Foxit WAC Server User's Manual

Download

Windows Access Server

User’ s Manual

Foxit Software Company

URL: http://foxitsoftware.com

Sales information: sales@foxitsoftware.com

Technical support: support@foxitsoftware.com

Page 1 of 231

WAC Server Contents

WAC SERVER CONTENTS.................................................................................................................2

ABOUT THIS MANUAL....................................................................................................................... 8

PART ONE --- WAC SERVER.............................................................................................................. 10

CHAPTER ONE................................................................................................................................... 11

INTRODUCTION TO WAC SERVER................................................................................................11

WAC S WAC S WAC S H

CHAPTER TWO.................................................................................................................................. 15

INSTALLATION................................................................................................................................. 15

P P E S U

CHAPTER THREE.............................................................................................................................. 21

GETTING STARTED.......................................................................................................................... 21

C C

ERVER DESCRIPTION ESSION AGENT ERVER SERVICE

WAC S

ROCEDURE ONE -- LOAD CD OR DOWNLOAD THE SOFTWARE ROCEDURE TWO -- SETUP THE SOFTWARE

XPRESS UPGRADE, UPDATE OR RE-SETUP

ETUP AFFECTION

NINSTALL

ONNECTING USING ONNECTING USING OTHER 3RD PARTY CLIENT

Adjust Terminal Settings................................................................................................................ 22

Resize terminal screen................................................................................................................... 24

UTHENTICATING USING USER PUBLIC KEY

ERVER WORKS

.............................................................................................................................. 18

........................................................................................................................................ 20

WAC N

VTNT......................................................................................................................................................22

Other Terminals....................................................................................................................................... 23

Keyboard Mapping...................................................................................................................................23

............................................................................................................... 12

........................................................................................................................ 12

...................................................................................................................... 13

................................................................................................................ 14

.............................................................. 16

......................................................................................... 16

.......................................................................................... 18

ATIVE CLIENTS

....................................................................................... 22

.................................................................................. 22

........................................................................................ 24

CHAPTER FOUR................................................................................................................................ 26

WORKING WITH WAC SERVER..................................................................................................... 26

ANAGING SESSIONS

Session Managing Utilities............................................................................................................ 27

Session Inter-Operations............................................................................................................... 27

Session Info View .................................................................................................................................... 28

Alert messages......................................................................................................................................... 28

Session Watch.......................................................................................................................................... 29

Abort Session...........................................................................................................................................31

ANAGING SERVICES

WAC Service Managing Utilities.................................................................................................... 32

ANAGING USER AND USER GROUP

User and Group Managing Tool.................................................................................................... 33

......................................................................................................................... 27

......................................................................................................................... 31

................................................................................................... 33

Page 2 of 231

Tips for Windows XP Users........................................................................................................... 33

ANAGING SYSTEM TOOLS ANAGING FILES

M C

HECKING MAILS HATTING

ILE TRANSFER

............................................................................................................................... 34

............................................................................................................................... 35

.......................................................................................................................................... 35

.................................................................................................................................. 35

................................................................................................................ 34

Configuring File Transfer on Server Side....................................................................................... 36

File Directories............................................................................................................................. 36

Sending Files to Server with WAC Client Command Utility............................................................ 37

Sending Files to Terminal with WAC Explorer............................................................................... 38

Sending Files to Terminal with WAC Command Line Utility........................................................... 39

WAC C

OMMAND LINE UTILITIES

........................................................................................................ 40

WAC Info...................................................................................................................................... 41

WAC Who..................................................................................................................................... 41

WAC Whoami................................................................................................................................ 42

WAC Send..................................................................................................................................... 42

WAC Watch................................................................................................................................... 43

WAC Control................................................................................................................................. 43

WAC Takeover.............................................................................................................................. 44

WAC Reconnected.........................................................................................................................45

WAC Abort.................................................................................................................................... 46

WAC Port...................................................................................................................................... 47

WAC Term.................................................................................................................................... 47

WAC Start | Stop | Restart.............................................................................................................. 48

WAC disable | enable Telnet | SSH | Serial..................................................................................... 49

WAC SendFile............................................................................................................................... 49

WAC Shutdown | Reboot................................................................................................................ 50

