|
Document revision date: 28 June 1999
|
![[Compaq]](../../images/compaq.gif) |
![[Go to the documentation home page]](../../images/buttons/bn_site_home.gif)
![[How to order documentation]](../../images/buttons/bn_order_docs.gif)
![[Help on this site]](../../images/buttons/bn_site_help.gif)
![[How to contact us]](../../images/buttons/bn_comments.gif)
|
![[OpenVMS documentation]](../../images/ovmsdoc_sec_head.gif)
|
Advanced Server for OpenVMS
Commands Reference
Manual
SET COMPUTER
Sets the role of the server in the domain and controls domain
synchronization.
Format
SET COMPUTER computer-name [/qualifiers]
restrictions
Use of this command requires membership in the Administrators local
group.
Related Commands
Parameters
computer-name
Specifies the name of the computer whose attributes are to be affected.
Qualifiers
/ACCOUNT_SYNCHRONIZE
When used on the primary domain controller of a domain, causes all
backup domain controllers and member servers to synchronize their
accounts databases with the primary domain controller. When used on a
backup domain controller or member server, causes only that computer to
synchronize with the primary domain controller.
/AUTOSHARE_SYNCHRONIZE
Causes the computer to synchronize its list of autoshares. This
qualifier is valid only to OpenVMS servers.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the
operation is performed. The default is /CONFIRM if running in
interactive mode. When the prompt is issued, the default response is
shown, and you may accept the default by pressing Return or Enter. If
you type YES, TRUE, or 1, the operation is performed. If you type NO,
FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything
else, the prompt is repeated until you type an acceptable response. No
prompt for confirmation is issued if running in batch mode.
/DESCRIPTION=string
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the computer. Enclose the string in quotation marks
to preserve case (the default is uppercase). /NODESCRIPTION indicates
that the description is to be blank.
/ROLE=role-type
Sets the computer's role in the network to be either a primary or
backup domain controller. The role-type can be either
PRIMARY_DOMAIN_CONTROLLER or BACKUP_DOMAIN_CONTROLLER.
Only a computer whose current role is backup domain controller can have
its role changed to primary domain controller. When this occurs, the
existing primary domain controller (if it is available to the network)
will automatically be demoted to backup domain controller.
A primary domain controller can only have its role changed to backup
domain controller if another computer in the domain is acting as the
current primary domain controller. This could happen if a backup domain
controller was promoted to primary domain controller while the original
primary domain controller was not available to the network. When the
original primary domain controller is restarted, use this command to
explicitly demote it to backup domain controller.
Examples
| #1 |
LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE
%PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful
|
This example causes the computer TINMAN to resynchronize its list of
autoshares.
| #2 |
LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/ACCOUNT_SYNCHRONIZE
Resynchronizing the "LANDOFOZ" domain may take a few minutes.
Do you want to continue with the synchronization [YES or NO] (YES) :
%PWRK-S-ACCSYNCHED, account synchronization was successful
|
This example synchronizes the accounts databases on all backup domain
controllers in the LANDOFOZ domain, with the primary domain controller
TINMAN.
| #3 |
LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ACCOUNT_SYNCHRONIZE
Resynchronizing "DOROTHY" with its Primary Domain Controller "TINMAN"
may take a few minutes. After the synchronization has completed, you
should check the Event Logs on "DOROTHY" and "TINMAN" to determine
whether synchronization was successful.
Do you want to continue with the synchronization [YES or NO] (YES) :
%PWRK-S-ACCSYNCHED, account synchronization was successful
|
This example synchronizes the accounts database on the backup domain
controller DOROTHY, with its primary domain controller TINMAN.
| #4 |
LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ROLE=PRIMARY_DOMAIN_CONTROLLER
Promoting "DOROTHY" to a Primary Domain Controller may take a few minutes.
