Beruflich Dokumente
Kultur Dokumente
Administrator’s Guide
NC-AG-0708-310
Copyright © 2008 NetPro Computing, Inc.
Disclaimer
NetPro Computing, Inc. (NetPro) makes no representations or warranties, either expressed or implied, with
respect to the adequacy of this documentation or the programs which it describes in regard to fitness for any
particular purpose or with respect to its adequacy to produce any particular result. The computer programs and
documentation are sold “as is”, and the entire risk as to quality and performance is with the buyer. In no event shall
NetPro be liable for special, direct, indirect or consequential damages resulting from any defect in the programs,
documentation or software. Some states do not allow the exclusion or limitation of implied warranties or liability for
incidental or consequential damages, in which case the above limitations and exclusions may not apply to you.
Proprietary Rights
NetPro has prepared this document for use by NetPro personnel, agents, licensees and customers. The
information contained in this document is the property of NetPro. You may not reproduce, translate, or transmit it
in any form or by any means, electronically or mechanically, without prior written permission from NetPro.
Disclaimer of Liability
NetPro makes no representation or warranties of any kind, either expressed or implied, with respect to the
contents of this manual, including but not limited to typographical errors and technical completeness, NetPro
reserves the right to revise this publication and to make changes in its content without obligation to notify any
person of such revision or changes.
Trademarks
NetPro Computing and NetPro are registered trademarks and NetControl, NetControl for Exchange,
AccessManager, AccessReporter for Windows, Business Insight, GPOADmin, LogADmin, ReportADmin for ACS
and the NetPro logo are trademarks of NetPro Computing, Inc.
Microsoft, Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, and Active Directory are
either registered trademarks or trademarks of Microsoft Corporation.
Other product names mentioned in this manual may be trademarked: they are used for identification purposes
only.
Document Revision History
ES-AG-1007-200 October 2007 Enterprise Server 2.0
ES-AG-1107-250 November 2007 Enterprise Server 2.5
ES-AG-1207-260 December 2007 Enterprise Server 2.6
ES-AG-0408-260-A April 2008 Enterprise Server 2.6 with
Business Insight 3.0
ES-AG-0608-260-B June 2008 Enterprise Server 2.6
NC-AG-0708-310 July 2008 NetControl 3.1
NetPro Computing, Inc.
Corporate Office
4747 N. 22nd Street, Suite 400
Phoenix, Arizona 85016 USA
Sales
USA and Canada 800 998 5090
International +1 602 346 3630
Email support@netpro.com
NetControl i
Table of Contents
Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
What’s in this Guide - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2
How to Get Additional Help - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4
Chapter 2: NetControl Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7
Connecting to the NetControl Console - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
NetControl Console Components- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
Chapter 3: Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -15
Considerations for Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - 15
Implementing Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16
Chapter 4: Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -21
Agents Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22
Considerations for Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24
Deploying Agents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24
Chapter 5: Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -33
Agent Groups Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34
Creating Agent Groups - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36
Chapter 6: Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -41
Computer Lists Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42
Building Computer Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44
Chapter 7: Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -51
Schedules Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52
Defining Schedules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54
Chapter 8: Collectors - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -57
Collectors Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 58
Defining a Collector - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 59
Chapter 9: Active Directory Management Console - - - - - - - - - - - - - - - - - - -63
Active Directory Management Console Pane - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 64
Creating a Custom View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 67
Establishing a Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 71
Creating Provisioning Rules - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 73
Table of Contents
ii NetControl
Table of Contents
NetControl 1
Chapter 1: Introduction
This document describes the base NetControl console (including ADMC), its components and
the shared services that are available. Please refer to the documentation of each individual
application for information on the component’s that are made available through the console
once the application is deployed (e.g, workflow, collectors, etc.).
• System Overview
• What’s in this Guide
• How to Get Additional Help
System Overview
The NetControl platform consists of three main components:
• NetControl Console
• NetControl Service
• NetControl Agent
The NetControl Console provides the user interface to all functionality of the NetControl
Service, the ADMC and licensed NetPro applications that build upon the NetControl platform.
Through the console, you can interact with and retrieve information from each deployed
application.
The NetControl Service is one of the core components of the application. Your ability to gain
access to application data or configure the application depends on the communication between
the console and the NetControl Service. Since the service is your 'gateway' into the application,
the security model of the application is housed here.
Introduction
2 NetControl
As it relates to the application, NetControl Agents do all of the workload processing. They
communicate directly with the SQL Database on a configured interval to receive a list of actions
that need to be executed upon. Each NetPro application that builds upon the NetControl
platform will define the work that needs to be processed on a scheduled basis.
Introduction
This chapter introduces NetControl and provides a system overview of the NetControl
platform. It also describes the contents of this manual and information on obtaining
additional assistance from NetPro.
Application Security
Chapter 3 explains how to implement application security to build a secure deployment.
Agents
Chapter 4 provides a brief description about agents, describes the Agents pane and the
New Agent dialog, and provides instructions on how to deploy an agent.
Agent Groups
Chapter 5 provides a brief description about agent groups, describes the Agent Groups
pane and the New Agent Groups dialog, and provides instructions on how to set up an
agent group.
Introduction
NetControl 3
Computer Lists
Chapter 6 provides a brief description about computer lists, describes the Computer List
pane and the New Computer List dialog, and provides instructions on how to build a
computer list.
Schedules
Chapter 7 provides a brief description about schedules, describes the Schedules pane and
the New Schedule dialog, and provides instructions on how to set up a schedule.
Collectors
Chapter 8 provides a brief description of collectors and the NetControl components that are
part of setting up a collector. Please note that the Collector button is available in the
navigation pane when NetControl is installed. However, there must be a NetPro application
deployed that uses the collectors before data collections can be configured/viewed.
Workflow
Chapter 10 explains how to use the Workflow Editor to set up actions for the workflow
queue where a review and approval is required before the action can be committed and
deployed in your environment. It also explains the workflow process and how to review/
approve requests using the Workflow pane or Microsoft Outlook.
Reports
Chapter 11 provides information on the Reports pane and the NetControl reports. It also
explains how to run a report using the NetControl console.
Index
The Index provides an alphabetical subject listing for the contents of this manual.
Introduction
4 NetControl
• My.netpro.com enables you to perform many tasks that you may have once conducted
with the help of a NetPro representative.
• 24x7 Technical Support is available through an annual Software Maintenance
Contract.
For more information on using NetControl’s Active Directory Management Console (ADMC),
please visit http://www.turbochargedad.com.
My.netpro.com
NetPro’s customer portal site enables you to perform many tasks that you may have once
conducted with the help of a NetPro representative. Now, you can do them all on the customer
section of our website -- https://www.netpro.com.
My.netpro.com was designed to provide you with the best possible service and deliver it
conveniently and quickly -- when you need it. Here’s what you can do on my.netpro.com:
https://my.netpro.com is a completely secure site and you will need login credentials to access
the area each time you visit. On your first visit, you will create the credentials to be used every
time you return to the site.
Introduction
NetControl 5
NetPro
4747 N. 22nd Street, Suite 400
Phoenix, Arizona (USA) 85016
Professional Services
NetPro service professionals leverage proven methodologies, industry best practices, and
more than 30 years of combined Microsoft management experience to help organizations reach
their business-critical goals. To help you get the most from our solutions, NetPro Professional
Services offers help with:
To learn more about NetPro Professional Services, please contact your NetPro sales
representative or sales@netpro.com.
Introduction
NetControl 7
NetControl provides a centralized interface for managing Active Directory and provides shared
resources to other NetPro applications. The resources available through the NetControl
Console include:
• Application Security provides component level security for all application components.
• Configuration provides options for setting up email and configuring certain NetPro
applications.
• Agents perform the work defined by licensed NetPro applications that build upon the
NetControl platform.
• Agent Groups are logical or physical groupings of agents used for distributing workload
processing.
• Computer Lists are a way to group physical computer resources based on explicit or
dynamically generated content.
• Schedules are reusable components that define when tasks are to be performed.
• Collectors define what data is to be collected from various resources. The collectors
available are based on the licensed NetPro applications that build upon the NetControl
platform.
• Active Directory Management Console (ADMC) extends Microsoft’s Active Directory
Users and Computers (ADUC) interface to optimize Active Directory management.
• Rules can be defined using the ADMC to add business logic to automate common
Active Directory tasks.
• Workflow allows you to set certain actions that must adhere to a review and approval
workflow process. Workflow is available for actions performed in the ADMC as well as
some of other licensed NetPro applications that build upon the NetControl platform.
• Reports provide a central location for defining the content and generating reports about
the NetControl components and some of the deployed NetPro application.
This chapter describes the layout of the base NetControl Console and how to access the shared
resources, including the following information:
NetControl Overview
8 NetControl
Please refer to the documentation for each individual application for information on the
additional components that are deployed with each application.
To determine the shared components that each licensed NetPro application uses, see
Appendix A: NetPro Applications Using NetControl Components on page 121.
3. Optionally, select the Remember connection check box to use this server the next time
you run NetControl. If selected, the connection dialog is only displayed if the specified
NetControl server is not available.
NOTE: To disable the Remember Connection setting, use the Help | About menu
command to display the About NetPro NetControl dialog and deselect the
Remember Connection check box on this dialog.
4. Click the Connect button to connect to the NetControl server.
NetControl Overview
NetControl 9
• Collectors – provides a central location for defining data collections. The resource
containers in this pane are based on the licensed NetPro applications that use data
collection. For more information, refer to the individual product documentation.
• Active Directory - provides access to the ADMC which extends Microsoft’s Active
Directory Users and Computers (ADUC) interface to optimize Active Directory
management.
• Workflow – provides a list of workflow items in the workflow queue if there are
actions configured to use workflow. Actions performed using the ADMC and some
of the other licensed NetPro applications use the workflow feature.
• Reports – provides a central location for defining and generating reports for the
NetControl components. There may also be reports for the other deployed NetPro
applications.
• Information Panes – the contents of the right-hand pane depends on the button
selected in the navigation pane and the node/container selected in the explorer view.
This pane may display the objects available in the selected node/container and
supporting details or options for configuring the selected component.
NetControl Overview
10 NetControl
Menu Bar
The NetControl console menus follow the same convention as standard Windows menus. That
is, commands are grouped under a menu on the menu bar. Some of these commands perform
an action immediately; others display an additional dialog or launch a wizard where you select
various options or specify additional information.
The following sections describe the default commands that are available when you install
NetControl. As you deploy NetPro applications, there may be additional commands displayed.
Refer to the documentation for each individual application for more information about
commands specific to each application.
Action Menu
Exit
Use the Exit command to close the NetControl console.
Go Menu
Configuration
Use the Configuration command to open the Configuration pane to set up email and
configure each of the deployed NetPro applications.
Resources
Use the Resources command to open the Resources pane to deploy agents and create,
modify or view agent groups, computer lists and schedules.
Collectors
Use the Collectors command to open the Collectors pane to define the data to be
collected. The resource containers available are based on the NetPro applications that use
data collection.
Active Directory
Use the Active Directory command to open the ADMC to administer directory information.
Workflow
Use the Workflow command to open the Workflow pane to review/track the items in the
workflow queue.
Reports
Use the Reports command to open the Reports pane to define the content and generate
reports.
View Menu
Refresh (F5)
Use the Refresh command to redisplay the contents on the window.
NetControl Overview
NetControl 11
Help Menu
Contents
Use the Contents command to display the Contents pane and initial page of the NetControl
online help.
Search
Use the Search command to display the Search pane and initial page of the NetControl
online help.
Index
Use the Index command to display the Index pane and initial page of the NetControl online
help.
About
Use the About command to display general release information about the NetControl
Service, NetControl Console and licensed NetPro products.
Tool Bar
The tool bar buttons provide quick access to commonly used commands.
Use the Help button to display the online help for the application.
Use the New button to create a new object (e.g., agent group, computer list, schedule) or
a new folder for organizing objects. The icon changes depending on the resource container
selected in the explorer view.
Use the Permissions button to define the delegated permissions for the resource
container selected in the explorer view or the object selected in the object list. Selecting this
button will display the Permissions dialog showing the delegated permissions for the
selected application component.
