Document revision date: 30 March 2001 | |
Previous | Contents | Index |
Sets the role of the server in the domain and controls domain synchronization.
SET COMPUTER computer-name [/qualifiers]
Use of this command requires membership in the Administrators local group.
ADD COMPUTER
REMOVE COMPUTER
SHOW COMPUTERS
computer-name
Specifies the name of the computer whose attributes are to be affected.
/ACCOUNT_SYNCHRONIZE
Normally, synchronization of primary domain controller (PDC) and backup domain controller (BDC) security/accounts databases occurs without user intervention. Use the SET COMPUTER command with the /ACCOUNT_SYNCHRONIZE qualifier in those rare circumstances when PDC and BDC databases get out of synchronization.If you specify the PDC of a domain with the SET COMPUTER command, /ACCOUNT_SYNCHRONIZE causes the PDC to send a synchronize status message to all BDCs in the domain. (Normally, the PDC sends synchronize status messages to all BDCs in the domain at regular intervals.) Each BDC that receives the status message uses it to determine whether its databases are synchronized with the PDC's databases. If the status message indicates to a BDC that the PDC's databases contain changes that are not represented in the BDC's databases, the BDC will request a partial synchronization. The PDC sends the BDC only those database elements that were changed since the last time the BDC received a status message.
If you specify the BDC with the SET COMPUTER command,
/ACCOUNT_SYNCHRONIZE causes the BDC to request a full synchronization.Do not specify a member server with the
SET COMPUTER/ACCOUNT_SYNCHRONIZE command./AUTOSHARE_SYNCHRONIZE
Causes the computer to synchronize its list of autoshares. This qualifier is valid only to Compaq OpenVMS servers./CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive information about the computer. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION indicates that the description is to be blank./ROLE=role-type
Sets the computer's role in the network to be either a primary or backup domain controller. The role-type can be either PRIMARY_DOMAIN_CONTROLLER or BACKUP_DOMAIN_CONTROLLER.Only a computer whose current role is backup domain controller can have its role changed to primary domain controller. When this occurs, the existing primary domain controller (if it is available to the network) will automatically be demoted to backup domain controller.
A primary domain controller can only have its role changed to backup domain controller if another computer in the domain is acting as the current primary domain controller. This could happen if a backup domain controller was promoted to primary domain controller while the original primary domain controller was not available to the network. When the original primary domain controller is restarted, use this command to explicitly demote it to backup domain controller.
Do not use the SET COMPUTER/ROLE command to change the role of an Advanced Server domain controller to a member server, or vice versa. Use the SYS$UPDATE:PWRK$CONFIG command procedure.
#1 |
---|
LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE %PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful |
This example causes the computer TINMAN to resynchronize its list of autoshares.
#2 |
---|
LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/ACCOUNT_SYNCHRONIZE Resynchronizing the "LANDOFOZ" domain may take a few minutes. Do you want to continue with the synchronization [YES or NO] (YES) : %PWRK-S-ACCSYNCHED, account synchronization was successful |
This example synchronizes the accounts databases on all backup domain controllers in the LANDOFOZ domain, with the primary domain controller TINMAN.
#3 |
---|
LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ACCOUNT_SYNCHRONIZE Resynchronizing "DOROTHY" with its Primary Domain Controller "TINMAN" may take a few minutes. After the synchronization has completed, you should check the Event Logs on "DOROTHY" and "TINMAN" to determine whether synchronization was successful. Do you want to continue with the synchronization [YES or NO] (YES) : %PWRK-S-ACCSYNCHED, account synchronization was successful |
This example synchronizes the accounts database on the backup domain controller DOROTHY, with its primary domain controller TINMAN.
#4 |
---|
LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ROLE=PRIMARY_DOMAIN_CONTROLLER Promoting "DOROTHY" to a Primary Domain Controller may take a few minutes. Do you want to continue with the promotion [YES or NO] (YES) : %PWRK-I-ROLESYNC, synchronizing "DOROTHY" with its primary %PWRK-I-ROLENLSTOP, stopping the Net Logon service on "DOROTHY" %PWRK-I-ROLENLSTOP, stopping the Net Logon service on "TINMAN" %PWRK-I-ROLECHANGE, changing "TINMAN"'s role to Backup Domain Controller %PWRK-I-ROLECHANGE, changing "DOROTHY"'s role to Primary Domain Controller %PWRK-I-ROLENLSTART, starting the Net Logon service on "DOROTHY" %PWRK-I-ROLENLSTART, starting the Net Logon service on "TINMAN" %PWRK-S-ROLECHANGED, the computers role was successfully changed |
This example sets the backup domain controller named DOROTHY to be the primary domain controller in its domain. The current primary domain controller, TINMAN, is demoted to a backup domain controller.
