Net Control Admin Guide

NetControl ™
Administrator’s Guide
NC-AG-0708-310
Copyright © 2008 NetPro Computing, Inc.
Disclaimer
NetPro Computing, Inc. (NetPro) makes no representations or warranties, either expressed or implied, with
respect to the adequacy of this documentation or the programs which it describes in regard to fitness for any
particular purpose or with respect to its adequacy to produce any particular result. The computer programs and
documentation are sold “as is”, and the entire risk as to quality and performance is with the buyer. In no event shall
NetPro be liable for special, direct, indirect or consequential damages resulting from any defect in the programs,
documentation or software. Some states do not allow the exclusion or limitation of implied warranties or liability for
incidental or consequential damages, in which case the above limitations and exclusions may not apply to you.
Proprietary Rights
NetPro has prepared this document for use by NetPro personnel, agents, licensees and customers. The
information contained in this document is the property of NetPro. You may not reproduce, translate, or transmit it
in any form or by any means, electronically or mechanically, without prior written permission from NetPro.
Disclaimer of Liability
NetPro makes no representation or warranties of any kind, either expressed or implied, with respect to the
contents of this manual, including but not limited to typographical errors and technical completeness, NetPro
reserves the right to revise this publication and to make changes in its content without obligation to notify any
person of such revision or changes.
Trademarks
NetPro Computing and NetPro are registered trademarks and NetControl, NetControl for Exchange,
AccessManager, AccessReporter for Windows, Business Insight, GPOADmin, LogADmin, ReportADmin for ACS
and the NetPro logo are trademarks of NetPro Computing, Inc.
Microsoft, Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, and Active Directory are
either registered trademarks or trademarks of Microsoft Corporation.
Other product names mentioned in this manual may be trademarked: they are used for identification purposes
only.
Document Revision History
ES-AG-1007-200 October 2007 Enterprise Server 2.0
ES-AG-1107-250 November 2007 Enterprise Server 2.5
ES-AG-1207-260 December 2007 Enterprise Server 2.6
ES-AG-0408-260-A April 2008 Enterprise Server 2.6 with
Business Insight 3.0
ES-AG-0608-260-B June 2008 Enterprise Server 2.6
NC-AG-0708-310 July 2008 NetControl 3.1
NetPro Computing, Inc.
Corporate Office
4747 N. 22nd Street, Suite 400
Phoenix, Arizona 85016 USA
Telephone 602 346 3600

FAX 602 346 3610
Email info@netpro.com
Internet http://www.netpro.com
Sales
USA and Canada 800 998 5090
International +1 602 346 3630
Worldwide Technical Support

USA 1 602 346 3670
USA (Toll Free) 1 866 9 NETPRO
Germany 0800 180 2577
UK 0 0800 047 0197
France 0800 917881
Australia 1 800 773 850
Email support@netpro.com
NetControl i
Table of Contents
Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
What’s in this Guide - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2
How to Get Additional Help - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4
Chapter 2: NetControl Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7
Connecting to the NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
NetControl Console Components- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
Chapter 3: Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -15
Considerations for Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - 15
Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16
Chapter 4: Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -21
Agents Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22
Considerations for Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24
Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24
Chapter 5: Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -33
Agent Groups Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34
Creating Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36
Chapter 6: Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -41
Computer Lists Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42
Building Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44
Chapter 7: Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -51
Schedules Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52
Defining Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54
Chapter 8: Collectors - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -57
Collectors Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 58
Defining a Collector - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 59
Chapter 9: Active Directory Management Console - - - - - - - - - - - - - - - - - - -63
Active Directory Management Console Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 64
Creating a Custom View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 67
Establishing a Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 71
Creating Provisioning Rules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 73
Table of Contents
ii NetControl
Configuring Workflow for an ADMC Action - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 85

Modifying Active Directory When Workflow is Applied- - - - - - - - - - - - - - - - - - - - - - - - - - 87
Chapter 10: Workflow - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 89
Workflow Editor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 90
Workflow Pane- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 101
Managing Workflow Requests - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 104
Reviewing and/or Approving Workflow Requests- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 106
Using Microsoft Outlook to View Workflow Items- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 107
Chapter 11: Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 109
Reports Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 110
Generating NetControl Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 111
Appendix A: NetPro Applications Using NetControl Components - - - - - - 121
Appendix B: Email Setup - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123
Configuration Page - NetControl Email Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124
Setting up Email- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125
Appendix C: Active Directory Users and Computers (ADUC) Extension - 127
Usage Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127
Using the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Removing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Re-installing the ADUC Extension - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Appendix D: NetControl Troubleshooting - - - - - - - - - - - - - - - - - - - - - - - - 129
NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129
ADMC Functionality - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 131
Table of Contents
NetControl 1
Chapter 1: Introduction
NetControl (formerly known as Enterprise Server) provides a centralized interface to configure

and manage individual services and provides licensed NetPro applications access to shared
services and data. In addition, NetControl’s Active Directory Management Console (ADMC),
extends Microsoft’s Active Directory Users and Computers (ADUC) interface to optimize Active
Directory management. With ADMC, you can enforce approval processes for tighter security,
while providing compliance for regulations. You can also add business logic to automate
common Active Directory tasks, giving you greater control and scalability.
This document describes the base NetControl console (including ADMC), its components and
the shared services that are available. Please refer to the documentation of each individual
application for information on the component’s that are made available through the console
once the application is deployed (e.g, workflow, collectors, etc.).
This chapter provides the following information:
• System Overview
• What’s in this Guide
• How to Get Additional Help
System Overview
The NetControl platform consists of three main components:
• NetControl Console
• NetControl Service
• NetControl Agent
The NetControl Console provides the user interface to all functionality of the NetControl
Service, the ADMC and licensed NetPro applications that build upon the NetControl platform.
Through the console, you can interact with and retrieve information from each deployed
application.
The NetControl Service is one of the core components of the application. Your ability to gain
access to application data or configure the application depends on the communication between
the console and the NetControl Service. Since the service is your 'gateway' into the application,
the security model of the application is housed here.
Introduction
2 NetControl
As it relates to the application, NetControl Agents do all of the workload processing. They
communicate directly with the SQL Database on a configured interval to receive a list of actions
that need to be executed upon. Each NetPro application that builds upon the NetControl
platform will define the work that needs to be processed on a scheduled basis.
What’s in this Guide

This manual assumes you have a working knowledge of Active Directory and consists of the
following chapters:
Introduction
This chapter introduces NetControl and provides a system overview of the NetControl
platform. It also describes the contents of this manual and information on obtaining
additional assistance from NetPro.
NetControl Client Overview

Chapter 2 introduces the base NetControl console and includes a description of the menu
commands, tool bar buttons, navigation pane, explorer view and object list.
Application Security
Chapter 3 explains how to implement application security to build a secure deployment.
Agents
Chapter 4 provides a brief description about agents, describes the Agents pane and the
New Agent dialog, and provides instructions on how to deploy an agent.
Agent Groups
Chapter 5 provides a brief description about agent groups, describes the Agent Groups
pane and the New Agent Groups dialog, and provides instructions on how to set up an
agent group.
Introduction
NetControl 3
Computer Lists
Chapter 6 provides a brief description about computer lists, describes the Computer List
pane and the New Computer List dialog, and provides instructions on how to build a
computer list.
Schedules
Chapter 7 provides a brief description about schedules, describes the Schedules pane and
the New Schedule dialog, and provides instructions on how to set up a schedule.
Collectors
Chapter 8 provides a brief description of collectors and the NetControl components that are
part of setting up a collector. Please note that the Collector button is available in the
navigation pane when NetControl is installed. However, there must be a NetPro application
deployed that uses the collectors before data collections can be configured/viewed.
Active Directory Management Console

Chapter 9 describes the Active Directory Management Console (ADMC), which is part of
the base NetControl platform. It describes the ADMC pane and provides instruction on how
to perform the various tasks that can be performed from this pane to administer directory
information.
Workflow
Chapter 10 explains how to use the Workflow Editor to set up actions for the workflow
queue where a review and approval is required before the action can be committed and
deployed in your environment. It also explains the workflow process and how to review/
approve requests using the Workflow pane or Microsoft Outlook.
Reports
Chapter 11 provides information on the Reports pane and the NetControl reports. It also
explains how to run a report using the NetControl console.
Appendix A: NetPro Applications Using NetControl Components

This appendix provides a table that shows the NetPro applications that can be deployed
and the base NetControl components that they use.
Appendix B: Email Setup

This appendix describes the NetControl Configuration pane where you can set up the email
account and SMTP server to be used for email notifications.
Appendix C: Active Directory Users and Computers (ADUC) Extension

This appendix provides additional information regarding the ADUC extension that is
activated when NetControl is installed.
Appendix, D: NetControl Troubleshooting

This appendix covers some of the known issues with NetControl and provides
troubleshooting tips for resolving these issues if they are encountered.
Index
The Index provides an alphabetical subject listing for the contents of this manual.
Introduction
4 NetControl
How to Get Additional Help

NetPro offers a variety of ways to get additional help:
• My.netpro.com enables you to perform many tasks that you may have once conducted
with the help of a NetPro representative.
• 24x7 Technical Support is available through an annual Software Maintenance
Contract.
• NetPro Professional Services offers a range of professional services to help you

through every stage of your technology lifecycle.
For more information on using NetControl’s Active Directory Management Console (ADMC),
please visit http://www.turbochargedad.com.
My.netpro.com
NetPro’s customer portal site enables you to perform many tasks that you may have once
conducted with the help of a NetPro representative. Now, you can do them all on the customer
section of our website -- https://www.netpro.com.
My.netpro.com was designed to provide you with the best possible service and deliver it
conveniently and quickly -- when you need it. Here’s what you can do on my.netpro.com:
• submit and update support incidents

• view your product purchases
• view your maintenance purchases
• subscribe and/or unsubscribe from NetPro’s news list(s)
• request product information and literature
• request product evaluation software
• search our technical support knowledge base
• sign up to participate in the NetPro Beta Program
https://my.netpro.com is a completely secure site and you will need login credentials to access
the area each time you visit. On your first visit, you will create the credentials to be used every
time you return to the site.
Introduction
NetControl 5
24x7 Live Technical Support

NetPro offers industry-leading technical support every business day throughout North America
and Europe. NetPro’s qualified support technicians can be reached at the addresses and
numbers listed below:
NetPro
4747 N. 22nd Street, Suite 400
Phoenix, Arizona (USA) 85016
U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO

Germany: 0800 180 2577
UK: 0 0800 047 0197
France: 0800 917881
Australia: 1 800 773 850
FAX: 1 602 346 3610

Email: support@netpro.com
Professional Services
NetPro service professionals leverage proven methodologies, industry best practices, and
more than 30 years of combined Microsoft management experience to help organizations reach
their business-critical goals. To help you get the most from our solutions, NetPro Professional
Services offers help with:
• Deployment: Choose QuickDeploy for a rapid return on investment or CustomDeploy

for end-to-end phased delivery of NetPro solutions based on your specific business
needs.
• Reporting & Analysis: If you’re looking for specific executive, operational, or
compliance reports, we’ll deliver business intelligence tailored to your organizational
needs.
• Optimization: Make sure you’re getting maximum value from NetPro solutions with help
for everything from optimizing your current solution to product training.
To learn more about NetPro Professional Services, please contact your NetPro sales
representative or sales@netpro.com.
Introduction
NetControl 7
Chapter 2: NetControl Overview
NetControl provides a centralized interface for managing Active Directory and provides shared
resources to other NetPro applications. The resources available through the NetControl
Console include:
• Application Security provides component level security for all application components.
• Configuration provides options for setting up email and configuring certain NetPro
applications.
• Agents perform the work defined by licensed NetPro applications that build upon the
NetControl platform.
• Agent Groups are logical or physical groupings of agents used for distributing workload
processing.
• Computer Lists are a way to group physical computer resources based on explicit or
dynamically generated content.
• Schedules are reusable components that define when tasks are to be performed.
• Collectors define what data is to be collected from various resources. The collectors
available are based on the licensed NetPro applications that build upon the NetControl
platform.
• Active Directory Management Console (ADMC) extends Microsoft’s Active Directory
Users and Computers (ADUC) interface to optimize Active Directory management.
• Rules can be defined using the ADMC to add business logic to automate common
Active Directory tasks.
• Workflow allows you to set certain actions that must adhere to a review and approval
workflow process. Workflow is available for actions performed in the ADMC as well as
some of other licensed NetPro applications that build upon the NetControl platform.
• Reports provide a central location for defining the content and generating reports about
the NetControl components and some of the deployed NetPro application.
This chapter describes the layout of the base NetControl Console and how to access the shared
resources, including the following information:
• Connecting to the NetControl Console

• NetControl Console Components
NetControl Overview
8 NetControl
Please refer to the documentation for each individual application for information on the
additional components that are deployed with each application.
To determine the shared components that each licensed NetPro application uses, see
Appendix A: NetPro Applications Using NetControl Components on page 121.
Connecting to the NetControl Console

From the computer where the NetControl console is installed:
1. Select Start | All Programs | NetPro | NetControl | Console.

2. On the NetPro NetControl Connection dialog box, use the drop-down arrow to select the
NetControl server to be used (or from the keyboard, select the down arrow twice).
3. Optionally, select the Remember connection check box to use this server the next time
you run NetControl. If selected, the connection dialog is only displayed if the specified
NetControl server is not available.
NOTE: To disable the Remember Connection setting, use the Help | About menu
command to display the About NetPro NetControl dialog and deselect the
Remember Connection check box on this dialog.
4. Click the Connect button to connect to the NetControl server.
NetControl Console Components

The NetControl console provides the user interface for accessing the shared resources, ADMC
and licensed applications that build upon the NetControl platform. The console consists of the
following main components, which are pointed out in the illustration below:
• Menu Bar – displays the menus for accessing commands.

• Tool Bar – provides quick access to commonly used commands.
• Explorer View – displays a hierarchy of resource containers (folders) used to organize
the resources that can be created and managed. This view is populated based on the
button selected in the navigation pane.
• Navigation Pane – provides access to the base NetControl resources, ADMC and
licensed NetPro applications that use the NetControl platform. The following are the
components installed when NetControl is first installed:
• Configuration – provides options for setting up email and configuring certain
NetPro applications.
• Resources – provides a central location for deploying agents, creating and
maintaining agent groups, computer lists and schedules.
NetControl Overview
NetControl 9
• Collectors – provides a central location for defining data collections. The resource
containers in this pane are based on the licensed NetPro applications that use data
collection. For more information, refer to the individual product documentation.
• Active Directory - provides access to the ADMC which extends Microsoft’s Active
Directory Users and Computers (ADUC) interface to optimize Active Directory
management.
• Workflow – provides a list of workflow items in the workflow queue if there are
actions configured to use workflow. Actions performed using the ADMC and some
of the other licensed NetPro applications use the workflow feature.
• Reports – provides a central location for defining and generating reports for the
NetControl components. There may also be reports for the other deployed NetPro
applications.
• Information Panes – the contents of the right-hand pane depends on the button
selected in the navigation pane and the node/container selected in the explorer view.
This pane may display the objects available in the selected node/container and
supporting details or options for configuring the selected component.
NetControl Overview
10 NetControl
Menu Bar
The NetControl console menus follow the same convention as standard Windows menus. That
is, commands are grouped under a menu on the menu bar. Some of these commands perform
an action immediately; others display an additional dialog or launch a wizard where you select
various options or specify additional information.
The following sections describe the default commands that are available when you install
NetControl. As you deploy NetPro applications, there may be additional commands displayed.
Refer to the documentation for each individual application for more information about
commands specific to each application.
Action Menu
Exit
Use the Exit command to close the NetControl console.
Go Menu
Configuration
Use the Configuration command to open the Configuration pane to set up email and
configure each of the deployed NetPro applications.
Resources
Use the Resources command to open the Resources pane to deploy agents and create,
modify or view agent groups, computer lists and schedules.
Collectors
Use the Collectors command to open the Collectors pane to define the data to be
collected. The resource containers available are based on the NetPro applications that use
data collection.
Active Directory
Use the Active Directory command to open the ADMC to administer directory information.
Workflow
Use the Workflow command to open the Workflow pane to review/track the items in the
workflow queue.
Reports
Use the Reports command to open the Reports pane to define the content and generate
reports.
View Menu
Refresh (F5)
Use the Refresh command to redisplay the contents on the window.
NetControl Overview
NetControl 11
Help Menu
Contents
Use the Contents command to display the Contents pane and initial page of the NetControl
online help.
Search
Use the Search command to display the Search pane and initial page of the NetControl
online help.
Index
Use the Index command to display the Index pane and initial page of the NetControl online
help.
About
Use the About command to display general release information about the NetControl
Service, NetControl Console and licensed NetPro products.
Tool Bar
The tool bar buttons provide quick access to commonly used commands.
Use the Refresh button to redisplay the contents on the window.
Use the Help button to display the online help for the application.
Use the New button to create a new object (e.g., agent group, computer list, schedule) or
a new folder for organizing objects. The icon changes depending on the resource container
selected in the explorer view.
Use the Permissions button to define the delegated permissions for the resource
container selected in the explorer view or the object selected in the object list. Selecting this
button will display the Permissions dialog showing the delegated permissions for the
selected application component.
Depending on the object selected and the NetPro application deployed, a Workflow button
may also be displayed on the Permissions dialog which allows you to set up workflow for
the selected item.
Use the Delete button to remove the object selected in the object list.
Use the Properties button to display the properties for the object selected in the object list.
From this dialog, you can modify the properties previously defined for the selected object.
NetControl Overview
12 NetControl
Use the Start Agent button to start the agent selected in the Agents page. This button is
only available on the Agents page of the Resources pane.
Use the Stop Agent button to stop the agent selected in the Agents page. This button is
only available on the Agents page of the Resources pane.
Use the Restart Agent button to stop and start the selected agent. This button is only
available on the Agents page of the Resources pane.
Explorer View
The explorer view is located in the left pane and is populated based on the button selected in
the navigation pane. From this pane, you can create objects and organize these objects in
resource containers. By right-clicking a folder in the explorer view, you can perform the
following tasks:
New | <object>
Use the New | <object> command to create a new object (e.g., computer list, agent group,
schedule). Selecting this command will display the appropriate dialog allowing you to define
the new object. The <object> types available depend on the NetPro application(s) deployed
to use the NetControl console. Not available on the Reports pane.
New | Folder
Use the New | Folder command to create a new folder in the explorer view to organize the
objects being created. Selecting this command will add a new folder under the currently
selected container in the explorer view. Not available on the Reports pane.
Run
From the Reports pane, use the Run command to define a new report. Selecting this
command will display the appropriate report dialog allowing you to define the contents of
the report, specify the output options, specify the data source and schedule execution of
the report. This command is only available on the Reports pane.
Delete
Use the Delete command to remove a user-defined container from the explorer view and
any child folders and objects created in the selected container. This command is only
available for user-defined containers. Not available on the Reports pane.
NOTE: You can NOT delete the default parent containers initially displayed when the
product is installed. If you select one of these parent containers and select the
Delete command, all of the folders or objects that have been added to the
selected parent container will be deleted.
NetControl Overview
NetControl 13
Rename
Use the Rename command to change the name of the selected user-defined container.
This command is only available for user-defined containers. Not available on the Reports
pane.
Permissions
Use the Permissions command to display the delegated permissions for the selected
container. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Depending on the object selected and the NetPro application deployed, a Workflow button
may also be displayed on the Permissions dialog which allows you to set up workflow for
the selected item. See Chapter 8: Workflow on page 53.
Refresh
Use the Refresh command to retrieve and display the latest information.
Navigation Pane
The navigation pane is located in the lower left pane of the console and contains buttons that
allow you to access the base NetControl components. As you deploy and license NetPro
applications, additional buttons may be displayed. Selecting a button in this pane will populate
the resource containers in the explorer view used to organize the objects being created and
managed through the NetControl console.
Selecting the arrows at the bottom of the navigation pane displays the following commands
allowing you to control the buttons displayed in the navigation pane:
Show More Buttons