WAC Password............................................................................................................................. 51

WAC SSHKey................................................................................................................................ 51

WAC Userkey................................................................................................................................ 52

CHAPTER FIVE..................................................................................................................................54

CONFIGURING WAC SERVER........................................................................................................ 54

ONFIGURATION TOOLS

...................................................................................................................... 55

ADVANCED CONFIGURATION FEATURES – AN OVERVIEW.................................................................... 55

Server Global Settings................................................................................................................... 56

User Logon Domain Name (UseDomain).................................................................................................. 56

User Logon Max Retry (MaxLogRetry) ....................................................................................................57

User Logon Timeout (LogonTimeOut)...................................................................................................... 58

User Logon Banner (LogonBanner) ..........................................................................................................58

Global Agent Redirection (AgentRedirection)...........................................................................................59

Session Tick for Terminal Update (SessionTick).......................................................................................60

Telnet Service (EnableTelnet)................................................................................................................... 60

Telnet Port (TelnetPort)............................................................................................................................61

SSH Service (EnableSSH)........................................................................................................................62

SSH Port (SSHPort) .................................................................................................................................63

Serial Port Service (EnableComm)............................................................................................................63

Serial Port List (CommPortList)................................................................................................................64

File Transfer (FileTransfer)....................................................................................................................... 65

Global SFTP Service (EnableSFTP).......................................................................................................... 65

Anonymous Access to SFTP Service......................................................................................................... 66

LPT Port for Client Side Printing (LTPPort)..............................................................................................67

Log Mask for WAC Event Logging (LogMask).........................................................................................68

Log Path for WAC Log File (LogPath)...................................................................................................... 68

User Settings................................................................................................................................. 68

User Preference........................................................................................................................................ 69

User Admin Settings................................................................................................................................. 70

Page 3 of 231

Access Control.............................................................................................................................. 78

User Access Control.................................................................................................................................78

Host Access Control.................................................................................................................................82

SSH Settings.................................................................................................................................. 84

SSH Server Key Regeneration..................................................................................................................85

User Public Key Authentication................................................................................................................ 86

SFTP Service........................................................................................................................................... 91

Port Forwarding....................................................................................................................................... 92

Serial Port Settings........................................................................................................................ 94

Enable the Serial Port Service (EnableComm)...........................................................................................95

Specify the Serial Port List (CommPortList).............................................................................................. 95

Set the Communication Parameters........................................................................................................... 96

Notes and Tips.........................................................................................................................................96

EFERENCES

...................................................................................................................................... 97

WAC Event Logging...................................................................................................................... 97

Define Log Mask (LogMask).................................................................................................................... 97

View Log File..........................................................................................................................................99

Change Log File Path (LogPath)............................................................................................................... 99

Client Side Printing..................................................................................................................... 100

Server Side Setup................................................................................................................................... 100

Client Side Setup.................................................................................................................................... 101

Troubleshooting..................................................................................................................................... 101

WAC Protected Shell................................................................................................................... 102

Introduction............................................................................................................................................ 102

Define Pshell Files..................................................................................................................................103

Use Pshell.............................................................................................................................................. 104

WAC Manager............................................................................................................................. 106

WAC Server Status ................................................................................................................................ 106

Server Global Settings............................................................................................................................ 108

More Server Settings.............................................................................................................................. 109

SSH Settings.......................................................................................................................................... 110

Serial Port Settings................................................................................................................................. 112

User Access Control...............................................................................................................................113

User Admin Settings............................................................................................................................... 115

User Preference...................................................................................................................................... 118

Host Access Control...............................................................................................................................119

Session Manager .................................................................................................................................... 121

CONFIG.EXE............................................................................................................................. 122

PART TWO – WAC NATIVE CLIENTS............................................................................................. 124

CHPATER SIX................................................................................................................................... 125

WAC NATIVE CLIENTS................................................................................................................... 125

ESCRIPTION

D I

NSTALLATION

.................................................................................................................................... 126

.................................................................................................................................. 126

CHAPTER SEVEN............................................................................................................................ 127

GETTING STARTED......................................................................................................................... 127

REPARATORY WORK

....................................................................................................................... 128

Enable the Mouse Support........................................................................................................... 128

