net control admin guide

8/14/2019 Net Control Admin Guide

1/142

NetControl

Administrators Guide

NC-AG-0708-310


2/142


3/142

Copyright 2008 NetPro Computing, Inc.

DisclaimerNetPro Computing, Inc. (NetPro) makes no representations or warranties, either expressed or implied, with

respect to the adequacy of this documentation or the programs which it describes in regard to fitness for anyparticular purpose or with respect to its adequacy to produce any particular result. The computer programs and

documentation are sold as is, and the entire risk as to quality and performance is with the buyer. In no event shall

NetPro be liable for special, direct, indirect or consequential damages resulting from any defect in the programs,

documentation or software. Some states do not allow the exclusion or limitation of implied warranties or liability for

incidental or consequential damages, in which case the above limitations and exclusions may not apply to you.

Proprietary RightsNetPro has prepared this document for use by NetPro personnel, agents, licensees and customers. The

information contained in this document is the property of NetPro. You may not reproduce, translate, or transmit it

in any form or by any means, electronically or mechanically, without prior written permission from NetPro.

Disclaimer of LiabilityNetPro makes no representation or warranties of any kind, either expressed or implied, with respect to the

contents of this manual, including but not limited to typographical errors and technical completeness, NetPro

reserves the right to revise this publication and to make changes in its content without obligation to notify anyperson of such revision or changes.

TrademarksNetPro Computing and NetPro are registered trademarks and NetControl, NetControl for Exchange,

AccessManager, AccessReporter for Windows, Business Insight, GPOADmin, LogADmin, ReportADmin for ACS

and the NetPro logo are trademarks of NetPro Computing, Inc.

Microsoft, Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, and Active Directory are

either registered trademarks or trademarks of Microsoft Corporation.

Other product names mentioned in this manual may be trademarked: they are used for identification purposes

only.

Document Revision History

ES-AG-1007-200 October 2007 Enterprise Server 2.0

ES-AG-1107-250 November 2007 Enterprise Server 2.5

ES-AG-1207-260 December 2007 Enterprise Server 2.6

ES-AG-0408-260-A April 2008 Enterprise Server 2.6 with

Business Insight 3.0

ES-AG-0608-260-B June 2008 Enterprise Server 2.6

NC-AG-0708-310 July 2008 NetControl 3.1


4/142

NetPro Computing, Inc.Corporate Office

4747 N. 22nd Street, Suite 400Phoenix, Arizona 85016 USA

Telephone 602 346 3600

FAX 602 346 3610

Email [email protected] http://www.netpro.com

Sales

USA and Canada 800 998 5090

International +1 602 346 3630

Worldwide Technical Support

USA 1 602 346 3670

USA (Toll Free) 1 866 9 NETPRO

Germany 0800 180 2577UK 0 0800 047 0197

France 0800 917881

Australia 1 800 773 850

Email [email protected]


5/142

NetControl i

Table of Contents

Table of Contents

Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1

System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1

Whats in this Guide- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2

How to Get Additional Help - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4

Chapter 2: NetControl Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7

Connecting to the NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8

NetControl Console Components- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8

Chapter 3: Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -15

Considerations for Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - 15

Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16

Chapter 4: Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -21

Agents Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22Considerations for Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24

Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24

Chapter 5: Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -33

Agent Groups Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34

Creating Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36

Chapter 6: Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -41

Computer Lists Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42Building Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44

Chapter 7: Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -51

Schedules Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52Defining Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54

Chapter 8: Collectors - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -57Collectors Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 58

Defining a Collector - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 59

Chapter 9: Active Directory Management Console - - - - - - - - - - - - - - - - - - -63

Active Directory Management Console Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 64Creating a Custom View- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 67

Establishing a Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 71Creating Provisioning Rules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 73


6/142

ii NetControl

Table of Contents

Configuring Workflow for an ADMC Action - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 85Modifying Active Directory When Workflow is Applied - - - - - - - - - - - - - - - - - - - - - - - - - - 87

Chapter 10: Workflow - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 89

Workflow Editor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 90Workflow Pane- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 101

Managing Workflow Requests - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 104Reviewing and/or Approving Workflow Requests- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 106Using Microsoft Outlook to View Workflow Items- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 107

Chapter 11: Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 109

Reports Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 110Generating NetControl Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 111

Appendix A: NetPro Applications Using NetControl Components - - - - - - 121

Appendix B: Email Setup - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123

Configuration Page - NetControl Email Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124

Setting up Email- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Appendix C: Active Directory Users and Computers (ADUC) Extension - 127

Usage Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127Using the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128Removing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128

Re-installing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128

Appendix D: NetControl Troubleshooting - - - - - - - - - - - - - - - - - - - - - - - - 129

NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129

ADMC Functionality - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 131


7/142

NetControl 1

Introduction

Chapter 1: Introduction

NetControl (formerly known as Enterprise Server) provides a centralized interface to configure

and manage individual services and provides licensed NetPro applications access to shared

services and data. In addition, NetControls Active Directory Management Console (ADMC),

extends Microsofts Active Directory Users and Computers (ADUC) interface to optimize Active

Directory management. With ADMC, you can enforce approval processes for tighter security,

while providing compliance for regulations. You can also add business logic to automate

common Active Directory tasks, giving you greater control and scalability.

This document describes the base NetControl console (including ADMC), its components and

the shared services that are available. Please refer to the documentation of each individual

application for information on the components that are made available through the console

once the application is deployed (e.g, workflow, collectors, etc.).

This chapter provides the following information:

System Overview

Whats in this Guide

How to Get Additional Help

System Overview

The NetControl platform consists of three main components:

NetControl Console

NetControl Service

NetControl Agent

The NetControl Console provides the user interface to all functionality of the NetControlService, the ADMC and licensed NetPro applications that build upon the NetControl platform.

Through the console, you can interact with and retrieve information from each deployed

application.

The NetControl Service is one of the core components of the application. Your ability to gain

access to application data or configure the application depends on the communication between

the console and the NetControl Service. Since the service is your 'gateway' into the application,

the security model of the application is housed here.


8/142

2 NetControl

Introduction

As it relates to the application, NetControl Agents do all of the workload processing. They

communicate directly with the SQL Database on a configured interval to receive a list of actions

that need to be executed upon. Each NetPro application that builds upon the NetControl

platform will define the work that needs to be processed on a scheduled basis.

Whats in this Guide

This manual assumes you have a working knowledge of Active Directory and consists of the

following chapters:

Introduction

This chapter introduces NetControl and provides a system overview of the NetControl

platform. It also describes the contents of this manual and information on obtainingadditional assistance from NetPro.

NetControl Client Overview

Chapter 2 introduces the base NetControl console and includes a description of the menu

commands, tool bar buttons, navigation pane, explorer view and object list.