Use the Show More Buttons command to display buttons that have been previously
removed from the bottom of the navigation pane using the Show Fewer Buttons
command.
NetControl Overview
14 NetControl
Show Fewer Buttons

Use the Show Fewer Buttons command to remove the bottom-most button from the
navigation pane.
Navigation Pane Options

Use the Navigation Pane Options command to display the Navigation Pane Options
dialog where you can select (check) the buttons to be displayed and change the order of
the buttons displayed on the navigation pane.
Add or Remove Buttons

Use the Add or Remove Buttons command to select the buttons to be hidden/displayed
in the navigation pane.
You can also resize the navigation pane to hide the bottom-most button(s). To resize this pane,
place your cursor at the top of the pane until your cursor is replaced with a double arrow. Hold
down the right mouse button and drag the arrow down the screen. As buttons are hidden from
the screen they are replaced with an icon which can be selected to open the corresponding
NetControl page.
Information Panes
The contents of the information panes, located in the right-hand pane depend on the button
selected in the navigation pane and the node/container selected in the explorer view. This pane
may display the objects available in the selected node/container and supporting details or
options for configuring the selected component.
The first time the console is launched, the NetControl Email pane will be displayed allowing you
to configure the NetControl email settings. However, each subsequent time the console is
launched, the pane last displayed when the console was closed will be displayed.
Please refer to the individual chapters in this guide for a description of the information panes
available and the tasks that can be performed from each.
NetControl Overview
NetConrol 15
Chapter 3: Application Security
Delegation of administration allows you to transfer the responsibility for administrative tasks to
a lower-level administrator. Application security provides component level security for all
application components.
By default, users in the Domain Admins group are granted Full Control to NetControl, while
users in the Everyone group are granted Read All Properties. These default permissions
ensure that only privileged users have the rights to invoke change in NetControl.
This chapter provides the following information for building a secure NetControl deployment:
• Considerations for Implementing Application Security

• Implementing Application Security
Considerations for Implementing Application Security

While every task can be delegated at a granular level, consider the following before changing
any security settings:
• The internal workings of NetControl’s security model work the same as Active Directory
and NTFS security.
• Subcontainers can be created in all nodes. These containers serve a dual purpose.
Primarily, containers are used to organize content, but they can also be used as a
boundary or scope of management for a delegated user. For example, allowing user
Domain\Sally to create Security Templates in a single container.
16 NetConrol
Implementing Application Security

To implement application security:
1. Select a resource container from the explorer view (for example, Agents or Computer
Lists) or an object from the object list.
2. Select the Permissions command from the tool bar ( ) or the right-click menu. This
will display the Permissions dialog for the selected application component.
3. By default, all application components have the following permissions defined:
• Allow | Everyone | Read All Properties | This object and all child objects
• Allow | Domain Admins | Full Control | This object and all child objects
4. To add additional permissions select the Add button, which will display the New
Permission Entry dialog.
5. On the New Permission Entry dialog, select the permissions to be allowed and/or denied
to secure the selected application component.
• Account – use the browse button to locate and select a user or group account
to be delegated these permissions.
• Apply to – select the appropriate option to specify what object types are going to
receive the selected permissions (for example, this object only, this object and
child objects, or child objects only).
• Permissions – select the Allow or Deny check boxes for the permissions to be
delegated.
• Apply these permissions to immediate objects and/or containers only –
optionally select this check box to define the level of effectiveness the selected
rights will assume.
• Expires on – optionally select this check box and select the date these
permissions are to expire.
6. After adding the new permissions entry, use the OK button to save your settings. The
new permission will be displayed on the Permissions dialog.
NetConrol 17
Permissions Dialog
The Permissions dialog is displayed when the Permissions tool bar button or right-click
menu command is selected for an application component. Use this dialog to view and/or modify
the permissions to be delegated to the selected application component.
By default, users in the Domain Admins group are granted Full Control to NetControl, while
users in the Everyone group are granted Read All Properties. The default permissions are
displayed in the Permissions dialog.
Permissions list box

This list box displays the permissions to be applied to the selected application component.
It includes the following information for each permission:
Type
This column displays the type of permission being delegated: Allow or Deny
Account
This column displays the name of the user or group account to be delegated each
permission listed.
Permission
This column displays the name of the permission being delegated.
Apply To
This column displays the objects to which each permission applies: this object only, this
object and child objects or child objects only.
Inherited From
For child objects, this column displays the parent object from which the permissions
where inherited.
Expires On
If applicable, this column displays the date when the permissions will expire.
18 NetConrol
Add
Use the Add button to add permissions to the list box. Selecting this button will display the
New Permission Entry dialog allowing you to select the permission(s) to be included. This
dialog also allows you to specify the user or group account, the object types that are to
receive the permission(s), the level of effectiveness the rights will assume, and if applicable
an expiration date.
Remove
After permissions have been added and are displayed in the Permissions list box, use the
Remove button to remove a permission entry from the list box. Select the permission entry
to be removed and select the Remove button.
New Permission Entry Dialog

The New Permissions Entry dialog is displayed when the Add button is selected on the
Permissions dialog when assigning application security. From this dialog, specify the access
permissions to be applied to the selected component (for example, deny access for deploying
agents).
Account
Use the browse button to specify a user or group account to be granted or denied
access permissions to the selected application component. Selecting the browse button will
display the native Select User or Group dialog allowing you to locate and select a user or
group account.
NetConrol 19
Apply to
This drop-down text box allows you to specify the object types that are to be granted the
selected permissions. By default, the permissions selected will be applied to this object and
all child objects; however, you can use the drop-down menu to change this setting. Valid
entries are:
• This object only

• This object and all child objects (default)
• Child objects only
Permissions list box

This list box displays the permissions that can be granted or denied. From this list box,
select the appropriate access permissions:
• Full Control
• Read All Properties
• Write All Properties
• Modify Permissions
• Delete
• Delete Subtree
• Create All Child Objects
• Delete All Child Objects
• Create Folders
• Delete Folders
• Create <object> (for example, Schedule, Agent Group)
• Delete <object> (for example, Computer List, Agent Group)
Clear
Use the Clear button to clear any check marks from the Permissions list box.
Apply these permissions to immediate objects and/or containers only

Select this check box to apply the permissions to the selected object and/or container only.
That is, if this option is checked, the permissions will not apply to any subordinate objects
or containers.
Expires on
To create a temporary (expiring) permission assignment, select this check box and use the
arrow to view a calendar grid to select the date when these permissions are to expire.
NetControl 21
Chapter 4: Agents
Using the Resources pane in the NetControl console, you can deploy and maintain agents.
NetControl agents distribute the workload processing as defined by each individual NetPro
application. Agents communicate directly with the SQL Server database on a configured
interval to receive a list of actions that need to be executed upon.
Refer to the documentation for each deployed NetPro application to determine if it uses
NetControl agents.
This chapter provides the following information and procedures:
• Agents Pane
• Considerations for Deploying Agents
• Deploying Agents
Agents
22 NetControl
Agents Pane
The Agents pane is displayed when Agents is selected in the explorer view of the Resources
pane. From this pane you can deploy agents and view the status of deployed agents.
Explorer View
The explorer view displays a hierarchy of folders created to organize your agents.
Agents List
The agents list displays a list of deployed agents for the container selected in the explorer
view. The following information is displayed for each agent:
• Server – the name of the server where an agent was deployed

• Comment – the comment or descriptive text entered when the agent was deployed
• Status – the current status of the agent (for example, Offline, Copying File,
Installing, Updating, Running)
• Version - the current version of each agent deployed
Right-click an object in the agents list to perform tasks related to the selected object.
Move to
Use the Move to command to move the selected agent to a different folder in the
explorer view. Selecting this command will display the Select a Folder dialog allowing
you to select the folder to which the agent is to be moved.
Agents
NetControl 23
Delete
Use the Delete command to remove the selected agent from the agents list.
Permissions
agent. Selecting this command will display the Permissions dialog allowing you to view,
Properties
Use the Properties command to display the properties set for the selected agent.
Selecting this command will display the Properties dialog allowing you to view or modify
the security permissions assigned to the selected agent.
Details View
The details view displays information regarding the jobs (for example, data collection,
report) that are assigned to the agent selected in the object list. The following information
is displayed:
• Name – the name assigned to the job when it was created

• Comment – the comment or descriptive text entered when the job was defined
• Type – the type of job run on the selected agent
• Run Date – the date the associated job ran
• Elapsed Time – the amount of time it took to run the associated job
• Status – the current status of the job
Right-clicking in the agents list pane (not an object in the list) or details view pane will display
the following commands allowing you to change the content displayed in the agents list/details
view pane:
New | Agent
Use the New | Agent command to deploy a new agent.
View
Expand the View command and select one of the following options to change how the
objects in the agents list are displayed:
• Tiles
• Icons
• List
• Details (default)
Arrange By
Expand the Arrange By command and select the appropriate option to change the sort
order for the displayed objects. The sort options available are based on the container
selected in the explorer view. More specifically, the options will match the column headings
in the agents list.
Agents
24 NetControl
Arrange By | Show in Groups

Use the Arrange By | Show in Groups command to group the objects in the list based on
the sort method selected. A check mark in front of this command will display the objects in
groups with corresponding headings.
Refresh
Considerations for Deploying Agents

Prior to deploying agents, carefully consider the following items:
• Agent(s) will be running with elevated privileges, so ensure you have followed
Microsoft’s Best Practices for Securing Service Accounts.
• Consider grouping agents based on geographical location and the security required to
access the managed content:
• Deploying agents close to the objects being managed will help reduce the amount
of WAN traffic.
• If you have highly sensitive data that will be managed or are required to operate
under the principals of least privilege, then grouping resources by security level is
paramount.
• Review the default application security and start granting access as required to
interested parties (See Chapter 3: Application Security on page 15 for information on
building a secure deployment). For example:
• Restrict who can modify agent groups
• Restrict who can deploy agents
Deploying Agents
Prior to deploying agents, please review ‘Considerations for Deploying Agents’ on page 24.
To deploy agents:
1. Select Resources from the navigation pane.

2. Select Agents from the explorer view.
3. Select the New | Agent tool bar button or right-click menu command. This will display
the New Agent Deployment dialog allowing you to specify the computers where an
agent is to be deployed.
4. On the Servers page of this dialog, use the appropriate Add option to deploy an agent
to an individual computer or to all computers in a computer list.
• Use the Add | Computer option to deploy an agent to an individual computer.
Selecting this option will display the native Select Computers dialog allowing you
to specify the computer to be included.
• Use the Add | Computer List option to deploy an agent to all the computers in a
given computer list. Selecting this button will display the Select a Computer List
dialog allowing you to select the computer list to be used.
Agents
NetControl 25
5. On the Servers page, also enter a descriptive comment and the logon credentials for
the account the agent is to run as.
6. Open the Agent Groups page to add the agent(s) to an agent group. On this page, select
the Add button to display the Select an Agent Group dialog where you can select or
create an agent group to which the agent is to be assigned.
7. After specifying where agents are to be deployed, select the OK button to close the
dialog and start the deployment process.
The status of the deployed agents will be displayed in the Agents object list.
New Agent Deployment Dialog

The New Agent Deployment dialog is displayed when the New | Agent tool bar button or right-
click menu command is selected from the Agents pane. From this dialog, you can specify the
computers to which agents are to be deployed. You can deploy agents to an individual
computer or all computers in a computer list. You can also assign these agents to agent groups
as part of the deployment process.
This dialog consists of two tabbed pages:
• Servers – use the Servers page to specify the server to which agents are to be deployed
and the user account the agent is to run as.
• Agent Groups – use the Agent Groups page to assign the deployed agents to one or
more agent groups.
Servers Page
From the Servers page, specify the server(s) to which an agent is to be deployed. The
information entered on this page will be displayed in the Agents object list when Agents is
Agents
26 NetControl
Servers list box

The servers list box displays the servers or computer lists to which a NetControl Agent
Service is to be deployed. In addition to the server's/computer list's name, this list box also
displays the type: Computer or Computer List. Use the appropriate Add option to add a
computer or computer list to the list box.
Add | Computer
Use the Add | Computer option to add an individual server to the servers list box. Selecting
this option will display the native Select Computers dialog allowing you to specify the
computer to which an agent is to be deployed.
Add | Computer List

Use the Add | Computer List option to add a computer list to the servers list box. Selecting
this option will display the Select a Computer List dialog allowing you to select a previously
defined computer list or create a new computer list. When a computer list is selected, an
agent will be deployed to all servers in the computer list.
Remove
Use the Remove button to remove the selected computer or computer list from the list box.
If an agent has already been deployed, this command will also remove the agent from the
selected machine(s). Select the computer or computer list to be removed and select the
Remove button.
NOTE: If an agent is removed before it completes any assigned jobs, the agent
coordinator will reassign these unfinished jobs to another agent in the
agent group.
Comment
Optionally, enter a description or comment regarding the agent(s) being deployed.
Log on As: Account

Enter or use the browse button to specify the user account that the agent is to run as.
Selecting the browse button will display the native Select User dialog allowing you to locate
and select the user account to be used.
NOTE: This account must have access to the database and the rights to perform
whatever tasks the agent is going to be asked to do. For example, if the agent
is to delegate Active Directory permissions, this account must have the rights to
modify permissions over the appropriate Active Directory objects.
Log on As: Password

Enter the password associated with the specified user account.
Agents
NetControl 27
Agent Groups Page

Use the Agent Groups page to add the newly deployed agent(s) to one or more agent groups.
Group agents to provide load balancing and fault tolerant processing centers. Distributing all
tasks across the processing group, ensures tasks are processed as quickly as possible.
Additionally, the processing group creates fault tolerance, so if an agent becomes unavailable,
all unfinished work is redistributed across the processing center.
Agent Group list box

The agent group list box displays the agent group(s) to which the agent(s) being deployed
are to be assigned. Use the Add and Remove buttons to add/remove agent groups to/from
this list.
Add
Use the Add button to add agent groups to the list box. Selecting this button will display the
Select an Agent Group dialog allowing you to select one or more agent groups from a list
of previously defined agent groups or to create a new agent group.
Remove
After agent groups have been added and are displayed in the agent group list box, use the
Remove button to remove an agent group from the list box. If an agent is already assigned
to an agent group in the list, this command will also remove that agent from the selected
agent group. Select the agent group to be removed and select the Remove button.
Agents
28 NetControl
Select a Computer List Dialog

The Select a Computer List dialog is displayed when the Add | Computer List option is
selected on the Servers page of the New Agent Deployment dialog. From this dialog, select the
computer list(s) to which NetControl Agents are to be deployed. That is, an agent will be
deployed to all the servers included in the computer list.
This dialog is also displayed when the Add | Computer List option is selected on the
Computers page of the New Collector dialog. When accessed from this dialog, select the
computer list(s) from which data is to be collected.
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize
computer lists. Click the node next to a container or double-click a container to expand the
folder structure to locate the computer list(s) to be used. Select a container to view the computer
lists created in the selected container.
Right-click the Computer List folder (or other user-defined folder) in the explorer view to
display the following commands:
New | Computer List

