As an administrator, you have a number of options available to you to manage users in networks. Management functions for users include such basic tasks as:
Adding and deleting users and StreetTalk names Configuring user profiles Renaming Users Establishing and changing passwords
You can also assign users nicknames, log them in and out of the network, and rename them, depending on your needs.
Default values are assigned to users in the following circumstances:
When the first server is installed In a user's sample profile applicable when the user is added to a StreetTalk group In a user's default mail service settings when the user is added to a StreetTalk group In a user's default drive Z assigned each time he or she logs onto the network
When the first server in the network is installed, the system software creates a user profile for the first user and a sample profile for the first group.
The first user is assigned the name of the system administrator logged in during startup. This user has full system administrator privileges and belongs to the two AdminLists that are created on the first server, AdminList@firstgroup@first-org and AdminList@servername@Servers.
The sample profile for the first group on the first server installed in a network contains settings and drive mappings for any services created during the installation. Administrators may use this profile for any users they add to this group.
The following default mail settings are established for each user:
Mail delivery is enabled. The maximum number of messages a user's mailbox can contain is set to 10,000. With StreetTalk Explorer, you can set the maximum number of messages to 16,000 for user mailboxes on Intelligent Messaging 4.0 running on VINES servers. The use of wildcards in address fields is unrestricted.
This section describes guidelines and procedures for adding users to StreetTalk. Users can be added from dialog boxes, menus or from the DOS or OS/2 system prompt.
When you add a user, you must provide the user's StreetTalk name and profile information. In addition, you can give users nicknames, descriptions, and passwords, as well as assign them expiration dates that limit their access to the network.
To add, delete, or manage a user, you must be a member of the AdminList of the group where the user is maintained.
From StreetTalk Explorer:
Click the New User icon and provide the required information in the New User dialog box. The entry fields in the New User Window and their functions are described in the following sections.
Introduction to StreetTalk Explorer describes StreetTalk Explorer.
From the System Prompt:
To add a user, select ADD A User from the Manage Users menu and enter the appropriate information into the menu. You must enter at least the user' s StreetTalk name into this menu. Assignments for user descriptions, nicknames, passwords, and expiration dates can be made later through the Manage A User menu.
The entry fields in the Add A User menu and their functions are described in the following sections.
StreetTalk Name
The StreetTalk name field gives the user a name. The item name for a user is a maximum of 31 characters. It can include letters, numbers, spaces, apostrophes, and other punctuation.
If you specify just the user' s item name, StreetTalk appends the group and organization you are currently working from by default. You can also specify a full StreetTalk name. See Chapter 3 for more information on the structure of names, spelling rules, and reserved characters.
StreetTalk gives you great flexibility in creating item names. However, try to create names that are easy for users to remember. For example, for Frederick A. Brooks, create the item name Fred Brooks if that is how people normally refer to him.
Names are enabled once they are added to StreetTalk. However, they can be disabled and enabled again. When you disable a name, no one can log in using that name. Disabling a name is useful when creating template profiles or for security reasons.
Description
The Description field identifies a user' s title or other relevant information. Information entered in this field appears in the description field of STDA client programs, which provide access to StreetTalk information through mail. You can enter a maximum of 63 characters into the Description field.
Nickname
The Nickname field lets you define an alias for a user' s full StreetTalk name. These aliases can then be used in Banyan Intelligent Messaging or in lists in place of a user' s full name.
When you use a nickname, StreetTalk automatically points to the full StreetTalk name. If you just specify the item portion of the nickname, StreetTalk appends the default group and organization. You can also specify a full StreetTalk name if you do not want the default applied. To add a nickname, follow the guidelines described in Chapter 4.
Password
The Password field lets you establish password protection for new users when you add them. When a login name has a password associated with it, only a user who knows the password can log in with that name.
Password protection is especially important for the login names of users on AdminLists. They can perform any of the tasks described in this guide. Other network users, however, may need to protect their login names as well.
When you change a password, StreetTalk requires that you specify whether the user should be prompted to change the password the next time the user logs in. The default is NO.
Passwords are case sensitive. You can specify a minimum length for a password, but passwords cannot exceed 15 characters in length. If you later specify a minimum length for the user' s password, the current password remains valid, even if it is less than the minimum length.
Example Establishing Password Lengths
You establish a password of "XYZ." In a later session, you establish a minimum password length of five characters. "XYZ" is still a valid password for the user, even though it is shorter than the minimum password length.