Depending on the object selected and the NetPro application deployed, a Workflow button
may also be displayed on the Permissions dialog which allows you to set up workflow for
the selected item.
Use the Delete button to remove the object selected in the object list.
Use the Properties button to display the properties for the object selected in the object list.
From this dialog, you can modify the properties previously defined for the selected object.
NetControl Overview
12 NetControl
Use the Start Agent button to start the agent selected in the Agents page. This button is
only available on the Agents page of the Resources pane.
Use the Stop Agent button to stop the agent selected in the Agents page. This button is
only available on the Agents page of the Resources pane.
Use the Restart Agent button to stop and start the selected agent. This button is only
available on the Agents page of the Resources pane.
Explorer View
The explorer view is located in the left pane and is populated based on the button selected in
the navigation pane. From this pane, you can create objects and organize these objects in
resource containers. By right-clicking a folder in the explorer view, you can perform the
following tasks:
New | <object>
Use the New | <object> command to create a new object (e.g., computer list, agent group,
schedule). Selecting this command will display the appropriate dialog allowing you to define
the new object. The <object> types available depend on the NetPro application(s) deployed
to use the NetControl console. Not available on the Reports pane.
New | Folder
Use the New | Folder command to create a new folder in the explorer view to organize the
objects being created. Selecting this command will add a new folder under the currently
selected container in the explorer view. Not available on the Reports pane.
Run
From the Reports pane, use the Run command to define a new report. Selecting this
command will display the appropriate report dialog allowing you to define the contents of
the report, specify the output options, specify the data source and schedule execution of
the report. This command is only available on the Reports pane.
Delete
Use the Delete command to remove a user-defined container from the explorer view and
any child folders and objects created in the selected container. This command is only
available for user-defined containers. Not available on the Reports pane.
NOTE: You can NOT delete the default parent containers initially displayed when the
product is installed. If you select one of these parent containers and select the
Delete command, all of the folders or objects that have been added to the
selected parent container will be deleted.
NetControl Overview
NetControl 13
Rename
Use the Rename command to change the name of the selected user-defined container.
This command is only available for user-defined containers. Not available on the Reports
pane.
Permissions
Use the Permissions command to display the delegated permissions for the selected
container. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Depending on the object selected and the NetPro application deployed, a Workflow button
may also be displayed on the Permissions dialog which allows you to set up workflow for
the selected item. See Chapter 8: Workflow on page 53.
Refresh
Use the Refresh command to retrieve and display the latest information.
Navigation Pane
The navigation pane is located in the lower left pane of the console and contains buttons that
allow you to access the base NetControl components. As you deploy and license NetPro
applications, additional buttons may be displayed. Selecting a button in this pane will populate
the resource containers in the explorer view used to organize the objects being created and
managed through the NetControl console.
Selecting the arrows at the bottom of the navigation pane displays the following commands
allowing you to control the buttons displayed in the navigation pane:
NetControl Overview
14 NetControl
You can also resize the navigation pane to hide the bottom-most button(s). To resize this pane,
place your cursor at the top of the pane until your cursor is replaced with a double arrow. Hold
down the right mouse button and drag the arrow down the screen. As buttons are hidden from
the screen they are replaced with an icon which can be selected to open the corresponding
NetControl page.
Information Panes
The contents of the information panes, located in the right-hand pane depend on the button
selected in the navigation pane and the node/container selected in the explorer view. This pane
may display the objects available in the selected node/container and supporting details or
options for configuring the selected component.
The first time the console is launched, the NetControl Email pane will be displayed allowing you
to configure the NetControl email settings. However, each subsequent time the console is
launched, the pane last displayed when the console was closed will be displayed.
Please refer to the individual chapters in this guide for a description of the information panes
available and the tasks that can be performed from each.
NetControl Overview
NetConrol 15
Delegation of administration allows you to transfer the responsibility for administrative tasks to
a lower-level administrator. Application security provides component level security for all
application components.
By default, users in the Domain Admins group are granted Full Control to NetControl, while
users in the Everyone group are granted Read All Properties. These default permissions
ensure that only privileged users have the rights to invoke change in NetControl.
This chapter provides the following information for building a secure NetControl deployment:
• The internal workings of NetControl’s security model work the same as Active Directory
and NTFS security.
• Subcontainers can be created in all nodes. These containers serve a dual purpose.
Primarily, containers are used to organize content, but they can also be used as a
boundary or scope of management for a delegated user. For example, allowing user
Domain\Sally to create Security Templates in a single container.
Application Security
16 NetConrol
1. Select a resource container from the explorer view (for example, Agents or Computer
Lists) or an object from the object list.
2. Select the Permissions command from the tool bar ( ) or the right-click menu. This
will display the Permissions dialog for the selected application component.
3. By default, all application components have the following permissions defined:
• Allow | Everyone | Read All Properties | This object and all child objects
• Allow | Domain Admins | Full Control | This object and all child objects
4. To add additional permissions select the Add button, which will display the New
Permission Entry dialog.
5. On the New Permission Entry dialog, select the permissions to be allowed and/or denied
to secure the selected application component.
• Account – use the browse button to locate and select a user or group account
to be delegated these permissions.
• Apply to – select the appropriate option to specify what object types are going to
receive the selected permissions (for example, this object only, this object and
child objects, or child objects only).
• Permissions – select the Allow or Deny check boxes for the permissions to be
delegated.
• Apply these permissions to immediate objects and/or containers only –
optionally select this check box to define the level of effectiveness the selected
rights will assume.
• Expires on – optionally select this check box and select the date these
permissions are to expire.
6. After adding the new permissions entry, use the OK button to save your settings. The
new permission will be displayed on the Permissions dialog.
Application Security
NetConrol 17
Permissions Dialog
The Permissions dialog is displayed when the Permissions tool bar button or right-click
menu command is selected for an application component. Use this dialog to view and/or modify
the permissions to be delegated to the selected application component.
By default, users in the Domain Admins group are granted Full Control to NetControl, while
users in the Everyone group are granted Read All Properties. The default permissions are
displayed in the Permissions dialog.
Type
This column displays the type of permission being delegated: Allow or Deny
Account
This column displays the name of the user or group account to be delegated each
permission listed.
Permission
This column displays the name of the permission being delegated.
Apply To
This column displays the objects to which each permission applies: this object only, this
object and child objects or child objects only.
Inherited From
For child objects, this column displays the parent object from which the permissions
where inherited.
Expires On
If applicable, this column displays the date when the permissions will expire.
Application Security
18 NetConrol
Add
Use the Add button to add permissions to the list box. Selecting this button will display the
New Permission Entry dialog allowing you to select the permission(s) to be included. This
dialog also allows you to specify the user or group account, the object types that are to
receive the permission(s), the level of effectiveness the rights will assume, and if applicable
an expiration date.
Remove
After permissions have been added and are displayed in the Permissions list box, use the
Remove button to remove a permission entry from the list box. Select the permission entry
to be removed and select the Remove button.
Account
Use the browse button to specify a user or group account to be granted or denied
access permissions to the selected application component. Selecting the browse button will
display the native Select User or Group dialog allowing you to locate and select a user or
group account.
Application Security
NetConrol 19
Apply to
This drop-down text box allows you to specify the object types that are to be granted the
selected permissions. By default, the permissions selected will be applied to this object and
all child objects; however, you can use the drop-down menu to change this setting. Valid
entries are:
• Full Control
• Read All Properties
• Write All Properties
• Modify Permissions
• Delete
• Delete Subtree
• Create All Child Objects
• Delete All Child Objects
• Create Folders
• Delete Folders
• Create <object> (for example, Schedule, Agent Group)
• Delete <object> (for example, Computer List, Agent Group)
Clear
Use the Clear button to clear any check marks from the Permissions list box.
Expires on
To create a temporary (expiring) permission assignment, select this check box and use the
arrow to view a calendar grid to select the date when these permissions are to expire.
Application Security
NetControl 21
Chapter 4: Agents
Using the Resources pane in the NetControl console, you can deploy and maintain agents.
NetControl agents distribute the workload processing as defined by each individual NetPro
application. Agents communicate directly with the SQL Server database on a configured
interval to receive a list of actions that need to be executed upon.
Refer to the documentation for each deployed NetPro application to determine if it uses
NetControl agents.
• Agents Pane
• Considerations for Deploying Agents
• Deploying Agents
Agents
22 NetControl
Agents Pane
The Agents pane is displayed when Agents is selected in the explorer view of the Resources
pane. From this pane you can deploy agents and view the status of deployed agents.
Explorer View
The explorer view displays a hierarchy of folders created to organize your agents.
Agents List
The agents list displays a list of deployed agents for the container selected in the explorer
view. The following information is displayed for each agent:
Move to
Use the Move to command to move the selected agent to a different folder in the
explorer view. Selecting this command will display the Select a Folder dialog allowing
you to select the folder to which the agent is to be moved.
Agents
NetControl 23
Delete
Use the Delete command to remove the selected agent from the agents list.
Permissions
Use the Permissions command to display the delegated permissions for the selected
agent. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the properties set for the selected agent.
Selecting this command will display the Properties dialog allowing you to view or modify
the security permissions assigned to the selected agent.
Details View
The details view displays information regarding the jobs (for example, data collection,
report) that are assigned to the agent selected in the object list. The following information
is displayed:
Right-clicking in the agents list pane (not an object in the list) or details view pane will display
the following commands allowing you to change the content displayed in the agents list/details
view pane:
New | Agent
Use the New | Agent command to deploy a new agent.
View
Expand the View command and select one of the following options to change how the
objects in the agents list are displayed:
• Tiles
• Icons
• List
• Details (default)
Arrange By
Expand the Arrange By command and select the appropriate option to change the sort
order for the displayed objects. The sort options available are based on the container
selected in the explorer view. More specifically, the options will match the column headings
in the agents list.
Agents
24 NetControl
Refresh
Use the Refresh command to retrieve and display the latest information.
• Agent(s) will be running with elevated privileges, so ensure you have followed
Microsoft’s Best Practices for Securing Service Accounts.
• Consider grouping agents based on geographical location and the security required to
access the managed content:
• Deploying agents close to the objects being managed will help reduce the amount
of WAN traffic.
• If you have highly sensitive data that will be managed or are required to operate
under the principals of least privilege, then grouping resources by security level is
paramount.
• Review the default application security and start granting access as required to
interested parties (See Chapter 3: Application Security on page 15 for information on
building a secure deployment). For example:
• Restrict who can modify agent groups
• Restrict who can deploy agents
Deploying Agents
Prior to deploying agents, please review ‘Considerations for Deploying Agents’ on page 24.
To deploy agents:
Agents
NetControl 25
5. On the Servers page, also enter a descriptive comment and the logon credentials for
the account the agent is to run as.
6. Open the Agent Groups page to add the agent(s) to an agent group. On this page, select
the Add button to display the Select an Agent Group dialog where you can select or
create an agent group to which the agent is to be assigned.
7. After specifying where agents are to be deployed, select the OK button to close the
dialog and start the deployment process.
The status of the deployed agents will be displayed in the Agents object list.
• Servers – use the Servers page to specify the server to which agents are to be deployed
and the user account the agent is to run as.
• Agent Groups – use the Agent Groups page to assign the deployed agents to one or
more agent groups.
Servers Page
From the Servers page, specify the server(s) to which an agent is to be deployed. The
information entered on this page will be displayed in the Agents object list when Agents is
selected in the explorer view.
Agents
26 NetControl
Add | Computer
Use the Add | Computer option to add an individual server to the servers list box. Selecting
this option will display the native Select Computers dialog allowing you to specify the
computer to which an agent is to be deployed.
Remove
Use the Remove button to remove the selected computer or computer list from the list box.
If an agent has already been deployed, this command will also remove the agent from the
selected machine(s). Select the computer or computer list to be removed and select the
Remove button.
NOTE: If an agent is removed before it completes any assigned jobs, the agent
coordinator will reassign these unfinished jobs to another agent in the
agent group.
Comment
Optionally, enter a description or comment regarding the agent(s) being deployed.
NOTE: This account must have access to the database and the rights to perform
whatever tasks the agent is going to be asked to do. For example, if the agent
is to delegate Active Directory permissions, this account must have the rights to
modify permissions over the appropriate Active Directory objects.
