Chapter: 1 | 2 | 3 | 4 | 5 | 6
MCSE SQL Server 7 Administration Study Guide
Syngress, Inc.
 $49.99  007-211-90-47


Chapter 3

Managing User Accounts

Certification Objectives

It does not matter if a network is brand new, or if it is decades old; administrators must still manage users and their accounts on a network. Changes to names, titles, departments, security access to files, and new installations happen all the time. Under NetWare, the management of user accounts occurs in the Novell Directory Services tree.

Introduction to User Object Management

A User object represents a person who accesses the network. The name of the User object is the login ID. The way that users are granted security is through the User object properties. The NDS database enables the collection of user-related data, such as telephone numbers and locations.

From the Classroom

User Context and Network Resources

User context is nothing more than where that user’s User Object resides in the Directory. Another way to look at this concept is "Context=Immediate parent container and all containers in a direct hierarchical line to [Root]". That is, context is container names. Two different words describing the same concept.

User context is important because it gives information on all relevant containers that are in the User object’s NDS hierarchy to [Root]. Knowing this will help greatly in troubleshooting NDS Object rights because containers can be made trustees of NDS objects and the NetWare file system, which means that all subordinate objects get the same rights.

User context also gives a precise idea of where the user is located in relationship to the network’s physical resources, provided that the NDS tree structure follows Novell’s recommendations for designing and implementing NDS. Remember, always strive to place users in the same context as the resources they use.

By Dan Cheung, CNI, MCNE, MCT

Understanding User Object Context

When a Novell Directory Services tree is organized into more than one container object, locating and accessing network resources becomes difficult. The NDS tree must be told how to find the other resource from the current location in the tree, or context. Users must know their account’s context in order to log in to a workstation that is set to a different context.

Jeff is from Phoenix and is visiting the New York branch office. He borrows a workstation that is set to access the New York context. Jeff tries to log in the same way he does in the Phoenix office by inputting his username and password. The login fails. Why?

The NDS tree looked for Jeff’s ID in the borrowed workstation’s context, but Jeff’s ID is located in the Phoenix context. The Phoenix user must know his user account’s context for the login program to find it in NDS.

In Figure 3-1, the lower portion of the login screen shows the workstation’s current context. The upper portion of the screen displays the user HHARRIS’s typeful distinguished name. User accounts can use either a distinguished name or a relative distinguished name to navigate through the NDS tree from the current context to reach the user account’s context. A distinguished name begins with a leading period, starts with the common name of the resource, and then lists each container unit up the tree to the [Root]. Each object has a unique distinguished name in the tree. A distinguished name can locate an object no matter what the current context is set at. A distinguished name for the User object named HHARRIS in Figure 3-1 is

.CN=HHARRIS.OU=ENG.OU=PHX.O=MA

Figure 1: NDS Login Example

In this example, the context of the HHARRIS user is OU=ENG.OU=PHX.O=MA. The context of a workstation can be set to .OU=ACCT.OU=TOK.O=MA, and the user account’s context will still be .OU=ENG.OU=PHX.O=MA.

Exam Watch: A distinguished name will always be able to find a resource regardless of the current context.

Use a relative distinguished name to navigate from a workstation’s context to an account’s or another network resource’s context. A relative distinguished name lists the path from the current context to the object, does not contain a leading period, and can have an ending period. The relative distinguished name can be confusing because it starts with the object that it is trying to reach, although it is intended to lead to that object from the current context. Remember that this type of name is locating a resource in a context relative to the current context. As illustrated in Figure 3-2, if user HHARRIS was logging in to a workstation with the context .OU=ACCT.OU=TOK.O=MA, the relative distinguished name would be

CN=HHARRIS.OU=ENG.OU=PHX.

Figure 2: NDS location with relative distinguished name

When HHARRIS is logging in to a workstation in the .OU=ENG.OU=PHX.O=MA context, it is not necessary for her to use anything other than her user account ID HHARRIS. Users traditionally do not use anything other than their account ID, or User object name, when logging in to a network. For this reason, you should ensure that users are located in the same context as the network resources they access most often.