You can specify whether users can change their passwords or force them to change them at periodic intervals. For security reasons, the password does not appear on the screen as you enter it.
Retype/Verify Password
The Retype/Verify Password field verifies the password that you entered in the Password field. Re-enter the password in this field.
Entry in this field is required if a password has been entered.
If the password you enter in this field does not match the password entered in the Password field, the following message appears on the screen:
Passwords do not match. Enter them again.
Note: This message does not appear until you attempt to add the user.
You must then re-enter the passwords in the Password and Retype Password fields. The passwords must match exactly, including upper and lower case.
Expires (mm/dd/yy)
The Expires field establishes a date on which the user' s name expires. Use this field if you know that the user needs to use the network for only a short period of time, or if you want to grant the user only temporary access to the network.
Enter the date the user name expires in mm/dd/yy (month/day/year) format. The default is Never Expires (00/00/00).
An entry in the Expires checkbox is optional. If the checkbox is not selected, the user's account has no expiration date.
When you create a new user, the New User dialog box is displayed.
The following fields apply to StreetTalk Explorer dialog boxes:
Profile
Check this box to copy a user profile from a specified StreetTalk user. When you check this box, you can enter the StreetTalk name of the user whose profile you want to copy.
Note: You can also drag and drop the existing user's name into the Copy from User: text box.
User-specific Security
Check this box to copy user-specific security from the specified StreetTalk user. When you check this box, you can enter the StreetTalk name of the user whose security setting you want to copy.
Attributes
Check this box to copy user attributes from specified StreetTalk user and click on the drop- down list to select an attribute collection to copy. When you check this box, you can enter the StreetTalk name of the user whose attributes you want to copy. Chapter 16 describes attributes.
From StreetTalk Explorer:
To add a user to a StreetTalk group@organization, select Network and then select New User and complete the New User window:
1. Enter the new user's Name: (required).
2. Enter a Description: for the new user (optional).
3. Enter a Nickname: for the new user (optional).
4. Enter a Password: for the new user (optional).
5. Enter the password again into the Verify Password: text box (required if password is specified).
6. Select the Force user to change password on first login checkbox (optional).
7. Select the Expires: checkbox and enter an expiration date (optional).
If group security is set to have passwords expire after a number of weeks and a new user is then created in that group without requiring the user to change passwords on the next login, the following message appears when the user first logs in:
Your password has expired. You must specify a new one before you can log in.
The user is then forced to enter a new password, even though the user-specific login settings do not require changing the password on first login. If group security settings do not specify an expiration time for passwords, the user is not required to change passwords on first login.
8. Click the appropriate Copy from existing user checkboxes if you want to copy a Profile, Attributes, or User-specific security from an existing user (optional).
9. Enter the username into the User to copy: text box from which to copy a profile, attributes, or user-specific security from (required if any of Copy from existing user checkboxes are selected).
10. To create a new StreetTalk user, click Next. Click Cancel to close the New User window and stop the operation.
11. The Add Attributes dialog box is displayed if you clicked Next. Entering attribute information is optional.
12. Click Finish to add the user to the group.
See Introduction to StreetTalk Explorer for a description of the StreetTalk Explorer interface.
From the System Prompt:
1. Enter MUSER. The Manage Users menu appears.
2. Select ADD a user. The Add A User screen appears.
3. Enter the person' s name, description, nickname, password, and expiration date in the appropriate fields.
If you are adding the first user to a group, proceed to step 5.
4. At the Add User Profile menu, MUSER displays a list of all the users in the group. Select the user name whose profile you want the new user' s profile to look like. MUSER creates a copy of the sample profile for the new user based on the settings in that user' s profile.
Do not select the sample profile when creating a new user profile. That profile should be included in a USE command, described in more detail in Chapter 7.
5. At the password prompt screen that appears, specify whether the user should change the password that you assigned in step 3 the first time the user logs in. Select:
- YES to force the user to change the password on first login. This option is recommended for security reasons.
- NO to let the user log in without being forced to change the password.
If group security is set to have passwords expire after a number of weeks and a new user is then created in that group without requiring the user to change passwords on the next login, the following message appears when the user first logs in:
Your password has expired. You must specify a new one before you can log in.
The user is then forced to enter a new password, even though the user-specific login settings do not require changing the password on first login. If group security settings do not specify an expiration time for passwords, the user is not required to change passwords on first login.
