NOTE When
you use the Telnet Locking feature, any tab that you have set for locking,
will no longer be displayed in the Telnet Properties dialog. In
other words, when is tab is locked, is disappears.|
Administering BlueZone |
Chapter 6 |
BlueZone provides a Feature Locking capability that allows the BlueZone Administrator to distribute a pre-configured version of BlueZone in such a way as to prevent End Users from making changes to some or all of BlueZone's features. BlueZone Feature Locking is controlled by the SETUP.INI file.
In addition, the BlueZone Administrator can configure the BlueZone Secure FTP client to "inherit" certain BlueZone lock values and can also prevent End Users from executing certain FTP commands.
Using the BlueZone SETUP.INI file to lock BlueZone features is the easiest method, and is recommended unless you are performing an automated installation in which case, setting the lock values in the Windows Registry will be required.
To set the BlueZone configuration lock in the SETUP.INI file, the Lock= value is set to the sum of the features to be locked. When BlueZone is installed, it reads the Lock= value from SETUP.INI, and prevents the End User from making any changes by graying the OK buttons for those locked features.
The Lock section of the SETUP.INI file can be found toward the end of the [BZSetup] section, which is the first section of the file. Use Notepad or other text editor, to edit and save the values in the SETUP.INI file.
The following shows just the Lock section (with default values) of the SETUP.INI file:
Lock=0
LockFTP=0
LockTelnet=0
ShowLockedDialogs=Yes
DisableAppendToClipboard=No
To lock a feature of the BlueZone emulator, take a look at the BlueZone Feature Lock Table and locate the desired feature or features that you wish to lock.
To lock all the features listed in the table enter a value of -1 as shown here in red.
Lock=-1
LockFTP=0
LockTelnet=0
To lock a single feature, simply enter the value of the desired feature in the Lock= value.
For example, if you want to lock the Display configuration settings, you add the KDISPLAYLOCK value of 16 as shown here in red:
Lock=16
LockFTP=0
LockTelnet=0
To lock multiple features, add the values of the desired features together and enter that sum in the Lock= value.
For example, if you want to lock the Translate Tables and Keyboard configuration settings, you add the KEYBOARDLOCK value of 8 and the TRANSLATELOCK value of 512 together for a total of 520 as shown here in red:
Lock=520
LockFTP=0
LockTelnet=0
One of the BlueZone Features that can be locked is called SESSIONLOCK. This will lock all the settings in Session:Configure. By enabling this lock setting, your End Users will not be able to change any settings in any of the associated BlueZone session configuration dialogs, including the TN3270/TN3270E Telnet settings.
However as an option, it is possible to lock BlueZone's Telnet features on a more granular basis. For example, you may have a situation where you want to allow your End User's to be able to change certain Telnet settings but not others.
This can be accomplished by using the Telnet Locking feature. The Telnet Locking feature is similar to BlueZone Emulator Feature locking.
To lock one or more Telnet features, take a look at the Telnet Feature Lock Table and locate the desired feature or features that you wish to lock.
To lock a single feature, simply enter the value of the desired feature in the LockTelnet= value.
For example, if you want to lock the Keep Alive Tab configuration settings, you place the value of 16 as shown here in red:
Lock=0
LockFTP=0
LockTelnet=16
To lock multiple features, add the values of the desired features together and enter that sum in the LockTelnet= value.
For example, if you want to lock the Device Tab and Certificate Tab configuration settings, you add the value of 2 and the value of 8 together for a total of 10 as shown here in red:
Lock=520
LockFTP=0
LockTelnet=10
NOTE When
you use the Telnet Locking feature, any tab that you have set for locking,
will no longer be displayed in the Telnet Properties dialog. In
other words, when is tab is locked, is disappears.
CAUTION! Do
not use either the LOCKALLCONFIG
( Lock=-1) or the SESSIONLOCK
(Lock=64) settings in conjunction with the Telnet Locking feature. Using
either of these settings, will make it impossible for your End Users to
access BlueZone's Telnet settings which will defeat the features purpose.
In addition to setting the Lock= value, you also have the option of turning off the ShowLockedDialogs feature. By default, the Show Locked Dialogs feature is enabled. When enabled, this feature allows the BlueZone dialogs to display even when they are locked. The End User will be able to see the values in the dialogs but the OK button will be disabled (grayed out) so they will not be able to save any changes then may have attempted to make.
When the Show Locked Dialogs feature is disabled, no configuration dialogs will be displayed. Instead, a message will appear whenever a locked dialog is accessed as shown here:
To disable the Show Locked Dialogs feature, change the ShowLockedDialogs value to No as shown here:
ShowLockedDialogs=No
NOTE This
feature only works in conjunction with the Lock=
feature and not the LockTelnet=
feature.
This feature controls the ability for End Users to be able to use the Append to Clipboard feature of BlueZone. By default, the ability to append is turned on. If you do not want your End Users to be able to use the append feature, set the value of DisableAppendToClipboard to Yes.
To enable the Disable Append To Clipboard feature, change the DisableAppendToClipboard value to No as shown here:
DisableAppendToClipboard=No
NOTE
Enabling
this feature does not affect the ability to use the Copy to Clipboard
feature. Only
the append feature will be disabled.
BlueZone Secure FTP configuration locking is accomplished in exactly the same way as with the BlueZone emulator locking feature except that you enter the desired value next to the LockFTP= entry.
SEE
Inheriting
BlueZone’s Lock Settings below.
Refer to the BlueZone FTP Lock Table, you will see that there are two aspects to locking BlueZone FTP.
The ability to lock (or block) FTP commands which are shown in standard black type
The ability to lock (or block) BlueZone FTP features which is shown in blue bold type
Each command or feature listed in the table can be locked individually or if you want to lock more than one item, simply add the values of the items together and place that value in the LockFTP= setting.
For example, if you want to prevent your end users from being able to create a new directory and prevent them from changing the BlueZone FTP host configuration settings, add the Block Make Directory Command value of 32 and the Lock Configuration Settings value of 8 together for a total of 40. Replace the 0 value with 40 as shown here in red:
Lock=0
LockFTP=40
SEE
The BlueZone FTP Lock Table
located in Appendix D for Lock
values
By default, BlueZone FTP does not inherit any of the BlueZone Lock Settings. As an option, BlueZone FTP can inherit three of BlueZone’s Lock Settings. These common settings are shown in green in the “BlueZone Feature Lock Table”.
If you want BlueZone FTP to inherit these lock settings from BlueZone, place 1024 in the LockFTP= setting as shown here in red:
Lock=0
LockFTP=1024
If you want any additional BlueZone FTP lock options, simply add those values to 1024, and place that sum in the LockFTP= setting.