Application Security

Chapter 3 explains how to implement application security to build a secure deployment.

Agents

Chapter 4 provides a brief description about agents, describes the Agents pane and the

New Agent dialog, and provides instructions on how to deploy an agent.

Agent Groups

Chapter 5 provides a brief description about agent groups, describes the Agent Groups

pane and the New Agent Groups dialog, and provides instructions on how to set up an

agent group.


9/142

NetControl 3

Introduction

Computer Lists

Chapter 6 provides a brief description about computer lists, describes the Computer List

pane and the New Computer List dialog, and provides instructions on how to build a

computer list.

Schedules

Chapter 7 provides a brief description about schedules, describes the Schedules pane andthe New Schedule dialog, and provides instructions on how to set up a schedule.

Collectors

Chapter 8 provides a brief description of collectors and the NetControl components that are

part of setting up a collector. Please note that the Collector button is available in the

navigation pane when NetControl is installed. However, there must be a NetPro application

deployed that uses the collectors before data collections can be configured/viewed.

Active Directory Management Console

Chapter 9 describes the Active Directory Management Console (ADMC), which is part of

the base NetControl platform. It describes the ADMC pane and provides instruction on how

to perform the various tasks that can be performed from this pane to administer directory

information.

Workflow

Chapter 10 explains how to use the Workflow Editor to set up actions for the workflow

queue where a review and approval is required before the action can be committed and

deployed in your environment. It also explains the workflow process and how to review/

approve requests using the Workflow pane or Microsoft Outlook.

Reports

Chapter 11 provides information on the Reports pane and the NetControl reports. It also

explains how to run a report using the NetControl console.

Appendix A: NetPro Applications Using NetControl Components

This appendix provides a table that shows the NetPro applications that can be deployed

and the base NetControl components that they use.

Appendix B: Email Setup

This appendix describes the NetControl Configuration pane where you can set up the email

account and SMTP server to be used for email notifications.

Appendix C: Active Directory Users and Computers (ADUC) Extension

This appendix provides additional information regarding the ADUC extension that is

activated when NetControl is installed.

Appendix, D: NetControl Troubleshooting

This appendix covers some of the known issues with NetControl and provides

troubleshooting tips for resolving these issues if they are encountered.

Index

The Index provides an alphabetical subject listing for the contents of this manual.


10/142

4 NetControl

Introduction

How to Get Additional Help

NetPro offers a variety of ways to get additional help:

My.netpro.com enables you to perform many tasks that you may have once conducted

with the help of a NetPro representative.

24x7 Technical Support is available through an annual Software MaintenanceContract.

NetPro Professional Services offers a range of professional services to help you

through every stage of your technology lifecycle.

For more information on using NetControls Active Directory Management Console (ADMC),

please visit http://www.turbochargedad.com.

My.netpro.com

NetPros customer portal site enables you to perform many tasks that you may have once

conducted with the help of a NetPro representative. Now, you can do them all on the customer

section of our website -- https://www.netpro.com.

My.netpro.com was designed to provide you with the best possible service and deliver it

conveniently and quickly -- when you need it. Heres what you can do on my.netpro.com:

submit and update support incidents

view your product purchases

view your maintenance purchases

subscribe and/or unsubscribe from NetPros news list(s)

request product information and literature

request product evaluation software

search our technical support knowledge base sign up to participate in the NetPro Beta Program

https://my.netpro.com is a completely secure site and you will need login credentials to access

the area each time you visit. On your first visit, you will create the credentials to be used every

time you return to the site.


11/142

NetControl 5

Introduction

24x7 Live Technical Support

NetPro offers industry-leading technical support every business day throughout North America

and Europe. NetPros qualified support technicians can be reached at the addresses and

numbers listed below:

NetPro

4747 N. 22nd Street, Suite 400

Phoenix, Arizona (USA) 85016

U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO

Germany: 0800 180 2577

UK: 0 0800 047 0197

France: 0800 917881

Australia: 1 800 773 850

FAX: 1 602 346 3610

Email: [email protected]

Professional Services

NetPro service professionals leverage proven methodologies, industry best practices, and

more than 30 years of combined Microsoft management experience to help organizations reach

their business-critical goals. To help you get the most from our solutions, NetPro Professional

Services offers help with:

Deployment: Choose QuickDeploy for a rapid return on investment or CustomDeploy

for end-to-end phased delivery of NetPro solutions based on your specific business

needs.

Reporting & Analysis: If youre looking for specific executive, operational, or

compliance reports, well deliver business intelligence tailored to your organizational

needs.

Optimization: Make sure youre getting maximum value from NetPro solutions with help

for everything from optimizing your current solution to product training.

To learn more about NetPro Professional Services, please contact your NetPro sales

representative or [email protected].


12/142


13/142

NetControl 7

NetControl Overview

Chapter 2: NetControl Overview

NetControl provides a centralized interface for managing Active Directory and provides shared

resources to other NetPro applications. The resources available through the NetControl

Console include:

Application Security provides component level security for all application components.

Configuration provides options for setting up email and configuring certain NetPro

applications.

Agents perform the work defined by licensed NetPro applications that build upon the

NetControl platform.

Agent Groups are logical or physical groupings of agents used for distributing workload

processing.

Computer Lists are a way to group physical computer resources based on explicit or

dynamically generated content.

Schedules are reusable components that define when tasks are to be performed.

Collectors define what data is to be collected from various resources. The collectors

available are based on the licensed NetPro applications that build upon the NetControl

platform.

Active Directory Management Console (ADMC) extends Microsofts Active Directory

Users and Computers (ADUC) interface to optimize Active Directory management.

Rules can be defined using the ADMC to add business logic to automate common

Active Directory tasks.

Workflow allows you to set certain actions that must adhere to a review and approval

workflow process. Workflow is available for actions performed in the ADMC as well as

some of other licensed NetPro applications that build upon the NetControl platform.

Reports provide a central location for defining the content and generating reports about

the NetControl components and some of the deployed NetPro application.

This chapter describes the layout of the base NetControl Console and how to access the shared

resources, including the following information:

Connecting to the NetControl Console

NetControl Console Components


14/142

8 NetControl

NetControl Overview

Please refer to the documentation for each individual application for information on the

additional components that are deployed with each application.

To determine the shared components that each licensed NetPro application uses, see

Appendix A: NetPro Applications Using NetControl Components on page 121.

Connecting to the NetControl ConsoleFrom the computer where the NetControl console is installed:

1. Select Start | All Programs | NetPro | NetControl | Console.

2. On the NetPro NetControl Connection dialog box, use the drop-down arrow to select the

NetControl server to be used (or from the keyboard, select the down arrow twice).