So far, all names used have been typeful names. Typeful refers to the use of the abbreviation for the container object and leaf object names. The abbreviations are followed by an equals sign (=), and each object in the name is separated by a dot (.).The abbreviations used most often are listed in Table 3-1.

Typeful Abbreviation

Resource Type

O

Organization

C

Country

OU

Organizational Unit

CN

Common Name (used for leaf objects)

Table 1: Typeful Abbreviations

Typeless names do not use the abbreviation. An example of a typeless name for user HHARRIS is .HHARRIS.ENG.PHX.MA.

On the Job: Notice how quickly distinguished names grow in size when adding more layers to an NDS tree. The only way to keep the size of names manageable is to use the shortest possible names for container objects. It is not uncommon for national or global companies to use the IATA Code for airports to represent cities, since these codes are three characters and fairly well known or understood by end users. Los Angeles becomes LAX, and Newark becomes EWR. Usually the name of the Organization object is designated as being a long name. Unfortunately, this can cause the most problems because the Organization object shows up in every single object in the tree.

Network Administrator Utilities

There are several utilities included in NetWare 5 for administration of User objects. New to the NetWare operating system is the ability to manage User objects at the server console. The utility used for this is called Console One. It is a Java application loaded from the Java graphical screen on the console. This application can browse and display the entire NDS tree, as well as access other trees that exist on the network.

With NetWare 3.1x, the main administrative utility was SYSCON, which was a DOS-based text menu utility. In NetWare 5 and NetWare 4.x, the main administrative utility is a graphical application called NetWare Administrator. These later versions also include a DOS-based menu utility called NetAdmin.

Creating User Objects

User objects can be created under any container object, except for the [Root] object of the NDS tree. The user’s context should be the same as the one at the workstation they normally log in to. For bindery logins, the workstation and server that the user is logging in to should be set to the same context as the User object. The User object creation process includes the option for creating a user’s home directory. As part of the process, the User object is granted all file system rights (except Supervisor) to fully manage all files and subdirectories in the new home directory.

Exam Watch: User objects cannot be created in the [Root] object.

When users are created, there are subsequent information fields that can be completed in NDS. This information manages the user’s security access to network resources, as well as other objects’ access to the User object. If using a user template during the User object creation, default properties for the User object are automatically applied. Table 3-2 describes the User object fields.

User Property

Property Set Page

Description

Account Balance

Account Balance

The account balance is a property used for the network usage accounting system. It displays the remaining network usage credit.

Account Disabled

Login Restrictions

Checking off this box will disable a user account from being able to log in, but will retain all other properties of the User object, in case it should be enabled in the future.

Account has expiration date

Login Restrictions

When this field is completed, a user’s ID will expire on a predetermined date without requiring an administrator to mark the account disabled.

Account Locked

Intruder Lockout

This marks the status of a User object that has been locked out by a number of incorrect login attempts that exceeds the number set in the container object Intruder Detection rules property.

Account Reset Time

Intruder Lockout

This property lists the time interval that must elapse before the account will no longer be locked out.

Allow Unlimited Credit

Account Balance

This property enables a user to have unlimited access to network resources when Accounting is enabled, regardless of the credit set in the account balance property.

Allow user to Change Password

Password Restrictions

When checked off, this property enables a user to change his or her own password.

City

Postal Address

Name of the user’s city.

Date Password Expires

Password Restrictions

This property lists the date that the User object’s password expires, at which point the user will be prompted to change passwords.

Days Between Forced Changes

Password Restrictions

Number of days that a password can be used.

Default Queue

Environment

Unless the user specifies a different queue, print jobs go here.

Default Server

Environment

This property lists the server that the workstation will authenticate to when the user logs in to NDS.

Department

Identification

The business unit the user belongs to.

Description

Identification

Notes about the user.