Use the New | Computer List command to create a new computer list. Selecting this
command will display the New Computer List dialog allowing you to define a new computer
list.
New | Folder
Use the New | Folder command to create a new folder for organizing your computer lists.
Selecting this command will add a new folder under the currently selected container in the
explorer view.
Delete
any child containers or objects created in the selected container. This command is only
available for user-defined containers.
Agents
NetControl 29
Rename
Use the Rename command to change the name of the selected container. This command
is only available for user-defined containers.
Permissions
Refresh
Use the Refresh command to retrieve and display the latest information on the dialog.
Object List
The object list, in the right pane, is populated based on the folder selected in the explorer view.
From this list box, select the computer list(s) to which an agent is to be deployed.
Right-click a computer list in the object list to display the following commands:
Delete
Use the Delete command to remove the computer list from the object list.
Properties
Use the Properties command to display the properties set for the selected computer list.
Selecting this command will display the Properties dialog allowing you to view or modify the
computers included in the selected computer list.
NOTE: This dialog contains the same tabbed pages as the New Computer List dialog. See
‘Computer Lists Pane’ on page 40 for a description of this dialog.
Select an Agent Group Dialog

The Select an Agent Group dialog is displayed when the Add button is selected on the Agent
Groups page of the New Agent Deployment dialog. From this dialog, select the agent group(s)
to which the deployed agents are to be added.
Agents
30 NetControl
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize agent
groups. Click the node for a container or double-click a container to expand the folder structure
to locate the agent group(s) to be included. Select a container to display the agent groups
created in the selected container.
Right-click the Agent Groups folder (or other user-defined folder) in the explorer view to
display the following commands:
New | Agent Group

Use the New | Agent Group command to create a new agent group. Selecting this
command will display the New Agent Group dialog allowing you to define a new agent
group.
New | Folder
Use the New | Folder command to create a new folder. Selecting this command will add a
new folder under the currently selected container in the explorer view.
Delete
any child containers or objects created in the selected container.
Rename
Use the Rename command to change the name of the selected container. This command
is only available for user-defined containers.
Permissions
Refresh
Agents
NetControl 31
Object List
From this list box, select the agent group(s) to be added to the agent group list box back on the
originating dialog. That is, the newly deployed agent will be assigned to this agent group.
Right-click an agent group in the object list to display the following commands:
Move to
Use the Move to command to move the selected object to a different folder. Selecting this
command will display the Select a Folder dialog allowing you to select the folder to which
the object is to be moved.
Delete
Use the Delete command to remove the agent group from the object list.
Permissions
object. Selecting this command will display the Permissions dialog allowing you to view,
Properties
Use the Properties command to display the properties set for the selected agent group.
Selecting this command will display the Properties dialog allowing you to view or modify the
agents included in the selected agent group.
NOTE: This dialog contains the same tabbed pages as the New Agent Group dialog. See
‘Creating Agent Groups’ on page 33 for a description of this dialog.
Agents
NetControl 33
Chapter 5: Agent Groups
Using the Resources pane in the NetControl console, you can create and maintain agent
groups. An agent group is a collection of one or more servers running the NetControl Agent
Service. Workload for an agent group is distributed across all agents in the processing group
thus allowing for process load balancing.
The NetControl application provides no restrictions for grouping. Agents can be grouped based
on geographical location, applications, or resource security level. Most often, geography and
security level determine how agents are grouped. This ensures that processing does not occur
across the WAN and that agents will be provided the proper level of security to the underlying
data.
One agent in an agent group will assume the role of the coordinator. The coordinator will check
and verify that each agent in the agent group is updating within the allowed update notification
interval. In the event of agent failure, the coordinator will redistribute the unfinished workload of
the failed agent to the remaining agents in the agent group. Fault tolerance is built in at the
agent and coordinator level—if the coordinator fails, another agent in the agent group will
assume that role.
Refer to the documentation for each deployed NetPro application to determine if it uses agent
groups to organize agents.
• Agent Groups Pane

• Creating Agent Groups
Agent Groups
34 NetControl
Agent Groups Pane

The Agent Groups window is displayed when Agent Groups is selected in the explorer view of
the Resources pane. From this pane you can define agent groups and view where these agent
groups are being used.
Explorer View
The explorer view displays a hierarchy of folders created to organize your agent groups.
Agent Groups List

The agent groups list displays a list of agent groups created under the container selected
in the explorer view. The following information is displayed for each agent group:
• Name – the name assigned to the agent group when it was created
• Comment – the comment or descriptive text entered when the agent group was
created
Right-click an object in the agent groups list to perform tasks related to the selected object.
Move to
Use the Move to command to move the selected agent group to a different folder in the
you to select the folder to which the agent group is to be moved.
Delete
Use the Delete command to remove the agent group from the agent groups list.
Agent Groups
NetControl 35
Permissions
agent group. Selecting this command will display the Permissions dialog allowing you
to view, add or remove permissions.
Properties
Use the Properties command to display the properties set for the selected agent
group. Selecting this command will display the Properties dialog allowing you to view
or modify the security permissions applied to the selected agent group.
Details View
The details view displays information about the resource components (for example,
collectors, schedules, etc.) that are associated with the agent group selected in the object
list. The following information is displayed:
• Name – the name of the resource component linked to the selected agent group
• Comment – the comment or descriptive text entered when the resource
component was created
• Type – the type of resource component linked to the selected agent group
Right-click in the agent groups list pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the agent groups list/
details view pane:
New | Agent Group

Use the New | Agent Group command to create a new agent group.
View
objects in the object list are displayed:
• Tiles
• Icons
• List
Arrange By
in the agent groups list.

Agent Groups
36 NetControl
Refresh
Creating Agent Groups

You can create an agent groups and assign agents to this group at a later time or you can
create agent groups and assign agents to the group at creation time. You can add or remove
agents to existing agent groups at any time.
NOTE: Agents can belong to more than one agent group.
To create an ‘empty’ agent group:
Creating an 'empty' agent group allows you to assign deployed agents to this group at a
later time. For example, by creating an ‘empty’ agent group before deploying agents, you
can assign agents to this group as part of the deployment process.

2. Select Agent Groups from the explorer view.
3. Select the New | Agent Group tool bar button. (Or right-click Agent Groups and select
the New | Agent Group menu command.) This will display the New Agent Group dialog
where you can name the agent group.
4. On the General page, enter a descriptive name and an optional comment to describe
the agent group.
5. After entering a name and description, use the OK button to close the dialog and create
the 'empty' agent group. The newly created agent group will be displayed in the
Resources object list when Agent Groups is selected in the explorer view.
To create an agent group with agents:

2. Select Agent Groups from the explorer view.
3. Select the New | Agent Group tool bar button or right-click menu command. This will
display the New Agent Group dialog where you can name and specify the agents that
are to belong to this agent group.
the agent group.
5. Open the Agents page and select the Add button. This will display the Select an Agent
dialog allowing you to select the agent(s) to be added to the agent group.
6. On the Agents page, you can also update the Update Notification time as desired. This
interval is used by the coordinator to determine if the other agents in the group are
updating within the specified time.
7. After entering a name and selecting the agents to be added, use the OK button to close
the dialog and create the agent group. The newly created agent group will be displayed
in the Resources object list when Agent Groups is selected in the explorer view.
Agent Groups
NetControl 37
To add (or remove) an agent to an agent group:
1. Open the Resources pane and select Agent Groups from the explorer view.
2. Expand the folder structure in the explorer view and locate the agent group to which
agents are to be added or removed.
3. In the object list, right-click the agent group and select Properties.
4. This will display the Properties dialog for that agent group. Use the Agents page of this
dialog to add (or remove) an agent to the selected agent group.
New Agent Group Dialog

The New Agent Group dialog is displayed when the New | Agent Group tool bar button or the
right-click menu command is used when Agent Groups (or a subordinate folder) is selected in
the explorer view of the Resources pane.
This dialog consists of two tabbed pages:
• General – use the General page to enter a name and description for the new agent
group.
• Agents – use the Agents page to specify the agents to be included in the agent group.
General Page
From the General page, specify the general information for the agent group. The information
entered on this page will be displayed in the Resources object list when Agent Groups is
Name
Enter a descriptive name for the new agent group.
Example: US New York Mid-Town Data Center File Servers
Agent Groups
38 NetControl
Comment
Optionally, enter a description or comment for the new agent group.
Example: Agents in this agent group have been granted privileged access only to set
permissions on all file servers in the Mid-Town Data Center location for New York City.
(Note a separate agent group has been defined for the Financial Center.)
Agents Page
From the Agents page, specify the servers to which a NetControl Agent has been deployed that
are to be included in the agent group.
Agent list box

This list box displays the agented servers to be included in the new agent group. It includes
the server name and any comments that were entered when the agent was deployed.
Add
Use the Add button to add an agent to the agent group. Selecting this button will display
the Select an Agent dialog allowing you to select the agent(s) to be included.
Remove
After agents have been added and are displayed in the Agent list box, use the Remove
button to remove an agent from the list box (and the agent group). Select the agent to be
removed and select the Remove button.
Update Notification <nn> minutes

The Update Notification interval is used by the coordinator to determine if all of the agents
in the selected agent group are updating within the specified time. The default interval is
5 minutes.
Agent Groups
NetControl 39
Select an Agent Dialog

The Select an Agent dialog is displayed when the Add button is selected on the Agents page
of the New Agent Group dialog. From this dialog, select the agent(s) to be included in the new
agent group.
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize
deployed NetControl Agents. Click the node next to the container or double-click a container to
expand the folder structure to locate the agent(s) to be included. Select a container to display
the agents deployed under the selected container.
Right-click the Agents folder (or subfolder) in the explorer view to display the following
commands:
New | Agent
Use the New | Agent command to deploy a NetControl Agent to a specified server.
Selecting this command will display the New Agent Deployment dialog allowing you to
select the server(s) to which an agent is to be deployed.
Refer to ‘New Agent Deployment Dialog’ on page 25 for a description of the New Agent
Deployment dialog.
New | Folder
Use the New | Folder command to create a new folder to organize the deployed agents.
Selecting this command will add a new folder under the currently selected container in the
explorer view.
Delete
any child containers or objects created in the selected container. This command is only
available for user-defined containers.
Rename
Use the Rename command to change the name of the selected user-defined container.
This command is only available for user-defined containers.
Agent Groups
40 NetControl
Permissions
Refresh
Object List
From this list box, select the agent(s) to be included in the agent group.
Right-click an agent in this list box to display the following commands:
Start
Use the Start command to start the agent service.
Stop
Use the Stop command to stop the agent service.
Move to
Use the Move to command to move the selected object to a different folder. Selecting this
command will display the Select a Folder dialog allowing you to select the folder to which
the object is to be moved.
Remove
Use the Remove command to remove the agent service from the selected sever.
Permissions
object. Selecting this command will display the Permissions dialog allowing you to view,
Properties
Use the Properties command to view the properties defined for the selected agent.
Selecting this command will display the Properties dialog for the agent allowing you to
modify the server credentials as well as the agent group(s) to which this agent is currently
assigned.
NOTE: This dialog contains the same tabbed pages as the New Agent Deployment dialog
with the exception of the Change Service credentials check box. See ‘New Agent
Deployment Dialog’ on page 23 for a description of the information provided in this
dialog.
Agent Groups
NetControl 41
Chapter 6: Computer Lists
Using the Resources pane in the NetControl console, you can create and maintain computer
lists. A computer list is a way to group physical computer resources based on explicit or
dynamically generated content.
When using the LDAP query or Script options, the computer list will be regenerated each time
the computer list is used. The benefit of using dynamically generated computer lists, is that
when new servers come online matching the criteria defined, they are automatically added to
the computer list. This eliminates the need to manually add new servers each time.
Refer to the documentation for each deployed NetPro application to determine if it can use
computer lists.
This chapter provides the following information and procedure:
• Computer Lists Pane

• Building Computer Lists
Computer Lists
42 NetControl
Computer Lists Pane

The Computer Lists pane is displayed when Resources is selected in the navigation pane and
Computer Lists is selected in the explorer view of the Resources pane. From this pane you
can define computer lists and see to which components it is linked.
Explorer View
The explorer view displays a hierarchy of folders created to organize your computer lists.
Computer Lists View

The computer lists view displays a list of computer lists created under the container
selected in the explorer view. The following information is displayed for each computer list:
• Name – the name assigned to the computer list when it was created
• Comment – the comment or descriptive text entered when the computer list was
created
Right-click an object in the computer list view to perform tasks related to the selected
object.
Move to
Use the Move to command to move the selected computer list to a different folder in
the explorer view. Selecting this command will display the Select a Folder dialog
allowing you to select the folder to which the computer list is to be moved.
Computer Lists
NetControl 43
Delete
Use the Delete command to remove the selected computer list from the computer lists
view.
Permissions
computer list. Selecting this command will display the Permissions dialog allowing you
to view, add or remove permissions.
Properties
Use the Properties command to display the properties set for the selected computer
list. Selecting this command will display the Properties dialog allowing you to view or
modify the security permissions applied to the selected computer list.
Details View
The details view displays information about the resource component to which the computer
list selected in the computer list view is linked. The following information is displayed:
• Linked To – the name of the resource component associated with the selected
computer list
• Comment – the comment or descriptive text entered when the linked resource
• Type – the type of resource component linked to the selected computer list
Right-click in the computer lists pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the computer list/
details view pane:
New | Computer List

Use the New | Computer List command to create a new computer list.
View
objects in the computer list view are displayed:
• Tiles
• Icons
• List
Arrange By
in the computer lists view.
Computer Lists
44 NetControl

Refresh
Building Computer Lists

Using the Resources pane, you can create computer lists using one of three methods:
• creating an explicit list

• generating a list based on an LDAP query
• generating a list based on a script
To build an explicit computer list:
1. Select Resources from the navigation pane to open the Resources pane.
2. Select Computer Lists from the explorer view.
3. Select the New | Computer List tool bar button or right-click menu command. This will
display the New Computer List dialog where you can name and build the computer list.
the computer list.
5. Proceed to the Computers page, and in the Type box select Computers.
6. Select the Add button to display the native Select Computers dialog. From this dialog,
select the computers to be included in this computer list.
7. After entering a name and specifying the computers to be included in the list, use the
OK button to close the dialog and save the computer list.
8. The newly created computer list will be displayed in the object list when Computer Lists
is selected in the explorer view.
To build a dynamic computer list based on an LDAP query:
the computer list.
5. Proceed to the Computers page, and in the Type box select LDAP query and fill in the
requested information:
• Container – optionally enter or use the browse button to select the container to
be searched.
• Scope – select the scope (entire subtree or immediate children only).
Computer Lists
NetControl 45
6. Use the Generate button to build the LDAP query. Selecting this button will display the
native Find Computers dialog allowing you to specify the criteria to be used in the query.
After entering the criteria to be included in the LDAP query, select the OK button. The
LDAP query will be displayed in the text box back on the New Computer List dialog.
For example, to query Active Directory for all domain controllers with names ending with
DC001, enter the following information to create the LDAP query:
On the Find Computers dialog, enter:

Computer Name: *DC001
Role: Domain Controller
Back on the Computers tab, the Filter text box should read:
(primaryGroupID=516)(name=*DC001)
7. Optionally use the Test button to search Active Directory using the query generated. A
results dialog will be displayed listing the computers that currently match the criteria
specified.
8. After entering a name and generating the LDAP query to be used to build the computer
list, use the OK button to close the dialog and save the computer list.
9. The newly created computer list will be displayed in the object list when Computer Lists
To build a dynamic computer list based on a script:
the computer list.
5. Proceed to the Computers page, and in the Type box select Script.
6. In the Language box, select the type of script to be created: VBScript (default) or
JScript.
7. In the text box, enter the script to be executed.
For example, to query all workstations or servers running Windows 2003 R2 with names
ending in MEM01 and DC01, you could enter the following VB script:
Function GetComputerList()
Dim Results()
i = 0
Set rootDSE = GetObject(“LDAP://RootDSE”)
defaultNC = rootDSE.Get(“defaultNamingContext”)
Set oCommand = CreateObject(“ADODB.Command”)

Set oConnect = CreateObject(“ADODB.Connection”)
oConnect.Provider = “ADsDSOObject”
OConnect.Open “Active Directory Provider”
oCommand.ActiveConnection = oConnect
sContainer = “<LDAP://” & defaultNC & “>”
Computer Lists
46 NetControl
sFilter = “(&(sAMAccountType=805306369)(objectCategory=computer)(oper-
atingSystemVersion=5.2 \283790\29)(|(cn=*MEM01)(cn=*DC01)))”
sAttrib = “cn”
sQuery = sContainer & “;” & sFilter & “;” & sAttrib & “;subtree”
oCommand.CommandText = sQuery
Set oRecordSet = oCommand.Execute
Do until oRecordSet.EOF
i = i + 1
ReDIM PRESERVE Results(i)
Results(i) = oRecordSet.Fields(“cn”).value
oRecordSet.MoveNext
Loop
oConnect.Close
GetComputerList = Results
End Function
8. Optionally use the Test button to run the script to generate the computer list. A results
dialog will be displayed listing the computers that currently match the criteria specified.
9. After entering a name and the script to be used to build the computer list, use the OK
button to close the dialog and save the computer list.
10.The newly created computer list will be displayed in the object list when Computer Lists
New Computer List Dialog

