Posted by Jim Guerber on September 15, 2006 at 19:42:15:
In Reply to: How to setup user with no rights to server posted by James Cox on September 14, 2006 at 10:38:52:
A brief Tutorial about CometServe32 Folder security.
CometServe32 is built so that users are not required to have windows access to the Comet Directories. Moreover, we recommend that users not have access to ANY folder on the server.
CometServe32 and the Comet Security server use a proprietary compressed/encrypted protocol. This protocol is conducted through the Signature System's tcp/ip ports of 11750-11759. It has nothing to do with other windows' program file access. Moreover, as far as Comet is concerned, file and printer sharing can be turned off on this server.
So, how do you get access to the comet executables and configuration files? Well, designate some other machine in the network as the "Comet Executable Server". This may as well be a user machine. Users must have windows access to this shared directory, but they need read only access. When Comet is installed on this particular machine, the "Standalone Workstation or Network Server" Installation type should be selected. On all other user machines, the "Network Workstation" type should be chosen. This folder MAY be a mapped network drive.
Here is an example with Comet.ini file notes.
Suppose the server programs reside on a computer named "server". One of the user machines is designated as the Comet executable server -- let's call it "user00". All other user machines will be configured identically. Lets designate one of these machines as "user01".
The Cometserve services are installed on "server".
Comet standalone workstation is installed on user00 in folder "c:\comet". This folder is shared (read only) to all users as "comet" -- its UNC name then becomes "\\user00\comet".
So, on machine "user01", make a shortcut to comet.exe on this folder with appropriate /pn= arg. This is the "target=" part of the shortcut. The only file that must reside in the "start in" folder is the node.cfg file produced by sysgen. This file could reside on the user00 machine, or the user01 machine. Some versions of windows do not allow UNC names as start-in folders. In that case, make a network drive pointing to user00, or copy the file to the local machine.
When Comet loads, it will copy all of the executable files to a temp folder on the local machine. The Comet executables then read the configuration information from the node.cfg file. At this point no further connection is needed to the user00 machine. In fact no Windows file system connection is needed at all.
Now for the contents of that node.cfg file. That file has been produced by the administrator from the comet.ini file by way of the sysgen program.
Here is an excerpt from such an ini file:
[SITE]
Server = N00,TCP,L,192.168.1.120;
.
.
[NODE]
Server = N00,sc;
.
.
.
[DIRECTORIES]
;
; TEST DIRECTORIES
;
00 = c ,$(catemp);
01 = c ,\\Server\d$\comet\temp1\;
02 = c ,\\Server\d$\comet\TEMP2\;
03 = c ,\\Server\d$\comet\TEMP3\;
04 = c ,\\Server\d$\comet\TEMP\;
05 = c ,\\Server\d$\comet\SGD\;
06 = c ,\\Server\d$\comet\INV\;
07 = c ,\\Server\d$\comet\XAP\;
08 = c ,\\Server\d$\comet\SRC\;
09 = c ,\\Server\d$\comet\WWW\;
;
; COMET REGULARS
;
10 = c ,\\Server\d$\comet\REL\;
11 = c ,\\Server\d$\comet\COS\;
12 = c ,\\Server\d$\comet\RAM\;
13 = c ,\\Server\d$\comet\UTL\;
14 = c ,\\Server\d$\comet\CED\;
15 = c ,\\Server\d$\comet\WDL\;
16 = c ,\\Server\d$\comet\DMW\;
17 = c ,\\Server\d$\comet\DLG\;
18 = c ,\\Server\d$\comet\SPL\;
19 = c ,\\Server\d$\comet\UTR\;
Notes:
Notice that the numeric ip address is used for the server in the [site] section. CometServe32/cfam can deal with a name such as "server", but the protocol to the security server requires an ip address.
All Windows servers have shares automatically configured for each disk drive. These shares are invisible since they end in a $. So, if you configure your Comet directories as shown above, CometServe will find them even though there is no explicit share defined other than the window's default ones. On the server the folder appearing as "d:\comet\rel" would be described in UNC terms as "\\server\d$\comet\rel".