6. If you specified a nickname for the new user, MUSER prompts you to confirm the nickname. Select YES to apply the nickname. You return to the Manage A User menu.
7. Select MANAGE user profile and edit the profile, making any changes or additions necessary for the new user.
When you enter all the required information for the new user, MUSER returns you to the Manage A User menu.
You can add other users at this time. To do so, press ESC and repeat steps 2 through 7.
Adding a User from DOS or OS/2 Command Line
To add a user from a DOS or OS/2 command line, use the MUSER command. The MUSER command has the following format:
MUSER username /A /F:pathname
Where:
username is the StreetTalk name of the user. /A is the switch you specify to add the user. /F:pathname is the name of a file that contains a user profile.
By default, users added this way inherit the group and organization of the administrator who issues the command.
Example Adding a User
To add Richard Knox as a user, enter this command:
MUSER "Richard Knox" /a /f:rkprof
This command gives Richard Knox the profile contained in /f:rkprof. See Chapter 7 for more information.
This method of creating a user does not let you specify a password. The user must use a carriage return at the password prompt during login. The user is then prompted to enter a new password.
From StreetTalk Explorer:
1. From the right pane, right-click the user you want to manage and select Properties from the shortcut menu.
2. The User property sheet appears.
Select the management function, as follows:
Login - Specify the login status of the user from the Summary folder.
Profile - Writing a profile to or reading a profile from a file. For information, see Chapter 7.
Password - Specify security settings for users. These settings include preventing users changing their passwords and profiles.
Login Restrictions - Specify security settings for users. These settings include specifying workstation, server, and network restrictions. StreetTalk for Windows NT software supports only server-level login restrictions.
Login Times - Specify the times that a user can log in to the network.
Nicknames - Find a user's nicknames.
Mailbox - Manage a user's mailbox settings.
Manage attributes - Create StreetTalk attributes for users or edit existing attributes. See Chapter 15.
From the System Prompt:
1. Enter MUSER.
2. Select Users. The Manage Users menu appears.
3. Use the SELECT function to select the user you want from the displayed list. If the user's name is not on the list, use the SEARCH function to locate it. The Manage A User menu appears.
From the Manage A User menu, select the management function you want to perform, as follows:
Manage user profile - To perform profile management tasks such as assigning drives, managing mail services, and controlling display colors. For information, see Chapter 7.
Change password - Specify a new password for the user. See "To Change a User Password" later in this chapter.
Disable/Enable user name - Indicate that a particular user name can or cannot be used to log in. If you disable the user name, the user is not deleted from StreetTalk. Later, you can use this selection to re-enable the user name. See "To Disable and Enable a User Name" later in this chapter.
Delete user - Delete users from StreetTalk. See "Deleting a User" later in this chapter.
Mailbox settings - Manage mailbox settings for users. These settings include message limits, wildcard restrictions, priority settings, and so on. For information, see the Intelligent Messaging Administrator's Guide.
Manage attributes - Create StreetTalk attributes for users or edit existing attributes. See Chapter 15.
Security settings - Specify security settings for users. These settings include specifying workstation types, preventing user changes, access rights limitations, specifying login times, and so on. For more information, see Managing VINES Security.
Add nickname - Create aliases for users. See "Using a Nickname" in Chapter 4.
Change description - Change descriptions created when you added a user. Any changes made with this function appear in the STDA and XSTD description fields. See "To Change a User's Description" later in this chapter.
Change expiration date - Change the expiration date for this login name. See "To Change a User's Expiration Date" later in this chapter.
Rename User - Rename users, giving them new names in the same or other groups. See "Renaming a User" later in this chapter.
Help - Display context-sensitive help screens.
The fields on the lower part of the Manage A User menu display information about the user. These fields, described in the following sections cannot be modified.
User Name - Displays the user's full StreetTalk name.
Description - Displays descriptive information about the user as entered when the user was added or through the CHANGE description option.
Login Status - Indicates if the user is currently logged in.
User Status - Indicates if the user' s name is currently enabled or disabled.
Time of Last Login - Indicates the last time the user logged in.
Expiration Date - Indicates when the user' s login name is scheduled to expire, as specified in the Change Expiration Date screen. Changes made to the expiration date from the command line always appear as 00 /00 /00.