Do you want to continue with the promotion [YES or NO] (YES) :
%PWRK-I-ROLESYNC, synchronizing "DOROTHY" with its primary
%PWRK-I-ROLENLSTOP, stopping the Net Logon service on "DOROTHY"
%PWRK-I-ROLENLSTOP, stopping the Net Logon service on "TINMAN"
%PWRK-I-ROLECHANGE, changing "TINMAN"'s role to Backup Domain Controller
%PWRK-I-ROLECHANGE, changing "DOROTHY"'s role to Primary Domain Controller
%PWRK-I-ROLENLSTART, starting the Net Logon service on "DOROTHY"
%PWRK-I-ROLENLSTART, starting the Net Logon service on "TINMAN"
%PWRK-S-ROLECHANGED, the computers role was successfully changed
|
This example sets the backup domain controller named DOROTHY to be the
primary domain controller in its domain. The current primary domain
controller, TINMAN, is demoted to a backup domain controller.
SET FILE
Sets or modifies auditing or permissions on directories and files
within a shared directory.
Format
SET FILE path [[domain-name\]name[,...]]
[/qualifiers]
restrictions
Use of this command does not require special group membership. However,
you must have read permission to the files and directories you modify.
Related Commands
Parameters
path
Specifies the UNC (Universal Naming Convention) path to the directory
or file for which to set auditing or permission information.
[domain-name\]name
The name specifies one or more users or groups for which to
set auditing or permissions.
You can specify users or groups in the domain being administered or in
a trusted domain. To specify a user account or global group in a
trusted domain, enter a domain-qualified name
(domain-name\name), such as KANSAS\DOLE, where KANSAS is the
name of the trusted domain, and DOLE is the user or group name defined
in the trusted domain. If you omit the domain name, the user account or
group is assumed to be defined in the domain of the server currently
being administered.
To remove all auditing information or permissions for all users and
groups from the specified directory or files, omit the list of names
and use the /REMOVE qualifier to remove the desired information. If you
specify a user or group, you must include the /AUDIT, /PERMISSIONS or
/REMOVE qualifiers to specify an action to perform.
Qualifiers
/APPLY_TO=(option[,...])
Controls how existing files and other subdirectories are affected by
the change in attributes. This qualifier is only valid if path
specifies a directory. By default, the change in attributes is
applied to the specified directory, and its existing files only. You
use the /APPLY_TO qualifier to change this default behavior. The
option keyword can be one or more of the following:
| Option |
Description |
|
[NO]FILES
|
FILES applies changes to existing files in the directory and to the
directory itself. NOFILES applies changes only to the directory itself.
Changes are not applied to existing files in the directory. NOFILES is
the default.
|
|
[NO]SUBDIRECTORIES
|
|
|
SUBDIRECTORIES applies changes to all existing subdirectories under the
directory and to the directory itself. If you also specify FILES, the
changes apply to the existing files in the subdirectories as well.
NOSUBDIRECTORIES prevents changes from being applied to subdirectories
under the directory. NOSUBDIRECTORIES is the default.
|
/AUDIT=(audit-type[=(event[,...])][,...])
Specifies a list of events to set or clear for auditing. The /AUDIT
qualifier is position-sensitive: if specified before any name values,
it applies to all names in the list which do not have explicit /AUDIT
values of their own; otherwise it pertains only to the name on which it
is specified. The audit-type keyword can be one or more of the
following:
| Audit-Type |
Description |
|
NONE
|
Disables auditing of all failure and success events. Cannot be
specified with the FAILURE or SUCCESS audit-types.
|
|
FAILURE
|
Sets audit failure events.
|
|
SUCCESS
|
Sets audit success events.
|
The FAILURE and SUCCESS audit-types are used to specify which
failure and success audit events are to be enabled or disabled. Precede
an event type with NO to disable auditing of that event. The event
keyword can be one or more of the following:
| Event |
Description |
|
ALL
|
Audits all events.
|
|
NONE
|
No events will be audited.
|
|
[NO]READ
|
For directories, audits display of file names, attributes, permissions,
and owner. For files, audits display of file's data, attributes,
permissions, and owner.