Agents
NetControl 27
Add
Use the Add button to add agent groups to the list box. Selecting this button will display the
Select an Agent Group dialog allowing you to select one or more agent groups from a list
of previously defined agent groups or to create a new agent group.
Remove
After agent groups have been added and are displayed in the agent group list box, use the
Remove button to remove an agent group from the list box. If an agent is already assigned
to an agent group in the list, this command will also remove that agent from the selected
agent group. Select the agent group to be removed and select the Remove button.
Agents
28 NetControl
This dialog is also displayed when the Add | Computer List option is selected on the
Computers page of the New Collector dialog. When accessed from this dialog, select the
computer list(s) from which data is to be collected.
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize
computer lists. Click the node next to a container or double-click a container to expand the
folder structure to locate the computer list(s) to be used. Select a container to view the computer
lists created in the selected container.
Right-click the Computer List folder (or other user-defined folder) in the explorer view to
display the following commands:
New | Folder
Use the New | Folder command to create a new folder for organizing your computer lists.
Selecting this command will add a new folder under the currently selected container in the
explorer view.
Delete
Use the Delete command to remove a user-defined container from the explorer view and
any child containers or objects created in the selected container. This command is only
available for user-defined containers.
Agents
NetControl 29
Rename
Use the Rename command to change the name of the selected container. This command
is only available for user-defined containers.
Permissions
Use the Permissions command to display the delegated permissions for the selected
container. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Refresh
Use the Refresh command to retrieve and display the latest information on the dialog.
Object List
The object list, in the right pane, is populated based on the folder selected in the explorer view.
From this list box, select the computer list(s) to which an agent is to be deployed.
Right-click a computer list in the object list to display the following commands:
Delete
Use the Delete command to remove the computer list from the object list.
Properties
Use the Properties command to display the properties set for the selected computer list.
Selecting this command will display the Properties dialog allowing you to view or modify the
computers included in the selected computer list.
NOTE: This dialog contains the same tabbed pages as the New Computer List dialog. See
‘Computer Lists Pane’ on page 40 for a description of this dialog.
Agents
30 NetControl
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize agent
groups. Click the node for a container or double-click a container to expand the folder structure
to locate the agent group(s) to be included. Select a container to display the agent groups
created in the selected container.
Right-click the Agent Groups folder (or other user-defined folder) in the explorer view to
display the following commands:
New | Folder
Use the New | Folder command to create a new folder. Selecting this command will add a
new folder under the currently selected container in the explorer view.
Delete
Use the Delete command to remove a user-defined container from the explorer view and
any child containers or objects created in the selected container.
Rename
Use the Rename command to change the name of the selected container. This command
is only available for user-defined containers.
Permissions
Use the Permissions command to display the delegated permissions for the selected
container. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Refresh
Use the Refresh command to retrieve and display the latest information on the dialog.
Agents
NetControl 31
Object List
The object list, in the right pane, is populated based on the folder selected in the explorer view.
From this list box, select the agent group(s) to be added to the agent group list box back on the
originating dialog. That is, the newly deployed agent will be assigned to this agent group.
Right-click an agent group in the object list to display the following commands:
Move to
Use the Move to command to move the selected object to a different folder. Selecting this
command will display the Select a Folder dialog allowing you to select the folder to which
the object is to be moved.
Delete
Use the Delete command to remove the agent group from the object list.
Permissions
Use the Permissions command to display the delegated permissions for the selected
object. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the properties set for the selected agent group.
Selecting this command will display the Properties dialog allowing you to view or modify the
agents included in the selected agent group.
NOTE: This dialog contains the same tabbed pages as the New Agent Group dialog. See
‘Creating Agent Groups’ on page 33 for a description of this dialog.
Agents
NetControl 33
Using the Resources pane in the NetControl console, you can create and maintain agent
groups. An agent group is a collection of one or more servers running the NetControl Agent
Service. Workload for an agent group is distributed across all agents in the processing group
thus allowing for process load balancing.
The NetControl application provides no restrictions for grouping. Agents can be grouped based
on geographical location, applications, or resource security level. Most often, geography and
security level determine how agents are grouped. This ensures that processing does not occur
across the WAN and that agents will be provided the proper level of security to the underlying
data.
One agent in an agent group will assume the role of the coordinator. The coordinator will check
and verify that each agent in the agent group is updating within the allowed update notification
interval. In the event of agent failure, the coordinator will redistribute the unfinished workload of
the failed agent to the remaining agents in the agent group. Fault tolerance is built in at the
agent and coordinator level—if the coordinator fails, another agent in the agent group will
assume that role.
Refer to the documentation for each deployed NetPro application to determine if it uses agent
groups to organize agents.
Agent Groups
34 NetControl
Explorer View
The explorer view displays a hierarchy of folders created to organize your agent groups.
• Name – the name assigned to the agent group when it was created
• Comment – the comment or descriptive text entered when the agent group was
created
Right-click an object in the agent groups list to perform tasks related to the selected object.
Move to
Use the Move to command to move the selected agent group to a different folder in the
explorer view. Selecting this command will display the Select a Folder dialog allowing
you to select the folder to which the agent group is to be moved.
Delete
Use the Delete command to remove the agent group from the agent groups list.
Agent Groups
NetControl 35
Permissions
Use the Permissions command to display the delegated permissions for the selected
agent group. Selecting this command will display the Permissions dialog allowing you
to view, add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the properties set for the selected agent
group. Selecting this command will display the Properties dialog allowing you to view
or modify the security permissions applied to the selected agent group.
Details View
The details view displays information about the resource components (for example,
collectors, schedules, etc.) that are associated with the agent group selected in the object
list. The following information is displayed:
• Name – the name of the resource component linked to the selected agent group
• Comment – the comment or descriptive text entered when the resource
component was created
• Type – the type of resource component linked to the selected agent group
Right-click in the agent groups list pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the agent groups list/
details view pane:
View
Expand the View command and select one of the following options to change how the
objects in the object list are displayed:
• Tiles
• Icons
• List
• Details (default)
Arrange By
Expand the Arrange By command and select the appropriate option to change the sort
order for the displayed objects. The sort options available are based on the container
selected in the explorer view. More specifically, the options will match the column headings
in the agent groups list.
Agent Groups
36 NetControl
Refresh
Use the Refresh command to retrieve and display the latest information.
Creating an 'empty' agent group allows you to assign deployed agents to this group at a
later time. For example, by creating an ‘empty’ agent group before deploying agents, you
can assign agents to this group as part of the deployment process.
Agent Groups
NetControl 37
1. Open the Resources pane and select Agent Groups from the explorer view.
2. Expand the folder structure in the explorer view and locate the agent group to which
agents are to be added or removed.
3. In the object list, right-click the agent group and select Properties.
4. This will display the Properties dialog for that agent group. Use the Agents page of this
dialog to add (or remove) an agent to the selected agent group.
• General – use the General page to enter a name and description for the new agent
group.
• Agents – use the Agents page to specify the agents to be included in the agent group.
General Page
From the General page, specify the general information for the agent group. The information
entered on this page will be displayed in the Resources object list when Agent Groups is
selected in the explorer view.
Name
Enter a descriptive name for the new agent group.
Agent Groups
38 NetControl
Comment
Optionally, enter a description or comment for the new agent group.
Example: Agents in this agent group have been granted privileged access only to set
permissions on all file servers in the Mid-Town Data Center location for New York City.
(Note a separate agent group has been defined for the Financial Center.)
Agents Page
From the Agents page, specify the servers to which a NetControl Agent has been deployed that
are to be included in the agent group.
Add
Use the Add button to add an agent to the agent group. Selecting this button will display
the Select an Agent dialog allowing you to select the agent(s) to be included.
Remove
After agents have been added and are displayed in the Agent list box, use the Remove
button to remove an agent from the list box (and the agent group). Select the agent to be
removed and select the Remove button.
Agent Groups
NetControl 39
Explorer View
The explorer view, in the left pane, displays a hierarchy of the folders created to organize
deployed NetControl Agents. Click the node next to the container or double-click a container to
expand the folder structure to locate the agent(s) to be included. Select a container to display
the agents deployed under the selected container.
Right-click the Agents folder (or subfolder) in the explorer view to display the following
commands:
New | Agent
Use the New | Agent command to deploy a NetControl Agent to a specified server.
Selecting this command will display the New Agent Deployment dialog allowing you to
select the server(s) to which an agent is to be deployed.
Refer to ‘New Agent Deployment Dialog’ on page 25 for a description of the New Agent
Deployment dialog.
New | Folder
Use the New | Folder command to create a new folder to organize the deployed agents.
Selecting this command will add a new folder under the currently selected container in the
explorer view.
Delete
Use the Delete command to remove a user-defined container from the explorer view and
any child containers or objects created in the selected container. This command is only
available for user-defined containers.
Rename
Use the Rename command to change the name of the selected user-defined container.
This command is only available for user-defined containers.
Agent Groups
40 NetControl
Permissions
Use the Permissions command to display the delegated permissions for the selected
container. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Refresh
Use the Refresh command to retrieve and display the latest information on the dialog.
Object List
The object list, in the right pane, is populated based on the folder selected in the explorer view.
From this list box, select the agent(s) to be included in the agent group.
Start
Use the Start command to start the agent service.
Stop
Use the Stop command to stop the agent service.
Move to
Use the Move to command to move the selected object to a different folder. Selecting this
command will display the Select a Folder dialog allowing you to select the folder to which
the object is to be moved.
Remove
Use the Remove command to remove the agent service from the selected sever.
Permissions
Use the Permissions command to display the delegated permissions for the selected
object. Selecting this command will display the Permissions dialog allowing you to view,
add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to view the properties defined for the selected agent.
Selecting this command will display the Properties dialog for the agent allowing you to
modify the server credentials as well as the agent group(s) to which this agent is currently
assigned.
NOTE: This dialog contains the same tabbed pages as the New Agent Deployment dialog
with the exception of the Change Service credentials check box. See ‘New Agent
Deployment Dialog’ on page 23 for a description of the information provided in this
dialog.
Agent Groups
NetControl 41
Using the Resources pane in the NetControl console, you can create and maintain computer
lists. A computer list is a way to group physical computer resources based on explicit or
dynamically generated content.
When using the LDAP query or Script options, the computer list will be regenerated each time
the computer list is used. The benefit of using dynamically generated computer lists, is that
when new servers come online matching the criteria defined, they are automatically added to
the computer list. This eliminates the need to manually add new servers each time.
Refer to the documentation for each deployed NetPro application to determine if it can use
computer lists.
Computer Lists
42 NetControl
Explorer View
The explorer view displays a hierarchy of folders created to organize your computer lists.
• Name – the name assigned to the computer list when it was created
• Comment – the comment or descriptive text entered when the computer list was
created
Right-click an object in the computer list view to perform tasks related to the selected
object.
Move to
Use the Move to command to move the selected computer list to a different folder in
the explorer view. Selecting this command will display the Select a Folder dialog
allowing you to select the folder to which the computer list is to be moved.
Computer Lists
NetControl 43
Delete
Use the Delete command to remove the selected computer list from the computer lists
view.
Permissions
Use the Permissions command to display the delegated permissions for the selected
computer list. Selecting this command will display the Permissions dialog allowing you
to view, add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the properties set for the selected computer
list. Selecting this command will display the Properties dialog allowing you to view or
modify the security permissions applied to the selected computer list.
Details View
The details view displays information about the resource component to which the computer
list selected in the computer list view is linked. The following information is displayed:
• Linked To – the name of the resource component associated with the selected
computer list
• Comment – the comment or descriptive text entered when the linked resource
component was created
• Type – the type of resource component linked to the selected computer list
Right-click in the computer lists pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the computer list/
details view pane:
View
Expand the View command and select one of the following options to change how the
objects in the computer list view are displayed:
• Tiles
• Icons
• List
• Details (default)
Arrange By
Expand the Arrange By command and select the appropriate option to change the sort
order for the displayed objects. The sort options available are based on the container
selected in the explorer view. More specifically, the options will match the column headings
in the computer lists view.
Computer Lists
44 NetControl
Refresh
Use the Refresh command to retrieve and display the latest information.