3. Optionally, select the Remember connection check box to use this server the next time

you run NetControl. If selected, the connection dialog is only displayed if the specified

NetControl server is not available.

NOTE: To disable the Remember Connection setting, use theHelp | Aboutmenu

command to display the About NetPro NetControl dialog and deselect the

Remember Connectioncheck box on this dialog.

4. Click the Connect button to connect to the NetControl server.

NetControl Console Components

The NetControl console provides the user interface for accessing the shared resources, ADMC

and licensed applications that build upon the NetControl platform. The console consists of the

following main components, which are pointed out in the illustration below:

Menu Bar displays the menus for accessing commands.

Tool Bar provides quick access to commonly used commands.

Explorer View displays a hierarchy of resource containers (folders) used to organize

the resources that can be created and managed. This view is populated based on the

button selected in the navigation pane.

Navigation Pane provides access to the base NetControl resources, ADMC and

licensed NetPro applications that use the NetControl platform. The following are the

components installed when NetControl is first installed:

Configuration provides options for setting up email and configuring certain

NetPro applications.

Resources provides a central location for deploying agents, creating and

maintaining agent groups, computer lists and schedules.


15/142

NetControl 9

NetControl Overview

Collectors provides a central location for defining data collections. The resource

containers in this pane are based on the licensed NetPro applications that use data

collection. For more information, refer to the individual product documentation.

Active Directory - provides access to the ADMC which extends Microsofts Active

Directory Users and Computers (ADUC) interface to optimize Active Directory

management.

Workflow provides a list of workflow items in the workflow queue if there are

actions configured to use workflow. Actions performed using the ADMC and some

of the other licensed NetPro applications use the workflow feature.

Reports provides a central location for defining and generating reports for the

NetControl components. There may also be reports for the other deployed NetPro

applications.

Information Panes the contents of the right-hand pane depends on the button

selected in the navigation pane and the node/container selected in the explorer view.

This pane may display the objects available in the selected node/container and

supporting details or options for configuring the selected component.


16/142

10 NetControl

NetControl Overview

Menu Bar

The NetControl console menus follow the same convention as standard Windows menus. That

is, commands are grouped under a menu on the menu bar. Some of these commands perform

an action immediately; others display an additional dialog or launch a wizard where you select

various options or specify additional information.

The following sections describe the default commands that are available when you install

NetControl. As you deploy NetPro applications, there may be additional commands displayed.

Refer to the documentation for each individual application for more information about

commands specific to each application.

Action Menu

Exit

Use the Exit command to close the NetControl console.

Go Menu

Configuration

Use the Configuration command to open the Configuration pane to set up email and

configure each of the deployed NetPro applications.

Resources

Use the Resources command to open the Resources pane to deploy agents and create,

modify or view agent groups, computer lists and schedules.

Collectors

Use the Collectors command to open the Collectors pane to define the data to be

collected. The resource containers available are based on the NetPro applications that use

data collection.

Active Directory

Use the Active Directory command to open the ADMC to administer directory information.

Workflow

Use the Workflow command to open the Workflow pane to review/track the items in the

workflow queue.

Reports

Use the Reports command to open the Reports pane to define the content and generate

reports.

View Menu

Refresh (F5)

Use the Refresh command to redisplay the contents on the window.


17/142

NetControl 11

NetControl Overview

Help Menu

Contents

Use the Contents command to display the Contents pane and initial page of the NetControl

online help.

Search

Use the Search command to display the Search pane and initial page of the NetControl

online help.

Index

Use the Index command to display the Index pane and initial page of the NetControl online

help.

About

Use the About command to display general release information about the NetControl

Service, NetControl Console and licensed NetPro products.

Tool Bar

The tool bar buttons provide quick access to commonly used commands.

Use the Refresh button to redisplay the contents on the window.

Use the Help button to display the online help for the application.

Use the New button to create a new object (e.g., agent group, computer list, schedule) or

a new folder for organizing objects. The icon changes depending on the resource container

selected in the explorer view.

Use the Permissions button to define the delegated permissions for the resource

container selected in the explorer view or the object selected in the object l ist. Selecting this

button will display the Permissions dialog showing the delegated permissions for the

selected application component.

Depending on the object selected and the NetPro application deployed, a Workflow button

may also be displayed on the Permissions dialog which allows you to set up workflow for

the selected item.

Use the Delete button to remove the object selected in the object list.

Use the Properties button to display the properties for the object selected in the object list.

From this dialog, you can modify the properties previously defined for the selected object.


18/142

12 NetControl

NetControl Overview

Use the Start Agent button to start the agent selected in the Agents page. This button is

only available on the Agents page of the Resources pane.

Use the Stop Agent button to stop the agent selected in the Agents page. This button is

only available on the Agents page of the Resources pane.

Use the Restart Agent button to stop and start the selected agent. This button is only

available on the Agents page of the Resources pane.

Explorer View

The explorer view is located in the left pane and is populated based on the button selected in

the navigation pane. From this pane, you can create objects and organize these objects inresource containers. By right-clicking a folder in the explorer view, you can perform the

following tasks:

New |

Use the New | command to create a new object (e.g., computer list, agent group,

schedule). Selecting this command will display the appropriate dialog allowing you to define

the new object. The types available depend on the NetPro application(s) deployed

to use the NetControl console. Not available on the Reports pane.

New | Folder

Use the New | Folder command to create a new folder in the explorer view to organize the

objects being created. Selecting this command will add a new folder under the currentlyselected container in the explorer view. Not available on the Reports pane.

Run

From the Reports pane, use the Run command to define a new report. Selecting this

command will display the appropriate report dialog allowing you to define the contents of

the report, specify the output options, specify the data source and schedule execution of

the report. This command is only available on the Reports pane.

Delete

Use the Delete command to remove a user-defined container from the explorer view and

any child folders and objects created in the selected container. This command is only

available for user-defined containers. Not available on the Reports pane.

NOTE: You can NOT delete the default parent containers initially displayed when the

product is installed. If you select one of these parent containers and select the

Deletecommand, all of the folders or objects that have been added to the

selected parent container will be deleted.


19/142

NetControl 13

NetControl Overview

Rename

Use the Rename command to change the name of the selected user-defined container.

This command is only available for user-defined containers. Not available on the Reports

pane.

Permissions

Use the Permissions command to display the delegated permissions for the selectedcontainer. Selecting this command will display the Permissions dialog allowing you to view,

add or remove permissions.

For more details on implementing application security and the Permissions dialog, see

Chapter 3: Application Security on page 15.

