way of compression and caching technologies that makes the thing
119 fast enough to run even over slow modem/ISDN connections.
123 I could test drive their (public) Red Hat machine in Italy, over a loaded
124 Internet connection, with enabled thumbnail previews in KDE konqueror
125 which popped up immediately on <quote>mouse-over</quote>. From inside that (remote X)
126 session I started a rdesktop session on another, a Windows XP machine.
127 To test the performance, I played Pinball. I am proud to announce
128 that my score was 631750 points at first try.
132 NX performs better on my local LAN than any of the other <quote>pure</quote>
133 connection methods I am using from time to time: TightVNC, rdesktop or
134 Remote X. It is even faster than a direct crosslink connection between
139 I even got sound playing from the Remote X app to my local boxes, and
140 had a working <quote>copy'n'paste</quote> from an NX window (running a KDE session
141 in Italy) to my Mozilla mailing agent. These guys are certainly doing
146 I recommend to test drive NX to anybody with a only a passing interest in remote computing
147 <ulink noescape="1" url="http://www.nomachine.com/testdrive.php">http://www.nomachine.com/testdrive.php</ulink>.
151 Just download the free of charge client software (available for Red Hat,
152 SuSE, Debian and Windows) and be up and running within five minutes (they
153 need to send you your account data, though, because you are assigned
154 a real UNIX account on their testdrive.nomachine.com box.
158 They plan to get to the point were you can have NX application servers
159 running as a cluster of nodes, and users simply start an NX session locally,
160 and can select applications to run transparently (apps may even run on
161 another NX node, but pretend to be on the same as used for initial login,
162 because it displays in the same window. You also can run it
163 full-screen, and after a short time you forget that it is a remote session
168 Now the best thing for last: All the core compression and caching
169 technologies are released under the GPL and available as source code
170 to anybody who wants to build on it! These technologies are working,
171 albeit started from the command line only (and very inconvenient to
172 use in order to get a fully running remote X session up and running.)
176 To answer your questions:
181 You do not need to install a terminal server; XP has RDP support built in.
185 NX is much cheaper than Citrix &smbmdash; and comparable in performance, probably faster.
189 You do not need to hack XP &smbmdash; it just works.
193 You log into the XP box from remote transparently (and I think there is no
194 need to change anything to get a connection, even if authentication is against a domain).
198 The NX core technologies are all Open Source and released under the GPL &smbmdash;
199 you can now use a (very inconvenient) command-line at no cost,
200 but you can buy a comfortable (proprietary) NX GUI front end for money.
204 NoMachine are encouraging and offering help to OSS/Free Software implementations
205 for such a front end too, even if it means competition to them (they have written
206 to this effect even to the LTSP, KDE and GNOME developer mailing lists).
215 <title>Network Logon Script Magic</title>
218 There are several opportunities for creating a custom network startup configuration environment.
222 <listitem>No Logon Script.</listitem>
223 <listitem>Simple universal Logon Script that applies to all users.</listitem>
224 <listitem>Use of a conditional Logon Script that applies per user or per group attributes.</listitem>
225 <listitem>Use of Samba's preexec and postexec functions on access to the NETLOGON share to create
226 a custom logon script and then execute it.</listitem>
227 <listitem>User of a tool such as KixStart.</listitem>
231 The Samba source code tree includes two logon script generation/execution tools.
232 See <filename>examples</filename> directory <filename>genlogon</filename> and
233 <filename>ntlogon</filename> subdirectories.
237 The following listings are from the genlogon directory.
242 <indexterm><primary>genlogon.pl</primary></indexterm>
243 This is the <filename>genlogon.pl</filename> file:
245 <smbfile name="genlogon.pl">
251 # Perl script to generate user logon scripts on the fly, when users
252 # connect from a Windows client. This script should be called from
253 # smb.conf with the %U, %G and %L parameters. I.e:
255 # root preexec = genlogon.pl %U %G %L
257 # The script generated will perform
260 # 1. Log the user connection to /var/log/samba/netlogon.log
261 # 2. Set the PC's time to the Linux server time (which is maintained
262 # daily to the National Institute of Standards Atomic clock on the
264 # 3. Connect the user's home drive to H: (H for Home).
265 # 4. Connect common drives that everyone uses.
266 # 5. Connect group-specific drives for certain user groups.
267 # 6. Connect user-specific drives for certain users.
268 # 7. Connect network printers.
270 # Log client connection
271 #($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
272 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
273 open LOG, ">>/var/log/samba/netlogon.log";
274 print LOG "$mon/$mday/$year $hour:$min:$sec";
275 print LOG " - User $ARGV[0] logged into $ARGV[1]\n";
278 # Start generating logon script
279 open LOGON, ">/shared/netlogon/$ARGV[0].bat";
280 print LOGON "\@ECHO OFF\r\n";
282 # Connect shares just use by Software Development group
283 if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
285 print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
288 # Connect shares just use by Technical Support staff
289 if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
291 print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
294 # Connect shares just used by Administration staff
295 If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
297 print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
298 print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
301 # Now connect Printers. We handle just two or three users a little
302 # differently, because they are the exceptions that have desktop
303 # printers on LPT1: - all other user's go to the LaserJet on the
305 if ($ARGV[0] eq 'jim'
306 || $ARGV[0] eq 'yvonne')
308 print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
309 print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
313 print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
314 print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
317 # All done! Close the output file.
324 Those wishing to use more elaborate or capable logon processing system should check out these sites:
328 <listitem><ulink noescape="1" url="http://www.craigelachie.org/rhacer/ntlogon">http://www.craigelachie.org/rhacer/ntlogon</ulink></listitem>
329 <listitem><ulink noescape="1" url="http://www.kixtart.org">http://www.kixtart.org</ulink></listitem>
333 <title>Adding Printers without User Intervention</title>
337 <indexterm><primary>rundll32</primary></indexterm>
338 Printers may be added automatically during logon script processing through the use of:
341 &dosprompt;<userinput>rundll32 printui.dll,PrintUIEntry /?</userinput>
344 See the documentation in the <ulink url="http://support.microsoft.com/default.asp?scid=kb;en-us;189105">Microsoft knowledgebase article 189105.</ulink>