The New Computer List dialog is displayed when the New | Computer List tool bar button or
right-click menu command is used when Computer Lists (or subordinate folder) is selected in
the explorer view of the Resources pane. This dialog is also displayed when the
New | Computer List right-click menu command is selected from the Select a Computer List
dialog.
From this dialog you will define computer lists which can then be used to deploy agents or
assigned to jobs that need to be performed. This dialog consists of two tabbed pages:
• General – use the General page to enter a name and description for the computer list.
• Computers – use the Computer page to define the computers to be included in the new
computer list.
Computer Lists
NetControl 47
General Page
From the General page, specify the general information for the computer list. The information
entered on this page will be displayed in the Resources object list when Computer Lists is
Name
Enter a descriptive name for the new computer list.
Comment
Optionally, enter a description or comment for the new computer list.
Computers Page
From the Computers page, specify the type of list to be created and enter the required
information to build the list.
Type
Use the drop-down menu to select the type of computer list to be built:
• Computers – Select this option to generate a static list consisting of an explicit list
of computers.
• LDAP Query – Select this option to dynamically generate a list of computers based
on the criteria defined by an LDAP query.
• Script – Select this option to dynamically generate a list of computers base on the
criteria defined in a script.
The options on the dialog box will change depending on the type selected.
Computer Lists
48 NetControl
Computers
The following options are displayed when the Computers option is selected:
Computers list box

This list box displays the computer(s) to be included in the new computer list. Use the
Add and Remove buttons to add/remove computers to/from this list box.
Add
Use the Add button to add a computer to the computer list. Selecting this button will
display the native Select Computers dialog allowing you to select the machine(s) to be
included.
Remove
After computers have been added and are displayed in the Computers list box, use the
Remove button to remove a computer from the list box (and from the computer list).
Select the computer to be removed and select the Remove button.
LDAP Query
The following options are displayed when the LDAP Query option is selected:
Container
Optionally, use the browse button to locate a container to be searched.
Computer Lists
NetControl 49
Scope
By default, the entire subtree will be searched, however, you can use the drop-down
menu to search the immediate child only.
Filter
This text box will be populated after the LDAP query is created using the Generate
button. After generating the query, this text box will display the LDAP query created
based on the information specified in the Find Computers dialog.
Generate
Use the Generate button to specify the criteria to be used in the LDAP query. Selecting
this button will display the native Find Computers dialog allowing you to specify the
criteria to be used.
Test
Optionally, use the Test button to search Active Directory using the query generated.
A results dialog will be displayed listing the computers that currently match the criteria
specified in the LDAP query.
Script
The following options are displayed when the Script option is selected.
Script text box

In this text box, enter the script to be used to create the computer list.
Language
Select the language to be used to create the script. By default, VBScript is selected;
use the drop-down menu to change the language of the script to JScript if desired.
Test
Optionally, use the Test button to search Active Directory using the script entered. A
results dialog will then be displayed listing the computers that currently match the
criteria specified in the script.
Computer Lists
NetControl 51
Chapter 7: Schedules
Using the Resources pane in the NetControl console, you can create and maintain schedules.
In NetControl, jobs are designed to run based on a user-specified interval. Often times,
administrators want many operations to occur at the same time (for example, every night at
midnight). Schedules allow you to express the preferred time(s) for operations to occur. Then
you can link the appropriate jobs to the defined schedule. That is, all operations that occur at
midnight can be defined by a single management point.
Schedules also provide the flexibility to disable scheduled tasks in the event of a required
maintenance window. Additionally, if all jobs that occur at midnight need to move to 1:00 AM,
due to a time change, the schedule can be adjusted once and all linked jobs will be updated.
Refer to the documentation for each individual NetPro application to determine if your
application can use the scheduling feature.
• Schedules Pane
• Defining Schedules
Schedules
52 NetControl
Schedules Pane
The Schedules pane is displayed when Resources is selected in the navigation pane and
Schedules is selected in the explorer view of the Resources pane. From this pane you can
define schedules and see to which components/jobs it is linked.
Explorer View
The explorer view displays a hierarchy of folders created to organize your schedules.
Schedules List
The schedules list displays a list of schedules created under the container selected in the
explorer view. The following information is displayed for each schedule:
• Name – the name assigned to the schedule when it was created

• Comment – the comment or descriptive text entered when the schedule was
created
Right-click an object in the schedules list to perform tasks related to the selected object.
Move to
Use the Move to command to move the selected object to a different folder in the
you to select the folder to which the object is to be moved.
Delete
Use the Delete command to remove the selected schedule from the schedules list.
Schedules
NetControl 53
Enabled
Use the Enabled command to enable and disable the selected schedule. A check mark
to the left of the Enabled command means the schedule is enabled.
Permissions
schedule. Selecting this command will display the Permissions dialog allowing you to
view, add or remove permissions.
Properties
Use the Properties command to display the properties set for the selected schedule.
Selecting this command will display the Properties dialog allowing you to view or modify
the security permissions applied to the selected schedule.
Details View
The details view displays information about the resource component (for example,
collector, agent, schedule) to which the schedule selected in the object is linked. The
following information is displayed:
• Linked To – the name of the resource component associated with the selected
schedule
• Comment – the comment or descriptive text entered when the linked resource
• Type – the type of resource component linked to the selected schedule
Right-click in the schedules list pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the schedules list/
details view pane:
New | Schedule
Use the New | Schedule command to create a new schedule.
View
objects are displayed:
• Tiles
• Icons
• List
Arrange By
in the schedules list.
Schedules
54 NetControl

Refresh
Defining Schedules
Using the Resources pane, you can create schedules that define the desired time(s) for
operations to occur. These schedules can then be linked to the appropriate jobs. This resource
eliminates the need to define a schedule each time a job is to be executed.
To define a new schedule:
2. Select Schedules from the explorer view.
3. Select the New | Schedule tool bar button or right-click menu command. This will
display the New Schedule dialog where you can name and define the details of the
schedule.
the schedule.
5. On the Details page, use the following controls to define the details of the schedule:
• Type: Select Daily, Weekly or Monthly
• Occurs: Select Once at <time> or Every <nn> hours starting at <time>
• On: Select the day or day of the month
6. After entering a name and the details of the schedule, use the OK button to close the
dialog and create the schedule. The newly created schedule will be displayed in the
Resources object list when Schedules is selected in the explorer view.
New Schedule Dialog

The New Schedule dialog is displayed when the New | Schedule tool bar button or right-click
menu command is used when Schedules (or a subfolder) is selected in the explorer view of
the Resources pane. From this dialog, you will define a schedule which can then be linked to
the jobs that are to run at that time. This dialog consists of two tabbed pages:
• General – use the General page to enter a name and description for the new schedule.
• Details – use the Details page to define the time interval for the schedule.
Schedules
NetControl 55
General Page
From the General page, specify the general information for the schedule. The information
entered on this page will be displayed in the Resources object list when Schedules is
Name
Enter a descriptive name for the new schedule.
Comment
Optionally, enter a description or comment for the new schedule.
Details Page
From the Details page, specify the details for this schedule.
Type
Use the drop-down menu to select one of the following schedules:
• Daily (default)
• Weekly
• Monthly
Schedules
56 NetControl
Occurs
Select one of the following options to define when the schedule is to occur:
• Once at <time>
• Every <nn> hour(s) starting at <time>
On
When the Weekly schedule is selected, select the check boxes for the days of the week to
be included in this schedule.
When the Monthly schedule is selected, select one of the following options:
• The day of the month

• The <1st, 2nd, 3rd, 4th, Last> <day of the week> of the month (for example, the
1st Sunday of the month)
Schedule is disabled
Select this check box to disable the current schedule. When this check box is selected, the
jobs linked to the disabled schedule will not run until this check box is cleared (not
checked).
Schedules
NetControl 57
Chapter 8: Collectors
Using the collectors in the NetControl console, organizations can set up collections to gather
data. NetPro data collectors leverage the agents and schedules defined by the NetControl
platform to collect data, which is returned to the requesting application’s database for
processing.
The Collectors tab is available in the navigation pane when NetControl is installed. However,
there must be a NetPro application deployed that uses the collectors before data collections
can be configured.
This chapter provides the following information:
• Collectors Pane
• Defining a Collector
Please refer to the documentation for each deployed application for more specific information
on the collectors used by each individual application.
Collectors
58 NetControl
Collectors Pane
The Collectors pane is displayed when Collectors is selected in the navigation pane. From this
pane, you can define data collections and see to which components each collector is linked.
The following screen shot is from the LogADmin application.
Explorer View
The explorer view displays a hierarchy of folders created to organize your data collections.
The types of data collections available are based on the licensed NetPro application(s)
deployed.
Object List
The object list displays a list of data collections for the container selected in the explorer
view. The following information is displayed for each collection:
• Name – the name of the data collection

• Comment – the descriptive text entered when the collection was defined
• Schedule – the schedule assigned to the data collection
Details Pane
The details view displays information about when the data collection process was run. The
following information is displayed when a data collection is selected in the object list:
• Run Date – the date when the data collection process was run
• Elapsed Time – the amount of time it took to complete the data collection process
• Status – the current status of the data collection process
Collectors
NetControl 59
Defining a Collector
The following steps are general instructions for defining collectors. Since each deployed
product collects a different set of data, please refer to the documentation for each deployed
application for complete instructions on setting up data collections for that application.
1. Log on to the NetControl console.

2. Select the Collectors button in the navigation pane to open the Collectors pane.
3. Depending on the NetPro product, select the appropriate item in the explorer view. (The
objects displayed depend upon the NetPro product(s) that are deployed.)
4. Select the New | Collector tool bar button or right-click command to display the New
Collector dialog.
the collector.
6. On the Schedule page, select the schedule to be used for the data collection process.
7. On the Agent Groups page, select the agent group that contains the server(s) to be used
to collect the data.
NOTE: Depending on the type of collector being defined, there are additional pages
that must be configured. Please refer to the documentation for each individual
application for more information on the different collectors and the additional
information required.
New Collector Dialog

The New Collector dialog is displayed when the New | Collector menu or tool bar button is
selected in the explorer view of the Collectors pane.
The New Collector dialog, consists of the following pages where NetControl components are
configured for the purpose of collecting data:
• General - use this page to enter a name and description for the data collector
• Schedule – use this page to schedule the data collection process
• Agent Groups – use this page to select the agent group that contains the server(s) that
are to collect the data
There are additional pages that must be configured. However, they are application specific and
depend on the NetPro application deployed.
The example screen captures are from the NetPro’s AccessManager.
Collectors
60 NetControl
General Page
From the General page, specify general information about the data collection.
Name
Enter a descriptive name for the new collection.
Comment
Optionally, enter a description or comment for the new collection.
Schedule Page
Use the Schedule page to link a schedule to the data collection to define when the data is to be
collected. A schedule must be set otherwise data is not collected.
Schedule
Use the browse button to display the Select a Schedule dialog allowing you to select
from a list of previously defined schedules or create a new schedule.
For a description of the Select a Schedule dialog, see ‘Defining Schedules’ on page 49.
Clear
Use the Clear link to clear the contents of the Schedule box.
Collectors
NetControl 61
Edit
If there is a schedule displayed in the box, use the Edit link to open the properties page for
the schedule to change the details for the schedule.
Agent Groups Page

Use the Agent Groups page to select the agent group to be associated with the data collection.
That is, select the agent group that contains the server(s) to be used to collect the data.
NOTE: You must select an agent group. A message is displayed if there is no agent group
selected.
Agent Groups List Box

This list box displays the agent group(s) associated with the new collector. Use the Add
and Remove buttons to add/remove agent groups to/from this list box.
Add
Select an Agent Group dialog allowing you to select the agent group(s) to be used to collect
the data.
For a description of the Select an Agent Group dialog, see ‘Creating Agent Groups’ on
page 33.
Remove
After agent groups have been added and are displayed in the Agent Groups list box, use
the Remove button to remove an agent group from the list box. Select the agent group to
be removed and select the Remove button.
Collectors
NetControl 63
Chapter 9: Active Directory Management

Console
NetControl automatically deploys the Active Directory Management Console (ADMC) and
activates an Active Directory Users and Computers (ADUC) Extension. The ADMC allows you
to modify Active Directory objects similar to using ADUC. In addition, using the ADMC you can
define provisioning rules or assign workflow to objects. Then when you initiate an Active
Directory modification using either ADMC or ADUC, it will trigger the workflow or rules as
previously defined.
For more information about using the Active Directory Management Console, please go to http:/
/www.turbochargedad.com/.
Warning
NetControl 3.x also installs an ADUC extension which allows you to use
the workflow and provisioning rules defined through the ADMC. If you
select Cancel on the NetControl Connection dialog instead of
connecting to the NetControl Console, ADUC will launch in a read-only
mode and you will not be able to modify Active Directory objects.
Please see Appendix C: Active Directory Users and Computers (ADUC)

Extension on page 127 for more details.
When using the ADMC, please keep the following considerations in mind:
NOTE: ADMC uses native permissions, therefore if you do not have the proper rights to
modify Active Directory objects, these functions will also be disabled through the
ADMC.
NOTE: Some ADUC right-click menu commands (such as copy and cut) are not available
through the ADMC. We recommend using ADUC to perform these actions.
NOTE: Not all MMC snap-ins (e.g., NetPro’s RestoreADmin or GPMC) will be available
through the ADMC.

64 NetControl
• Active Directory Management Console Pane

• Creating a Custom View
• Establishing a Connection
• Creating Provisioning Rules
• Configuring Workflow for an ADMC Action
Please refer to Chapter 10: Workflow on page 89 for a full description of the Workflow Editor
and the Workflow pane from which you can view the workflow queue, and if assigned the proper
roles, review and/or approve workflow items.
Active Directory Management Console Pane

The Active Directory Management Console (ADMC) pane is displayed when the Active
Directory button is selected in the NetControl navigation pane. From this pane, you can
perform the same functions as you can using the Active Directory Users and Computers MMC
snap-in. In addition, you can also perform the following tasks through the ADMC:
• create custom views

• establish a connection to Active Directory objects
• create provisioning rules to manage updates to Active Directory content
• define workflow items for modifying, creating and/or deleting Active Directory objects

NetControl 65
Explorer View
The ADMC explorer view contains the following default nodes, which are empty upon initial
deployment:
• Custom Views - This node contains user-defined containers that allow you to
group objects across the forest in order to provide a central management point.
Use the New | Custom View right-click command to create custom views.
• Connections - This node contains connection points to a domain, the
Configuration container or the Schema container. Use the New | Connection right-
click command to populate this node.
Right-clicking the Custom Views node in the explorer view of the ADMC will display the
following commands:
New | Custom View

Use the New | Custom View command to define the contents of the new custom view.
Selecting this command will display the Properties dialog allowing you to add objects
to this custom view and define who can view and/or enumerate this custom view.
Refresh
Use the Refresh command to retrieve and display that latest information.
Right-clicking a user-defined view under the Custom Views node in the explorer view of the
ADMC will display the following commands:
Delete
Use the Delete command to remove the selected view from the ADMC explorer view.
Refresh
Permissions
Use the Permissions command to display the Permissions dialog to view and/or
modify the permissions to be delegated to the selected view.
For more information on implementing application security and the Permissions dialog,
see Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the Properties dialog to modify the objects
and/or visibility settings for the selected user-defined view.
Right-clicking the Connections node in the explorer view of the ADMC will display the
following commands:
New | Connection
Use the New | Connection command to establish a new connection. Selecting this
command will display the Connection dialog allowing you to specify the connection
point.

66 NetControl
Permissions
Use the Permissions command to display the Connection Permissions dialog to view
and/or modify the permissions to be delegated to the connections nodes.
For more information on implementing application security and the Permissions dialog,
see Chapter 3: Application Security on page 15.
Refresh
Right-clicking a container under the Connections node will display the following commands:
New
Expand the New command to add a new object to the selected Active Directory
container.
Rename
Use the Rename command to rename the selected Active Directory container.
Remove
Use the Remove command to remove the selected Active Directory container.
Rules and Workflow

Use the Rules and Workflow command to define provisioning rules or workflow for the
selected Active Directory container.
NOTE: When both workflow and rules are applied to the same object, workflow will be
applied but the rule will not be triggered.
Properties
Use the Properties command to display the native Properties dialog for the selected
container.
Account List
The account list, in the right-hand pane, displays the accounts that belong to the Active
Directory container selected in the explorer view. The following information is displayed:
• Name - the display name of the accounts that belong to the selected container in
the explorer view
• Class - the type of account (e.g., user, group, etc.)
• Description - a brief description of each account listed
Right-clicking an account in the right-hand pane will display the following ADMC command
in addition to the standard commands available through the Active Directory Users and
Computers snap-in:
Rules and Workflow

Use the Rules and Workflow command to define provisioning rules or workflow for the
selected Active Directory account.
NOTE: When both workflow and rules are applied to the same object, workflow will be
applied but the rule will not be triggered.

NetControl 67
Creating a Custom View

Custom Views are user-created containers that allow you to group objects across the forest in
order to provide a central management point. These views are similar to ADUC’s custom
queries, except that you can specify who can access your custom views.
Best Practice Recommendation

Do not use built-in security groups in custom views.
To define a new custom view:
1. Select Active Directory from the navigation pane to open the ADMC pane.
2. Select the Custom Views node from the explorer view.
3. Select the New | Custom View right-click menu command. This will display the
Properties dialog where you can assign a name, define the contents and specify who
can access the new custom view.
the custom view.
5. On the Contents page, use one of the following tabs to define the contents of the custom
view:
• Use the Objects tab to add objects directly to the custom view
• Use the Queries tab to define a query to populate the custom view
6. On the Advanced page, define who can see and/or enumerate the custom view.
7. After assigning a name, defining the contents of the custom view and who can access
the view, select the OK button to close the dialog and create the custom view.
8. Select F5 or use the Refresh tool bar button or right-click menu command to display the
newly created view under the Custom Views node in the explorer view.
9. When a user-defined view is then selected, the accounts added to this view will be
displayed in the Account list in the right-hand pane.
10.Similar to ADUC, you can right-click an account from the right-hand pane to manage
your Active Directory objects. The same commands available through ADUC are also
available in NetControl’s ADMC. In addition, using the ADMC, you can define
provisioning rules or workflow for an Active Directory object.