From StreetTalk Explorer:
1. In the right pane, right-click the user you want to manage and select Properties from the shortcut menu.
2. From the User property sheet, click Password.
3. Enter a new password into the Change Password text box.
4. Enter the new password again in the Verify Change Password text box.
5. Click OK to change the password or click Cancel to stop the password change.
Note: If you do not have administrative privileges, this User menu item is dimmed.
From the System Prompt:
At the Manage A User menu, select CHANGE Password. The Change Password screen appears.
1. At the Password prompt, enter the new password.
A password has a maximum length of 15 characters and is any combination of letters, numbers, spaces, and punctuation. Information about legal character sets can be found in Chapter 3.
2. Enter the password again to confirm the spelling. If the passwords do not match, you return to step 2.
3. When the password is added, StreetTalk prompts you to indicate whether to force the user to change the password on the user' s next login. Select YES or NO.
Limitations on Password Changes
If user or group security is enabled for a user, you can specify some restrictions on the password.
From StreetTalk Explorer:
Select a user and select File, Properties, and click the Password tab. The Security in effect field shows whether user or group security is established for a user.
From this window, you can perform these tasks:
Set a password to expire. Force the user to change the password when it expires. Require that the password be a minimum length.
See Introduction to StreetTalk Explorer for a description of StreetTalk Explorer.
Group security settings are settings that apply to every member of a StreetTalk group.
If user or group security is enabled for your user, StreetTalk establishes a list of passwords that you are not allowed to use. The list has, at most, ten passwords. Your old password is entered into the restricted list if the following conditions are met:
1. You change your password using, or you are forced to change your password when you log in.
2. You have not changed your password using any of the three methods described in condition one in the last 24 hours.
Password changes within the 24-hour time period are not entered into the restricted list.
From the System Prompt:
You can tell if user or group security is established for a user by looking at the Security Settings screen in MUSER.
The Current Security Settings field contains one of three values:
None - Indicates that no user or group security is in effect for this user. You can change the password for users who have no security applied to them as often as you like, with no restrictions.
User Specific - Indicates that user-specific security is in effect for this user.
Obtained from Group - Indicates that group security is in effect. Group security settings are settings that apply to every member of a StreetTalk group. Group security settings are managed through the MGROUP utility. For more information, refer to Managing VINES Security.
If user or group security is enabled for your user, StreetTalk establishes a list of passwords that you are not allowed to use. There are, at most, ten passwords in this list. Your old password is entered into the restricted list if the following conditions are met:
1. You change your password using the MUSER program, the PASSWORD utility, or you are forced to change your password when you log in.
2. You have not changed your password using any of the three methods described in condition one in the last 24 hours.
Password changes within the 24-hour time period are not entered into the restricted list.
Example Password Change Limitations
Suppose you change your password from A to B at 8 a.m. on Monday morning. The old password (A) is entered into the list of restricted passwords.
If you change your password from B to C at 9 a.m. that same morning, no additional entry is added to the list of restricted passwords because the 24-hour period has not yet expired.
If you change your password from C to B at 9:30 a.m. that same morning, no restriction is applied by the system, since B is not a restricted password at that time.
If you then change your password from B to D on Tuesday at 9 a.m., your old password (B) is then added to the list of restricted passwords. This occurs because Tuesday at 9 a.m. is more than 24 hours later than when you last changed your password.
A password on the restricted list cannot be used. When the restricted list reaches ten entries, the 11th password entered in the list replaces the first entry on the list. You can then use the first password again if you want.
To Disable and Enable a User Name
From StreetTalk Explorer:
Right-click the user and select Properties from the shortcut menu. Select the Enabled checkbox to enable or disable the user at any time. All information about the user including profile, password, security settings and so on remain intact. The user cannot log in until the user's name is enabled.
If you do not have administrative privileges, the checkbox is dimmed.
From the System Prompt:
To disable or enable a user name for use at login, perform the following steps:
1. At the Manage A User menu, select DISABLE/ENABLE user name.
2. If you are disabling a user name, you are asked for confirmation.
From StreetTalk Explorer:
Click the New Nickname icon and complete the New Nickname window.
Note: If you are adding a nickname to a group maintained by a server running VINES 6.0 or later, you can use an apostrophe (') in the StreetTalk name.
From the System Prompt:
1. At the Manage A User menu, select ADD nickname.
2. Enter the new nickname.
3. MUSER prompts you to confirm your choice:
- YES to add the nickname
- NO to cancel
To add another nickname for this user, repeat the procedure.