1. Select Resources from the navigation pane to open the Resources pane.
2. Select Computer Lists from the explorer view.
3. Select the New | Computer List tool bar button or right-click menu command. This will
display the New Computer List dialog where you can name and build the computer list.
4. On the General page, enter a descriptive name and an optional comment to describe
the computer list.
5. Proceed to the Computers page, and in the Type box select Computers.
6. Select the Add button to display the native Select Computers dialog. From this dialog,
select the computers to be included in this computer list.
7. After entering a name and specifying the computers to be included in the list, use the
OK button to close the dialog and save the computer list.
8. The newly created computer list will be displayed in the object list when Computer Lists
is selected in the explorer view.
1. Select Resources from the navigation pane to open the Resources pane.
2. Select Computer Lists from the explorer view.
3. Select the New | Computer List tool bar button or right-click menu command. This will
display the New Computer List dialog where you can name and build the computer list.
4. On the General page, enter a descriptive name and an optional comment to describe
the computer list.
5. Proceed to the Computers page, and in the Type box select LDAP query and fill in the
requested information:
• Container – optionally enter or use the browse button to select the container to
be searched.
• Scope – select the scope (entire subtree or immediate children only).
Computer Lists
NetControl 45
6. Use the Generate button to build the LDAP query. Selecting this button will display the
native Find Computers dialog allowing you to specify the criteria to be used in the query.
After entering the criteria to be included in the LDAP query, select the OK button. The
LDAP query will be displayed in the text box back on the New Computer List dialog.
For example, to query Active Directory for all domain controllers with names ending with
DC001, enter the following information to create the LDAP query:
1. Select Resources from the navigation pane to open the Resources pane.
2. Select Computer Lists from the explorer view.
3. Select the New | Computer List tool bar button or right-click menu command. This will
display the New Computer List dialog where you can name and build the computer list.
4. On the General page, enter a descriptive name and an optional comment to describe
the computer list.
5. Proceed to the Computers page, and in the Type box select Script.
6. In the Language box, select the type of script to be created: VBScript (default) or
JScript.
7. In the text box, enter the script to be executed.
For example, to query all workstations or servers running Windows 2003 R2 with names
ending in MEM01 and DC01, you could enter the following VB script:
Function GetComputerList()
Dim Results()
i = 0
Set rootDSE = GetObject(“LDAP://RootDSE”)
defaultNC = rootDSE.Get(“defaultNamingContext”)
Computer Lists
46 NetControl
sFilter = “(&(sAMAccountType=805306369)(objectCategory=computer)(oper-
atingSystemVersion=5.2 \283790\29)(|(cn=*MEM01)(cn=*DC01)))”
sAttrib = “cn”
sQuery = sContainer & “;” & sFilter & “;” & sAttrib & “;subtree”
oCommand.CommandText = sQuery
Set oRecordSet = oCommand.Execute
Do until oRecordSet.EOF
i = i + 1
ReDIM PRESERVE Results(i)
Results(i) = oRecordSet.Fields(“cn”).value
oRecordSet.MoveNext
Loop
oConnect.Close
GetComputerList = Results
End Function
8. Optionally use the Test button to run the script to generate the computer list. A results
dialog will be displayed listing the computers that currently match the criteria specified.
9. After entering a name and the script to be used to build the computer list, use the OK
button to close the dialog and save the computer list.
10.The newly created computer list will be displayed in the object list when Computer Lists
is selected in the explorer view.
From this dialog you will define computer lists which can then be used to deploy agents or
assigned to jobs that need to be performed. This dialog consists of two tabbed pages:
• General – use the General page to enter a name and description for the computer list.
• Computers – use the Computer page to define the computers to be included in the new
computer list.
Computer Lists
NetControl 47
General Page
From the General page, specify the general information for the computer list. The information
entered on this page will be displayed in the Resources object list when Computer Lists is
selected in the explorer view.
Name
Enter a descriptive name for the new computer list.
Comment
Optionally, enter a description or comment for the new computer list.
Computers Page
From the Computers page, specify the type of list to be created and enter the required
information to build the list.
Type
Use the drop-down menu to select the type of computer list to be built:
• Computers – Select this option to generate a static list consisting of an explicit list
of computers.
• LDAP Query – Select this option to dynamically generate a list of computers based
on the criteria defined by an LDAP query.
• Script – Select this option to dynamically generate a list of computers base on the
criteria defined in a script.
The options on the dialog box will change depending on the type selected.
Computer Lists
48 NetControl
Computers
The following options are displayed when the Computers option is selected:
Add
Use the Add button to add a computer to the computer list. Selecting this button will
display the native Select Computers dialog allowing you to select the machine(s) to be
included.
Remove
After computers have been added and are displayed in the Computers list box, use the
Remove button to remove a computer from the list box (and from the computer list).
Select the computer to be removed and select the Remove button.
LDAP Query
The following options are displayed when the LDAP Query option is selected:
Container
Optionally, use the browse button to locate a container to be searched.
Computer Lists
NetControl 49
Scope
By default, the entire subtree will be searched, however, you can use the drop-down
menu to search the immediate child only.
Filter
This text box will be populated after the LDAP query is created using the Generate
button. After generating the query, this text box will display the LDAP query created
based on the information specified in the Find Computers dialog.
Generate
Use the Generate button to specify the criteria to be used in the LDAP query. Selecting
this button will display the native Find Computers dialog allowing you to specify the
criteria to be used.
Test
Optionally, use the Test button to search Active Directory using the query generated.
A results dialog will be displayed listing the computers that currently match the criteria
specified in the LDAP query.
Script
The following options are displayed when the Script option is selected.
Language
Select the language to be used to create the script. By default, VBScript is selected;
use the drop-down menu to change the language of the script to JScript if desired.
Test
Optionally, use the Test button to search Active Directory using the script entered. A
results dialog will then be displayed listing the computers that currently match the
criteria specified in the script.
Computer Lists
NetControl 51
Chapter 7: Schedules
Using the Resources pane in the NetControl console, you can create and maintain schedules.
In NetControl, jobs are designed to run based on a user-specified interval. Often times,
administrators want many operations to occur at the same time (for example, every night at
midnight). Schedules allow you to express the preferred time(s) for operations to occur. Then
you can link the appropriate jobs to the defined schedule. That is, all operations that occur at
midnight can be defined by a single management point.
Schedules also provide the flexibility to disable scheduled tasks in the event of a required
maintenance window. Additionally, if all jobs that occur at midnight need to move to 1:00 AM,
due to a time change, the schedule can be adjusted once and all linked jobs will be updated.
Refer to the documentation for each individual NetPro application to determine if your
application can use the scheduling feature.
• Schedules Pane
• Defining Schedules
Schedules
52 NetControl
Schedules Pane
The Schedules pane is displayed when Resources is selected in the navigation pane and
Schedules is selected in the explorer view of the Resources pane. From this pane you can
define schedules and see to which components/jobs it is linked.
Explorer View
The explorer view displays a hierarchy of folders created to organize your schedules.
Schedules List
The schedules list displays a list of schedules created under the container selected in the
explorer view. The following information is displayed for each schedule:
Move to
Use the Move to command to move the selected object to a different folder in the
explorer view. Selecting this command will display the Select a Folder dialog allowing
you to select the folder to which the object is to be moved.
Delete
Use the Delete command to remove the selected schedule from the schedules list.
Schedules
NetControl 53
Enabled
Use the Enabled command to enable and disable the selected schedule. A check mark
to the left of the Enabled command means the schedule is enabled.
Permissions
Use the Permissions command to display the delegated permissions for the selected
schedule. Selecting this command will display the Permissions dialog allowing you to
view, add or remove permissions.
For more details on implementing application security and the Permissions dialog, see
Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the properties set for the selected schedule.
Selecting this command will display the Properties dialog allowing you to view or modify
the security permissions applied to the selected schedule.
Details View
The details view displays information about the resource component (for example,
collector, agent, schedule) to which the schedule selected in the object is linked. The
following information is displayed:
• Linked To – the name of the resource component associated with the selected
schedule
• Comment – the comment or descriptive text entered when the linked resource
component was created
• Type – the type of resource component linked to the selected schedule
Right-click in the schedules list pane (not an object in the list) or details view pane to display
the following commands allowing you to change the content displayed in the schedules list/
details view pane:
New | Schedule
Use the New | Schedule command to create a new schedule.
View
Expand the View command and select one of the following options to change how the
objects are displayed:
• Tiles
• Icons
• List
• Details (default)
Arrange By
Expand the Arrange By command and select the appropriate option to change the sort
order for the displayed objects. The sort options available are based on the container
selected in the explorer view. More specifically, the options will match the column headings
in the schedules list.
Schedules
54 NetControl
Refresh
Use the Refresh command to retrieve and display the latest information.
Defining Schedules
Using the Resources pane, you can create schedules that define the desired time(s) for
operations to occur. These schedules can then be linked to the appropriate jobs. This resource
eliminates the need to define a schedule each time a job is to be executed.
1. Select Resources from the navigation pane to open the Resources pane.
2. Select Schedules from the explorer view.
3. Select the New | Schedule tool bar button or right-click menu command. This will
display the New Schedule dialog where you can name and define the details of the
schedule.
4. On the General page, enter a descriptive name and an optional comment to describe
the schedule.
5. On the Details page, use the following controls to define the details of the schedule:
• Type: Select Daily, Weekly or Monthly
• Occurs: Select Once at <time> or Every <nn> hours starting at <time>
• On: Select the day or day of the month
6. After entering a name and the details of the schedule, use the OK button to close the
dialog and create the schedule. The newly created schedule will be displayed in the
Resources object list when Schedules is selected in the explorer view.
• General – use the General page to enter a name and description for the new schedule.
• Details – use the Details page to define the time interval for the schedule.
Schedules
NetControl 55
General Page
From the General page, specify the general information for the schedule. The information
entered on this page will be displayed in the Resources object list when Schedules is
selected in the explorer view.
Name
Enter a descriptive name for the new schedule.
Comment
Optionally, enter a description or comment for the new schedule.
Details Page
From the Details page, specify the details for this schedule.
Type
Use the drop-down menu to select one of the following schedules:
• Daily (default)
• Weekly
• Monthly
Schedules
56 NetControl
Occurs
Select one of the following options to define when the schedule is to occur:
• Once at <time>
• Every <nn> hour(s) starting at <time>
On
When the Weekly schedule is selected, select the check boxes for the days of the week to
be included in this schedule.
When the Monthly schedule is selected, select one of the following options:
Schedule is disabled
Select this check box to disable the current schedule. When this check box is selected, the
jobs linked to the disabled schedule will not run until this check box is cleared (not
checked).
Schedules
NetControl 57
Chapter 8: Collectors
Using the collectors in the NetControl console, organizations can set up collections to gather
data. NetPro data collectors leverage the agents and schedules defined by the NetControl
platform to collect data, which is returned to the requesting application’s database for
processing.
The Collectors tab is available in the navigation pane when NetControl is installed. However,
there must be a NetPro application deployed that uses the collectors before data collections
can be configured.
• Collectors Pane
• Defining a Collector
Please refer to the documentation for each deployed application for more specific information
on the collectors used by each individual application.
Collectors
58 NetControl
Collectors Pane
The Collectors pane is displayed when Collectors is selected in the navigation pane. From this
pane, you can define data collections and see to which components each collector is linked.
The following screen shot is from the LogADmin application.
Explorer View
The explorer view displays a hierarchy of folders created to organize your data collections.
The types of data collections available are based on the licensed NetPro application(s)
deployed.
Object List
The object list displays a list of data collections for the container selected in the explorer
view. The following information is displayed for each collection:
Details Pane
The details view displays information about when the data collection process was run. The
following information is displayed when a data collection is selected in the object list:
• Run Date – the date when the data collection process was run
• Elapsed Time – the amount of time it took to complete the data collection process
• Status – the current status of the data collection process
Collectors
NetControl 59
Defining a Collector
The following steps are general instructions for defining collectors. Since each deployed
product collects a different set of data, please refer to the documentation for each deployed
application for complete instructions on setting up data collections for that application.