Sets or modifies auditing or permissions on directories and files within a shared directory.
SET FILE path [[domain-name\]name[,...]] [/qualifiers]
Use of this command does not require special group membership. However, you must have read permission to the files and directories you modify.
SHOW FILES
SHOW OPEN_FILES
path
Specifies the UNC (Universal Naming Convention) path to the directory or file for which to set auditing or permission information.[domain-name\]name
The name specifies one or more users or groups for which to set auditing or permissions.You can specify users or groups in the domain being administered or in a trusted domain. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain of the server currently being administered.
To remove all auditing information or permissions for all users and groups from the specified directory or files, omit the list of names and use the /REMOVE qualifier to remove the desired information. If you specify a user or group, you must include the /AUDIT, /PERMISSIONS or /REMOVE qualifiers to specify an action to perform.
/APPLY_TO=(option[,...])
Controls how existing files and other subdirectories are affected by the change in attributes. This qualifier is only valid if path specifies a directory. By default, the change in attributes is applied to the specified directory, and its existing files only. You use the /APPLY_TO qualifier to change this default behavior. The option keyword can be one or more of the following:
Option Description [NO]FILES FILES applies changes to existing files in the directory and to the directory itself. NOFILES applies changes only to the directory itself. Changes are not applied to existing files in the directory. NOFILES is the default. [NO]SUBDIRECTORIES SUBDIRECTORIES applies changes to all existing subdirectories under the directory and to the directory itself. If you also specify FILES, the changes apply to the existing files in the subdirectories as well. NOSUBDIRECTORIES prevents changes from being applied to subdirectories under the directory. NOSUBDIRECTORIES is the default. /AUDIT=(audit-type[=(event[,...])][,...])
Specifies a list of events to set or clear for auditing. The /AUDIT qualifier is position-sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /AUDIT values of their own; otherwise it pertains only to the name on which it is specified. The audit-type keyword can be one or more of the following:
Audit-Type Description NONE Disables auditing of all failure and success events; cannot be specified with the FAILURE or SUCCESS audit-types FAILURE Sets audit failure events SUCCESS Sets audit success events The FAILURE and SUCCESS audit-types are used to specify which failure and success audit events are to be enabled or disabled. Precede an event type with NO to disable auditing of that event. The event keyword can be one or more of the following:
Event Description ALL Audits all events. NONE No events will be audited. [NO]READ For directories, audits display of file names, attributes, permissions, and owner. For files, audits display of file's data, attributes, permissions, and owner. [NO]WRITE For directories, audits creation of subdirectories and files, changes to attributes, and display of permissions and owner. For files, audits changes to the file's data or attributes, and display of permissions and owner. [NO]EXECUTE For directories, audits display of attributes, permissions, and owner, and changing to subdirectories. For files, audits running of program files and display of attributes, permissions, and owner. [NO]DELETE Audits deletion of the directory or file. [NO]CHANGE_PERMISSIONS Audits changes to permissions for a directory or file. [NO]TAKE_OWNERSHIP Audits changes in ownership of a directory or file. /CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before removing all permissions from a directory or files. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./LOG
/NOLOG
Controls whether the SET FILE command displays the file specifications of each file after its attributes have been modified. The default is to display all files modified./PERMISSIONS=(access-type[,...])
Sets or modifies access permissions on a directory or file. The /PERMISSIONS qualifier is position-sensitive: if specified before any name parameters, it applies to all names in the list that do not have explicit /PERMISSIONS values of their own; otherwise it pertains only to the name on which it is specified. The access-type is the type of access to be granted.All permissions can be removed by using the /REMOVE=PERMISSIONS qualifier without specifying a name. If you remove all permissions from a directory or file, no one will be able to access it, and only the owner will be able to change the permissions.