Change the Terminal Size............................................................................................................ 131

TARTING

… ..................................................................................................................................... 135

Establishing a Connection........................................................................................................... 135

Logging In................................................................................................................................... 135

After Logging In.......................................................................................................................... 137

Logging Out................................................................................................................................ 138

CHAPTER EIGHTE.......................................................................................................................... 139

Page 4 of 231

WAC CLIENT COMMAND LINE UTILITIES................................................................................... 139

“ HELP” --- Help Information...................................................................................................... 140

“ CD” --- Change Remote Directory............................................................................................ 140

“ LCD” ---- Change Remote Directory......................................................................................... 141

“ SEND” ---- Send Local Files to Remote Host............................................................................. 141

"FWDLOCAL" ----Local Port Forwarding (wacssh only)............................................................. 142

"FWDREMOTE" ---- Remote Port Forwarding (wacssh only)...................................................... 142

"PRINT" ---- WAC Client Side Printing....................................................................................... 143

"QUIT" ---- Quit the Client Program........................................................................................... 143

PART THREE – WAC TOOLKIT....................................................................................................... 145

CHAPTER NINE................................................................................................................................ 146

INTRODUCTION TO WAC TOOLKIT............................................................................................. 146

ESCRIPTION

D F

EATURES

WAC T

AYS TO LAUNCH

.................................................................................................................................... 147

........................................................................................................................................ 147

OOLKIT LISTS

....................................................................................................................... 148

WAC T

OOLS

....................................................................................................... 149

Within a WAC session.................................................................................................................. 149

On the server machine................................................................................................................. 150

NSTALLATION

.................................................................................................................................. 150

CHAPTER TEN................................................................................................................................. 152

USING WAC TOOLKIT..................................................................................................................... 152

EXT EDITOR

................................................................................................................................... 153

Figure 10-1 Screen Snapshot....................................................................................................... 153

Using Text Editor........................................................................................................................ 153

File Menu............................................................................................................................................... 153

Edit Menu:............................................................................................................................................. 154

Search Menu..........................................................................................................................................155

Options Menu........................................................................................................................................156

Help Menu............................................................................................................................................. 157

INARY EDITOR

............................................................................................................................... 159

Figure 10-2 Screen Snapshot....................................................................................................... 159

Using Binary Editor.................................................................................................................... 159

File Menu............................................................................................................................................... 159

Edit Menu.............................................................................................................................................. 160

Search Menu..........................................................................................................................................161

Options Menu........................................................................................................................................162

Help Menu............................................................................................................................................. 163

WAC E

XPLORER

.............................................................................................................................. 164

Figure 10-3 Screen Snapshot....................................................................................................... 164

Using WAC Explorer................................................................................................................... 164

To create a new file or folder.................................................................................................................. 164

To delete a file or folder.......................................................................................................................... 165

To change the name of a file or folder.....................................................................................................166

To send files to terminal window ............................................................................................................ 166

To display file or folder attributes ...........................................................................................................167

To copy or move a file or folder.............................................................................................................. 167

To move files by dragging......................................................................................................................168

To Search for a file or folder................................................................................................................... 168

To show and hide the address bar............................................................................................................ 170

To show and hide the folder bar.............................................................................................................. 170

To crosscut to another directory.............................................................................................................. 171

To refresh contents in your screen........................................................................................................... 171

To add items to favorites......................................................................................................................... 171

Page 5 of 231

To map network driver........................................................................................................................... 172

To choose color for your window............................................................................................................173

WAC Explorer Keyboard shortcuts References ....................................................................................... 173

MAIL INBOX

................................................................................................................................... 175

Using WAC Email Inbox.............................................................................................................. 176

To read your mail messages.................................................................................................................... 176

To create and send new mails.................................................................................................................. 176

To reply and forward mail messages ....................................................................................................... 177

To view and save file attachments........................................................................................................... 178

To insert items into mail messages.......................................................................................................... 179

To delete mail messages from the message list........................................................................................ 180

To search the particular emails................................................................................................................181

To change color for your Inbox screen.................................................................................................... 181

WAC P

HONE

.................................................................................................................................... 183

Figure 10 - Screen Snapshot........................................................................................................ 183