Depending on the object selected and the NetPro application deployed, a Workflow button

may also be displayed on the Permissions dialog which allows you to set up workflow for

the selected item. See Chapter 8: Workflow on page 53.

Refresh

Use the Refresh command to retrieve and display the latest information.

Navigation Pane

The navigation pane is located in the lower left pane of the console and contains buttons that

allow you to access the base NetControl components. As you deploy and license NetPro

applications, additional buttons may be displayed. Selecting a button in this pane will populate

the resource containers in the explorer view used to organize the objects being created and

managed through the NetControl console.

Selecting the arrows at the bottom of the navigation pane displays the following commands

allowing you to control the buttons displayed in the navigation pane:

Show More Buttons

Use the Show More Buttons command to display buttons that have been previously

removed from the bottom of the navigation pane using the Show Fewer Buttons

command.
http://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Workflow_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Workflow_ES_AG.pdf


20/142

14 NetControl

NetControl Overview

Show Fewer Buttons

Use the Show Fewer Buttons command to remove the bottom-most button from the

navigation pane.

Navigation Pane Options

Use the Navigation Pane Options command to display the Navigation Pane Options

dialog where you can select (check) the buttons to be displayed and change the order ofthe buttons displayed on the navigation pane.

Add or Remove Buttons

Use the Add or Remove Buttons command to select the buttons to be hidden/displayed

in the navigation pane.

You can also resize the navigation pane to hide the bottom-most button(s). To resize this pane,

place your cursor at the top of the pane until your cursor is replaced with a double arrow. Hold

down the right mouse button and drag the arrow down the screen. As buttons are hidden from

the screen they are replaced with an icon which can be selected to open the corresponding

NetControl page.

Information Panes

The contents of the information panes, located in the right-hand pane depend on the button

selected in the navigation pane and the node/container selected in the explorer view. This pane

may display the objects available in the selected node/container and supporting details or

options for configuring the selected component.

The first time the console is launched, the NetControl Email pane will be displayed allowing you

to configure the NetControl email settings. However, each subsequent time the console is

launched, the pane last displayed when the console was closed will be displayed.

Please refer to the individual chapters in this guide for a description of the information panes

available and the tasks that can be performed from each.


21/142

NetConrol 15


Chapter 3: Application Security

Delegation of administration allows you to transfer the responsibility for administrative tasks to

a lower-level administrator. Application security provides component level security for all

application components.

By default, users in the Domain Admins group are granted Full Control to NetControl, while

users in the Everyone group are granted Read All Properties. These default permissions

ensure that only privileged users have the rights to invoke change in NetControl.

This chapter provides the following information for building a secure NetControl deployment:

Considerations for Implementing Application Security

Implementing Application Security

Considerations for Implementing Application Security

While every task can be delegated at a granular level, consider the following before changing

any security settings:

The internal workings of NetControls security model work the same as Active Directory

and NTFS security.

Subcontainers can be created in all nodes. These containers serve a dual purpose.

Primarily, containers are used to organize content, but they can also be used as a

boundary or scope of management for a delegated user. For example, allowing user

Domain\Sally to create Security Templates in a single container.


22/142

16 NetConrol


Implementing Application Security

To implement application security:

1. Select a resource container from the explorer view (for example, Agents or Computer

Lists) or an object from the object list.

2. Select the Permissions command from the tool bar ( ) or the right-click menu. This

will display the Permissions dialog for the selected application component.

3. By default, all application components have the following permissions defined:

Allow | Everyone | Read All Properties | This object and all child objects

Allow | Domain Admins | Full Control | This object and all child objects

4. To add additional permissions select the Add button, which will display the New

Permission Entry dialog.

5. On the New Permission Entry dialog, select the permissions to be allowed and/or denied

to secure the selected application component.

Account use the browse button to locate and select a user or group account

to be delegated these permissions.

Apply to select the appropriate option to specify what object types are going to

receive the selected permissions (for example, this object only, this object and

child objects, or child objects only).

Permissions select the Allow or Deny check boxes for the permissions to be

delegated.

Apply these permissions to immediate objects and/or containers only

optionally select this check box to define the level of effectiveness the selected

rights will assume.

Expires on optionally select this check box and select the date thesepermissions are to expire.

6. After adding the new permissions entry, use the OK button to save your settings. The

new permission will be displayed on the Permissions dialog.


23/142

NetConrol 17


Permissions Dialog

The Permissions dialog is displayed when the Permissions tool bar button or right-click

menu command is selected for an application component. Use this dialog to view and/or modify

the permissions to be delegated to the selected application component.

By default, users in the Domain Admins group are granted Full Control to NetControl, whileusers in the Everyone group are granted Read All Properties. The default permissions are

displayed in the Permissions dialog.

Permissions list box

This list box displays the permissions to be applied to the selected application component.

It includes the following information for each permission:

Type

This column displays the type of permission being delegated: Allow or Deny

Account

This column displays the name of the user or group account to be delegated each

permission listed.

Permission

This column displays the name of the permission being delegated.

Apply To

This column displays the objects to which each permission applies: this object only, this

object and child objects or child objects only.

Inherited FromFor child objects, this column displays the parent object from which the permissions

where inherited.

Expires On

If applicable, this column displays the date when the permissions will expire.


24/142

18 NetConrol


Add

Use the Add button to add permissions to the list box. Selecting this button will display the

New Permission Entry dialog allowing you to select the permission(s) to be included. This

dialog also allows you to specify the user or group account, the object types that are to

receive the permission(s), the level of effectiveness the rights will assume, and if applicable

an expiration date.

Remove

After permissions have been added and are displayed in the Permissions list box, use the

Remove button to remove a permission entry from the list box. Select the permission entry

to be removed and select the Remove button.

New Permission Entry Dialog

The New Permissions Entry dialog is displayed when the Add button is selected on the

Permissions dialog when assigning application security. From this dialog, specify the access

permissions to be applied to the selected component (for example, deny access for deploying

agents).

Account

Use the browse button to specify a user or group account to be granted or denied

access permissions to the selected application component. Selecting the browse button will

display the native Select User or Group dialog allowing you to locate and select a user or

group account.


25/142

NetConrol 19


Apply to

This drop-down text box allows you to specify the object types that are to be granted the

selected permissions. By default, the permissions selected will be applied to this object and

all child objects; however, you can use the drop-down menu to change this setting. Valid

entries are:

This object only This object and all child objects (default)

Child objects only

Permissions list box

This list box displays the permissions that can be granted or denied. From this list box,

select the appropriate access permissions:

Full Control

Read All Properties

Write All Properties

Modify Permissions Delete

Delete Subtree

Create All Child Objects

Delete All Child Objects

Create Folders

Delete Folders

Create (for example, Schedule, Agent Group)

Delete (for example, Computer List, Agent Group)

Clear

Use the Clear button to clear any check marks from the Permissions list box.