|
|
[NO]WRITE
|
For directories, audits creation of subdirectories and files, changes
to attributes, and display of permissions and owner. For files, audits
changes to the file's data or attributes, and display of permissions
and owner.
|
|
[NO]EXECUTE
|
For directories, audits display of attributes, permissions, and owner,
and changing to subdirectories. For files, audits running of program
files and display of attributes, permissions, and owner.
|
|
[NO]DELETE
|
Audits deletion of the directory or file.
|
|
[NO]CHANGE_PERMISSIONS
|
|
|
Audits changes to permissions for a directory or file.
|
|
[NO]TAKE_OWNERSHIP
|
|
|
Audits changes in ownership of a directory or file.
|
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before removing
all permissions from a directory or files. The default is /CONFIRM if
running in interactive mode. When the prompt is issued, the default
response is shown, and you may accept the default by pressing Return or
Enter. If you type YES, TRUE, or 1, the operation is performed. If you
type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type
anything else, the prompt is repeated until you type an acceptable
response. No prompt for confirmation is issued if running in batch mode.
/LOG
/NOLOG
Controls whether the SET FILE command displays the file specifications
of each file after its attributes have been modified. The default is to
display all files modified.
/PERMISSIONS=(access-type[,...])
Sets or modifies access permissions on a directory or file. The
/PERMISSIONS qualifier is position-sensitive: if specified before any
name parameters, it applies to all names in the list that do not have
explicit /PERMISSIONS values of their own; otherwise it pertains only
to the name on which it is specified. The access-type is the
type of access to be granted.
All permissions can be removed by using the /REMOVE=PERMISSIONS
qualifier without specifying a name. If you remove all permissions from
a directory or file, no one will be able to access it, and only the
owner will be able to change the permissions.
If path specifies a directory, the
access-type keyword can be one of the following:
| Directory Access Type |
Description |
|
NONE
|
Prevents any access to the directory or any of its files.
|
|
LIST
|
Allows viewing file names and subdirectory names, and changing to the
directory's subdirectories. Disallows access to files unless granted by
other directory or file permissions.
|
|
READ
|
Allows viewing file names and subdirectory names, changing to the
directory's subdirectories, and viewing data in files and running
applications.
|
|
ADD
|
Allows adding files and subdirectories to the directory. Disallows
access to files unless granted by other directory or file permissions.
|
|
ADD_AND_READ
|
|
|
Allows viewing file names and subdirectory names, changing to the
directory's subdirectories, viewing data in files and running
applications, and adding files and subdirectories to the directory.
|
|
CHANGE
|
Allows viewing file names and subdirectory names, changing to the
directory's subdirectories, viewing data in files and running
applications, adding files and subdirectories to the directory,
changing data in files, and deleting the directory and its files.
|
|
FULL
|
Allows viewing file names and subdirectory names, changing to the
directory's subdirectories, viewing data in files and running
applications, adding files and subdirectories to the directory,
changing data in files, deleting the directory and its files, changing
permissions on the directory and its files, and taking ownership of the
directory and its files.
|
|
DIRECTORY_SPECIFIC=(
access[,...])
|
|
|
Grants specific access rights to the directory. The
access keyword can be one or more of the following:
| Access |
Description |
|
FULL
|
Allows complete access to the directory.
|
|
NONE
|
Allows no access to the directory.
|
|
READ
|
Allows viewing the names of files and subdirectories.
|
|
WRITE
|
Allows adding files and subdirectories.
|
|
EXECUTE
|
Allows changing to subdirectories in the directory.
|
|
DELETE
|
Allows deleting the directory.
|
|
CHANGE_PERMISSIONS
|
|
|
Allows changing the directory permissions.
|
|
TAKE_OWNERSHIP
|
|
|
Allows taking ownership of the directory.
|
|
|
FILE_SPECIFIC=(
access[,...])
|
|
|
Grants specific access rights to the files in the directory. The
access keyword can be one or more of the following:
| Access |
Description |
|
NOT_SPECIFIED
|
Indicates that no file-specific access permissions are specified.