Using WAC Phone....................................................................................................................... 184

ESSION MANAGER

.......................................................................................................................... 187

Figure 10 - Screen Snapshot........................................................................................................ 187

Using Session Manager............................................................................................................... 188

To describe session header...................................................................................................................... 188

To send message to the specific user.......................................................................................................189

To Broadcasting message to all users......................................................................................................189

To watch other user's session screen........................................................................................................190

To control other user's session screen...................................................................................................... 190

To take over other user's session screen................................................................................................... 191

To reconnect to other user's session screen.............................................................................................. 191

To abort other user's session.................................................................................................................... 191

ROCESS VIEWER

............................................................................................................................. 193

Figure 10 - Screen Snapshot........................................................................................................ 193

Using Process Viewer.................................................................................................................. 193

To describe process header.....................................................................................................................193

To sort the list of processes..................................................................................................................... 194

To update the processes data................................................................................................................... 194

To end a process..................................................................................................................................... 194

ERVICE MANAGER

.......................................................................................................................... 196

Figure 10 - Screen Snapshot........................................................................................................ 196

Using Process Viewer.................................................................................................................. 196

To describe session headers.................................................................................................................... 196

To start, stop, pause, resume, restart, or delete a service........................................................................... 197

To change the startup type......................................................................................................................197

To view service dependencies................................................................................................................. 198

To create custom names and descriptions for the services........................................................................ 199

To set up recovery actions if a service fails.............................................................................................. 199

To log on to a remote computer...............................................................................................................200

VENT VIEWER

................................................................................................................................ 202

Figure 10 - Screen Snapshot........................................................................................................ 202

Using Event Viewer..................................................................................................................... 203

To refresh an event log...........................................................................................................................203

To view more details about an event ....................................................................................................... 203

To view more details about an event ....................................................................................................... 204

To clear an event log .............................................................................................................................. 204

To archive an event log........................................................................................................................... 205

To open an archived event log................................................................................................................. 206

To export event log list........................................................................................................................... 206

To specify a sort order in an event log..................................................................................................... 207

To set event logging options ................................................................................................................... 207

To use the security log............................................................................................................................208

EGISTRY EDITOR

............................................................................................................................ 209

Figure 10 - Screen Snapshot........................................................................................................ 209

Page 6 of 231

Using Registry Editor.................................................................................................................. 209

To describe key and value....................................................................................................................... 209

To Change keys and values..................................................................................................................... 210

To import and export the registry file..................................................................................................... 213

SER MANAGER

............................................................................................................................... 216

Figure 10 - Screen Snapshot........................................................................................................ 216

Using User Manager................................................................................................................... 217

Create and modify user accounts............................................................................................................. 217

Create and modify user groups................................................................................................................220

YSTEM INFORMATION

..................................................................................................................... 224

Figure 10 - Screen Snapshot........................................................................................................ 224

Using System Information............................................................................................................ 224

To view system information.................................................................................................................... 224

To view devices list................................................................................................................................225

APPENDIXES.................................................................................................................................... 226

PPENDIX A: PROGRAM LICENSE AGREEMENT PPENDIX B: CODE SEQUENCES

A A

PPENDIX C: PROGRAM AND EXECUTIVE NAME CONTRAST

........................................................................................................ 229

.................................................................................. 226

............................................................... 231

Page 7 of 231

About This Manual

The information in this manual is organized in three parts that again is organized in ten chapters, and on the entry page of each part and chapter, a general description is provided for quickly catch on the contents.

Part 1 -- WAC Server – contains five chapters providing description to WAC Server and describing how to install, get started, work with and configure WAC Server.

If you want to get started without having to read everything,

Skip directly to the introduction in Chapter One and read the section “ WAC

Session Agent” , “ WAC Server Service” and “ How WAC Sever Works” . Then Skip to Chapter Three for tips on getting started. You can choose the section

to read based on the client you are using. If you are using WAC Native Client, read the section “ Connecting Using WAC Native Clients” or “ Chapter Seven” in Part Two.

If you want to quickly familiarize yourself with the WAC Configurations without having to read everything,

Skip directly to the Chapter Five for overview of the Configuration Tools and “ Advanced Configuration Features – An Overview” .