68 NetControl
Properties Dialog
The Properties dialog is displayed when the New | Custom View right-click menu command is
used when Custom View is selected in the explorer view of the ADMC pane. From this dialog,
you will define a group of objects to provide a central management point. This dialog consists
of three tabbed pages:
• General - use the General page to assign a name and description to the new custom
view.
• Contents - use the Contents page to populate the contents of the custom view.
• Advanced - use the Advanced page to define who can use the custom view.
General Page
Use the General page to provide a name and description for the new custom view.
Name
Enter a descriptive name for the custom view.
Comment
Optionally, enter a description or comment for the new custom view.

NetControl 69
Contents Page
Use the Contents page to populate the contents of the custom view. You can add objects
directly using the Objects tab or by defining a query using the Queries tab.
Objects tab
The list box on the Objects tab displays the objects that were added directly from the native
Select Users, Contacts, Computers, or Groups dialog.
Queries tab
The list box on the Queries tab displays the objects added using the query defined on the
Find Users, Contacts and Users dialog.
Add
Use the Add button to add objects to the custom view. From the Objects tab, selecting this
button will display the native Select Users, Contacts, Computers, or Groups dialog allowing
you to add objects directly to the custom view. From the Queries tab, selecting this button
will display the native Find Users, Contacts and Users dialog to define a query to be used
to populate the custom view.
Edit
Use the Edit button to edit the selected query. The Edit button is only available from the
Queries tab.
Remove
Use the Remove button to remove the selected object from the custom view.
Allow container expansion

This check box is selected by default and will populate the explorer view with any container
objects resolved during the enumeration of the custom view in a hierarchical tree view. If
this option is not selected, the selected container will be expanded one level and objects
will be displayed in the list view only.

70 NetControl
Advanced Page
Use the Advanced page to define who can view/enumerate the custom view.
Only I can use this Custom View

This option is selected by default and indicates that only you have access to the custom
view. That is, only you will be able to view and/or enumerate the custom view.
The Custom View can be used by the following accounts

Select this option to specify the accounts that will be able to view and/or enumerate the
custom view.
Add
When the second option is selected, use the Add button to add the accounts that are
to have access to the custom view. Selecting this button will display the native Select
Users or Groups dialog to select the accounts.
Remove
Use the Remove button to remove the selected account(s) from the list if you no longer
want them to have access to the custom view.

NetControl 71
Establishing a Connection
The Connections node in the ADMC explorer view allows you to establish a connection to a
domain, the Configuration container or the Schema container. Once connected, you can
administer Active Directory objects similar to using the Active Directory Users and Computers
MMC snap-in.
To establish a connection:
1. Select Active Directory from the navigation pane to open the ADMC pane.
2. Select the Connections node from the explorer view, right-click and select the New |
Connection command. Selecting this command will display the Connection dialog
allowing you to define the connection point.
3. On the Connection dialog, select one of the following options and enter the requested
information:
• Select a well-known naming context (domain, Configuration or Schema)
• Enter a distinguished name
4. Optionally, select the option to enter a name and description for this connection. If you
do not select this option, the name and description will be retrieved from the connection
point.
5. After defining the connection point, select OK to create the connection which will
populate the explorer view with a hierarchical tree view of the selected naming context.
6. When a container is then selected in the explorer view, the accounts in the selected
container will be displayed in the Account list in the right-hand pane.
7. Similar to ADUC, you can right-click a container in the explorer view or an account from
the Account list to manage your Active Directory objects. The same commands
available through ADUC are also available in NetControl’s ADMC. In addition, using the
ADMC, you can define provisioning rules or workflow around an Active Directory object.

72 NetControl
Connection Dialog
The Connection dialog is displayed when the New | Connection right-click menu command is
used when the Connections node is selected in the explorer view of the ADMC pane. From
this dialog, you will define the connection point to be used (e.g., a domain, Configuration
container or Schema container).
Select a well-know naming context

Select this option to select a well-known naming context and use the drop-down arrow to
select the naming context to be used for this connection:
• Domain (default)
• Configuration
• Schema
Enter a distinguished name

Select this option to enter a distinguished name for the connection point to be used.
Path
This is a read-only field that displays the path of the distinguished name entered above.
Specify a name and description for this connection

Select this option to enter a name and description for the connection, which will be
displayed in the tree view. If you do not select this option, the name and description will be
retrieved from the connection point (e.g., the domain, Configuration container, etc.)
Name
Enter a descriptive name for this connection.
Description
Enter a description for this connection.

NetControl 73
Creating Provisioning Rules

When creating rules through the ADMC, please keep this following notes in mind:
NOTE: Modifying multiple properties of an object in a single operation may trigger multiple
rules. Microsoft submits changes on a property page basis; therefore, each page
being modified will create a new rule.
NOTE: When both workflow and rules are applied to the same object, workflow will be applied
but the rule will not be triggered.
To create provisioning rules:

2. Select Active Directory in the navigation pane to display the ADMC.
3. Expand the Custom Views or Connections container to view the objects to which you
have access. To set rules at the container level, right-click a container in the explorer
view and select the Rules and Workflow command. To set rules at an object level,
right-click an object in the right-hand pane and select the Rules and Workflow
command to define a rule for the selected object.
4. Selecting the Rules and Workflow command will display the Configuration dialog.
5. Open the Rules page and select the Add button to launch the Rules Wizard.
6. On the first page of the Rules Wizard, define the operation that will invoke the rule to be
triggered:
• for all operations on any object
• when an object is created
• when an object is deleted
• when the properties of an object are changed
When you select an option from the top pane, a corresponding ‘when’ entry is added to
the bottom pane. By default, any object classes will be selected; however, if you want
to specify a specific object class, select the any object classes hyperlink to select
(check) the object class(es) to which this rule is to be applied. Similarly, any property
is selected by default which can be changed by selecting the any property hyperlink.
NOTE: Only one operation can be specified per rule.
7. After defining the operation from this page, select the Next button to continue.
8. On the second page, optionally define what conditions must be satisfied in order for the
rule to perform any configured actions.
When you select (double-click) a condition from the top pane, a corresponding ‘where’
entry is added to the bottom pane. Click on the entry to display the Properties and
Values dialog. On this dialog, select the property hyperlink to select a single property.
Then select the value hyperlink to enter the value(s) to be used in the filter.
9. After entering the conditions for the rule, select the Next button to continue.
10.On the third page, select one or more actions that are to be performed if the rule is
‘satisfied’ based on the operation and conditions previously defined in the wizard.

74 NetControl
When you select an option from the top pane, a corresponding entry is added to the
bottom pane. Select the hyperlink in the entry to add the details required.
As you add actions to the rule, you will see the details of these actions displayed at the
bottom of the Rules Wizard page.
NOTE: The actions will be performed in the order they are listed in the bottom pane.
There is currently no method for modifying the order, so be sure to select the
actions in the desired order.
Select the Next button to continue.
11.On the final page of the Rules Wizard, enter a name for the rule and enable or disable
the rule.
12.Once the rule is created, it will be enforced for every operation to which it applies when
that operation is performed through the NetControl ADMC pane.
Rules Wizard
The Rules Wizard is launched when the Add button on the Rules page of the Configuration
dialog is selected. From this wizard you can define provisioning rules for the selected container
or object. The Rules Wizard contains the following pages:
• Page 1: Defining the Action

• Page 2: Setting Conditions for the Rule (Optional)
• Page 3: Setting Actions for the Rule
• Page 4: Verifying the Rule Settings
Rules Wizard - Page 1: Defining the Action

Rules can be triggered on object modifications in the following ways:
• specific condition on a specific object (e.g., when description changes on users)

• specific operation on any object (e.g., when description changes on any object)
• any operation on a specific object (e.g., when any property changes on a group)
• any operation on any object (e.g., when any property changes on any object)
• for all operations on any object
• for any operation on a specific object (e.g., when any operation occurs on user)
Additionally, rules can be triggered on creation and deletion operations:
• when a specific object is created/deleted

• when any object is created/deleted

NetControl 75
To define the operation that will invoke the rule to be triggered:
1. Select one of the following options from the top pane:

• For all operations on any object
• When an object is created
• When an object is deleted
• When the properties of an object are changed
2. When you select an option from the top pane, a corresponding ‘when’ entry is added to
the bottom pane. Only one operation can be specified. Therefore, selecting a new
operation in the top pane will replace any entry displayed in the bottom pane.
3. If you want the rule to apply to a specific object class instead of all object classes, select
the any object classes hyperlink in the entry to display the Object Type dialog which
allows you to select (check) the object class(es) to be used in the rule.
NOTE: ‘Any object class’ is selected (checked) by default. If you do not want this rule
to apply to ‘any object’, you must deselect (uncheck) the ‘any object class’
check box in the Object Type dialog.
4. If you want the rule to apply to a specific property instead of all properties, select the
any property hyperlink in the entry to display the Properties dialog to select (check) the
properties to be used in the rule.
5. After defining the operation from this page, select the Next button to continue.

76 NetControl
Rules Wizard - Page 2: Setting Conditions for the Rule (Optional)

This page of the Rules Wizard allows you to define what conditions must be satisfied in order
for the rule to perform any configured actions (e.g., only happens if value is null or matches a
specific string). Not selecting a condition means that the rule will trigger whenever the operation
defined on page 1 of the Rules Wizard occurs.
To set conditions for the rule:
1. From the top pane on this page, double-click to select from the following conditions:
• Where property equals value
• Where property does not equal value
• Where property matches value (This is used for Regular Expression Matching -
See ‘Regular Expression Matching’ on page 82 for sample string and screen shot.)
• Where property does not match value (This is used for Regular Expression
Matching - See ‘Regular Expression Matching’ on page 82 for sample string and
screen shot.)
• Where property is empty
2. When you double-click a condition from the top pane, a corresponding ‘where’ entry is
added to the bottom pane. You can specify multiple conditions and as you select
(double-click) a condition in the top pane, a new entry will be added to the bottom pane
with an AND operator, indicating that all of the conditions listed must be met before the
rule will be triggered. To remove an entry from the bottom pane, right-click and select
the Remove command.

NetControl 77
3. Select the entry to display the Properties and Values dialog. On this dialog, select the
properties hyperlink to display the Properties dialog allowing you to select a single
property. Then select the value hyperlink to display the Value Editor and enter the
value(s) to be used in the filter. See ‘Value Editor’ on page 81 for more information on
using the Value Editor.
4. After adding the conditions for the rule, select the Next button to continue.
Rule Wizard - Page 3: Setting Actions for the Rule

This page of the wizard allows you to define what actions should be performed if the rule is
‘satisfied’ based on the operation and conditions previously defined in the wizard. These
actions can be defined in several ways:
• When the rule is processed. By default, rules are processed after the action is
committed. There is an option that can be selected that will trigger the rule prior to
committing the action, rather than after.
NOTE: For a ‘delete’ operation, both the ‘This rule is applied before the operation is
committed’ and the ‘Stop the operation from being committed’ options MUST be
selected (checked).
• Performing specific actions. Setting attributes to values; sending an email; moving an
object; or running a script are all designed to help invoke changes.
• Preventing the action that triggered the rule from being committed. This has to be used
with the option ‘this rule is applied before the operation is committed’.
NOTE: For a ‘delete’ operation, both the ‘This rule is applied before the operation is
committed’ and the ‘Stop the operation from being committed’ options MUST be
selected (checked).
• Stop processing rules. If multiple rules are linked this would be used to prevent other
rules from firing. Thus, if the rule is going to move a user to another location, one may
want to prevent the other rules from firing in the chain.

78 NetControl
To set actions for the rule:
1. From the top pane, select (check) one ore more of the following options:
• This rule is applied before the operation is committed
• Set property to value
• Send an email to recipients
• Move the object to location
• Run a script
• Stop the operation from being committed
• Stop processing rules
2. When you select an option from the top pane, a corresponding entry is added to the
bottom pane. Selecting (checking) multiple actions will add these actions to the bottom
pane with an AND operator, indicating that all of the listed actions are to be performed.
To remove an action from the list, deselect (uncheck) the action from the top pane.
NOTE: The actions will be performed in the order they are listed in the bottom pane.
There is no way to reorder the actions listed at this time; therefore, you will need
to select the appropriate options from the top pane in the desired order.
3. Select the hyperlink in the entry to display an additional dialog allowing you to add the
details required. The following table explains what dialogs are displayed for each of the
options that creates an entry with a hyperlink.

NetControl 79
If you select:
Set property to value Select this entry to display the Properties and Values dialog where you
can add one or more properties and set the property value. See
‘Properties and Values Dialog’ on page 80.
Send an email to recipients Select the recipients hyperlink to display a dialog where you can enter
one or more email addresses.
Move the object to location Select the location hyperlink to display the Location dialog allowing
you to locate and select the location to which the object is to be moved.
Run a script Select the script hyperlink to launch the Script Editor dialog where you
can enter a VBScript to be executed. Please refer to ‘Using the
Script Editor’ on page 83 for more details on using the scripting
function.
4. As you add actions to the rule, you will see the details of these actions displayed at the
bottom of the Rules Wizard page. Select the Next button to continue.
Rules Wizard - Page 4: Verifying the Rule Settings

From the final page of the Rules Wizard you will provide a name for your new rule and enable/
disable the rule.

80 NetControl
To complete the rule:
1. In the Name field, enter a descriptive name for the rule.

2. By default, the rule is enabled. However, if you would like to disable the rule, uncheck
the Enable this rule check box.
3. At the bottom of the page, verify the rule’s settings. Use the Back button to return to a
previous wizard page to modify your settings or select the Finish button to close the
wizard and create the rule.
4. Once the rule is created, it will be enforced for every operation to which it applies when
that operation is performed through the NetControl ADMC pane.
Properties and Values Dialog

The Properties and Values dialog is displayed whenever you select a property/value entry in
the bottom pane of page two (Select the Conditions for this rule) or page three (Select the
actions for this rule) of the Rule Wizard. From this dialog you will specify properties and their
corresponding property values.
To define a property and its corresponding value:
1. Select the property hyperlink to display the Properties dialog where you can select a
single property.
2. After selecting a property from the Properties dialog, select OK to close the dialog and
return to the Properties and Values dialog.
3. Back on the Properties and Values dialog, select the value hyperlink to launch the Value
Editor.
4. Enter an explicit or literal value for the selected property:
• Explicit values are enclosed in square brackets [ ].
• Literal values are not enclosed in brackets
See Value Editor on page 81 for more information on using the Value Editor.
5. After entering a value, select OK to close the dialog and return to the Properties and
Values dialog.
6. Back on the Properties and Values dialog, you will see the details for your property/
value entry.

NetControl 81
7. Use the Add button to add additional property/value entries and repeat steps 1 through
5 for each of these entries.
8. Once you have defined all the properties and their values, select the OK button to close
the dialog and return to the Rules Wizard.
Value Editor
The Value Editor is launched whenever a value hyperlink is selected from the Properties and
Values dialog. Using this dialog you can enter an explicit or literal value for the selected
property.
Value
Enter either an explicit or literal value for the selected property. Explicit values are enclosed
in square brackets [ ]; whereas, values outside of the brackets are taken as literal values.
Thus [object.first], [object.given] would result in a display match like: Smith, John.
Special Variables
Object means the object that was being handled to invoke the rule. It can also be viewed as
‘me’. The ‘Parent’ object can also be used and chained to move up a tree. Parent is the
container where the object that invoked the rule resides. For example, if a user’s OU path is as
follows: OU=New York,OU=United States,OU=North America,DC=NetPro,DC=COM
then:
[Parent.Name] = New York
[Parent.Parent.Name] = United States
[Parent.Parent.Parent.Name] = North America
Using the Parent object is a great way to populate the location and address information once
on the OU, then have all objects in that container be set to the same values as the parent. See
screen shot below.

82 NetControl
To map the address of a organizational unit to a user, the following would be set in the client UI:
Organizational Unit Attributes Attribute Description User Attributes
[Parent.Street] Street Address streetAddress
[Parent.I] City I
[Parent.postalCode] Zip Code postalCode
[Parent.C] Country Abbreviation (USA) C
[Parent.co] Country (United States) co
[Parent.CountryCode] Country Code (840) CountryCode
NOTE: Line 1 where the Street attribute on an OU maps to streetAddress on a user.
Regular Expression Matching

The following two conditions, on the second page of the Rules Wizard, use Regular Expression
Matching:
• Where property matches value

• Where property does not match value
For example, the regular expression below is used to specify the pattern that is expected for
the phone number attribute:
\(\d{3}\)\d{3}-\d{4}
This string indicates that the condition is looking for a phone number in the following format:
(xxx) xxx-xxxx. The screen shot below uses this regular expression in a rule which also
indicates that if a phone number is found that does not match the specified format, the rule is
to run a script to fix it.