E-mail Address

E-mail Addresses

Multiple e-mail addresses of the user can be listed here.

FAX Number

Identification

User’s FAX number.

Full Name

Identification

User’s entire name.

Generational Qualifier

Identification

The part of a user’s name that represents his generation; e.g., Jr., Sr., or III.

Given Name

Identification

User’s first name.

Grace Logins Allowed

Password Restrictions

Number of logins allowed with an old password before the user is forced to change the password or lock out the account.

Group Membership

Group Membership

Groups that this User object is a member of.

Home Directory

Environment

Location of the User object’s personal directory—both volume and path to the directory. The directory can be created at the same time as the User object, or created separately and manually entered in this field.

Incorrect Login Attempts

Intruder Lockout

Accrued number of incorrect login attempts made consecutively before the interval is reset.

Initial

Identification

User’s middle initial.

Language

Environment

Language the network messages are displayed in from NDS.

Last Intruder Address

Intruder Lockout

Lists the network address of the workstation where the last wrong password was entered.

Last Login

Login Restrictions

Date and time that the user last logged in to NDS.

Last Name

Identification

This property is required during object creation. It is the last name, or surname, of the user.

Limit Concurrent Connections

Login Restrictions

Check this box if the user should be restricted to logging in at a single or static number of workstations.

Location

Identification

Any location identification for the user can be entered here, such as a building name or a mail stop.

Login Script

Login Script

User’s personal login script.

Login Time Restriction

Login Time Restriction

This property enables the administrator to limit what times the user can have access to the network.

Low Balance Limit

Account Balance

When using accounting, if a user’s balance reaches this number, the user is denied network access until the balance is increased.

Mailing Label Information

Postal Address

Information to be used on a mailing label for this user.

Maximum Connections

Login Restrictions

The maximum number of workstations that this User object can be logged in to simultaneously.

Minimum Password Length

Password Restrictions

The minimum number of characters that a user’s password is allowed to have.

NDPS Printers

NDPS Printer Access Control

The user’s access to printers can be changed here by toggling on and off whether the user is a manager, operator, or user of the printer.

NetWare Registry Editor

NetWare Registry Editor

Values listed here are inserted into the user’s Registry.

Network Address

Environment

The network address of the workstation where the user last logged in.

Network Address Restrictions

Network Address Restrictions

The network addresses listed are the only network addresses that the User object will be allowed to log in to. If no addresses are listed, the user can log in anywhere.

Other Name

Identification

This space can be used for nicknames or other identification information.

Postal (zip) Code

Postal Address

User’s ZIP code.

Postal Office Box

Postal Address

User’s P.O. box.

Print Job Configuration

Print Job Configuration (Non NDPS)

Names of the various print jobs that the user can utilize.

Profile

Login Script

The name of a profile object is listed here. When the login script process executes, this profile script executes after the Organizational Unit script and before the user profile script.

Remaining Grace Logins

Password Restrictions

The number of grace logins remaining before the account is locked out or the user is forced to change passwords.

Require a Password

Password Restrictions

When checked, this property requires the user to have a password.

Require Unique Password

Password Restrictions

When checked, this requires that passwords are not reused.

Security Equal To

Security Equal

All the objects in NDS that the User object has been specified as being equivalent to.

See Also

See Also

List of objects related to this User object.

State or Province

Postal Address

User’s state.

Street

Postal Address

User’s street address.

Telephone

Identification

User’s telephone number.

Title

Identification

User’s business title or designation.

Table 2: User Object Properties

Jane created a User object in the NDS tree. She named the object JL4788, which was the end user’s employee ID. The user’s name is Taylor Meyer. Jane instructed Taylor to log in as Tmeyer, but Taylor was unable to log in. What went wrong?

Jane had named the User object JL4788. In NDS, the name of the User object is the login name. Jane can either instruct Taylor to log in as JL4788, or rename the User object to Tmeyer.