If you want to quickly know what you can do after logging to WAC Server without having to read everything,

Skip directly to the “ Chapter Seven” in Part Two and read the session “ After Logging In” . Alternatively, you can also scan through the “ Chapter Four – Working with WAC

Server” .

Part 2 -- WAC Native Clients – contains three chapters providing introduction to the native clients and its installation, describing how to use the native client to access server and use its command options

Part 3 – WAC Toolkit – contains two chapters providing introduction to WAC textbased applications and providing step-by-step information for using the Toolkit.

If you want to know what is WAC Toolkit and how to install it without having to read everything,

Skip directly to Chapter Nine and read the section “ WAC Toolkit Lists” , and then the “ Installation” .

Page 8 of 231

Use the Index and Table of Contents for help on specific topics when you don’ t have time to read through the chapters.

Page 9 of 231

Part One --- WAC Server

WAC Server, a Windows Access Server, can put you at the host computer through three access methods, and enable you to do remote administration with its great toolkit and build-in command line utilities.

This part covers:

Chapter One, “ Introduction to WAC Server” provides the general description about WAC Server, introduces its interactive session agent, its service, and how it works.

Chapter Two, “ Installation” provides information about

step-by step setup procedures including the software’ s upgrade and re-setup, and the system changes.

Chapter Three, “ Getting Started” provides information

about getting connected by using the WAC native clients and the third party clients, and the user public key authentication method.

Chapter Four, “ Working with WAC Server” provides information about all kinds of utilities that you can use to work during an interactive WAC Session.

Chapter Five, “ Configuring WAC Server” provides information about configuration tools and the advanced configuration features including Server Global Settings, User Settings, Access Control, SSH Settings, and Serial Port Setting. Besides, a “ Reference” section is also attached to this chapter for a supplement to the “ Advanced Configuration Features” section.

Page 10 of 231

CHAPTER ONE

Introduction to WAC Server

This chapter contains the following four sections: x The “ WAC Server Description” section simply describes WAC Server and

applications that come with it.

x The “ WAC Session Agent” section introduces the two methods of WAC session

agent to monitor the session as well as the side effect and advantages.

x The “ WAC Server Service” section introduces the WAC service and provides several

ways to start or restart WAC service.

x The “ How WAC Server Works” section describes the three steps to make WAC

server work.

Page 11 of 231

WAC Server Description

Congratulations. You choose Windows Access (WAC) Server. It is a brainchild of Foxit Software Company.

WAC Server is a combined Windows NT 4.0/2000/XP server, integrating the telnet, ssh and terminal server. The WAC Sever allows the client users to remotely access the Server machine just as if they were the local users. Using ANY telnet, ssh and terminal client program, users can login to the Server Machine.

The Server machine should be the Windows NT 4.0/2000/XP machine on which WAC Server has been installed. And it can be anywhere on the Internet or in your local network or in the serial cable.

In addition, WAC Server offers a gallery of text-based console applications and Command Line Tools that are great helper facilitating you to remotely work on the Server machine. And it also ships with two free native client programs that are used to access Server machine and thus establish a WAC client-server talk environment.

Often while you are working in WAC talk environment, and do administration under the help of WAC console applications, you forgot that you are working on the Server Machine.

WAC Session Agent

A WAC session between client and server is created each time a connection is established. For each WAC session, WAC Server makes use of a special session agent, WACSES.EXE, which monitors the user activities, the keyboard/mouse input, and the screen output for each of the user sessions. This session agent uses two types of technologies to monitor the application outputs:

1. The session agent goes directly to the screen buffer of the user session and ready

content, if it finds anything changed, the change will be packaged according to the transportation protocol and terminal type, and sent to the terminal;

2. The session agent can build a special communication instrument, called "pipe" and

redirect the application's output to that pipe, so when the application wants to write something onto the screen, it actually goes to the pipe. At the other end of the pipe, there sits the session agent, which interprets the output and does the actual screen modification for the application, and at the same time it also packages and sends the change to the terminal.