Apply these permissions to immediate objects and/or containers only

Select this check box to apply the permissions to the selected object and/or container only.

That is, if this option is checked, the permissions will not apply to any subordinate objects

or containers.

Expires on

To create a temporary (expiring) permission assignment, select this check box and use the

arrow to view a calendar grid to select the date when these permissions are to expire.


26/142


27/142

NetControl 21

Agents

Chapter 4: Agents

Using the Resources pane in the NetControl console, you can deploy and maintain agents.

NetControl agents distribute the workload processing as defined by each individual NetPro

application. Agents communicate directly with the SQL Server database on a configured

interval to receive a list of actions that need to be executed upon.

Refer to the documentation for each deployed NetPro application to determine if it uses

NetControl agents.

This chapter provides the following information and procedures:

Agents Pane

Considerations for Deploying Agents

Deploying Agents


28/142

22 NetControl

Agents

Agents Pane

The Agents pane is displayed when Agents is selected in the explorer view of the Resources

pane. From this pane you can deploy agents and view the status of deployed agents.

Explorer View

The explorer view displays a hierarchy of folders created to organize your agents.

Agents List

The agents list displays a list of deployed agents for the container selected in the explorer

view. The following information is displayed for each agent:

Server the name of the server where an agent was deployed

Comment the comment or descriptive text entered when the agent was deployed

Status the current status of the agent (for example, Offline, Copying File,

Installing, Updating, Running)

Version - the current version of each agent deployedRight-click an object in the agents list to perform tasks related to the selected object.

Move to

Use the Move to command to move the selected agent to a different folder in the

explorer view. Selecting this command will display the Select a Folder dialog allowing

you to select the folder to which the agent is to be moved.


29/142

NetControl 23

Agents

Delete

Use the Delete command to remove the selected agent from the agents list.

Permissions

Use the Permissions command to display the delegated permissions for the selected

agent. Selecting this command will display the Permissions dialog allowing you to view,




Properties

Use the Properties command to display the properties set for the selected agent.

Selecting this command will display the Properties dialog allowing you to view or modify

the security permissions assigned to the selected agent.

Details View

The details view displays information regarding the jobs (for example, data collection,

report) that are assigned to the agent selected in the object list. The following informationis displayed:

Name the name assigned to the job when it was created

Comment the comment or descriptive text entered when the job was defined

Type the type of job run on the selected agent

Run Date the date the associated job ran

Elapsed Time the amount of time it took to run the associated job

Status the current status of the job

Right-clicking in the agents list pane (not an object in the list) or details view pane will display

the following commands allowing you to change the content displayed in the agents list/details

view pane:

New | Agent

Use the New | Agent command to deploy a new agent.

View

Expand the View command and select one of the following options to change how the

objects in the agents list are displayed:

Tiles

Icons

List

Details (default)

Arrange By

Expand the Arrange By command and select the appropriate option to change the sort

order for the displayed objects. The sort options available are based on the container

selected in the explorer view. More specifically, the options will match the column headings

in the agents list.
http://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdf


30/142

24 NetControl

Agents

Arrange By | Show in Groups

Use the Arrange By | Show in Groups command to group the objects in the list based on

the sort method selected. A check mark in front of this command will display the objects in

groups with corresponding headings.

Refresh


Considerations for Deploying Agents

Prior to deploying agents, carefully consider the following items:

Agent(s) will be running with elevated privileges, so ensure you have followed

Microsofts Best Practices for Securing Service Accounts.

Consider grouping agents based on geographical location and the security required to

access the managed content:

Deploying agents close to the objects being managed will help reduce the amount

of WAN traffic.

If you have highly sensitive data that will be managed or are required to operate

under the principals of least privilege, then grouping resources by security level is

paramount.

Review the default application security and start granting access as required to

interested parties (See Chapter 3: Application Security on page 15for information on

building a secure deployment). For example:

Restrict who can modify agent groups

Restrict who can deploy agents

Deploying Agents

Prior to deploying agents, please review Considerations for Deploying Agents on page 24.

To deploy agents:

1. Select Resources from the navigation pane.

2. Select Agents from the explorer view.

3. Select the New | Agent tool bar button or right-click menu command. This will display

the New Agent Deployment dialog allowing you to specify the computers where an

agent is to be deployed.

4. On the Servers page of this dialog, use the appropriate Add option to deploy an agent

to an individual computer or to all computers in a computer list.

Use the Add | Computer option to deploy an agent to an individual computer.

Selecting this option will display the native Select Computers dialog allowing you

to specify the computer to be included.

Use the Add | Computer List option to deploy an agent to all the computers in a

given computer list. Selecting this button will display the Select a Computer List

dialog allowing you to select the computer list to be used.


31/142

NetControl 25

Agents

5. On the Servers page, also enter a descriptive comment and the logon credentials for

the account the agent is to run as.

6. Open the Agent Groups page to add the agent(s) to an agent group. On this page, select

the Add button to display the Select an Agent Group dialog where you can select or

create an agent group to which the agent is to be assigned.

7. After specifying where agents are to be deployed, select the OK button to close thedialog and start the deployment process.

The status of the deployed agents will be displayed in the Agents object list.

New Agent Deployment Dialog

The New Agent Deployment dialog is displayed when the New | Agent tool bar button or right-

click menu command is selected from the Agents pane. From this dialog, you can specify the

computers to which agents are to be deployed. You can deploy agents to an individual

computer or all computers in a computer list. You can also assign these agents to agent groups

as part of the deployment process.

This dialog consists of two tabbed pages:

Servers use the Servers page to specify the server to which agents are to be deployed

and the user account the agent is to run as.

Agent Groups use the Agent Groups page to assign the deployed agents to one or

more agent groups.

Servers Page

From the Servers page, specify the server(s) to which an agent is to be deployed. The

information entered on this page will be displayed in the Agents object list when Agents is



32/142

26 NetControl

Agents

Servers list boxThe servers list box displays the servers or computer lists to which a NetControl Agent

Service is to be deployed. In addition to the server's/computer list's name, this list box also

displays the type: Computer or Computer List. Use the appropriate Add option to add a

computer or computer list to the list box.

Add | ComputerUse the Add | Computer option to add an individual server to the servers list box. Selecting

this option will display the native Select Computers dialog allowing you to specify the

computer to which an agent is to be deployed.