The New Collector dialog, consists of the following pages where NetControl components are
configured for the purpose of collecting data:
• General - use this page to enter a name and description for the data collector
• Schedule – use this page to schedule the data collection process
• Agent Groups – use this page to select the agent group that contains the server(s) that
are to collect the data
There are additional pages that must be configured. However, they are application specific and
depend on the NetPro application deployed.
Collectors
60 NetControl
General Page
From the General page, specify general information about the data collection.
Name
Enter a descriptive name for the new collection.
Comment
Optionally, enter a description or comment for the new collection.
Schedule Page
Use the Schedule page to link a schedule to the data collection to define when the data is to be
collected. A schedule must be set otherwise data is not collected.
Schedule
Use the browse button to display the Select a Schedule dialog allowing you to select
from a list of previously defined schedules or create a new schedule.
For a description of the Select a Schedule dialog, see ‘Defining Schedules’ on page 49.
Clear
Use the Clear link to clear the contents of the Schedule box.
Collectors
NetControl 61
Edit
If there is a schedule displayed in the box, use the Edit link to open the properties page for
the schedule to change the details for the schedule.
NOTE: You must select an agent group. A message is displayed if there is no agent group
selected.
Add
Use the Add button to add agent groups to the list box. Selecting this button will display the
Select an Agent Group dialog allowing you to select the agent group(s) to be used to collect
the data.
For a description of the Select an Agent Group dialog, see ‘Creating Agent Groups’ on
page 33.
Remove
After agent groups have been added and are displayed in the Agent Groups list box, use
the Remove button to remove an agent group from the list box. Select the agent group to
be removed and select the Remove button.
Collectors
NetControl 63
NetControl automatically deploys the Active Directory Management Console (ADMC) and
activates an Active Directory Users and Computers (ADUC) Extension. The ADMC allows you
to modify Active Directory objects similar to using ADUC. In addition, using the ADMC you can
define provisioning rules or assign workflow to objects. Then when you initiate an Active
Directory modification using either ADMC or ADUC, it will trigger the workflow or rules as
previously defined.
For more information about using the Active Directory Management Console, please go to http:/
/www.turbochargedad.com/.
Warning
NetControl 3.x also installs an ADUC extension which allows you to use
the workflow and provisioning rules defined through the ADMC. If you
select Cancel on the NetControl Connection dialog instead of
connecting to the NetControl Console, ADUC will launch in a read-only
mode and you will not be able to modify Active Directory objects.
When using the ADMC, please keep the following considerations in mind:
NOTE: ADMC uses native permissions, therefore if you do not have the proper rights to
modify Active Directory objects, these functions will also be disabled through the
ADMC.
NOTE: Some ADUC right-click menu commands (such as copy and cut) are not available
through the ADMC. We recommend using ADUC to perform these actions.
NOTE: Not all MMC snap-ins (e.g., NetPro’s RestoreADmin or GPMC) will be available
through the ADMC.
Please refer to Chapter 10: Workflow on page 89 for a full description of the Workflow Editor
and the Workflow pane from which you can view the workflow queue, and if assigned the proper
roles, review and/or approve workflow items.
Explorer View
The ADMC explorer view contains the following default nodes, which are empty upon initial
deployment:
• Custom Views - This node contains user-defined containers that allow you to
group objects across the forest in order to provide a central management point.
Use the New | Custom View right-click command to create custom views.
• Connections - This node contains connection points to a domain, the
Configuration container or the Schema container. Use the New | Connection right-
click command to populate this node.
Right-clicking the Custom Views node in the explorer view of the ADMC will display the
following commands:
Refresh
Use the Refresh command to retrieve and display that latest information.
Right-clicking a user-defined view under the Custom Views node in the explorer view of the
ADMC will display the following commands:
Delete
Use the Delete command to remove the selected view from the ADMC explorer view.
Refresh
Use the Refresh command to retrieve and display the latest information.
Permissions
Use the Permissions command to display the Permissions dialog to view and/or
modify the permissions to be delegated to the selected view.
For more information on implementing application security and the Permissions dialog,
see Chapter 3: Application Security on page 15.
Properties
Use the Properties command to display the Properties dialog to modify the objects
and/or visibility settings for the selected user-defined view.
Right-clicking the Connections node in the explorer view of the ADMC will display the
following commands:
New | Connection
Use the New | Connection command to establish a new connection. Selecting this
command will display the Connection dialog allowing you to specify the connection
point.
Permissions
Use the Permissions command to display the Connection Permissions dialog to view
and/or modify the permissions to be delegated to the connections nodes.
For more information on implementing application security and the Permissions dialog,
see Chapter 3: Application Security on page 15.
Refresh
Use the Refresh command to retrieve and display the latest information.
Right-clicking a container under the Connections node will display the following commands:
New
Expand the New command to add a new object to the selected Active Directory
container.
Rename
Use the Rename command to rename the selected Active Directory container.
Remove
Use the Remove command to remove the selected Active Directory container.
NOTE: When both workflow and rules are applied to the same object, workflow will be
applied but the rule will not be triggered.
Properties
Use the Properties command to display the native Properties dialog for the selected
container.
Account List
The account list, in the right-hand pane, displays the accounts that belong to the Active
Directory container selected in the explorer view. The following information is displayed:
• Name - the display name of the accounts that belong to the selected container in
the explorer view
• Class - the type of account (e.g., user, group, etc.)
• Description - a brief description of each account listed
Right-clicking an account in the right-hand pane will display the following ADMC command
in addition to the standard commands available through the Active Directory Users and
Computers snap-in:
NOTE: When both workflow and rules are applied to the same object, workflow will be
applied but the rule will not be triggered.
1. Select Active Directory from the navigation pane to open the ADMC pane.
2. Select the Custom Views node from the explorer view.
3. Select the New | Custom View right-click menu command. This will display the
Properties dialog where you can assign a name, define the contents and specify who
can access the new custom view.
4. On the General page, enter a descriptive name and an optional comment to describe
the custom view.
5. On the Contents page, use one of the following tabs to define the contents of the custom
view:
• Use the Objects tab to add objects directly to the custom view
• Use the Queries tab to define a query to populate the custom view
6. On the Advanced page, define who can see and/or enumerate the custom view.
7. After assigning a name, defining the contents of the custom view and who can access
the view, select the OK button to close the dialog and create the custom view.
8. Select F5 or use the Refresh tool bar button or right-click menu command to display the
newly created view under the Custom Views node in the explorer view.
9. When a user-defined view is then selected, the accounts added to this view will be
displayed in the Account list in the right-hand pane.
10.Similar to ADUC, you can right-click an account from the right-hand pane to manage
your Active Directory objects. The same commands available through ADUC are also
available in NetControl’s ADMC. In addition, using the ADMC, you can define
provisioning rules or workflow for an Active Directory object.
Properties Dialog
The Properties dialog is displayed when the New | Custom View right-click menu command is
used when Custom View is selected in the explorer view of the ADMC pane. From this dialog,
you will define a group of objects to provide a central management point. This dialog consists
of three tabbed pages:
• General - use the General page to assign a name and description to the new custom
view.
• Contents - use the Contents page to populate the contents of the custom view.
• Advanced - use the Advanced page to define who can use the custom view.
General Page
Use the General page to provide a name and description for the new custom view.
Name
Enter a descriptive name for the custom view.
Comment
Optionally, enter a description or comment for the new custom view.
Contents Page
Use the Contents page to populate the contents of the custom view. You can add objects
directly using the Objects tab or by defining a query using the Queries tab.
Objects tab
The list box on the Objects tab displays the objects that were added directly from the native
Select Users, Contacts, Computers, or Groups dialog.
Queries tab
The list box on the Queries tab displays the objects added using the query defined on the
Find Users, Contacts and Users dialog.
Add
Use the Add button to add objects to the custom view. From the Objects tab, selecting this
button will display the native Select Users, Contacts, Computers, or Groups dialog allowing
you to add objects directly to the custom view. From the Queries tab, selecting this button
will display the native Find Users, Contacts and Users dialog to define a query to be used
to populate the custom view.
Edit
Use the Edit button to edit the selected query. The Edit button is only available from the
Queries tab.
Remove
Use the Remove button to remove the selected object from the custom view.
Advanced Page
Use the Advanced page to define who can view/enumerate the custom view.
Add
When the second option is selected, use the Add button to add the accounts that are
to have access to the custom view. Selecting this button will display the native Select
Users or Groups dialog to select the accounts.
Remove
Use the Remove button to remove the selected account(s) from the list if you no longer
want them to have access to the custom view.
Establishing a Connection
The Connections node in the ADMC explorer view allows you to establish a connection to a
domain, the Configuration container or the Schema container. Once connected, you can
administer Active Directory objects similar to using the Active Directory Users and Computers
MMC snap-in.
To establish a connection:
1. Select Active Directory from the navigation pane to open the ADMC pane.
2. Select the Connections node from the explorer view, right-click and select the New |
Connection command. Selecting this command will display the Connection dialog
allowing you to define the connection point.
3. On the Connection dialog, select one of the following options and enter the requested
information:
• Select a well-known naming context (domain, Configuration or Schema)
• Enter a distinguished name
4. Optionally, select the option to enter a name and description for this connection. If you
do not select this option, the name and description will be retrieved from the connection
point.
5. After defining the connection point, select OK to create the connection which will
populate the explorer view with a hierarchical tree view of the selected naming context.
6. When a container is then selected in the explorer view, the accounts in the selected
container will be displayed in the Account list in the right-hand pane.
7. Similar to ADUC, you can right-click a container in the explorer view or an account from
the Account list to manage your Active Directory objects. The same commands
available through ADUC are also available in NetControl’s ADMC. In addition, using the
ADMC, you can define provisioning rules or workflow around an Active Directory object.
Connection Dialog
The Connection dialog is displayed when the New | Connection right-click menu command is
used when the Connections node is selected in the explorer view of the ADMC pane. From
this dialog, you will define the connection point to be used (e.g., a domain, Configuration
container or Schema container).
• Domain (default)
• Configuration
• Schema
Path
This is a read-only field that displays the path of the distinguished name entered above.
Name
Enter a descriptive name for this connection.
Description
Enter a description for this connection.
NOTE: Modifying multiple properties of an object in a single operation may trigger multiple
rules. Microsoft submits changes on a property page basis; therefore, each page
being modified will create a new rule.
NOTE: When both workflow and rules are applied to the same object, workflow will be applied
but the rule will not be triggered.
When you select an option from the top pane, a corresponding entry is added to the
bottom pane. Select the hyperlink in the entry to add the details required.
As you add actions to the rule, you will see the details of these actions displayed at the
bottom of the Rules Wizard page.
NOTE: The actions will be performed in the order they are listed in the bottom pane.
There is currently no method for modifying the order, so be sure to select the
actions in the desired order.
Select the Next button to continue.
11.On the final page of the Rules Wizard, enter a name for the rule and enable or disable
the rule.
12.Once the rule is created, it will be enforced for every operation to which it applies when
that operation is performed through the NetControl ADMC pane.
Rules Wizard
The Rules Wizard is launched when the Add button on the Rules page of the Configuration
dialog is selected. From this wizard you can define provisioning rules for the selected container
or object. The Rules Wizard contains the following pages:
1. From the top pane on this page, double-click to select from the following conditions:
• Where property equals value
• Where property does not equal value
• Where property matches value (This is used for Regular Expression Matching -
See ‘Regular Expression Matching’ on page 82 for sample string and screen shot.)
• Where property does not match value (This is used for Regular Expression
Matching - See ‘Regular Expression Matching’ on page 82 for sample string and
screen shot.)
• Where property is empty
2. When you double-click a condition from the top pane, a corresponding ‘where’ entry is
added to the bottom pane. You can specify multiple conditions and as you select
(double-click) a condition in the top pane, a new entry will be added to the bottom pane
with an AND operator, indicating that all of the conditions listed must be met before the
rule will be triggered. To remove an entry from the bottom pane, right-click and select
the Remove command.
3. Select the entry to display the Properties and Values dialog. On this dialog, select the
properties hyperlink to display the Properties dialog allowing you to select a single
property. Then select the value hyperlink to display the Value Editor and enter the
value(s) to be used in the filter. See ‘Value Editor’ on page 81 for more information on
using the Value Editor.