The WAC session agent can use those two methods at the same time, but the second method has some side effect and some advantage too:

Page 12 of 231

1. Some applications don't act the right way when their output got redirected. For

example, sometimes the output disappears because it's got buffered in the memory, also sometimes user input got affected too;

2. On the other hand, some application relies on redirection to work. Your application

might send out some special characters to the terminal and want it to perform some special action instead of displaying it. In this case we can't detect any modification to the screen, so the first change-detection monitoring doesn't work in this case. A very common example is the BEL character, which is never been displayed but causes the terminal to beep. If you disable the session agent redirection, you will never hear that sound.

For the side effect and advantage, WAC Server introduces a configurable setting called “ AgentRedirect” . The capacity of this configurable setting exists to enable or disable WAC session out agent redirection, furthest optimizing you screen.

In addition, the configurable setting “ Session Tick” exists to help update the terminal, and the “ Keep Session” exists to help specify the period for keeping a broken session so that after that period the broken session can be terminated and make available to other users.

For more information, please see Chapter Five – Server Global Settings - “ Global Agent Redirection” , “ Session Tick for Terminal Update” and User Admin Settings - “ Session Broken Keeper” .

WAC Server Service

The WAC Server is built as an NT service, which means it will be running on the background, and by default, WAC Server will be automatically started whenever you start the machine.

The service name for WAC Server is, quite naturally, "Foxit WAC Server". And since it's a service, so like any other Windows NT/2000/XP services, you can use the service utility to start and stop WAC Server, changing the startup type (whether to automatically start the service when machine startup), etc.

WAC Service can be started and stopped in the following ways:

1. From the Windows Services

On your server machine, go to "Start/Control Panel/Administrative Tools/Services", scroll down the list or just press "F" letter for several times and you will find "Foxit WAC Server". Then click the Start or Stop button to execute the task. Select whether WAC Service will start automatically or manually, double click "Foxit WAC Server" and select Automatic or Manual from the Start type combo box.

2. From the Command Line

Page 13 of 231

x To stop the WAC service, at the command line, type "WAC STOP" x To start the WAC Service, at the command line type "WAC START" x To restart the WAC Service, at the command line type "WAC RESTART"

3. From the WAC Service Manager (svcma.exe)

WAC Service Manager, it performs the same functionalities as the Windows Services, except it's a text-based application, so when you logon remotely using a terminal, you should use the WAC Service Manager. To run it, at the command line, type "SVCMAN.EXE" and press ENTER.

4. From the GUI CONFIG Program --- WAC Manager (wacma.exe)

Run WAC Manager, on the WAC Server Status page, click on the WAC Server Stop, WAC Server Restart, or WA Server Start.

NOTE: Stopping and restarting WAC service will disconnect all users from the server.

How WAC Server works

Use WAC Server is as easy as 1-2-3. Installation Set up WAC Server on your host computer of Widows systems. The setup is

easy and fast, and an extra client and tool program will be installed into your computer at the same time. For more, see Chapter Two Installation.

Access Remotely access your host computer with a client from any workstation and PC with network connection, or terminal with serial communication cable. For more, see Chapter Three Getting Started

Working Begin working on your host machine as if you were sitting in front of it by using WAC tools. You can instantly access to all its data and resources such as email, applications, documents and even network resources. For more, see Chapter Four Working with WAC Server.

Page 14 of 231

CHAPTER TWO

Installation

This chapter contains the following five sections: x The “ Procedure One” section introduces the preparative work before setting up WAC

Server, -- that is how to load CD to your CD ROM or download WAC software from the website and crate the temporary directory for it.

x The “ Procedure Two” section introduces the step-by-step process of setting up WAC

Server installation.

x The “ Express Upgrade, Update or Re-setup” introduces ways to update the WAC

Server.

x The “ Setup Affection” section introduces the system change on your host machine

after installing WAC Server.

x The “ Uninstall” section introduces the WAC Server un-installation.

Page 15 of 231

Procedure One -- Load CD or download the software

WAC Sever package is distributed through both CD pack and Web Sever. If you have WAC Server CD pack available, following the three steps below then skip to Procedure Two:

1. Load WAC Server CD into your computer's CD - ROM drive.

2. If the WAC Server installation program doesn't start automatically, choose Start >

Run. Click “ Browse” and choose the “ Setup.exe” file on the WAC Server CD.