NetWare Administrator

The NetWare Administrator is a graphical tool for viewing the Novell Directory Services tree, and making changes to the objects within it. Any changes made to NDS objects can be made from within the NetWare Administrator. This program is called NWADMIN, short for NetWare Administrator. The utility for Windows 95 is NWADMN95.EXE and the NT utility is NWADMNNT.EXE. There is also a utility that can be used under any 32-bit NetWare client for Windows called NWADMN32.EXE.

The NetWare Administrator program is found in the SYS: volume of a NetWare 5 server. Depending on which operating system version is required, the executables are located in subdirectories of the SYS:PUBLIC: Win95, WinNT, and Win32.

Exercise 3-1 Creating a user in NWADMN32.EXE

  1. Start NetWare Administrator by choosing Start | Run, type F:\Public\Win32\NwAdmn32, and then clicking OK.
  2. Navigate through the tree to the container where you would like to place the User object. Containers can be expanded by double-clicking them.
  3. Press the Insert key, select User, and click OK. You’ll see the dialog box shown in Figure 3-3. Alternatively, choose Object | Newselect User, and click OK. Or you may click the Create User button on the toolbar.
  4. Figure 3: Object insert window

  5. Type the Login name and the Last name in the dialog box shown in Figure 3-4. Note that the Login name is not necessarily the user’s first name. This should be in accordance with your naming standards for NDS. Typically, large enterprises use the first one or two initials of a person’s name and the first five characters of the last name and concatenate them to create a login name.
  6. If using a template, check off the User template box and select the template object from the tree. If creating a home directory, check off the Create Home Directory box and locate the home directory parent volume and directory from the Path button. To add more details for the user, check Define additional properties. Note that you cannot add more details for a new user and select Create another User. These options are mutually exclusive.
  7. Click the Create button.

Figure 4: User object creation window

NetAdmin

The DOS version of the NetWare administrator is NETADMIN.EXE. This utility is located in SYS:PUBLIC, along with many of NetWare 5’s DOS utilities. It is a text-menu application (see Figure 3-5) that allows administration of NDS objects. The NetAdmin utility is useful if, for whatever reason, the GUI applications are unusable.

start here

Exercise 3-2 Creating a user in NETADMIN.EXE

  1. Choose Start | Run, type F:\public\netadmin, and click OK.
  2. Using the arrow keys, move the cursor down to Change Context and press Enter.
  3. Either type in the preferred context, or press Insert to navigate with the arrow keys to the preferred context, and press F10. You will be returned to the original menu.
  4. Use the arrow keys to navigate to the Manage Objects option and press Enter.
  5. Press the Insert key.
  6. Select User using the arrow keys and press Enter.
  7. Enter both the Login name and Last name (required), and any other information. Press Enter after each option is entered.
  8. When complete, press F10.

Figure 5: DOS version of NetAdmin User object utility

Console One

Console One is a Java utility that runs on a NetWare 5 console screen. NetWare 5 is the first version of the NetWare operating system that enables an administrator to manage User objects from the server console. User objects, group objects, and containers can all be created and managed from Console One. Console One can display other NDS trees, and allow user, group, and container object creation and editing.

Exercise 3-3 Creating a User object from Console One

  1. Start Console One by choosing the Start menu on the X-Windows Java-based console and select Console One.
  2. From the Console One window, expand the Trees folder in the left-hand pane by clicking the dot to the left of the Trees folder.
  3. Expand the tree that you wish to create a User object in.
  4. The Console One application will prompt for a user name, context, and password.
  5. After logging in to the selected tree, the tree expands to show the Organization object. Continue expanding container objects until the one in which the User object will reside is displayed in the left pane. Then select that container object by clicking it. The objects within the container will appear in the right-hand pane of Console One.
  6. There are three separate ways to initiate the new user dialog box.
  1. The user dialog box will appear. Complete the two mandatory fields for login name and last name.
  2. Check the Define Additional Properties checkbox.
  3. Click Create.
  4. The user dialog box will appear where additional properties, such as Given Name, can be entered. When complete, click OK.