NetControl 83
NOTE: For more information on Regular Expression Matching, please refer to Microsoft’s web
site - http://msdn.microsoft.com/en-us/library/ms974570.
Using the Script Editor

You can use the script editor to enter a VBScript which can be executed as part of the rule. The
script editor is launched when you select the script hyperlink in the bottom pane of the third
page of the Rules Wizard.
NOTE: When using Windows Server 2008, the vbscript.dll and the msscript.ocx must be
registered to use the scripting feature of ADMC/ADUC Extension. See Appendix C:
Active Directory Users and Computers (ADUC) Extension on page 127 for more
details.

84 NetControl
To use the Script Editor:
1. Select the run a script option from the third page in the Rules Wizard.
2. Select the script hyperlink in the bottom pane to launch the script editor.
3. Replace all of the information in the script editor windows with the contents of the script
you want to execute.
NOTE: We do NOT recommend that you cut and paste scripts from a Word document
into the NetControl Script Editor. This is because special characters (e.g.,
quotation marks) do no convert cleanly during the cut and paste operation.
4. After entering your script, select OK to close the script editor and return to the Rules
Wizard.
Rule Function Structure

As displayed in the script editor window, the rule processing engine function structure is as
follows:
Function RuleFunction(sVerb, bPreCommit, sBindString, sObjectData, sCallerSID)
End Function
Where:
sVerb
This is the type of action being performed (i.e., modify, create or delete).
bPreCommit
A boolean value (True/False) indicating whether the rule is executing pre- or post-
commit. By default, rules will be processed after the operations that invoked the rule,
unless this rule is applied before the operation is committed option is selected.
Thus the default value is false (meaning post-commit).

NetControl 85
sBingString
This is the LDAP bind string to the server that is performing the operation. A sample
bind string would be:
LDAP://dcimprov.COMEDY.LOCAL/CN=Rod Simmons,OU=Phoenix,OU=NA,DC=NetPro,DC=LOCAL
NOTE: Server Name is only passed when an object is created or modified. Deletions do
not pass a server in the bind string.
sObjectData
This is the DataXML string about the object being modified.
sCallerSID
This represents the SID of the account that was managing the object.
Configuring Workflow for an ADMC Action

Workflow is a NetControl feature and is available for actions performed via the ADMC. The
NetControl workflow process allows administrators to set up certain actions that must adhere
to a review/approve cycle before the action will be rolled out to the production environment.
This section describes how to set up a workflow for an ADMC operation. For more information
about the workflow approval process and roles, using the Workflow Editor, and the Workflow
Pane from which you can view and manage the workflow queue, please refer to Chapter 10:
Workflow on page 89.
ADMC Actions Available in Workflow Editor

The following ADMC actions are available as actions in the Workflow Editor:
Action To access Workflow Editor...
Modify property on object Right-click a container under the Connections node in the explorer
view of the ADMC and select the Rules and Workflow command. On
the Configuration dialog, open the Workflow page and select the Add
button to launch the Workflow Editor.
Create object Right-click a container under the Connections node in the explorer
view of the ADMC and select the Rules and Workflow command. On
the Configuration dialog, open the Workflow page and select the Add
Delete object Right-click a container under the Connections node in the explorer
view of the ADMC or an object in the Account list (right-hand pane)
and select the Rules and Workflow command. On the Configuration
dialog, open the Workflow page and select the Add button to launch
the Workflow Editor.
Modify property Right-click an object in the Accounts list (right-hand pane) of the
ADMC and select the Rules and Workflow command. On the
Configuration dialog, open the Workflow page and select the Add

86 NetControl
To apply workflow to an ADMC action:
1. Log on to the NetControl console and select the Active Directory button in the
navigation pane.
2. From the ADMC, right-click an container under the Connections node in the explorer
view or an object from the right-hand pane and select the Rules and Workflow
command to display the Configuration dialog.
3. Select the Workflow button to open the Workflow page.
4. On the Workflow page, select the Add button to open the Workflow Editor.
5. On the General page, enter a name and description for the workflow item.
6. In the Actions section of the General page, select the check boxes for the operation that
must adhere to the workflow. The operations listed depend upon whether a container in
the explorer view or an object in the Accounts list is selected.
7. On the Request page, set the following options:
• select user or group accounts that can create a request
• optionally select the accounts that are to be excluded from the workflow process
• by default the request never expires - optionally, select lifetime properties for the
request if it is not completed in a specified time frame
• select commenting options
8. On the Review page, set the following options:
• select the user and/or group accounts that can review the request
• select parameters around the number of required reviewers and the minimum
number of reviewers that must approve the request
• select the action to be taken when a request is denied. You can send an email
notification or close the request.
• select email settings specifying who to notify about the status of the request
review
9. On the Approve page, select the following options:
• select the users and/or group accounts that can approve the request
• select parameters around the number of required approvers and the minimum
number of approvers that must approve the request
• select the action to be taken when a request is denied. You can send an email
notification or close the request.
• select email settings specifying who to notify about the status of the request
approval
10.On the Commit page, select the following options:
• specify if you want to commit the request immediately or on a schedule
• select if you want to send an email notification when the request is committed
11.Select OK to close the Workflow Editor and save the workflow item.

NetControl 87
Modifying Active Directory When Workflow is Applied

Once workflow is defined, you can use either ADMC or ADUC to submit requests for modifying
Active Directory objects.
NOTE: Modifying multiple properties of an object in a single operation may trigger multiple
workflow items. Microsoft submits changes on a property page basis; therefore, each
page being modified will create a new workflow item.
NOTE: User accounts created using workflow will not maintain the settings selected when
creating the object (e.g., enable/disable setting, password settings, Exchange
settings). Once the account is created, you will need to go back to set the password
and status (enable user).
NOTE: When you create an object through workflow, a message is displayed stating
‘Windows cannot create the object <ObjectName> because: The specified directory
object is not bound to a remote resource.” Select OK to submit the request.
NOTE: When both workflow and rules are applied to the same object, workflow will be applied
but the rule will not be triggered.
1. Using either the ADMC or ADUC, go through the typical procedure for creating, deleting
and/or modifying an Active Directory object.
2. When prompted, enter a comment to accompany the modification being requested.
NOTE: Even if the ‘Comments are not required’ option was selected on the Request
page of the Workflow Editor, the Comment dialog will be displayed. Select the
Cancel button on the dialog to proceed without adding a comment.
3. The following message is then displayed explaining that the request has been
submitted. Select OK to close this dialog.
NOTE: When using the ADMC, actions that modify Active Directory objects that are
performed using the right-click menu command (e.g., account disable,
password reset) will display a Microsoft dialog indicating that the change has
been made (e.g. account has been enabled/disabled) in addition to the
workflow comment and request submitted message dialogs. The Microsoft
dialog is misleading because the action has not been committed as indicated,
but has been submitted to the workflow queue requiring it to be reviewed/
approved before it will be committed.
4. To verify that your request has been submitted, select the Workflow button in the
NetControl navigation pane to open the Workflow pane. Your request should be listed
under the To be reviewed or To be approved heading depending on the ‘Automatically
review/approve the request’ settings set in the Workflow Editor when the workflow was
created.

88 NetControl
5. From here you can right-click and select the Details menu command to review the
request details.
For more details on managing and tracking your workflow requests, please refer to ‘Managing
Workflow Requests’ on page 104.

NetControl 89
Chapter 10: Workflow
The NetControl workflow process allows administrators to set up certain actions that must
adhere to a review/approval cycle before the action will be rolled out to the production
environment. When you configure workflow in NetControl, you are selecting the actions that will
go through a review/approval process. The actions that can use workflow are dependent on the
NetPro application that you are using.
An action that you set up for the approval process goes through the following stages:
• A request is submitted by a user and the workflow is initiated.

• A reviewer (or group of reviewers) views the request and can either approve or reject the
request. If approved the request proceeds to the approval stage.
• An approver (or group of approvers) decides that the action can proceed to the next
stage. Again the request can either be approved or rejected.
• After the action is approved it is committed and proceeds to fulfilment.
Email notifications can be configured for different stages in the workflow process. You can send
emails to requesters/reviewers/approvers when a request is approved/rejected or committed.
Workflow
90 NetControl
When setting up a workflow in the Workflow Editor, there are three roles that can be set up:
• Requester – A user that is a requester can submit actions for the approval process,
review details about their request, and cancel their request if no longer required.
• Reviewer – A reviewer can view the request, approve or deny the request, and review
the details about the request. The reviewer role is optional.
• Approver – An approver can view the request, approve or deny the request, and review
the details about the request. The approver role is optional.
The Workflow pane is available in the navigation pane when NetControl is installed. However,
workflow must be configured for an object before any request information will be displayed. Any
user that logs on to NetControl can view all items in the workflow queue. However, a user must
be explicitly added as a requester, reviewer or approver to change the states of workflow items.
• Workflow Editor
• Workflow Pane
• Managing Workflow Requests
• Reviewing and/or Approving Workflow Requests
• Using Microsoft Outlook to View Workflow Items
Please refer to the documentation for each deployed NetPro application to determine if it can
use the workflow feature and for more information on the actions that can be assigned to a
workflow process.
Workflow Editor
Using the Workflow Editor you will define who can request, review and approve the actions as
well as select the options to be applied as the action progresses through the different stages of
the workflow process. The Workflow Editor is launched when the Add button on the Workflow
page of an object’s Permissions dialog or Configuration dialog is selected.
The Workflow page, as mentioned above, is available either through the Permissions dialog or
the Configuration dialog. Use one of the following methods to display the Workflow page, from
which you can launch the Workflow Editor:
• Depending on the deployed NetPro application, right-click the node then select
Permissions to open the Permissions dialog (for the selected node). On the
Permissions dialog, select the Workflow button - from here you can add, edit and
remove workflow items.
• From the ADMC, right-click a container under the Connections container in the explorer
view (left-hand pane) or right-click an object in the account list (right-hand pane) and
select the Rules and Workflow command to open the Configuration dialog. On the
Configuration dialog, select the Workflow button - from here you can add, edit and
remove workflow items.
Workflow
NetControl 91
The Workflow Editor consists of the following pages:
• General – Provide a name, comment and action for the workflow item.
• Request – Set the accounts that can request workflow items. You can also select
accounts that are exempt from following the workflow.
• Review – Select the accounts that will be required to review the request.
• Approve – Select the accounts that will be required to approve the request before the
workflow item will be committed.
• Commit – Select when the workflow item will be rolled out in the environment.
General Page
On the General page, provide a name and brief description for the workflow. Also, select the
action(s) to which workflow is to be applied. The list of available actions is populated based on
the node or object selected in the ADMC or other NetPro application pane.
The screen shots illustrated here are of the Workflow Editor when it is launched by selecting a
container in the ADMC explorer view.
Name
Provide a descriptive name for the workflow.
Comment
Enter a brief description that will help you identify the workflow.
Workflow
92 NetControl
Actions
Select (check) the check boxes for the actions that are to be enforced by the workflow. You
can select as many actions for the workflow as you want. This list changes depending on
the object or node selected in the ADMC or other NetPro product pane.
If you want to specify a specific object and/or property, click the any object class and/or
any property hyperlinks to specify the object class(es) and/or property to which the
workflow is to be applied. When you select the any object class hyperlink, the Object
Types dialog is displayed allowing you to select (check) one or more object types for the
workflow. When you select the any property hyperlink, the Properties dialog will be
displayed allowing you to select (check) one or more properties for workflow.
Request Page
On the Request page, select the user or group accounts that must adhere to the defined
workflow process when the selected action is being performed. That is, when a specified
account attempts an action selected on the General page, that action is assigned to the
workflow queue and must be reviewed/approved before it can be committed. For example, if
Create User Object is selected for workflow, when the user tries to create a new user object
through the ADMC, a message is displayed indicating that the action must be approved before
the user object can be created.
The Request page of the Workflow Editor contains two tabs to define the accounts that must
follow the selected workflow:
• Use the Accounts tab to define the accounts that must adhere to the defined workflow
process when they attempt to perform the selected action.
• Use the Exemptions tab to define the accounts to be excluded from the workflow request
process. That is, when a user account or group is exempted, they can perform the action
that is defined in the workflow without going through the review/approval process.
Workflow
NetControl 93
Accounts tab
The list box on the Accounts tab contains the users and/or groups that must adhere to the
defined workflow process.
Exemptions tab
The list box on the Exemptions tab contains the users and/or groups which are excluded
from the workflow request process.
Add
Click the Add button to open the native Select Items dialog. Choose the accounts that you
want to adhere to the workflow process (or from the Exemptions page, the accounts to be
excluded from the process).
Remove
Once user or group accounts are added to either the accounts list or exemptions list, click
the Remove button to remove it from the displayed list.
Lifetime
The Lifetime section of a workflow entry defines how long a request is to remain in the
queue before an escalation action occurs.
Requests never expire

This option is selected by default and indicates that the request will never expire.
Workflow
94 NetControl
If the request is not completed in <nn> <time frame>

Select this option if you want the request to expire after a set period of time. Enter the
length of time and the time frame (hours, days or weeks). The following options are
activated when you select this option:
• Close the request - Select this check box if you want the request closed after the
specified period of time passes without an action on the request.
• Send an email to - Select this check box if you want to set up an email recipient
to notify a user that the request has expired without any action or that the request
is not completed and needs attention. Enter the email address of the user(s) to
receive the notification.
NOTE: Before selecting an email option, ensure that there are valid Mail attributes
configured in Active Directory for the accounts selected. If there is a valid Mail
attribute value from Active Directory for the accounts selected then an email can
be sent to those accounts.
• Repeat every - Optionally, select this option if you want to send additional email
reminders that a workflow request needs attention. Enter the length of time and
the time frame (hours, days or weeks).
Options
You may want a requester to provide a comment on why they want to do the selected
workflow action.
Comments
Select a commenting option from the drop-down menu. The commenting options are:
• Comments are not required (default)

• Requester must supply a comment
Workflow
NetControl 95
Review Page
On the Review page, select the options for request reviews such as the user/group accounts
that can review requests, how many reviewers are required and the action to be taken when a
review is approved or denied.
Automatically review the request

Select this check box to skip the review step and automatically place the workflow item in
a ‘to be approved’ state.
Reviewer list box

This list box contains the user and/or group accounts that can review the selected workflow
item.
Add
Select the Add button to open the native Select Users or Groups dialog. From this dialog,
choose the user accounts or groups that will be responsible for reviewing the workflow
requests.
Remove
If there are user names or groups in the list box that you no longer want as request
reviewers, select the name then select the Remove button.
Requests are handled by a single reviewer

This option is selected by default and indicates that only one reviewer is required to the
process workflow request.
Workflow
96 NetControl
Requests must be handled by <nn> reviewers

Select this option if you want more than one reviewer to review the request. Enter the
number of required reviewers. The default value is two reviewers. The following options are
activated when you select this option:
All reviewers must review the request

Select this option if all reviewers must approve the request before the request proceeds
to the next stage of the workflow.
At least <nn> reviewer(s) must approve the request

Select this option if only a certain number of reviewers need to approve the request
before the request proceeds to the next stage of the workflow. For example, there may
be five reviewers but only three of these reviewers must approve the request.
Options
Comments
Providing comments is a good way to track the requests going through workflow and
why they were approved or rejected.
Select a commenting option from the drop-down menu. The commenting options are:

• Comments are required on confirmation
• Comments are required on rejection
• Comments are required on confirmation and rejection
Upon rejection
Select one of the following options from the drop-down menu to specify what happens
to the request when it is denied by the required reviewers:
• Close the request (default)

• Reassign the request back to the requester
Email Settings
Select one of the following options from the drop-down menu to specify if and when an
email is to be sent:
• Do not send email (default)

• Send email when someone approves the request
• Send email when someone rejects the request
• Send email when someone approves or rejects the request
configured in Active Directory for the accounts selected for requesters,
reviewers and approvers. If there is a valid Mail attribute value from Active
Directory for the accounts selected on those pages then an email can be sent
to those accounts.
Workflow
NetControl 97
Send to
The browse button is activated when you select one of the send email options. Click
the browse button to open the Email Accounts dialog to select the workflow role(s) that
are to be notified via email about the review status of a request. See ‘Email Accounts
Dialog’ on page 100.
Approve Page
On the Approve page, select the options for request approval such as the user/group accounts
that can approve requests, how many approvers are required and the action to be taken when
a reviewed request is approved or denied.
Automatically approve the request

Select this check box when you want to approve the workflow request automatically. When
selected, the workflow item proceeds to the commit stage after the request is reviewed.
Approver List Box

This list box displays the user and group accounts selected as approvers for the selected
workflow item.
Add
Select the Add button to open the native Select Users or Groups dialog and select the
users or groups that can approve a request.
Remove
If there are user names or groups in the list box that you no longer want as request
approvers, select the name then click the Remove button.
Workflow
98 NetControl
Requests are handled by a single approver

This option is selected by default and indicates that only one user has to approve a
workflow request for it to proceed through the process.
Requests must be handled by <nn> approvers

Select this option if you want more than one account to approve the request. Enter the
number of users that must approve the request. The default value is two approvers. The
following options are activated when you select this option:
All approvers must approve the request

Select this option if you want all users to approve the request before the request
proceeds to the next stage of the workflow. This option is selected by default.
At least <nn> approver must approve the request

Select this option if you want to set a certain number of users to approve the request
before the request proceeds to the next stage of the workflow. For example, there may
be five users and at least three must approve the request.
Options
Comments
Select a commenting option from the drop-down menu. The following commenting
options are available:

• Comments are required on approved requests
• Comments are required on denied requests
• Comments are required on approved and denied requests
Upon rejection
Select one of the following options to specify what happens to the request if it is denied:
• Close the request (default)