Add | Computer List

Use the Add | Computer List option to add a computer list to the servers list box. Selecting

this option will display the Select a Computer List dialog allowing you to select a previously

defined computer list or create a new computer list. When a computer list is selected, an

agent will be deployed to all servers in the computer list.

Remove

Use the Remove button to remove the selected computer or computer list from the list box.If an agent has already been deployed, this command will also remove the agent from the

selected machine(s). Select the computer or computer list to be removed and select the

Remove button.

NOTE: If an agent is removed before it completes any assigned jobs, the agent

coordinator will reassign these unfinished jobs to another agent in the

agent group.

Comment

Optionally, enter a description or comment regarding the agent(s) being deployed.

Log on As: AccountEnter or use the browse button to specify the user account that the agent is to run as.

Selecting the browse button will display the native Select User dialog allowing you to locate

and select the user account to be used.

NOTE: This account must have access to the database and the rights to perform

whatever tasks the agent is going to be asked to do. For example, if the agent

is to delegate Active Directory permissions, this account must have the rights to

modify permissions over the appropriate Active Directory objects.

Log on As: Password

Enter the password associated with the specified user account.


33/142

NetControl 27

Agents

Agent Groups Page

Use the Agent Groups page to add the newly deployed agent(s) to one or more agent groups.

Group agents to provide load balancing and fault tolerant processing centers. Distributing all

tasks across the processing group, ensures tasks are processed as quickly as possible.

Additionally, the processing group creates fault tolerance, so if an agent becomes unavailable,

all unfinished work is redistributed across the processing center.

Agent Group list box

The agent group list box displays the agent group(s) to which the agent(s) being deployed

are to be assigned. Use the Add and Remove buttons to add/remove agent groups to/from

this list.

Add

Use the Add button to add agent groups to the list box. Selecting this button will display the

Select an Agent Group dialog allowing you to select one or more agent groups from a list

of previously defined agent groups or to create a new agent group.

Remove

After agent groups have been added and are displayed in the agent group list box, use the

Remove button to remove an agent group from the list box. If an agent is already assigned

to an agent group in the list, this command will also remove that agent from the selected

agent group. Select the agent group to be removed and select the Remove button.


34/142

28 NetControl

Agents

Select a Computer List Dialog

The Select a Computer List dialog is displayed when the Add | Computer List option is

selected on the Servers page of the New Agent Deployment dialog. From this dialog, select the

computer list(s) to which NetControl Agents are to be deployed. That is, an agent will be

deployed to all the servers included in the computer list.

This dialog is also displayed when the Add | Computer List option is selected on the

Computers page of the New Collector dialog. When accessed from this dialog, select the

computer list(s) from which data is to be collected.

Explorer View

The explorer view, in the left pane, displays a hierarchy of the folders created to organize

computer lists. Click the node next to a container or double-click a container to expand the

folder structure to locate the computer list(s) to be used. Select a container to view the computer

lists created in the selected container.

Right-click the Computer List folder (or other user-defined folder) in the explorer view to

display the following commands:

New | Computer ListUse the New | Computer List command to create a new computer list. Selecting this

command will display the New Computer List dialog allowing you to define a new computer

list.

New | Folder

Use the New | Folder command to create a new folder for organizing your computer lists.

Selecting this command will add a new folder under the currently selected container in the

explorer view.

Delete


any child containers or objects created in the selected container. This command is only

available for user-defined containers.


35/142

NetControl 29

Agents

Rename

Use the Rename command to change the name of the selected container. This command

is only available for user-defined containers.

Permissions


container. Selecting this command will display the Permissions dialog allowing you to view,add or remove permissions.



Refresh

Use the Refresh command to retrieve and display the latest information on the dialog.

Object List

The object list, in the right pane, is populated based on the folder selected in the explorer view.

From this list box, select the computer list(s) to which an agent is to be deployed.

Right-click a computer list in the object list to display the following commands:

Delete

Use the Delete command to remove the computer list from the object list.

Properties

Use the Properties command to display the properties set for the selected computer list.

Selecting this command will display the Properties dialog allowing you to view or modify the

computers included in the selected computer list.

NOTE: This dialog contains the same tabbed pages as the New Computer List dialog. See

Computer Lists Pane on page 40 for a description of this dialog.

Select an Agent Group Dialog

The Select an Agent Group dialog is displayed when the Add button is selected on the Agent

Groups page of the New Agent Deployment dialog. From this dialog, select the agent group(s)

to which the deployed agents are to be added.
http://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Creating_Computer_Lists_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Creating_Computer_Lists_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdf


36/142

30 NetControl

Agents

Explorer View

The explorer view, in the left pane, displays a hierarchy of the folders created to organize agent

groups. Click the node for a container or double-click a container to expand the folder structure

to locate the agent group(s) to be included. Select a container to display the agent groups

created in the selected container.

Right-click the Agent Groups folder (or other user-defined folder) in the explorer view to

display the following commands:

New | Agent Group

Use the New | Agent Group command to create a new agent group. Selecting this

command will display the New Agent Group dialog allowing you to define a new agent

group.

New | Folder

Use the New | Folder command to create a new folder. Selecting this command will add a

new folder under the currently selected container in the explorer view.

DeleteUse the Delete command to remove a user-defined container from the explorer view and

any child containers or objects created in the selected container.

Rename

Use the Rename command to change the name of the selected container. This command

is only available for user-defined containers.

Permissions


container. Selecting this command will display the Permissions dialog allowing you to view,




Refresh



37/142

NetControl 31

Agents

Object List


From this list box, select the agent group(s) to be added to the agent group list box back on the

originating dialog. That is, the newly deployed agent will be assigned to this agent group.

Right-click an agent group in the object list to display the following commands:

Move to

Use the Move to command to move the selected object to a different folder. Selecting this

command will display the Select a Folder dialog allowing you to select the folder to which

the object is to be moved.

Delete

Use the Delete command to remove the agent group from the object list.

Permissions


object. Selecting this command will display the Permissions dialog allowing you to view,




Properties

Use the Properties command to display the properties set for the selected agent group.

Selecting this command will display the Properties dialog allowing you to view or modify the

agents included in the selected agent group.

NOTE: This dialog contains the same tabbed pages as the New Agent Group dialog. See

Creating Agent Groups on page 33 for a description of this dialog.
http://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agent%20Groups_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agent%20Groups_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdf


38/142


39/142

NetControl 33

Agent Groups

Chapter 5: Agent Groups

Using the Resources pane in the NetControl console, you can create and maintain agent

groups. An agent groupis a collection of one or more servers running the NetControl Agent

Service. Workload for an agent group is distributed across all agents in the processing group

thus allowing for process load balancing.