UIMPORT

UIMPORT is a utility for migrating a large number of users from an existing database into NDS. This is particularly helpful when migrating from one operating system to NetWare 5, or when adding a large number of users to the NetWare network. An existing database can be utilized for the UIMPORT process, which consists of three stages, as illustrated in Figure 3-6:

  1. Export the data from the database into a delimited ASCII text file. The data may need to have fields excluded before the export process, or deleted after, depending on the database export capabilities. The data may need to be checked for special characters, such as quotation marks and commas, since they may shift the imported data into the wrong user properties. If special characters are found, they should be deleted.
  2. Create a control file that describes each of the fields for the delimited ASCII text file applicable to NDS. The import control file specifies which character is used as the field separator. Note that this character is normally a comma, but can be another special character. The two required fields are First Name and Last Name.
  3. Run UIMPORT against the control and data files, which will create the User objects in the Novell Directory Services tree.

Figure 6: Three-step UIMPORT process

To run UIMPORT, the user must have Create object rights or the Supervisor object rights to the container that users will be created in. Make sure the workstation used is set to the correct context using the CX command. UIMPORT is run at a DOS prompt window. The command to use when running UIMPORT is

UIMPORT [ControlFilename] [DataFileName] [/C] [LogFileName.LOG]

We have already described the control and data files. The /C switch is used to allow UIMPORT to have continuous output and not stop for responses. A log file describing the success or failure of the imported User objects must be described at the end of the command with an attached .LOG file extension.

Adding Licenses

New to NetWare 5 is a licensing management capability. NetWare Licensing Services (NLS) provides the following:

This utility can be used on 32-bit operating systems (Windows 95, Windows98, and Windows NT). The NLS 32-bit executable name is NLSMAN32.EXE. This utility is located in the SYS volume under the PUBLIC\WIN32 directory.

Figure 3-7 displays the NLS Manager initial screen. Licenses for NetWare and NetWare server products are stored within a license container within NDS. The first screen enables walking the NDS tree for licenses, which simply means that the NDS database is searched for license containers in all containers below the NDS container object selected.

Figure 7: NLS utility

Follow these steps to add a license to NetWare:

  1. From the workstation, choose Start | Run.
  2. Type F:\PUBLIC\WIN32\NLSMAN32.EXE and press ENTER.
  3. Allow the NLS Manager to walk the tree from the [Root] by accepting the default selections and click OK.
  4. Choose the View menu and select Tree View of Licenses.
  5. Choose the Actions menu and select Install License Certificate.
  6. In the resulting dialog box (see Figure 3-8), type the path to the disk that holds the new license in the upper box (normally, this is A:\.); then type the context in the tree where this license should be installed.
  7. Click OK.

Figure 8: Installing a license using NLS Manager

Because the licensing information is stored in NDS, the NetWare Administrator has integrated the NLS Manager functionality into its program. To add a license from within NetWare Administrator, highlight the container for the license that you are going to add. Then choose the Tools menu and select Install License, as shown in Figure 3-9. The remaining dialog boxes are identical to the NLS Manager dialog boxes.

Figure 9: Installing a license using NetWare Administrator

Introduction to Network Security

There are several types of network security. All levels of security share the same goal: to control access to network resources. There are four types of security:

When a User object is created, the properties of the object determine the login security that will be applied to it. Server security is not affected by User object creation. File system security involves rights to files and directories granted to users. NDS security is the granting of object and property rights to users. Both file system security and NDS security are applied immediately to the User object when it is created.

Security for User Objects

For a User object, the Access Control List determines what other objects in Novell Directory Services have rights to it. A User object’s container may affect the rights that are assigned to a user in that container. When a container object has been assigned file system or NDS rights, all objects—either leaf or container objects —automatically inherit the container’s rights. This is called implied security equivalence. When assigning file system rights, the administrator may apply them to the container object so that all new users in that container will receive the same file system rights. The container object has the Read property rights to its own login script. Newly created User objects inherit this so that they may run the container login script. The New User object receives other default rights at creation, as described in Table 3-3. Other objects in the tree receive further rights at the creation of a new user.