4. After adding the conditions for the rule, select the Next button to continue.
• When the rule is processed. By default, rules are processed after the action is
committed. There is an option that can be selected that will trigger the rule prior to
committing the action, rather than after.
NOTE: For a ‘delete’ operation, both the ‘This rule is applied before the operation is
committed’ and the ‘Stop the operation from being committed’ options MUST be
selected (checked).
• Performing specific actions. Setting attributes to values; sending an email; moving an
object; or running a script are all designed to help invoke changes.
• Preventing the action that triggered the rule from being committed. This has to be used
with the option ‘this rule is applied before the operation is committed’.
NOTE: For a ‘delete’ operation, both the ‘This rule is applied before the operation is
committed’ and the ‘Stop the operation from being committed’ options MUST be
selected (checked).
• Stop processing rules. If multiple rules are linked this would be used to prevent other
rules from firing. Thus, if the rule is going to move a user to another location, one may
want to prevent the other rules from firing in the chain.
1. From the top pane, select (check) one ore more of the following options:
• This rule is applied before the operation is committed
• Set property to value
• Send an email to recipients
• Move the object to location
• Run a script
• Stop the operation from being committed
• Stop processing rules
2. When you select an option from the top pane, a corresponding entry is added to the
bottom pane. Selecting (checking) multiple actions will add these actions to the bottom
pane with an AND operator, indicating that all of the listed actions are to be performed.
To remove an action from the list, deselect (uncheck) the action from the top pane.
NOTE: The actions will be performed in the order they are listed in the bottom pane.
There is no way to reorder the actions listed at this time; therefore, you will need
to select the appropriate options from the top pane in the desired order.
3. Select the hyperlink in the entry to display an additional dialog allowing you to add the
details required. The following table explains what dialogs are displayed for each of the
options that creates an entry with a hyperlink.
If you select:
Set property to value Select this entry to display the Properties and Values dialog where you
can add one or more properties and set the property value. See
‘Properties and Values Dialog’ on page 80.
Send an email to recipients Select the recipients hyperlink to display a dialog where you can enter
one or more email addresses.
Move the object to location Select the location hyperlink to display the Location dialog allowing
you to locate and select the location to which the object is to be moved.
Run a script Select the script hyperlink to launch the Script Editor dialog where you
can enter a VBScript to be executed. Please refer to ‘Using the
Script Editor’ on page 83 for more details on using the scripting
function.
4. As you add actions to the rule, you will see the details of these actions displayed at the
bottom of the Rules Wizard page. Select the Next button to continue.
1. Select the property hyperlink to display the Properties dialog where you can select a
single property.
2. After selecting a property from the Properties dialog, select OK to close the dialog and
return to the Properties and Values dialog.
3. Back on the Properties and Values dialog, select the value hyperlink to launch the Value
Editor.
4. Enter an explicit or literal value for the selected property:
• Explicit values are enclosed in square brackets [ ].
• Literal values are not enclosed in brackets
See Value Editor on page 81 for more information on using the Value Editor.
5. After entering a value, select OK to close the dialog and return to the Properties and
Values dialog.
6. Back on the Properties and Values dialog, you will see the details for your property/
value entry.
7. Use the Add button to add additional property/value entries and repeat steps 1 through
5 for each of these entries.
8. Once you have defined all the properties and their values, select the OK button to close
the dialog and return to the Rules Wizard.
Value Editor
The Value Editor is launched whenever a value hyperlink is selected from the Properties and
Values dialog. Using this dialog you can enter an explicit or literal value for the selected
property.
Value
Enter either an explicit or literal value for the selected property. Explicit values are enclosed
in square brackets [ ]; whereas, values outside of the brackets are taken as literal values.
Thus [object.first], [object.given] would result in a display match like: Smith, John.
Special Variables
Object means the object that was being handled to invoke the rule. It can also be viewed as
‘me’. The ‘Parent’ object can also be used and chained to move up a tree. Parent is the
container where the object that invoked the rule resides. For example, if a user’s OU path is as
follows: OU=New York,OU=United States,OU=North America,DC=NetPro,DC=COM
then:
Using the Parent object is a great way to populate the location and address information once
on the OU, then have all objects in that container be set to the same values as the parent. See
screen shot below.
To map the address of a organizational unit to a user, the following would be set in the client UI:
[Parent.I] City I
For example, the regular expression below is used to specify the pattern that is expected for
the phone number attribute:
\(\d{3}\)\d{3}-\d{4}
This string indicates that the condition is looking for a phone number in the following format:
(xxx) xxx-xxxx. The screen shot below uses this regular expression in a rule which also
indicates that if a phone number is found that does not match the specified format, the rule is
to run a script to fix it.
NOTE: For more information on Regular Expression Matching, please refer to Microsoft’s web
site - http://msdn.microsoft.com/en-us/library/ms974570.
NOTE: When using Windows Server 2008, the vbscript.dll and the msscript.ocx must be
registered to use the scripting feature of ADMC/ADUC Extension. See Appendix C:
Active Directory Users and Computers (ADUC) Extension on page 127 for more
details.
1. Select the run a script option from the third page in the Rules Wizard.
2. Select the script hyperlink in the bottom pane to launch the script editor.
3. Replace all of the information in the script editor windows with the contents of the script
you want to execute.
NOTE: We do NOT recommend that you cut and paste scripts from a Word document
into the NetControl Script Editor. This is because special characters (e.g.,
quotation marks) do no convert cleanly during the cut and paste operation.
4. After entering your script, select OK to close the script editor and return to the Rules
Wizard.
End Function
Where:
sVerb
This is the type of action being performed (i.e., modify, create or delete).
bPreCommit
A boolean value (True/False) indicating whether the rule is executing pre- or post-
commit. By default, rules will be processed after the operations that invoked the rule,
unless this rule is applied before the operation is committed option is selected.
Thus the default value is false (meaning post-commit).
sBingString
This is the LDAP bind string to the server that is performing the operation. A sample
bind string would be:
LDAP://dcimprov.COMEDY.LOCAL/CN=Rod Simmons,OU=Phoenix,OU=NA,DC=NetPro,DC=LOCAL
NOTE: Server Name is only passed when an object is created or modified. Deletions do
not pass a server in the bind string.
sObjectData
This is the DataXML string about the object being modified.
sCallerSID
This represents the SID of the account that was managing the object.
This section describes how to set up a workflow for an ADMC operation. For more information
about the workflow approval process and roles, using the Workflow Editor, and the Workflow
Pane from which you can view and manage the workflow queue, please refer to Chapter 10:
Workflow on page 89.
Modify property on object Right-click a container under the Connections node in the explorer
view of the ADMC and select the Rules and Workflow command. On
the Configuration dialog, open the Workflow page and select the Add
button to launch the Workflow Editor.
Create object Right-click a container under the Connections node in the explorer
view of the ADMC and select the Rules and Workflow command. On
the Configuration dialog, open the Workflow page and select the Add
button to launch the Workflow Editor.
Delete object Right-click a container under the Connections node in the explorer
view of the ADMC or an object in the Account list (right-hand pane)
and select the Rules and Workflow command. On the Configuration
dialog, open the Workflow page and select the Add button to launch
the Workflow Editor.
Modify property Right-click an object in the Accounts list (right-hand pane) of the
ADMC and select the Rules and Workflow command. On the
Configuration dialog, open the Workflow page and select the Add
button to launch the Workflow Editor.
1. Log on to the NetControl console and select the Active Directory button in the
navigation pane.
2. From the ADMC, right-click an container under the Connections node in the explorer
view or an object from the right-hand pane and select the Rules and Workflow
command to display the Configuration dialog.
3. Select the Workflow button to open the Workflow page.
4. On the Workflow page, select the Add button to open the Workflow Editor.
5. On the General page, enter a name and description for the workflow item.
6. In the Actions section of the General page, select the check boxes for the operation that
must adhere to the workflow. The operations listed depend upon whether a container in
the explorer view or an object in the Accounts list is selected.
7. On the Request page, set the following options:
• select user or group accounts that can create a request
• optionally select the accounts that are to be excluded from the workflow process
• by default the request never expires - optionally, select lifetime properties for the
request if it is not completed in a specified time frame
• select commenting options
8. On the Review page, set the following options:
• select the user and/or group accounts that can review the request
• select parameters around the number of required reviewers and the minimum
number of reviewers that must approve the request
• select commenting options
• select the action to be taken when a request is denied. You can send an email
notification or close the request.
• select email settings specifying who to notify about the status of the request
review
9. On the Approve page, select the following options:
• select the users and/or group accounts that can approve the request
• select parameters around the number of required approvers and the minimum
number of approvers that must approve the request
• select commenting options
• select the action to be taken when a request is denied. You can send an email
notification or close the request.
• select email settings specifying who to notify about the status of the request
approval
10.On the Commit page, select the following options:
• specify if you want to commit the request immediately or on a schedule
• select if you want to send an email notification when the request is committed
11.Select OK to close the Workflow Editor and save the workflow item.
NOTE: Modifying multiple properties of an object in a single operation may trigger multiple
workflow items. Microsoft submits changes on a property page basis; therefore, each
page being modified will create a new workflow item.
NOTE: User accounts created using workflow will not maintain the settings selected when
creating the object (e.g., enable/disable setting, password settings, Exchange
settings). Once the account is created, you will need to go back to set the password
and status (enable user).
NOTE: When you create an object through workflow, a message is displayed stating
‘Windows cannot create the object <ObjectName> because: The specified directory
object is not bound to a remote resource.” Select OK to submit the request.
NOTE: When both workflow and rules are applied to the same object, workflow will be applied
but the rule will not be triggered.
1. Using either the ADMC or ADUC, go through the typical procedure for creating, deleting
and/or modifying an Active Directory object.
2. When prompted, enter a comment to accompany the modification being requested.
NOTE: Even if the ‘Comments are not required’ option was selected on the Request
page of the Workflow Editor, the Comment dialog will be displayed. Select the
Cancel button on the dialog to proceed without adding a comment.
3. The following message is then displayed explaining that the request has been
submitted. Select OK to close this dialog.
NOTE: When using the ADMC, actions that modify Active Directory objects that are
performed using the right-click menu command (e.g., account disable,
password reset) will display a Microsoft dialog indicating that the change has
been made (e.g. account has been enabled/disabled) in addition to the
workflow comment and request submitted message dialogs. The Microsoft
dialog is misleading because the action has not been committed as indicated,
but has been submitted to the workflow queue requiring it to be reviewed/
approved before it will be committed.
4. To verify that your request has been submitted, select the Workflow button in the
NetControl navigation pane to open the Workflow pane. Your request should be listed
under the To be reviewed or To be approved heading depending on the ‘Automatically
review/approve the request’ settings set in the Workflow Editor when the workflow was
created.
5. From here you can right-click and select the Details menu command to review the
request details.
For more details on managing and tracking your workflow requests, please refer to ‘Managing
Workflow Requests’ on page 104.
The NetControl workflow process allows administrators to set up certain actions that must
adhere to a review/approval cycle before the action will be rolled out to the production
environment. When you configure workflow in NetControl, you are selecting the actions that will
go through a review/approval process. The actions that can use workflow are dependent on the
NetPro application that you are using.
An action that you set up for the approval process goes through the following stages:
Email notifications can be configured for different stages in the workflow process. You can send
emails to requesters/reviewers/approvers when a request is approved/rejected or committed.
Workflow
90 NetControl
When setting up a workflow in the Workflow Editor, there are three roles that can be set up:
• Requester – A user that is a requester can submit actions for the approval process,
review details about their request, and cancel their request if no longer required.
• Reviewer – A reviewer can view the request, approve or deny the request, and review
the details about the request. The reviewer role is optional.
• Approver – An approver can view the request, approve or deny the request, and review
the details about the request. The approver role is optional.
The Workflow pane is available in the navigation pane when NetControl is installed. However,
workflow must be configured for an object before any request information will be displayed. Any
user that logs on to NetControl can view all items in the workflow queue. However, a user must
be explicitly added as a requester, reviewer or approver to change the states of workflow items.