If path specifies a directory, the access-type keyword can be one of the following:
Directory Access Type Description NONE Prevents any access to the directory or any of its files. LIST Allows viewing file names and subdirectory names, and changing to the directory's subdirectories. Disallows access to files unless granted by other directory or file permissions. READ Allows viewing file names and subdirectory names, changing to the directory's subdirectories, and viewing data in files and running applications. ADD Allows adding files and subdirectories to the directory. Disallows access to files unless granted by other directory or file permissions. ADD_AND_READ Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, and adding files and subdirectories to the directory. CHANGE Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, and deleting the directory and its files. FULL Allows viewing file names and subdirectory names, changing to the directory's subdirectories, viewing data in files and running applications, adding files and subdirectories to the directory, changing data in files, deleting the directory and its files, changing permissions on the directory and its files, and taking ownership of the directory and its files. DIRECTORY_SPECIFIC=( access[,...]) Grants specific access rights to the directory. The access keyword can be one or more of the following:
Access Description FULL Allows complete access to the directory NONE Allows no access to the directory READ Allows viewing the names of files and subdirectories WRITE Allows adding files and subdirectories EXECUTE Allows changing to subdirectories in the directory DELETE Allows deleting the directory CHANGE_PERMISSIONS Allows changing the directory permissions TAKE_OWNERSHIP Allows taking ownership of the directory FILE_SPECIFIC=( access[,...]) Grants specific access rights to the files in the directory. The access keyword can be one or more of the following:
Access Description NOT_SPECIFIED Indicates that no file-specific access permissions are specified; cannot be used with any other access permission FULL Allows complete access to the file and its data NONE Allows no access to the file READ Allows viewing the file's data WRITE Allows changing the file's data EXECUTE Allows running the file if it is a program file DELETE Allows deleting the file CHANGE_PERMISSIONS Allows changing the file's permissions TAKE_OWNERSHIP Allows taking ownership of the file If path specifies a file, the access-type keyword can be one of the following:
Directory Access Type Description NONE Prevents any access to the file. Specifying no access for a user prevents access even if that user belongs to a group that has access to the file. READ Allows viewing the file's data and running the file if it is a program. CHANGE Allows viewing the file's data, running the file if it is a program, changing the data in the file, and deleting the file. FULL Allows viewing the file's data, running the file if it is a program, changing the data in the file, deleting the file, changing permissions on the file, and taking ownership of the file. FILE_SPECIFIC=( access[,...]) Grants specific access rights to the file. The access keyword can be one or more of the following:
Access Description FULL Allows complete access to the file and its data NONE Allows no access to the file READ Allows viewing the file's data WRITE Allows changing the file's data EXECUTE Allows running the file if it is a program file DELETE Allows deleting the file CHANGE_PERMISSIONS Allows changing the file's permissions TAKE_OWNERSHIP Allows taking ownership of the file /REMOVE=(attribute[,...])
Removes a given attribute from the directory or file specified by path. The /REMOVE qualifier is position sensitive: if specified before any name values, it applies to all names in the list that do not have explicit /REMOVE values of their own; otherwise it pertains only to the name after which it is specified. The attribute keyword can be one or more of the following:
Attribute Description AUDIT Removes all auditing information for the specified directory or file PERMISSIONS Removes all permission information for the specified directory or file For any given name, the /PERMISSIONS qualifier overrides the /REMOVE=PERMISSIONS qualifier, and the /AUDIT qualifier overrides the /REMOVE=AUDIT qualifier.
/SERVER=server-name
Specifies the name of the server on which to set directory or file permissions. The default is the server currently being administered.
#1 |
---|
LANDOFOZ\\TINMAN> SET FILE STATES\KANSAS - _LANDOFOZ\\TINMAN> MUNCHKINS/AUDIT=(SUCCESS=DELETE) %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\" modified %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\MYPROG.EXE" modified %PWRK-S-FILESMODIFIED, total of 4 files modified |
This example sets auditing for all successful deletions done by members of the group MUNCHKINS to the directory, subdirectories and files of the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).
#2 |
---|
LANDOFOZ\\TINMAN> SET FILE/PERMISSIONS=READ STATES\KANSAS\*.DAT - _LANDOFOZ\\TINMAN> MUNCHKINS,WIZARD,SCARECROW/PERMISSIONS=FULL %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified %PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified %PWRK-S-FILESMODIFIED, total of 2 files modified |
This example grants the group MUNCHKINS and the user WIZARD, READ access, and the user SCARECROW FULL access to all .DAT files in the shared directory KANSAS in the share called STATES that resides on the server currently being administered (TINMAN).
Previous | Next | Contents | Index |
privacy and legal statement | ||
6544PRO_8.HTML |