The NetControl application provides no restrictions for grouping. Agents can be grouped based

on geographical location, applications, or resource security level. Most often, geography and

security level determine how agents are grouped. This ensures that processing does not occur

across the WAN and that agents will be provided the proper level of security to the underlying

data.

One agent in an agent group will assume the role of the coordinator. The coordinator will check

and verify that each agent in the agent group is updating within the allowed update notification

interval. In the event of agent failure, the coordinator will redistribute the unfinished workload of

the failed agent to the remaining agents in the agent group. Fault tolerance is built in at the

agent and coordinator levelif the coordinator fails, another agent in the agent group will

assume that role.

Refer to the documentation for each deployed NetPro application to determine if it uses agent

groups to organize agents.

This chapter provides the following information and procedures:

Agent Groups Pane

Creating Agent Groups


40/142

34 NetControl

Agent Groups

Agent Groups Pane

The Agent Groups window is displayed when Agent Groups is selected in the explorer view of

the Resources pane. From this pane you can define agent groups and view where these agent

groups are being used.

Explorer View

The explorer view displays a hierarchy of folders created to organize your agent groups.

Agent Groups List

The agent groups list displays a list of agent groups created under the container selected

in the explorer view. The following information is displayed for each agent group:

Name the name assigned to the agent group when it was created

Comment the comment or descriptive text entered when the agent group was

created

Right-click an object in the agent groups list to perform tasks related to the selected object.

Move to

Use the Move to command to move the selected agent group to a different folder in the

explorer view. Selecting this command will display the Select a Folder dialog allowing

you to select the folder to which the agent group is to be moved.

Delete

Use the Delete command to remove the agent group from the agent groups list.


41/142

NetControl 35

Agent Groups

Permissions


agent group. Selecting this command will display the Permissions dialog allowing you

to view, add or remove permissions.



Properties

Use the Properties command to display the properties set for the selected agent

group. Selecting this command will display the Properties dialog allowing you to view

or modify the security permissions applied to the selected agent group.

Details View

The details view displays information about the resource components (for example,

collectors, schedules, etc.) that are associated with the agent group selected in the object

list. The following information is displayed:

Name the name of the resource component linked to the selected agent group

Comment the comment or descriptive text entered when the resource

component was created

Type the type of resource component linked to the selected agent group

Right-click in the agent groups list pane (not an object in the list) or details view pane to display

the following commands allowing you to change the content displayed in the agent groups list/

details view pane:

New | Agent Group

Use the New | Agent Group command to create a new agent group.

View


objects in the object list are displayed:

Tiles

Icons

List

Details (default)

Arrange By



selected in the explorer view. More specifically, the options will match the column headingsin the agent groups list.






42/142

36 NetControl

Agent Groups

Refresh


Creating Agent Groups

You can create an agent groups and assign agents to this group at a later time or you can

create agent groups and assign agents to the group at creation time. You can add or removeagents to existing agent groups at any time.

NOTE: Agents can belong to more than one agent group.

To create an empty agent group:

Creating an 'empty' agent group allows you to assign deployed agents to this group at a

later time. For example, by creating an empty agent group before deploying agents, you

can assign agents to this group as part of the deployment process.


2. Select Agent Groups from the explorer view.

3. Select the New | Agent Group tool bar button. (Or right-click Agent Groups and select

the New | Agent Group menu command.) This will display the New Agent Group dialog

where you can name the agent group.

4. On the General page, enter a descriptive name and an optional comment to describe

the agent group.

5. After entering a name and description, use the OK button to close the dialog and create

the 'empty' agent group. The newly created agent group will be displayed in the

Resources object list when Agent Groups is selected in the explorer view.

To create an agent group with agents:


2. Select Agent Groups from the explorer view.

3. Select the New | Agent Group tool bar button or right-click menu command. This will

display the New Agent Group dialog where you can name and specify the agents that

are to belong to this agent group.


the agent group.

5. Open the Agents page and select the Add button. This will display the Select an Agent

dialog allowing you to select the agent(s) to be added to the agent group.

6. On the Agents page, you can also update the Update Notification time as desired. Thisinterval is used by the coordinator to determine if the other agents in the group are

updating within the specified time.

7. After entering a name and selecting the agents to be added, use the OK button to close

the dialog and create the agent group. The newly created agent group will be displayed

in the Resources object list when Agent Groups is selected in the explorer view.


43/142

NetControl 37

Agent Groups

To add (or remove) an agent to an agent group:

1. Open the Resources pane and select Agent Groups from the explorer view.

2. Expand the folder structure in the explorer view and locate the agent group to which

agents are to be added or removed.

3. In the object list, right-click the agent group and select Properties.

4. This will display the Properties dialog for that agent group. Use the Agents page of this

dialog to add (or remove) an agent to the selected agent group.

New Agent Group Dialog

The New Agent Group dialog is displayed when the New | Agent Group tool bar button or the

right-click menu command is used when Agent Groups (or a subordinate folder) is selected in

the explorer view of the Resources pane.

This dialog consists of two tabbed pages:

General use the General page to enter a name and description for the new agent

group. Agents use the Agents page to specify the agents to be included in the agent group.

General Page

From the General page, specify the general information for the agent group. The information

entered on this page will be displayed in the Resources object list when Agent Groups is


Name

Enter a descriptive name for the new agent group.

Example: US New York Mid-Town Data Center File Servers


44/142

38 NetControl

Agent Groups

Comment

Optionally, enter a description or comment for the new agent group.

Example: Agents in this agent group have been granted privileged access only to set

permissions on all file servers in the Mid-Town Data Center location for New York City.

(Note a separate agent group has been defined for the Financial Center.)

Agents Page

From the Agents page, specify the servers to which a NetControl Agent has been deployed that

are to be included in the agent group.

Agent list box

This list box displays the agented servers to be included in the new agent group. It includes

the server name and any comments that were entered when the agent was deployed.

AddUse the Add button to add an agent to the agent group. Selecting this button will display

the Select an Agent dialog allowing you to select the agent(s) to be included.

Remove

After agents have been added and are displayed in the Agent list box, use the Remove

button to remove an agent from the list box (and the agent group). Select the agent to be

removed and select the Remove button.

Update Notification minutes

The Update Notification interval is used by the coordinator to determine if all of the agents

in the selected agent group are updating within the specified time. The default interval is

5 minutes.


45/142

NetControl 39

Agent Groups

Select an Agent Dialog

The Select an Agent dialog is displayed when the Add button is selected on the Agents page

of the New Agent Group dialog. From this dialog, select the agent(s) to be included in the new

agent group.