• Workflow Editor
• Workflow Pane
• Managing Workflow Requests
• Reviewing and/or Approving Workflow Requests
• Using Microsoft Outlook to View Workflow Items
Please refer to the documentation for each deployed NetPro application to determine if it can
use the workflow feature and for more information on the actions that can be assigned to a
workflow process.
Workflow Editor
Using the Workflow Editor you will define who can request, review and approve the actions as
well as select the options to be applied as the action progresses through the different stages of
the workflow process. The Workflow Editor is launched when the Add button on the Workflow
page of an object’s Permissions dialog or Configuration dialog is selected.
The Workflow page, as mentioned above, is available either through the Permissions dialog or
the Configuration dialog. Use one of the following methods to display the Workflow page, from
which you can launch the Workflow Editor:
• Depending on the deployed NetPro application, right-click the node then select
Permissions to open the Permissions dialog (for the selected node). On the
Permissions dialog, select the Workflow button - from here you can add, edit and
remove workflow items.
• From the ADMC, right-click a container under the Connections container in the explorer
view (left-hand pane) or right-click an object in the account list (right-hand pane) and
select the Rules and Workflow command to open the Configuration dialog. On the
Configuration dialog, select the Workflow button - from here you can add, edit and
remove workflow items.
Workflow
NetControl 91
• General – Provide a name, comment and action for the workflow item.
• Request – Set the accounts that can request workflow items. You can also select
accounts that are exempt from following the workflow.
• Review – Select the accounts that will be required to review the request.
• Approve – Select the accounts that will be required to approve the request before the
workflow item will be committed.
• Commit – Select when the workflow item will be rolled out in the environment.
General Page
On the General page, provide a name and brief description for the workflow. Also, select the
action(s) to which workflow is to be applied. The list of available actions is populated based on
the node or object selected in the ADMC or other NetPro application pane.
The screen shots illustrated here are of the Workflow Editor when it is launched by selecting a
container in the ADMC explorer view.
Name
Provide a descriptive name for the workflow.
Comment
Enter a brief description that will help you identify the workflow.
Workflow
92 NetControl
Actions
Select (check) the check boxes for the actions that are to be enforced by the workflow. You
can select as many actions for the workflow as you want. This list changes depending on
the object or node selected in the ADMC or other NetPro product pane.
If you want to specify a specific object and/or property, click the any object class and/or
any property hyperlinks to specify the object class(es) and/or property to which the
workflow is to be applied. When you select the any object class hyperlink, the Object
Types dialog is displayed allowing you to select (check) one or more object types for the
workflow. When you select the any property hyperlink, the Properties dialog will be
displayed allowing you to select (check) one or more properties for workflow.
Request Page
On the Request page, select the user or group accounts that must adhere to the defined
workflow process when the selected action is being performed. That is, when a specified
account attempts an action selected on the General page, that action is assigned to the
workflow queue and must be reviewed/approved before it can be committed. For example, if
Create User Object is selected for workflow, when the user tries to create a new user object
through the ADMC, a message is displayed indicating that the action must be approved before
the user object can be created.
The Request page of the Workflow Editor contains two tabs to define the accounts that must
follow the selected workflow:
• Use the Accounts tab to define the accounts that must adhere to the defined workflow
process when they attempt to perform the selected action.
• Use the Exemptions tab to define the accounts to be excluded from the workflow request
process. That is, when a user account or group is exempted, they can perform the action
that is defined in the workflow without going through the review/approval process.
Workflow
NetControl 93
Accounts tab
The list box on the Accounts tab contains the users and/or groups that must adhere to the
defined workflow process.
Exemptions tab
The list box on the Exemptions tab contains the users and/or groups which are excluded
from the workflow request process.
Add
Click the Add button to open the native Select Items dialog. Choose the accounts that you
want to adhere to the workflow process (or from the Exemptions page, the accounts to be
excluded from the process).
Remove
Once user or group accounts are added to either the accounts list or exemptions list, click
the Remove button to remove it from the displayed list.
Lifetime
The Lifetime section of a workflow entry defines how long a request is to remain in the
queue before an escalation action occurs.
Workflow
94 NetControl
• Close the request - Select this check box if you want the request closed after the
specified period of time passes without an action on the request.
• Send an email to - Select this check box if you want to set up an email recipient
to notify a user that the request has expired without any action or that the request
is not completed and needs attention. Enter the email address of the user(s) to
receive the notification.
NOTE: Before selecting an email option, ensure that there are valid Mail attributes
configured in Active Directory for the accounts selected. If there is a valid Mail
attribute value from Active Directory for the accounts selected then an email can
be sent to those accounts.
• Repeat every - Optionally, select this option if you want to send additional email
reminders that a workflow request needs attention. Enter the length of time and
the time frame (hours, days or weeks).
Options
You may want a requester to provide a comment on why they want to do the selected
workflow action.
Comments
Select a commenting option from the drop-down menu. The commenting options are:
Workflow
NetControl 95
Review Page
On the Review page, select the options for request reviews such as the user/group accounts
that can review requests, how many reviewers are required and the action to be taken when a
review is approved or denied.
Add
Select the Add button to open the native Select Users or Groups dialog. From this dialog,
choose the user accounts or groups that will be responsible for reviewing the workflow
requests.
Remove
If there are user names or groups in the list box that you no longer want as request
reviewers, select the name then select the Remove button.
Workflow
96 NetControl
Options
Comments
Providing comments is a good way to track the requests going through workflow and
why they were approved or rejected.
Select a commenting option from the drop-down menu. The commenting options are:
Upon rejection
Select one of the following options from the drop-down menu to specify what happens
to the request when it is denied by the required reviewers:
Email Settings
Select one of the following options from the drop-down menu to specify if and when an
email is to be sent:
Workflow
NetControl 97
Send to
The browse button is activated when you select one of the send email options. Click
the browse button to open the Email Accounts dialog to select the workflow role(s) that
are to be notified via email about the review status of a request. See ‘Email Accounts
Dialog’ on page 100.
Approve Page
On the Approve page, select the options for request approval such as the user/group accounts
that can approve requests, how many approvers are required and the action to be taken when
a reviewed request is approved or denied.
Add
Select the Add button to open the native Select Users or Groups dialog and select the
users or groups that can approve a request.
Remove
If there are user names or groups in the list box that you no longer want as request
approvers, select the name then click the Remove button.
Workflow
98 NetControl
Options
Comments
Select a commenting option from the drop-down menu. The following commenting
options are available:
Upon rejection
Select one of the following options to specify what happens to the request if it is denied:
Email Settings
Select one of the following options from the drop-down menu to specify if and when an
email is to be sent:
Workflow
NetControl 99
Send to
The browse button is activated when you select one of the send email options. Click
the browse button to open the Email Accounts dialog to select the workflow role(s) that
are to be notified about the approval status of a request. See ‘Email Accounts Dialog’
on page 100.
Commit Page
On the Commit page, select when you want the request to be rolled out in the environment after
the request is reviewed and approved.
Committed changes in NetControl will run every 15 minutes on the hour. You may have to
wait a few minutes before a change is committed.
Workflow
100 NetControl
Options
Email Settings
Select one of the following options from the drop-down menu to specify whether to
send an email when the request is committed:
Send to
The browse button is activated when you select the send email option. Click the browse
button to open the Email Accounts dialog to select the workflow role(s) that are to be
notified via email when a request is committed. See ‘Email Accounts Dialog’ on
page 100.
NOTE: For requesters, only the individual account that initiated the request will receive the
email even if a group is specified on the Request page of the Workflow Editor.
NOTE: When a group is specified, the group email will be used not individual emails for each
member of the specified group.
Requester/Reviewers/Approvers
Select the check boxes for the workflow roles that will receive an email notification. The
check boxes are associated with the accounts selected on the Request, Review and
Approve pages of the Workflow Editor.
Other
Enter the email account for any additional accounts that you want to send the email
notification to. Entering an account here is optional.
Workflow
NetControl 101
Workflow Pane
As a workflow proceeds through the stages, the Workflow pane displays the different states for
the item, including: To be reviewed, To be approved, To be committed, Completed, Cancelled,
and Request has been denied. A workflow item remains in the queue (unless a lifetime property
is set) until the review and approve stages are approved/denied by the designated users.
The Workflow pane is displayed when Workflow is selected in the navigation pane. From this
pane you can review the status of your requests, cancel a request, review and approve/deny
requests, and view details for a request.
Any user that logs on to NetControl can view all items in the workflow queue. However, a user
must be explicitly added in the Workflow Editor as a requester, reviewer or approver to change
the states of workflow items.
Workflow
102 NetControl
Explorer view
The explorer view displays the Workflow node.
Summary
This column displays a brief description of each workflow item. To change the state of
a workflow task, right-click the summary and select the appropriate command:
• Approve
• Deny
• Cancel
• Details
NOTE: One or more of these commands will be available depending on your workflow
role(s) assigned and the current state of the workflow task.
State
This column displays the current state of each workflow item in the list. The states
include:
Submitted By
This column displays the name of the account that submitted the request.
Submitted On
This column displays the date and time each request was submitted.
Workflow
NetControl 103
Right-click the pane (not a workflow entry in the list) to display the following commands which
allow you to change the contents displayed:
View
Expand the View command and select one of the following options to change how the items
in the workflow pane are displayed:
• Tiles
• Icons
• List
• Details (default)
Filter
Expand the Filter command and select one of the following options to define exactly what
to display in the workflow pane:
• My requests
• My work items
• All Items (default)
Sort By
Expand the Sort By command and select one of the following options to resort the content
displayed:
• Summary (default)
• State
• Submitted by
• Submitted on
Arrange By
Expand the Arrange By command and select one of the following options to group the
workflow items differently:
• Summary
• State (default)
• Submitted by
• Submitted on
• none
Refresh
Use the Refresh button to redisplay the latest status of the items in Workflow pane.
NOTE: Whenever the state of a workflow item is changed, you must select the Refresh
button to display the new status.
Workflow
104 NetControl
For example, administrators might want actions made through the ADMC (e.g., when a user
creates a new object) to adhere to a specific workflow process. A user can go through all the
steps to create an object and when finished a dialog is displayed indicating that the action must
go through the workflow process.
Depending on the NetPro application, after a workflow item is committed, you can go to the
application component to see the item in the console. If configured during the workflow setup,
an email notification can be sent indicating that the request is complete.
For example, if you are using NetPro’s AccessManager, and the workflow action is Create
Managed Objects, then after the workflow is committed, go to the Managed Object node in the
explorer view to see the managed object that was created.
Workflow
NetControl 105
The following information is displayed at the top of the Request Details dialog:
Summary
This field displays a brief description of the selected workflow item.
Submitted By
This field displays the name of the account that submitted the request.
Submitted On
This field displays the date and time when the request was initially submitted.
In addition to the request submission information, the table at the bottom of the dialog, displays
the following information as the item progresses through the different workflow stages:
Occurred On
This column displays the date and time when the status changed for the selected workflow
item.
Action
This column displays the action or status change that was made.
Comment
This column displays the comment that was entered when the request was reviewed and/
or approved.
Account
This column displays the name of the account that performed the action listed.
Workflow
106 NetControl
Workflow
NetControl 107
Troubleshooting Tip
If you do not see the NetControl node in the left-hand pane, even after
you have selected the Folder List icon, ensure that the NetControl
console is loaded on the machine where the Outlook extension is
installed.
If the NetControl node is not displayed, select the Folder List icon at the bottom of the
navigation pane.
Workflow
108 NetControl
3. On the NetPro NetControl Connection dialog, use the drop-down menu to select the
server where the NetControl service resides and select Connect.
You are connected to NetControl during the Outlook session. When you log out of
Outlook and then log on again, you must select and connect to NetControl again.
4. After you log on to NetControl, the workflow items are displayed. Right-click the items
to review, approve, deny and/or cancel requests.
NOTE: Whenever the state of a workflow item is changed, you must select F5 or the
Refresh button on the Outlook tool bar to display the new status.
Workflow
NetControl 109
Using the Reports pane of the NetControl console, you can run reports for the NetControl
console components: Agents, Agent Groups, Computer Lists and Schedules.