To Change a User's Description
From StreetTalk Explorer:
1. In the right pane, right-click the user and select Properties from the shortcut menu.
2. On the Summary folder, enter a new description in the Description text box. The maximum number of characters is 63.
From the System Prompt:
1. At the Manage A User menu, select CHANGE description.
2. When prompted, enter the new description.
To Change a User' s Expiration Date
From StreetTalk Explorer:
1. In the right pane, right-click on a user and select Properties from the shortcut menu.
2. Enter a new expiration date on the Summary folder.
From the System Prompt:
1. At the Manage A User menu, select CHANGE expiration date.
2. When MUSER prompts you, enter the new expiration date.
Deleting a user does not automatically delete the name from lists. You must manually delete the user's name from other lists as described in Chapter 9. All the user's nicknames in the same group are deleted automatically. Users' nicknames in other groups need to be deleted manually.
From StreetTalk Explorer:
You can delete a user from the User menu on the menu bar of StreetTalk Explorer. In addition, you must delete the user's name from any Access Rights Lists.
From the System Prompt:
You can delete a user with menus or from the command line. In addition, you must delete the user's name from any Access Rights Lists, as described in the Managing Security guide that came with your network software.
Caution: Deleting a user removes a user's name and profile from StreetTalk. Once the user's name and profile are removed, that user can no longer log in to the network.
From StreetTalk Explorer:
1. In the right pane, right-click the user and select Delete from the shortcut menu.
2. Confirm that you want to delete the user. If you select Yes, the system deletes the user.
Caution: Deleting a user removes a user's name and profile from the Banyan network. Once the user's name and profile are removed, that user can no longer log in to the network.
From the System Prompt:
1. Enter MUSER. The Manage Users menu appears.
2. Choose SELECT from list below to select a user, or use the SEARCH function to look elsewhere for the user you want. The Manage A User menu appears.
3. Select DELETE user.
4. MUSER requires a confirmation for this operation:
- YES to delete the user
- NO (the default) to keep the user
All the user's nicknames in the user's group are deleted automatically.
To Delete a User from DOS or OS/2 Command Line
Enter the MUSER command using the following format:
MUSER username /D
where username is the StreetTalk name of the user and /D is the switch you specify to delete the user.
Example Deleting a User
To delete the name Richard Knox from the network, enter this command:
muser richard knox /d
Caution: StreetTalk does not prompt you for confirmation when you delete a user from the command line.
As an administrator, you can rename StreetTalk users, assigning them new identities in other groups and organizations. This feature, combined with the ability to move groups and rename lists, allows you to easily change the structure of your StreetTalk organization. You can also rename users in the same group and organization, effectively changing their identities and assigning their previous names as nicknames.
Renamed users maintain their existing profiles, and their previous StreetTalk names are automatically converted into nicknames so that mail addressed to earlier identities reaches the renamed user.
When you rename a user, the StreetTalk database on the initiating server remains in a read-only mode until the rename process is complete. This situation prevents changes to the user's profile or password while the rename operation takes place. During and after the rename process, the Rename Status field displays information on the progress of the rename operation. After the user is successfully renamed, you must then manually change the Access Rights Lists to reflect the new user name. In addition, you must also rename the user's mailbox. See the Intelligent Messaging Administrator's Guide for more information.
Renaming a user's group when you use the rename feature effectively moves the user to a new group. If the group is on a distant server, or the rename request is not immediately processed, the StreetTalk database on the initiating server remains in a read-only mode until the rename process is complete.
Note: If the server from which you are renaming a user goes out of service during a move, the status field still indicates that the user is being renamed when you bring the server back up. If this happens, re-initiate the procedure and rename the user.
From StreetTalk Explorer:
1. In the right pane, select a user and select File, Rename.
2. Enter a new name in the Rename Users dialog box.
From the System Prompt:
1. Enter MUSER. The Manage Users menu appears.
2. Choose SELECT from list below to select a user from the displayed list, or use the SEARCH function to locate the user you want. The Manage a User Menu appears.
3. Select RENAME User. The Rename User Menu appears.
4. Enter the user's new name and press ENTER. The user's current name appears in the User Name field. Previously renamed identities for the user appear in the Previous Rename Status field along with the date on which they were renamed and the user' s previous name.
If the rename process is successful, you return to the Manage A User menu where this message appears:
Rename in progress. Check status later.
Otherwise, an error message appears indicating that the rename operation was unsuccessful.