• Reassign the request back to the reviewer
Email Settings
Select one of the following options from the drop-down menu to specify if and when an
email is to be sent:

• Send email when someone approves the request
• Send email when someone rejects the request
• Send email when someone approves or rejects the request
to those accounts.
Workflow
NetControl 99
Send to
The browse button is activated when you select one of the send email options. Click
the browse button to open the Email Accounts dialog to select the workflow role(s) that
are to be notified about the approval status of a request. See ‘Email Accounts Dialog’
on page 100.
Commit Page
On the Commit page, select when you want the request to be rolled out in the environment after
the request is reviewed and approved.
Commit changes immediately

This option is selected by default indicating that change is to be committed as soon as the
request is reviewed and approved. The request will be rolled out with no further action
required.
Committed changes in NetControl will run every 15 minutes on the hour. You may have to
wait a few minutes before a change is committed.
Commit changes on the following schedule

Select this option if you want to schedule when to commit the approved change. Click the
browse button to display the Select a Schedule dialog to select the schedule. Schedules
are created through the Resources pane in NetControl. For more information, see Chapter
7: Schedules on page 51.
Workflow
100 NetControl
Options
Email Settings
Select one of the following options from the drop-down menu to specify whether to
send an email when the request is committed:

• Send email when the request is committed
to those accounts.
Send to
The browse button is activated when you select the send email option. Click the browse
button to open the Email Accounts dialog to select the workflow role(s) that are to be
notified via email when a request is committed. See ‘Email Accounts Dialog’ on
page 100.
Email Accounts Dialog

The Email Accounts dialog is displayed when an email option is selected on the following pages
of the Workflow Editor: Review, Approve and Commit. Use this dialog to select the workflow
roles (requester, reviewers or approvers) to which an email is to be sent regarding the status of
the selected workflow item.
NOTE: For requesters, only the individual account that initiated the request will receive the
email even if a group is specified on the Request page of the Workflow Editor.
NOTE: When a group is specified, the group email will be used not individual emails for each
member of the specified group.
Requester/Reviewers/Approvers
Select the check boxes for the workflow roles that will receive an email notification. The
check boxes are associated with the accounts selected on the Request, Review and
Approve pages of the Workflow Editor.
Other
Enter the email account for any additional accounts that you want to send the email
notification to. Entering an account here is optional.
Workflow
NetControl 101
Workflow Pane
As a workflow proceeds through the stages, the Workflow pane displays the different states for
the item, including: To be reviewed, To be approved, To be committed, Completed, Cancelled,
and Request has been denied. A workflow item remains in the queue (unless a lifetime property
is set) until the review and approve stages are approved/denied by the designated users.
The Workflow pane is displayed when Workflow is selected in the navigation pane. From this
pane you can review the status of your requests, cancel a request, review and approve/deny
requests, and view details for a request.
Any user that logs on to NetControl can view all items in the workflow queue. However, a user
must be explicitly added in the Workflow Editor as a requester, reviewer or approver to change
the states of workflow items.
Workflow
102 NetControl
Explorer view
The explorer view displays the Workflow node.
Workflow Items view

The right-hand pane displays the workflow items in the workflow queue, including the
following information:
Summary
This column displays a brief description of each workflow item. To change the state of
a workflow task, right-click the summary and select the appropriate command:
• Approve
• Deny
• Cancel
• Details
NOTE: One or more of these commands will be available depending on your workflow
role(s) assigned and the current state of the workflow task.
State
This column displays the current state of each workflow item in the list. The states
include:
• Cancelled - when the requester cancels a request

• Completed - when a request is committed
• Closed - when the request is not completed in the specified time frame and the
Close the request option was selected on the Request or Approve page when
the rule was defined
• To be reviewed - when the request is waiting to be reviewed
• To be approved - when the request is waiting to be approved
• To be committed - when the request has been approved, but is waiting to be
committed
• Request has been denied - when the request was denied during either the
review or approve stage and the option to reassign the request back to the
requester/reviewer was selected when the rule was defined
Submitted By
This column displays the name of the account that submitted the request.
Submitted On
This column displays the date and time each request was submitted.
Workflow
NetControl 103
Sorting and Filtering Content

The workflow tasks listed on the Workflow pane cannot be removed; however, you can use the
following commands to sort the content and or filter the content to define the workflow items to
be displayed.
Right-click the pane (not a workflow entry in the list) to display the following commands which
allow you to change the contents displayed:
View
Expand the View command and select one of the following options to change how the items
in the workflow pane are displayed:
• Tiles
• Icons
• List
Filter
Expand the Filter command and select one of the following options to define exactly what
to display in the workflow pane:
• My requests
• My work items
• All Items (default)
Sort By
Expand the Sort By command and select one of the following options to resort the content
displayed:
• Summary (default)
• State
• Submitted by
• Submitted on
Arrange By
Expand the Arrange By command and select one of the following options to group the
workflow items differently:
• Summary
• State (default)
• Submitted by
• Submitted on
• none
Refresh
Use the Refresh button to redisplay the latest status of the items in Workflow pane.
NOTE: Whenever the state of a workflow item is changed, you must select the Refresh
button to display the new status.
Workflow
104 NetControl
Managing Workflow Requests

Certain actions in your NetPro application may be required to go through an approval process.
Therefore, your administrator may have assigned you as a requester.
For example, administrators might want actions made through the ADMC (e.g., when a user
creates a new object) to adhere to a specific workflow process. A user can go through all the
steps to create an object and when finished a dialog is displayed indicating that the action must
go through the workflow process.
To review the status of your requests in the workflow queue:

2. Click the Workflow button in the navigation pane to display the Workflow node in the
explorer view.
All submitted requests are displayed in the right pane including your requests. To view
only your requests, right-click somewhere on the right-hand pane (not a workflow item
in the list) and select the Filter | My Requests command.
3. Right-click a submitted request, then select Details to open the Request Details dialog
that provides information about the request such as the date submitted and the date
approved.
NOTE: As a requester you cannot review or approve your own requests, therefore, only
the Cancel and Details right-click commands will be available.
4. After you finish reviewing the information, click Close to close the Request Details
dialog.
5. If the request is still in progress and you decide you no longer need the workflow item,
right-click the request then select Cancel.
6. Select F5 or the Refresh tool bar button or right-click command to see that the workflow
item is now displayed in the Cancelled column.
NOTE: Only the original requester can cancel their own requests.
Depending on the NetPro application, after a workflow item is committed, you can go to the
application component to see the item in the console. If configured during the workflow setup,
an email notification can be sent indicating that the request is complete.
For example, if you are using NetPro’s AccessManager, and the workflow action is Create
Managed Objects, then after the workflow is committed, go to the Managed Object node in the
explorer view to see the managed object that was created.
Workflow
NetControl 105
Request Details Dialog

The Request Details dialog when the Details right-click command is selected for a workflow
item in the Workflow pane. This dialog provides details about the workflow process as it
progresses through the different workflow stages.
The following information is displayed at the top of the Request Details dialog:
Summary
This field displays a brief description of the selected workflow item.
Submitted By
This field displays the name of the account that submitted the request.
Submitted On
This field displays the date and time when the request was initially submitted.
In addition to the request submission information, the table at the bottom of the dialog, displays
the following information as the item progresses through the different workflow stages:
Occurred On
This column displays the date and time when the status changed for the selected workflow
item.
Action
This column displays the action or status change that was made.
Comment
This column displays the comment that was entered when the request was reviewed and/
or approved.
Account
This column displays the name of the account that performed the action listed.
Workflow
106 NetControl
Reviewing and/or Approving Workflow Requests

If you are assigned as a reviewer or approver, you can use the Workflow pane to review the
workflow queue. You can be assigned as both reviewer and approver for the same workflow.
However, you cannot review your own requests if you are also assigned as a requester.
To review and approve workflow items in the workflow queue:

2. Click the Workflow button in the navigation pane to display the Workflow node in the
explorer view and the workflow items in the right pane.
All submitted requests are displayed in the details view. To view the workflow items
awaiting your response (review and/or approval), right-click somewhere on the right-
hand pane (not a workflow item in the list) and select the Filter | My Work Items
command.
3. Right-click an item that needs to be reviewed or approved then select Approve or Deny.
4. After a request is approved, the workflow item proceeds to the next stage in the
workflow process. Select F5 or the Refresh tool bar button or right-click command to
display the updated status for the workflow item.
If configured during the workflow setup, an email notification can be sent indicating that
the request has been reviewed and approved/rejected.
Depending on the configuration of the workflow, an expiration date may be set on the
submitted request. When the request is not acted on in the selected time frame, the
request will either be closed or an email sent to a designated user to indicate that the
request requires attention. See ‘Request Page’ on page 92 for more information on the
lifetime characteristics of a request.
Workflow
NetControl 107
Using Microsoft Outlook to View Workflow Items

If you deployed the package to use Microsoft Outlook (NetPro NetControl Outlook
Extension.msi), you can review all the workflow items in Outlook. All options that are available
in the Workflow pane on the NetControl console are also available in Outlook. For example, you
can review, approve and cancel workflow items through Outlook.
Troubleshooting Tip
If you do not see the NetControl node in the left-hand pane, even after
you have selected the Folder List icon, ensure that the NetControl
console is loaded on the machine where the Outlook extension is
installed.
To review workflow items in Outlook:
1. Log on to Microsoft Outlook.

2. Select the NetControl node in the left-hand pane to display the NetPro NetControl
Connection dialog.
If the NetControl node is not displayed, select the Folder List icon at the bottom of the
navigation pane.
Workflow
108 NetControl
3. On the NetPro NetControl Connection dialog, use the drop-down menu to select the
server where the NetControl service resides and select Connect.
You are connected to NetControl during the Outlook session. When you log out of
Outlook and then log on again, you must select and connect to NetControl again.
4. After you log on to NetControl, the workflow items are displayed. Right-click the items
to review, approve, deny and/or cancel requests.
NOTE: Whenever the state of a workflow item is changed, you must select F5 or the
Refresh button on the Outlook tool bar to display the new status.
Workflow
NetControl 109
Chapter 11: Reports
Using the Reports pane of the NetControl console, you can run reports for the NetControl
console components: Agents, Agent Groups, Computer Lists and Schedules.
Depending on the NetPro applications deployed, there may be reports displayed in the Reports
pane for that application. Refer to the documentation for the NetPro application.
• Reports Pane
• Generating NetControl Reports
Reports
110 NetControl
Reports Pane
The Reports pane is displayed when Reports is selected in the navigation pane. From this
pane you can run reports based on NetControl components.
The Reports pane is divided into three views:
Explorer View
The explorer view displays the types of reports available. All of the reports are listed under
the following containers:
• NetControl Reports – these reports provide details regarding the shared

components created and managed through the NetControl console.
• Depending on the deployed NetPro application there may be additional reports
displayed in the explorer view. Refer to the documentation for each individual
application for more information.
Reports
NetControl 111
Object List
The object list displays a list of reports generated based on the container selected in the
explorer view.
The following information is displayed in this window:
• Name – the name assigned to the report when it was created.

• Comment – any comments that were entered when the report was created.
• Schedule – the schedule assigned to the selected report.
Details View
When a report is selected in the object list, the lower portion of this pane displays
information about when the selected report was executed.
• Run Date – the date(s) when the report was executed.

• Elapsed Time – the amount of time it took to generate the selected report
• Status – the current status of the report
Once a report is generated and its status is ‘Completed’ in the Details View, either
double-click or right-click the report entry and select the View command to display the
results of the report.
Generating NetControl Reports

NetControl Reports provide details regarding the shared components created and managed
through the NetControl console.
Using the Reports pane, the following NetControl reports can be generated:
• Agents – provides a list of agents, their status and associated agent groups. Selecting
the name of an agent will display a list of agent groups to which the agent belongs and
the notification frequency for the selected agent.
• Agent Groups – provides a list of agent groups and agents that reside in the agent
group and the configured update notification interval. Selecting the name of an agent
group will display a list of the agents that belong to the selected agent group, as well as
the configured update notification interval and status of each agent in the agent group.
• Computer Lists – provides the settings defined in a computer list. Selecting the name
of a computer list will display a list of the jobs that are linked to the selected computer list.
• Schedules – provides a report that shows schedule configurations. Selecting a
schedule entry will display a list of the jobs that are linked to the selected schedule.
Reports
112 NetControl
To generate NetControl Reports:
1. Select Reports from the navigation pane to open the Reports pane.
2. Expand the NetControl Reports container in the explorer view and select the type of
report to run:
• Agents
• Agent Groups
• Computer Lists
• Schedules
3. Select the Run tool bar button or right-click menu command. This will display the
appropriate Report dialog allowing you to define the contents of the report, configure the
report output, specify the data source and schedule the execution of the report.
4. On the General page, enter a descriptive name and optionally enter a comment
regarding the report to be executed.
5. Open the “second” page to select the NetControl component to be reported on. (The
second page in the dialog, will change based on the type of report selected in the
explorer view. For example, when Agents is selected, an Agents page will be displayed,
when Schedules is selected, a Schedules page will be displayed, etc.)
6. On the Advanced page link the report to a schedule.
7. On the Agent Groups page select the agent group that contains the server(s) to be used
to execute the report.
8. After entering the requested information, use the OK button to close the dialog and run
(or schedule) the report.
9. Once the report has been generated (there is a “Completed” status in the Details View),
double-click the report entry in the Details View (or right-click and select the View menu
command) to display the results of the report.
Reports
NetControl 113
Agents Report Dialog

The Agents Report dialog is displayed when the Run tool bar button or right-click menu
command is used when Agents is selected in the NetControl container in the explorer view of
the Reports pane. This dialog consists of four tabbed pages:
• General – use this page to specify general information about the report.
• Agents – use this page to select the agent(s) to be included in the report.
• Advanced – use this page to define the schedule for executing the selected report.
• Agent Groups – use this page to select the agent group(s) that are to generate the
report.
General Page
From the General page, specify general information about the report to be executed.
Name
Enter a descriptive name for the report.
Comment
Optionally, enter a description or comment for the report.
Reports
114 NetControl
Agents Page
Use the Agents page to specify the agent(s) to be included in the selected report.
Select one of the following:
• Report on all agents (default)

• Report on the following agents
When the last option is selected, the list box and the Add button are enabled allowing you to
select the agent(s) to include in the report.
Agents List Box

This list box displays the agents to be included in the new report. Use the Add and Remove
buttons to add/remove agents to/from this list box.
Add
Use the Add button to add agents to the list box. Selecting this button will display the Select
an Agent dialog allowing you to select the agent(s) to include in the report.
Remove
After agents have been added to the list box, use the Remove button to remove an agent
from the list box. Select the entry to be removed and select the Remove button.
Reports
NetControl 115
Advanced Page
Use the Advanced page to define the schedule to use to run the report.
Scheduling
Select one of the following to define when to run the report:
• Run the report now (default)

• Run the report on the following schedule
When the last option is selected, use the browse button to select a schedule. Selecting
the browse button will display the Select a Schedule dialog allowing you to select a
previously defined schedule or create a new schedule.
Agent Groups Page

Use the Agent Groups page to select the agent group to be associated with the report. That is,
select the agent group that contains the server(s) to be used to run the report.
NOTE: You MUST select an agent group otherwise the report will not run.
Reports
116 NetControl

This list box displays the agent group(s) associated with the new report. Use the Add and
Remove buttons to add/remove an agent group to/from the list box.
Add
Select an Agent Group dialog allowing you to select the agent group(s) to be used.
Remove
After agent groups have been added and are displayed in the Agent Groups list box, use
the Remove button to remove an agent group from the list box. Select the agent group to
be removed and select the Remove button.
Agent Groups Report Dialog

The Agent Groups Report dialog is displayed when the Run tool bar button or right-click menu
command is used when Agent Groups is selected in the NetControl container in the explorer
view of the Reports pane. This dialog consists of four tabbed pages:
• Agent Group Objects – use this page to select the agent group(s) to be included in the
report.
report.
See ‘Agents Report Dialog’ on page 113 for a description of the General, Advanced and Agent
Groups pages. All of these pages are the same for all NetControl reports.
Agent Group Objects Page

Use the Agent Group Objects page to specify the agent group(s) to include in the selected
report.
Reports
NetControl 117
• Report on all agent groups (default)

• Report on the following agent groups
select the agent group(s) to include in the report.