Depending on the NetPro applications deployed, there may be reports displayed in the Reports
pane for that application. Refer to the documentation for the NetPro application.
• Reports Pane
• Generating NetControl Reports
Reports
110 NetControl
Reports Pane
The Reports pane is displayed when Reports is selected in the navigation pane. From this
pane you can run reports based on NetControl components.
Explorer View
The explorer view displays the types of reports available. All of the reports are listed under
the following containers:
Reports
NetControl 111
Object List
The object list displays a list of reports generated based on the container selected in the
explorer view.
Details View
When a report is selected in the object list, the lower portion of this pane displays
information about when the selected report was executed.
Once a report is generated and its status is ‘Completed’ in the Details View, either
double-click or right-click the report entry and select the View command to display the
results of the report.
Using the Reports pane, the following NetControl reports can be generated:
• Agents – provides a list of agents, their status and associated agent groups. Selecting
the name of an agent will display a list of agent groups to which the agent belongs and
the notification frequency for the selected agent.
• Agent Groups – provides a list of agent groups and agents that reside in the agent
group and the configured update notification interval. Selecting the name of an agent
group will display a list of the agents that belong to the selected agent group, as well as
the configured update notification interval and status of each agent in the agent group.
• Computer Lists – provides the settings defined in a computer list. Selecting the name
of a computer list will display a list of the jobs that are linked to the selected computer list.
• Schedules – provides a report that shows schedule configurations. Selecting a
schedule entry will display a list of the jobs that are linked to the selected schedule.
Reports
112 NetControl
1. Select Reports from the navigation pane to open the Reports pane.
2. Expand the NetControl Reports container in the explorer view and select the type of
report to run:
• Agents
• Agent Groups
• Computer Lists
• Schedules
3. Select the Run tool bar button or right-click menu command. This will display the
appropriate Report dialog allowing you to define the contents of the report, configure the
report output, specify the data source and schedule the execution of the report.
4. On the General page, enter a descriptive name and optionally enter a comment
regarding the report to be executed.
5. Open the “second” page to select the NetControl component to be reported on. (The
second page in the dialog, will change based on the type of report selected in the
explorer view. For example, when Agents is selected, an Agents page will be displayed,
when Schedules is selected, a Schedules page will be displayed, etc.)
6. On the Advanced page link the report to a schedule.
7. On the Agent Groups page select the agent group that contains the server(s) to be used
to execute the report.
8. After entering the requested information, use the OK button to close the dialog and run
(or schedule) the report.
9. Once the report has been generated (there is a “Completed” status in the Details View),
double-click the report entry in the Details View (or right-click and select the View menu
command) to display the results of the report.
Reports
NetControl 113
• General – use this page to specify general information about the report.
• Agents – use this page to select the agent(s) to be included in the report.
• Advanced – use this page to define the schedule for executing the selected report.
• Agent Groups – use this page to select the agent group(s) that are to generate the
report.
General Page
From the General page, specify general information about the report to be executed.
Name
Enter a descriptive name for the report.
Comment
Optionally, enter a description or comment for the report.
Reports
114 NetControl
Agents Page
Use the Agents page to specify the agent(s) to be included in the selected report.
When the last option is selected, the list box and the Add button are enabled allowing you to
select the agent(s) to include in the report.
Add
Use the Add button to add agents to the list box. Selecting this button will display the Select
an Agent dialog allowing you to select the agent(s) to include in the report.
Remove
After agents have been added to the list box, use the Remove button to remove an agent
from the list box. Select the entry to be removed and select the Remove button.
Reports
NetControl 115
Advanced Page
Use the Advanced page to define the schedule to use to run the report.
Scheduling
Select one of the following to define when to run the report:
When the last option is selected, use the browse button to select a schedule. Selecting
the browse button will display the Select a Schedule dialog allowing you to select a
previously defined schedule or create a new schedule.
NOTE: You MUST select an agent group otherwise the report will not run.
Reports
116 NetControl
Add
Use the Add button to add agent groups to the list box. Selecting this button will display the
Select an Agent Group dialog allowing you to select the agent group(s) to be used.
Remove
After agent groups have been added and are displayed in the Agent Groups list box, use
the Remove button to remove an agent group from the list box. Select the agent group to
be removed and select the Remove button.
• General – use this page to specify general information about the report.
• Agent Group Objects – use this page to select the agent group(s) to be included in the
report.
• Advanced – use this page to define the schedule for executing the selected report.
• Agent Groups – use this page to select the agent group(s) that are to generate the
report.
See ‘Agents Report Dialog’ on page 113 for a description of the General, Advanced and Agent
Groups pages. All of these pages are the same for all NetControl reports.
Reports
NetControl 117
When the last option is selected, the list box and the Add button are enabled allowing you to
select the agent group(s) to include in the report.
Add
Use the Add button to add agent groups to the list box. Selecting this button will display the
Select an Agent Group dialog allowing you to select the agent group(s) to include.
See ‘Select an Agent Group Dialog’ on page 27 for a description of the dialog.
Remove
After agent groups have been added to the list box, use the Remove button to remove an
agent group from the list box. Select the entry to be removed and select the Remove
button.
• General – use this page to specify general information about the report.
• Computer Lists – use this page to select the computer list(s) to be included in the
report.
• Advanced – use this page to define the schedule for executing the selected report.
• Agent Groups – use this page to select the agent group(s) that are to generate the
report.
See ‘Agents Report Dialog’ on page 113 for a description of the General, Advanced and Agent
Groups pages. All of these pages are the same for all NetControl reports.
Reports
118 NetControl
When the last option is selected, the list box and the Add button are enabled allowing you to
select the computer list(s) to include.
Add
Use the Add button to add computer lists to the list box. Selecting this button will display
the Select a Computer List dialog allowing you to select the computer list(s) to include.
Remove
After computer lists have been added to the list box, use the Remove button to remove a
computer list from the list box. Select the entry to be removed and select the Remove
button.
Reports
NetControl 119
• General – use this page to specify general information about the report.
• Schedules – use this page to select the schedule(s) to be included in the report.
• Advanced – use this page to define the schedule for executing the selected report.
• Agent Groups – use this page to select the agent group(s) that are to generate the
report.
See ‘Agents Report Dialog’ on page 113 for a description of the General, Advanced and Agent
Groups pages. All of these pages are the same for all NetControl reports.
Schedules Page
Use the Schedules page to specify the schedule(s) to include in the selected report.
When the last option is selected, the list box and the Add button are enabled allowing you to
select the schedule(s) to include in the report.
Add
Use the Add button to add schedules to the list box. Selecting this button will display the
Select a Schedule dialog allowing you to select the schedule(s) to include.
Remove
After schedules have been added to the list box, use the Remove button to remove a
schedule from the list box. Select the entry to be removed and select the Remove button.
Reports
NetControl 121
This appendix provides a table that shows the NetPro applications that use the NetControl
platform and its shared components. Please refer to the documentation for each individual
application for more information on using the Configuration, Collectors, Reports and Workflow
components.
NetControl Components
AccessManager 3 3 3 3
AccessReporter 3 3 3 3
ADMC 3 3 3
Business Insight 3 3
GPOADmin 3 3 3
LogADmin 3 3 3
* Note that the Resources component includes agents, agent groups, computer lists, and
schedules.
You can set up email notification for the following workflow items:
In addition, you can send an email as part of a provisioning rule for actions performed through
the ADMC.
Using the NetControl Configuration page, you can set up the email account and SMTP server
from which these email notifications are sent.
Email Setup
124 NetControl
Email address
Enter an email address in the box. This is the address that email notifications will be sent
from.
Display Name
Enter the display name for the email account.
SMTP Server
Provide the name of the SMTP server to be used for email notifications.
Test
After entering the email settings, use the Test button to send a test email to ensure the
email settings are working properly.
Save
After entering the email settings, use the Save button to save your settings.
Email Setup
NetControl 125
Setting up Email
To set up email notification:
Email Setup
NetControl 127
This appendix provides additional information regarding the Active Directory Users and
Computers (ADUC) extension that is activated when NetControl is installed. Using this
extension you can enforce workflow approval processes and automate common Active
Directory tasks through the use of rules. Please remember that even though modifications
made through ADUC will trigger defined workflow or rules, you can only define workflow and
rules for an object using NetControl’s Active Directory Management Console (ADMC).
Usage Notes
Windows Server 2008
• 32-bit: runs as expected (e.g., %windir%\System32\dsa.msc)
• 64-bit: use WOW64 (e.g., %windir%\SysWOW64\dsa.msc)
Exchange
Do NOT install the NetControl Console/ADUC Extension on machines running Exchange
tools.
1. Launch ADUC.
2. This will display the NetPro NetControl Connections dialog. On this dialog, use the drop-
down menu to select the NetControl server to be used and select Connect.
Warning
If you select Cancel on the NetPro NetControl Connection dialog instead
of connecting to the NetControl Console, ADUC will launch in a read-
only mode and you will not be able to modify Active Directory objects.
3. Go through the typical procedure for creating, deleting and/or modifying an Active
Directory object.
4. If workflow has been applied to an object, you will be prompted to enter a comment to
accompany the modification being requested. You will then see a message indicating
the request has been submitted. Select OK to close this dialog.
This appendix covers some of the known issues with NetControl and provides some
troubleshooting tips.
In addition, for more information and troubleshooting tips on the ADMC, please go to:
http://www.turbochargedad.com.
NetControl Console
The following troubleshooting tips relate to issues with the NetControl Console.
1. Run the NetPro NetControl Plugin.msi on the server where the NetControl service is
installed. This msi file is located in the Updates folder of the Install path of the NetControl
service.
2. On the Program Maintenance screen, select the Modify option.
NetControl Troubleshooting
130 NetControl
3. On the Custom Setup screen, verify that the Console is installed. If it is not installed, you
will see a red X to the left of the Console feature. To install the Console feature, select
the ‘This feature will be installed on local hard drive’ option from the Console drop-down
menu.
To correct this issue, you must uninstall the Enterprise Server Console from the computer with
the partial upgrade and then reinstall the Enterprise Server version of the Console.
NetControl Troubleshooting
NetControl 131
ADMC Functionality
The following troubleshooting tips relate to the Active Directory Management Console (ADMC),
which is installed with NetControl.
1. Verify that the default value does not contain quotes in the following registry key:
[HKEY_CLASSES_ROOT\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-
00A0D10038BC}\1.0\0\win32]
NetControl Troubleshooting
NetControl 133
Index
A Agents
Deploying 24
Account List 66
New Agent Deployment Dialog 25
Action menu command 10 Pane 22
Active Directory Management Console (ADMC) 63 Agents Page
Configuring workflow 85 Agents Report Dialog 114
Creating Custom Views 67 New Agent Group Dialog 38
Creating Rules 73
Agents Report Dialog 113
Establishing a Connection 71
Application Components
Pane 64
Rules Wizard 74 NetControl 7
Troubleshooting 129 Application Security 15
ADUC Extension 127 Applying workflow to an ADMC action 86
Advanced Page Approve Page 97
Agent Groups Report Dialog 115 Arrange By commands 23, 35, 43, 53, 103
Agents Report Dialog 115 Automatically approve workflow request 97
Computer Lists Report Dialog 115 Automatically review workflow requests 95
Properties Dialog 70
B
Schedules Report Dialog 115
Agent Group Objects Page Building Dynamic Computer List
Agent Groups Report Dialog 116 Based on a Script 45
Agent Groups Bases on LDAP Query 44
Adding/removing agents 37 Building Explicit Computer List 44
Associating with a collector 61
C
Creating an empty agent group 36
Creating with agents 36 Collectors
Description 33 Defining 59
New Agent Group Dialog 37 New Collector Dialog 59
Pane 34 Pane
Report dialog 116 58
Agent Groups Page
Commit Page 99
Agent Groups Report Dialog 115
Computer Lists
Agents Report Dialog 115
Building explicit list 44
Computer Lists Report Dialog 115
Building list based on LDAP query 44
New Agent Deployment Dialog 27
Building list based on script 45
New Collector Dialog 61
Description 41
Schedules Report Dialog 115
New Computer List Dialog 46
Pane 42
Index
134 NetControl
Index
NetControl 135
Index
136 NetControl
Index