Explorer View

The explorer view, in the left pane, displays a hierarchy of the folders created to organize

deployed NetControl Agents. Click the node next to the container or double-click a container to

expand the folder structure to locate the agent(s) to be included. Select a container to display

the agents deployed under the selected container.

Right-click the Agents folder (or subfolder) in the explorer view to display the following

commands:

New | Agent

Use the New | Agent command to deploy a NetControl Agent to a specified server.

Selecting this command will display the New Agent Deployment dialog allowing you to

select the server(s) to which an agent is to be deployed.Refer to New Agent Deployment Dialog on page 25 for a description of the New Agent

Deployment dialog.

New | Folder

Use the New | Folder command to create a new folder to organize the deployed agents.

Selecting this command will add a new folder under the currently selected container in the

explorer view.

Delete


any child containers or objects created in the selected container. This command is only

available for user-defined containers.

Rename

Use the Rename command to change the name of the selected user-defined container.

This command is only available for user-defined containers.


46/142

40 NetControl

Agent Groups

Permissions


container. Selecting this command will display the Permissions dialog allowing you to view,




Refresh


Object List


From this list box, select the agent(s) to be included in the agent group.

Right-click an agent in this list box to display the following commands:

Start

Use the Start command to start the agent service.

Stop

Use the Stop command to stop the agent service.

Move to

Use the Move to command to move the selected object to a different folder. Selecting this

command will display the Select a Folder dialog allowing you to select the folder to which

the object is to be moved.

Remove

Use the Remove command to remove the agent service from the selected sever.

PermissionsUse the Permissions command to display the delegated permissions for the selected

object. Selecting this command will display the Permissions dialog allowing you to view,




Properties

Use the Properties command to view the properties defined for the selected agent.

Selecting this command will display the Properties dialog for the agent allowing you to

modify the server credentials as well as the agent group(s) to which this agent is currently

assigned.

NOTE: This dialog contains the same tabbed pages as the New Agent Deployment dialog

with the exception of the Change Service credentials check box. See New Agent

Deployment Dialog on page 23 for a description of the information provided in this

dialog.
http://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agents_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agents_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agents_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Agents_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdfhttp://../Team%20Foundation%20Server/Enterprise%20Server/Admin%20Guide/Application_Security_ES_AG.pdf


47/142

NetControl 41

Computer Lists

Chapter 6: Computer Lists

Using the Resources pane in the NetControl console, you can create and maintain computer

lists. A computer listis a way to group physical computer resources based on explicit or

dynamically generated content.

When using the LDAP query or Script options, the computer list will be regenerated each time

the computer list is used. The benefit of using dynamically generated computer lists, is that

when new servers come online matching the criteria defined, they are automatically added to

the computer list. This eliminates the need to manually add new servers each time.

Refer to the documentation for each deployed NetPro application to determine if it can use

computer lists.

This chapter provides the following information and procedure:

Computer Lists Pane

Building Computer Lists


48/142

42 NetControl

Computer Lists

Computer Lists Pane

The Computer Lists pane is displayed when Resources is selected in the navigation pane and

Computer Lists is selected in the explorer view of the Resources pane. From this pane you

can define computer lists and see to which components it is linked.

Explorer View

The explorer view displays a hierarchy of folders created to organize your computer lists.

Computer Lists View

The computer lists view displays a list of computer lists created under the container

selected in the explorer view. The following information is displayed for each computer list:

Name the name assigned to the computer list when it was created

Comment the comment or descriptive text entered when the computer list was

created

Right-click an object in the computer list view to perform tasks related to the selectedobject.

Move to

Use the Move to command to move the selected computer list to a different folder in

the explorer view. Selecting this command will display the Select a Folder dialog

allowing you to select the folder to which the computer list is to be moved.


49/142

NetControl 43

Computer Lists

Delete

Use the Delete command to remove the selected computer list from the computer lists

view.

Permissions


computer list. Selecting this command will display the Permissions dialog allowing youto view, add or remove permissions.



Properties

Use the Properties command to display the properties set for the selected computer

list. Selecting this command will display the Properties dialog allowing you to view or

modify the security permissions applied to the selected computer list.

Details View

The details view displays information about the resource component to which the computerlist selected in the computer list view is linked. The following information is displayed:

Linked To the name of the resource component associated with the selected

computer list

Comment the comment or descriptive text entered when the linked resource

component was created

Type the type of resource component linked to the selected computer list

Right-click in the computer lists pane (not an object in the list) or details view pane to display

the following commands allowing you to change the content displayed in the computer list/

details view pane:

New | Computer List

Use the New | Computer List command to create a new computer list.

View


objects in the computer list view are displayed:

Tiles

Icons

List

Details (default)

Arrange By



selected in the explorer view. More specifically, the options will match the column headings

in the computer lists view.


50/142

44 NetControl

Computer Lists





Refresh


Building Computer Lists

Using the Resources pane, you can create computer lists using one of three methods:

creating an explicit list

generating a list based on an LDAP query

generating a list based on a script

To build an explicit computer list:

1. Select Resources from the navigation pane to open the Resources pane.

2. Select Computer Lists from the explorer view.

3. Select the New | Computer List tool bar button or right-click menu command. This will

display the New Computer List dialog where you can name and build the computer list.


the computer list.

5. Proceed to the Computers page, and in the Type box select Computers.

6. Select the Add button to display the native Select Computers dialog. From this dialog,

select the computers to be included in this computer list.

7. After entering a name and specifying the computers to be included in the list, use the

OK button to close the dialog and save the computer list.

8. The newly created computer list will be displayed in the object list when Computer Lists

is selected in the explorer view.

To build a dynamic computer list based on an LDAP query:

1. Select Resources from the navigation pane to open the Resources pane.

2. Select Computer Lists from the explorer view.

3. Select the New | Computer List tool bar button or right-click menu command. This will

display the New Computer List dialog where you can name and build the computer list.


the computer list.

5. Proceed to the Computers page, and in the Type box select LDAP query and fill in the

requested information:

Container optionally enter or use the browse button to select the container to

be searched.

Scope select the scope (entire subtree or immediate children only).


51/142

NetControl 45

Computer Lists

6. Use the Generate button to build the LDAP query. Selecting this button will display the

native Find Computers dialog allowing you to specify the criteria to be used in the query.

After entering the criteria to be included in the LDAP query, select the OK button. The

LDAP query will be displayed in the text box back on the New Computer List dialog.

For example, to query Active Directory for all domain controllers with names ending with

DC001, enter the following information to create the LDAP query:

On the Find Computers dialog, enter:

Computer Name: *DC001

Role: Domain Controller

Back on the Computers tab, the Filter text box should read:

(primaryGroupID=516)(name=*DC001)

7. Opti

net control admin guide

Documents