This list box displays the agent groups to be included in the new report. Use the Add and
Remove buttons to add/remove agent groups to/from this list box.
Add
Select an Agent Group dialog allowing you to select the agent group(s) to include.
See ‘Select an Agent Group Dialog’ on page 27 for a description of the dialog.
Remove
After agent groups have been added to the list box, use the Remove button to remove an
agent group from the list box. Select the entry to be removed and select the Remove
button.
Computer Lists Report Dialog

The Computer Lists Report dialog is displayed when the Run tool bar button or right-click menu
command is used when Computer Lists is selected in the NetControl container in the explorer
view of the Reports pane. This dialog consists of four tabbed pages:
• Computer Lists – use this page to select the computer list(s) to be included in the
report.
report.
Reports
118 NetControl
Computer Lists Page

Use the Computer Lists page to specify the computer list(s) to include in the selected report.
• Report on all computer lists (default)

• Report on the following computer lists
select the computer list(s) to include.
Computer Lists List Box

This list box displays the computer lists to be included in the new report. Use the Add and
Remove buttons to add/remove computer lists to/from this list box.
Add
Use the Add button to add computer lists to the list box. Selecting this button will display
the Select a Computer List dialog allowing you to select the computer list(s) to include.
Remove
After computer lists have been added to the list box, use the Remove button to remove a
computer list from the list box. Select the entry to be removed and select the Remove
button.
Reports
NetControl 119
Schedules Report Dialog

The Schedules Report dialog is displayed when the Run tool bar button or right-click menu
command is used when Schedules is selected in the NetControl container in the explorer view
of the Reports pane. This dialog consists of four tabbed pages:
• Schedules – use this page to select the schedule(s) to be included in the report.
report.
Schedules Page
Use the Schedules page to specify the schedule(s) to include in the selected report.
• Report on all schedules (default)

• Report on the following schedules
select the schedule(s) to include in the report.
Schedules List Box

This list box displays the schedules to be included in the new report. Use the Add and
Remove buttons to add/remove schedules to/from this list box.
Add
Use the Add button to add schedules to the list box. Selecting this button will display the
Select a Schedule dialog allowing you to select the schedule(s) to include.
Remove
After schedules have been added to the list box, use the Remove button to remove a
schedule from the list box. Select the entry to be removed and select the Remove button.
Reports
NetControl 121
Appendix A: NetPro Applications Using

NetControl Components
This appendix provides a table that shows the NetPro applications that use the NetControl
platform and its shared components. Please refer to the documentation for each individual
application for more information on using the Configuration, Collectors, Reports and Workflow
components.
NetControl Components
Configuration Resources* Collectors Reports Workflow
AccessManager 3 3 3 3
AccessReporter 3 3 3 3
ADMC 3 3 3
Business Insight 3 3
GPOADmin 3 3 3
LogADmin 3 3 3
NetControl for Exchange - 3 3 3

Message Analysis
ReportADmin for ACS
* Note that the Resources component includes agents, agent groups, computer lists, and
schedules.
NetPro Applications Using NetControl Components

NetControl 123
Appendix B: Email Setup
You can set up email notification for the following workflow items:
• requests that need attention

• during the review stage when a request is approved or rejected
• during the approval stage when a request is approved or rejected
• during the commit stage when the workflow item is finally complete
In addition, you can send an email as part of a provisioning rule for actions performed through
the ADMC.
Using the NetControl Configuration page, you can set up the email account and SMTP server
from which these email notifications are sent.
This appendix provides the following information and procedure:
• Configuration Page - NetControl Email Pane

• Setting up Email
Email Setup
124 NetControl
Configuration Page - NetControl Email Pane

The NetControl Email pane is displayed when Configuration is selected in the navigation pane
and the NetControl node is selected in the explorer view. From this pane you can define an
SMTP server for email notifications.
Email address
Enter an email address in the box. This is the address that email notifications will be sent
from.
Display Name
Enter the display name for the email account.
SMTP Server
Provide the name of the SMTP server to be used for email notifications.
Test
After entering the email settings, use the Test button to send a test email to ensure the
email settings are working properly.
Save
After entering the email settings, use the Save button to save your settings.
Email Setup
NetControl 125
Setting up Email
To set up email notification:

2. Select the Configuration button in the navigation pane and then select NetControl in
the explorer view.
3. On the NetControl Email pane, enter an email address and display name in the Email
Address and Display Name fields.
4. Enter the name of the SMTP server to be used for email notifications.
5. After entering the email address, display name and SMTP server to be used, use the
Test button to send a test email to ensure the settings are working properly.
6. After testing the email settings, use the Save button to save the email settings.
Email Setup
NetControl 127
Appendix C: Active Directory Users and

Computers (ADUC) Extension
This appendix provides additional information regarding the Active Directory Users and
Computers (ADUC) extension that is activated when NetControl is installed. Using this
extension you can enforce workflow approval processes and automate common Active
Directory tasks through the use of rules. Please remember that even though modifications
made through ADUC will trigger defined workflow or rules, you can only define workflow and
rules for an object using NetControl’s Active Directory Management Console (ADMC).
Usage Notes
Windows Server 2008
• 32-bit: runs as expected (e.g., %windir%\System32\dsa.msc)
• 64-bit: use WOW64 (e.g., %windir%\SysWOW64\dsa.msc)
Exchange
Do NOT install the NetControl Console/ADUC Extension on machines running Exchange
tools.
Third-Party ADUC Extensions

Third-party ADUC extensions are not supported and will not trigger workflow or rules.
Active Directory Users and Computers (ADUC) Extension

128 NetControl
Using the ADUC Extension

Using the ADUC extension to modify Active Directory objects allows you to take advantage of
the workflow and rules feature of NetControl.
1. Launch ADUC.
2. This will display the NetPro NetControl Connections dialog. On this dialog, use the drop-
down menu to select the NetControl server to be used and select Connect.
Warning
If you select Cancel on the NetPro NetControl Connection dialog instead
of connecting to the NetControl Console, ADUC will launch in a read-
only mode and you will not be able to modify Active Directory objects.
3. Go through the typical procedure for creating, deleting and/or modifying an Active
Directory object.
4. If workflow has been applied to an object, you will be prompted to enter a comment to
accompany the modification being requested. You will then see a message indicating
the request has been submitted. Select OK to close this dialog.
Removing the ADUC Extension

Removing the ADUC Extension from 32-bit Computers:
1. From a run command, enter:

regsvr32 -u "C:\Program Files\Netpro\NetControl\adhook.dll"
Removing the ADUC Extension from 64-bit Computers:

regsvr32 -u "C:\Program Files (86)\Netpro\NetControl\adhook.dll"
Re-installing the ADUC Extension

Re-installing the ADUC Extension to 32-bit Computers:

regsvr32 "C:\Program Files\Netpro\NetControl\adhook.dll"
Re-installng the ADUC Extension to 64-bit Computers:

regsvr32 "C:\Program Files (86)\Netpro\NetControl\adhook.dll"
Active Directory Users and Computers (ADUC) Extension

NetControl 129
Appendix D: NetControl Troubleshooting
This appendix covers some of the known issues with NetControl and provides some
troubleshooting tips.
In addition, for more information and troubleshooting tips on the ADMC, please go to:
http://www.turbochargedad.com.
NetControl Console
The following troubleshooting tips relate to issues with the NetControl Console.
NetControl Console Opens and Closes or Opens without any Nodes

Verify that the Console feature is installed.
Verify Console Feature is Installed:
1. Run the NetPro NetControl Plugin.msi on the server where the NetControl service is
installed. This msi file is located in the Updates folder of the Install path of the NetControl
service.
2. On the Program Maintenance screen, select the Modify option.
NetControl Troubleshooting
130 NetControl
3. On the Custom Setup screen, verify that the Console is installed. If it is not installed, you
will see a red X to the left of the Console feature. To install the Console feature, select
the ‘This feature will be installed on local hard drive’ option from the Console drop-down
menu.
Enterprise Server Console Connecting to NetControl Server - Not Supported

If an Enterprise Server Console connects to a NetControl Server Service, the console will get
partially upgraded. After it is upgraded, the console will prevent the user from connecting to an
Enterprise Server Service.
To correct this issue, you must uninstall the Enterprise Server Console from the computer with
the partial upgrade and then reinstall the Enterprise Server version of the Console.
NetControl 131
ADMC Functionality
The following troubleshooting tips relate to the Active Directory Management Console (ADMC),
which is installed with NetControl.
Rule Scripts Failed to Run on Windows 2008

The vbscript.dll and msscript.ocx need to be registered in order to use rule scripts in Windows
Server 2008. Once registered, if rules scripting still is not working, verify the registry key does
not contain quotes.
Register the following on 32-bit Computers:

regsvr32 %Windir%\System32\vbscript.dll
regsvr32 %Windir%\System32\msscript.ocx
Register the following on 64-bit Computers:

regsvr32 %Windir%\System32\vbscript.dll
regsvr32 %Windir%\SysWOW64\msscript.ocx
Verifying Registry Key:
1. Verify that the default value does not contain quotes in the following registry key:
[HKEY_CLASSES_ROOT\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-
00A0D10038BC}\1.0\0\win32]
NetControl 133
Index
A Agents
Deploying 24
Account List 66
New Agent Deployment Dialog 25
Action menu command 10 Pane 22
Active Directory Management Console (ADMC) 63 Agents Page
Configuring workflow 85 Agents Report Dialog 114
Creating Custom Views 67 New Agent Group Dialog 38
Creating Rules 73
Agents Report Dialog 113
Establishing a Connection 71
Application Components
Pane 64
Rules Wizard 74 NetControl 7
Troubleshooting 129 Application Security 15
ADUC Extension 127 Applying workflow to an ADMC action 86
Advanced Page Approve Page 97
Agent Groups Report Dialog 115 Arrange By commands 23, 35, 43, 53, 103
Agents Report Dialog 115 Automatically approve workflow request 97
Computer Lists Report Dialog 115 Automatically review workflow requests 95
Properties Dialog 70
B
Schedules Report Dialog 115
Agent Group Objects Page Building Dynamic Computer List
Agent Groups Report Dialog 116 Based on a Script 45
Agent Groups Bases on LDAP Query 44
Adding/removing agents 37 Building Explicit Computer List 44
Associating with a collector 61
C
Creating an empty agent group 36
Creating with agents 36 Collectors
Description 33 Defining 59
New Agent Group Dialog 37 New Collector Dialog 59
Pane 34 Pane
Report dialog 116 58
Agent Groups Page
Commit Page 99
Agent Groups Report Dialog 115
Computer Lists
Agents Report Dialog 115
Building explicit list 44
Computer Lists Report Dialog 115
Building list based on LDAP query 44
New Agent Deployment Dialog 27
Building list based on script 45
New Collector Dialog 61
Description 41
Schedules Report Dialog 115
New Computer List Dialog 46
Pane 42
Index
134 NetControl
Computer Lists Page Explorer View 12

Computer Lists Report Dialog 118 ADMC Pane 65
Computer Lists Report Dialog 117 Agent Groups Pane 34
Computers Page Agents Pane 22
New Computer List Dialog 47 Computer Lists Pane 42
Configuration Page 124 Reports Pane 110
Schedules Pane 52
Connecting to console 8
Select a Computer List Dialog 28
Connection Dialog
Select an Agent Dialog 39
ADMC Pane 72 Select an Agent Group Dialog 30
NetControl Console 8 Workflow Pane 102
Connections 65
Establishing AD Connection Point 71 F
Contents Page Filter command 103
Properties Dialog 69 Filtering Workflow Items 103
Creating
Computer Lists 44 G
Custom Views 67 General Page 113
Provisioning Rules 73 Agent Groups Report Dialog 113
Rules 73 Agent Report Dialog 113
Custom Views 65 Computer Lists Report Dialog 113
Creating 67 New Agent Group Dialog 37
New Collector Dialog 60
D
Defining New Schedule Dialog 55
Collectors 59 Properties Dialog 68
Schedules 54 Workflow Editor 91
Delete Generating reports 109
Command 12, 23, 34, 43, 52, 65 Go menu commands 10
Tool bar button 11
H
Deploying Agents 24
Considerations 24 Help
Details Page Menu commands 11
New Schedule Dialog 55 Tool bar button 11
Details View I
Agent Groups Pane 35
Agents Pane 23 Implementing Application Security 15
Collectors Pane 58
L
Computer Lists Pane 43
Reports Pane 111 LDAP Query
Schedules Pane 53 New Computer List Dialog 48
Lifetime settings 93
E
Email Accounts Dialog 100 M
Email Pane 124 Managing workflow requests 104
Email Settings Menu bar 10
Workflow Editor Approve Page 98 Microsoft Outlook Extension 107
Workflow Editor Commit Page 100 Modifying Active Directory when workflow is applied 87
Workflow Editor Review Page 96 Move to command 22, 34, 42, 52
Email setup 125
Enabled Command 53 N
Exit command 10 Navigation Pane 13
Expiring permissions 19 NetControl
Explicit Computer List 48 Agents 21
Application Security 15
Computer Lists 41
Index
NetControl 135
Connecting to console 8 Properties and Values Dialog 80

Console components 8 Provisioning Rules 73
Email Pane 124
Explorer View 12 R
Information Panes 14 Refresh
Menu bar commands 10 Command 10, 13, 24, 36, 44, 54, 65
Navigation Pane 13 Tool bar button 11
Reports 111
Refresh command 103
Resources 7
Regular Expression Matching 82
Schedules 51
System overview 1 Remove command 66
Tool bar buttons 11 Rename command 13, 66
Troubleshooting Tips 129 Reports
NetPro NetControl 111
Applications using NetControl 121 Pane 110
Customer Portal 4 Request Details Dialog 105
Professional Services 5 Request Page 92
Technical Support 5 Resources
NetPro NetControl Connection dialog 8 Agent Groups 33
NetPro NetControl Outlook Extension.msi 107 Agents 21
New Computer Lists 44
Command 12, 23, 35, 43, 53, 66 Schedules 54
Tool bar button 11 Resources Pane
New Agent Deployment Dialog 25 Agent Groups Pane 34
New Agent Group Dialog 37 Agents Pane 22
New Collector Dialog 59 Computer Lists Pane 42
Schedules Pane 52
Restart Agent
New Connection command 65
Tool bar button 12
New Custom View command 65
Review Page 95
New Permission Entry Dialog 18
Review workflow items in Outlook 107
New Schedule Dialog 54
Rule Function Structure 84
O Rule Wizard 74
Object List Rules 73
ADMC Pane 66 Rules and Workflow command 66
Agent Groups Pane 34 Run command 12
Agents Pane 22 S
Computer Lists Pane 42
Reports Pane 111 Schedule Page
Schedules Pane 52 New Collector Dialog 60
Select a Computer List Dialog 29 Schedules 51
Select an Agent Dialog 40 Defining 54
Select an Agent Group Dialog 31 Description 51
Workflow Pane 102 Disabling 56
Linking to a collector 60
P
New Schedule Dialog 54
Parent object 81 Pane 52
Permissions Schedules Page
Command 13, 23, 35, 43, 53, 65 Schedules Report Dialog 119
Dialog 17 Schedules Report Dialog 113, 119
Tool bar button 11 Script Editor 83
Properties Rule Function Structure 84
Command 23, 35, 43, 53, 65 Script-based Computer List 49
Dialog 68 Select a Computer List Dialog 28
Tool bar button 11 Select an Agent Dialog 39
Select an Agent Group Dialog 29
Index
136 NetControl
Servers Page Workflow Pane

New Agent Deployment Dialog 25 Filtering Content 103
Setting up email 125 Managing requests 104
Sort By command 103 Reviewing and approving workflow item 106
Sorting Workflow Items 103 Reviewing request status 104
Start Agent Sorting Content 103
States 102
Tool bar button 12
Stop Agent
Tool bar button 12
T
Technical Support 5
Temporary permission assignments 19
Tool bar buttons 11
Troubleshooting Tips 129
Turbo Charged website 4
U
Update Notification interval 38
Using Scripts
New Computer List Dialog 45, 49
Rules Script Editor 83
V
Value Editor 81
Parent object 81
VBScript
Building Dynamic Computer List 45
Rule Script Editor 83
View
Commands 23, 35, 43, 53, 103
Menu commands 10
W
Windows 2008
Running scripts 131
Workflow 89
Automatically approve request 97
Automatically review request 95
Pane 101
Process 89
Reviewing items in Outlook 107
Roles 90
States 102
Workflow Editor 90
ADMC Actions 85
Approve Page 97
Commit Page 99
General Page 91
Lifetime settings 93
Request Page 92
Review Page 95
Index

Net Control Admin Guide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Net Control Admin Guide

Hochgeladen von

Copyright:

Verfügbare Formate

NetControl ™

Telephone 602 346 3600

Worldwide Technical Support

Configuring Workflow for an ADMC Action - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 85

NetControl (formerly known as Enterprise Server) provides a centralized interface to configure

This chapter provides the following information:

What’s in this Guide

NetControl Client Overview

Active Directory Management Console

Appendix A: NetPro Applications Using NetControl Components

Appendix B: Email Setup

Appendix C: Active Directory Users and Computers (ADUC) Extension

Appendix, D: NetControl Troubleshooting

How to Get Additional Help

• NetPro Professional Services offers a range of professional services to help you

• submit and update support incidents

24x7 Live Technical Support

U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO

FAX: 1 602 346 3610

• Deployment: Choose QuickDeploy for a rapid return on investment or CustomDeploy

Chapter 2: NetControl Overview

• Connecting to the NetControl Console

Connecting to the NetControl Console

1. Select Start | All Programs | NetPro | NetControl | Console.

NetControl Console Components

• Menu Bar – displays the menus for accessing commands.

Use the Refresh button to redisplay the contents on the window.

Show More Buttons

Show Fewer Buttons

Navigation Pane Options

Add or Remove Buttons

Chapter 3: Application Security

• Considerations for Implementing Application Security

Considerations for Implementing Application Security

Implementing Application Security

Permissions list box

New Permission Entry Dialog

• This object only

Permissions list box

Apply these permissions to immediate objects and/or containers only

This chapter provides the following information and procedures:

• Server – the name of the server where an agent was deployed

• Name – the name assigned to the job when it was created

Arrange By | Show in Groups

Considerations for Deploying Agents

1. Select Resources from the navigation pane.

New Agent Deployment Dialog

This dialog consists of two tabbed pages:

Servers list box

Add | Computer List

Log on As: Account

Log on As: Password

Agent Groups Page

Agent Group list box

Select a Computer List Dialog

New | Computer List

Select an Agent Group Dialog

New | Agent Group

Chapter 5: Agent Groups

This chapter provides the following information and procedures:

• Agent Groups Pane

Agent Groups Pane

Agent Groups List