Cannot be used with any other access permission.
|
|
FULL
|
Allows complete access to the file and its data.
|
|
NONE
|
Allows no access to the file.
|
|
READ
|
Allows viewing the file's data.
|
|
WRITE
|
Allows changing the file's data.
|
|
EXECUTE
|
Allows running the file if it is a program file.
|
|
DELETE
|
Allows deleting the file.
|
|
CHANGE_PERMISSIONS
|
|
|
Allows changing the file's permissions.
|
|
TAKE_OWNERSHIP
|
|
|
Allows taking ownership of the file.
|
|
If path specifies a file, the access-type
keyword can be one of the following:
| Directory Access Type |
Description |
|
NONE
|
Prevents any access to the file. Specifying no access for a user
prevents access even if that user belongs to a group that has access to
the file.
|
|
READ
|
Allows viewing the file's data and running the file if it is a program.
|
|
CHANGE
|
Allows viewing the file's data, running the file if it is a program,
changing the data in the file, and deleting the file.
|
|
FULL
|
Allows viewing the file's data, running the file if it is a program,
changing the data in the file, deleting the file, changing permissions
on the file, and taking ownership of the file.
|
|
FILE_SPECIFIC=(
access[,...])
|
|
|
Grants specific access rights to the file. The
access keyword can be one or more of the following:
| Access |
Description |
|
FULL
|
Allows complete access to the file and its data.
|
|
NONE
|
Allows no access to the file.
|
|
READ
|
Allows viewing the file's data.
|
|
WRITE
|
Allows changing the file's data.
|
|
EXECUTE
|
Allows running the file if it is a program file.
|
|
DELETE
|
Allows deleting the file.
|
|
CHANGE_PERMISSIONS
|
|
|
Allows changing the file's permissions.
|
|
TAKE_OWNERSHIP
|
|
|
Allows taking ownership of the file.
|
|
/REMOVE=(attribute[,...])
Removes a given attribute from the directory or file specified by path.
The /REMOVE qualifier is position sensitive: if specified before any
name values, it applies to all names in the list that do not have
explicit /REMOVE values of their own; otherwise it pertains only to the
name after which it is specified. The attribute keyword can be
one or more of the following:
| Attribute |
Description |
|
AUDIT
|
Removes all auditing information for the specified directory or file.
|
|
PERMISSIONS
|
Removes all permission information for the specified directory or file.
|
For any given name, the /PERMISSIONS qualifier overrides the
/REMOVE=PERMISSIONS qualifier, and the /AUDIT qualifier overrides the
/REMOVE=AUDIT qualifier.
/SERVER=server-name
Specifies the name of the server on which to set directory or file
permissions. The default is the server currently being administered.
Examples
| #1 |
LANDOFOZ\\TINMAN> SET FILE STATES\KANSAS -
_LANDOFOZ\\TINMAN> MUNCHKINS/AUDIT=(SUCCESS=DELETE)
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\MYPROG.EXE" modified
%PWRK-S-FILESMODIFIED, total of 4 files modified
|
This example sets auditing for all successful deletions done by members
of the group MUNCHKINS to the directory, subdirectories and files of
the shared directory KANSAS in the share called STATES that resides on
the server currently being administered (TINMAN).
| #2 |
LANDOFOZ\\TINMAN> SET FILE/PERMISSIONS=READ STATES\KANSAS\*.DAT -
_LANDOFOZ\\TINMAN> MUNCHKINS,WIZARD,SCARECROW/PERMISSIONS=FULL
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
%PWRK-S-FILESMODIFIED, total of 2 files modified
|
This example grants the group MUNCHKINS and the user WIZARD, READ
access, and the user SCARECROW FULL access to all .DAT files in the
shared directory KANSAS in the share called STATES that resides on the
server currently being administered (TINMAN).