Trustee

Rights

[Public]

Browse object rights to the tree [Root] object. This enables a user to browse for the correct context before logging in.
Read property rights to the User’s Default Server property to enable the correct authenticating server at login.
Read property rights to the NetWare server’s network address property, to locate the authenticating server at login.

Note: [Public] trustee rights are available to the user before login.

Container

Read property rights to its own login script, so the script can be run.
Read and File Scan file system rights to SYS:PUBLIC.
Note: Container trustee rights are inherited by the User object after login.

[Root]

Browse object rights to the User object.

New User object

Browse object rights to itself.
Read property rights to all its own property rights.
Read and Write property rights to login script—users are allowed to write their own login scripts.
Read and Write property rights to the Print Job Configuration property for users to manage their own non-NDPS print jobs.
All file system rights to the user’s own home directory, if created.

Table 3: Default Rights at User Object Creation

If an administrator does not want a user to be able to change the user login script or manage print jobs, or have full file system rights to their home directory, then these rights must be revoked after the User object is created.

Login Security

Before logging in, every user is granted some default rights to the NDS tree to enable logging in through the [Public] trustee. The [Public] trustee is unique because it is not an object, but a trustee assignment that is applied to all users, whether logged in or not. If creating a completely non-secured network, further rights can be assigned to the [Public] trustee, and users will not be required to log in at all.

The default properties for a User object do not require any login security. The User object is not required to have a password. An efficient method to apply default login security is to create a template object for the user and establish the login security requirements.

The types of security measures that affect login security are

To set up these options, double-click any User object in the NDS tree that you want to change. The options that apply to intruder detection are in the container object properties. The options that apply to the remainder are in the User object properties, under the following:

Each of these options is available in a Template object. The Template object can be created for each different type of user, such as students and teachers, or for each container object in the tree. If each user is to have identical basic restrictions, the administrator may opt to create a single template for the entire NDS tree. If you’re not using a template and want to have login security, you must edit each individual User object account because login security is not enabled by default.

Certification Summary

NetWare User object management occurs in the NDS tree. The single point of administration for User objects is the NetWare Administrator program, also referred to as NWAdmin. NWAdmin is available in Windows 95, Windows NT, and Client 32 compatible executables.

The User object context is necessary for users to understand their login process. The user’s context is the place where the User object is located in the NDS tree. The User object has a distinguished name that describes the name and context together. The distinguished name can be used from any point in the tree for a user to log in. A relative distinguished name is created when a user traces their User object context to the point in the tree where it shares a container with the current login context. The relative distinguished name is dependent on the other context. Names for User objects can be typeful, including the abbreviations for the object and containers, or typeless, which does not include the abbreviations.

User objects can be created in the NWAdmin programs under the SYS:PUBLIC directory in the Win32, Win95, and WinNT directories. They can also be created using NETADMIN, a DOS menu program; and on the NetWare server console, they can be created using Console One, a Java application that runs on the server. Large numbers of users can be imported directly into the NDS tree using UIMPORT. This is especially helpful if there is an existing database of users.

NetWare has a new licensing structure that is integrated into Novell Directory Services. Licenses are stored in a license container in the NDS tree. Licenses can be installed into the tree using the NLS Manager, or NWAdmin.

There are several aspects to network security: login security, NDS security, file system security, and server security. NDS security is applied through object rights and property rights in the tree. File system security involves rights to files and directories granted to users.

Login security is managed through the properties of the individual User objects that are created, except for intruder detection, which is handled as a property of the container object for end users. Login security involves the following property pages in a User object: Password Restrictions, Network Address Restrictions, Login Restrictions, and Login Time Restrictions.

Two-Minute Drill

Self Test

The following Self-Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully, as there may be more than one correct answer. Choose all correct answers for each question.

  1. If the User object naming convention is the first four letters of a user’s first name concatenated with the first four letters of their last name, and the user is named Justine Herfurth, what is the login name?
    1. JHerfurth
    2. JustineH
    3. JustHerf
    4. Justine
  2. What is a context?
    1. The location in the NDS tree
    2. A workstation
    3. The network segment
    4. The Organizational Unit
  3. When logging in to the tree, what information is required for NDS to find the User object?
    1. The login time restriction
    2. Intruder detection policies
    3. Default printer object
    4. The User object’s context
  4. What makes up a distinguished name?
    1. The abbreviations for each object described, including an equals sign (=)
    2. No abbreviations included
    3. A leading period and the username, then each container object until the [Root] is reached, each separated by periods
    4. No leading period, the username, and each container object until the [Root] of the current context and the User object context are reached, each separated by periods, and ending in a period
  5. What is a relative distinguished name?
    1. The abbreviations for each object described, including an equals sign (=)
    2. No abbreviations included
    3. A leading period and the username, then each container object until the [Root] is reached, each separated by periods
    4. No leading period, the username, and each container object until the [Root] of the current context and the User object context are reached, each separated by periods, and ending in a period
  6. What is a typeful name?
    1. The abbreviations for each object described, including an equals sign (=)
    2. No abbreviations included
    3. A leading period and the username, then each container object until the [Root] is reached, each separated by periods
    4. No leading period, the username, and each container object until the [Root] of the current context and the User object context are reached, each separated by periods, and ending in a period
  7. What is a typeless name?
    1. The abbreviations for each object described, including an equals sign (=)
    2. No abbreviations included
    3. A leading period and the username, then each container object until the [Root] is reached, each separated by periods
    4. No leading period, the username, and each container object until the [Root] of the current context and the User object context are reached, each separated by periods, and ending in a period
  8. True or False. User objects can be created and managed at the server console.
    1. True
    2. False
  9. Which of the following is a NetWare Administrator program that lists the NDS objects in a tree structure?
    1. SYS:PUBLIC\WIN32\NLSMAN32.EXE
    2. SYS:PUBLIC\NLIST.EXE
    3. SYS:SYSTEM\SERVER.EXE
    4. SYS:PUBLIC\WIN32\NWADMN32.EXE
  10. Which option in the NDS administration utility for DOS, NETADMIN, is used to initiate User object creation?
    1. Change Context
    2. Insert User Object
    3. Manage Objects
    4. Install User
  11. Which of the following statements is false?
    1. Console One is a Java utility.
    2. Console One can view the NDS tree only of the server it is running on.
    3. Console One runs on a NetWare 5 server console.
    4. Console One can manage User objects, groups, and containers.
  12. What is UIMPORT used for?
    1. Importing a large number of users from an existing database to NDS
    2. Migrating a NetWare 3.x server to NetWare 5
    3. Importing utilities into NetWare that normally run under Windows NT
    4. Importing unused licenses from one context to another
  13. Which of the following are steps for importing users with UIMPORT?
    1. Run the data file and control file against UIMPORT.
    2. Edit the NDS tree properties to accept UIMPORT data.
    3. Extract data into a delimited ASCII text file from the existing user database.
    4. Generate a control file describing the fields in the data file.
  14. What does NLS provide?
    1. NetWare Login Security—a single administration point for login and intruder detection
    2. NetWare License Services—a single administration point for handling licenses for NetWare and NetWare products
    3. Novell Logic Services—a database engine for User object creation
    4. Novell Login Services—the ability to log in from any context
  15. What can an administrator do, if she wants all users in a container to have identical NDS object, NDS property, and file system rights?
    1. Edit each User object to add the rights
    2. Apply the rights to the [Public] trustee
    3. Apply the rights to the container object where the users are located
    4. Apply the rights to the [Root]
Backward Forward
Chapter: 1 | 2 | 3 | 4 | 5 | 6