3. Click OK in the Run dialog box.

The software can be downloaded from Web Server, and stored into a temporary directory on your hard disc. The file you downloaded is zip package (WAC.ZIP), you need to unzip the package in the temporary directory. Follow these steps:

1. Create a temporary directory on your hard disk drive. Name it anything, such as

C:\WACSETUP.

2. Download the file from the Web into C:\WACSETUP.

3. Unzip into C:\WACSETUP the package (WAC.ZIP) that gets you all the files you

need to install WAC Server.

4. Run one of the unzipped files SETUP.EXE, and follow the steps of the onscreen

instructions that will be introduced in the Procedure Two.

NOTES:

x You can remove the unzipped files from the temporary directory after successfully

installed the WAC Server.

x Before proceed the setup program, all windows running programs should be closed to

avoid conflict or errors.

x To be sure the computer you are installing is the one you want to remotely control.

Procedure Two -- Setup the Software

To complete WAC Server setup, you will be going on the following excursions:

Welcome Screen

welcome screen, click "Next" to continue. If you want to read the Readme.txt, click "About"

License Agreement

is common for nearly all software. Only after you click "I agree" button to grant your acceptance can you continue to install.

Microsoft Telnet Service Stop

program will continue its way. Whereas you are recommended to choose “ Yes” , for

-- After run the SETUP.EXE program, you should be greeted with a

-- What you are seeing is WAC Server License Agreement. This

-- No matter you choose "Yes" or "No" the Setup

Page 16 of 231

the running MS Telnet service may collide with WAC Server telnet service. If choose “ No” , you will get an alert message, just click “ OK” to proceed.

NOTES:

x You don’ t experience this step if the Microsoft Telnet service was disabled ahead

of time on your computer.

x If you hope to remain both Telnet service and WAC Server Telnet service running

at the same time, you need to change WAC Server telnet port at the later process.

x Click here for instructions of MS Telnet service and WAC Server Telnet service

Destination Folder Select

-- Before copying files into your computer, the Setup program will provide a chance for you to select the location. The default folder is "C:\ Program Files\ WAC".

Grant the default location, click "Next" to continue. If not previously specify a WAC folder in your computer, you will get a waning message, just click "Yes" to automatically create the folder in your computer and proceed installing. Click "No" to go back and change the destination folder.

To change the default location, click "Browse" button to bring about "Browse for Folder" box. In the box, select the folder you want and click "OK", then click "Next" to continue the setup in the selected folder.

LPT Port CONFIG

-- This step is serving for you to configure the LPT port for client

side printing.

Telnet/ SSH / COM Port CONFIG

-- This step is provided for you to configure the Telnet and SSH port number as well as Serial ports. The default port number for telnet is "23" and for SSH is "22". Click "Next" after specify the ports.

In this step, if WAC Setup program detects the Telnet port or SSH port you specified was already occupied by other services, then when you click "Next" you will be prompted to change the port number with a pop-up message. If you just like to use the present port anyway, click "Yes" on the message, if you like to specify another port, click No", then you have to try other port number like "24, 40, 80...".

NOTE:

At a later day, if you want to change these port numbers, you can use WAC CONFIG tools -- WACMAN.EXE and WAC CONFIG.EXE to do the changing.

Succeeded Screen

-- Up to now, all the required information for WAC Server Setup has been collected and installed. Just click the "Finish" button to complete the installation when you see the Setup successful notification screen.

Page 17 of 231

WAC Manager

-- Congratulations, you have now accomplished your WAC Server

setup excursions and are ready to start using it.

Now you should see a pop-up GUI window, this is one of WAC CONFIG tools -WAC Manager, almost WAC Server settings are completed here. Before start a connection with WAC Server, just use this program to configure WAC server by clicking the setting category index on the left side pane.

Express Upgrade, Update or Re-setup

In case you want to update the installation or resume from a cancelled or failed installation, you can run the SETUP.EXE program and go on the setup procedure again, and again if needed.

x If you just want to expressly upgrade WAC Server using existing settings, run

SETUP.EXE, and press "Express Update" button update WAC Server.

x If you just want to update WAC Server with some port numbers changing, run

SETUP.EXE, and click "Next" button to go to the page that contains "Update" button, press that button to continue your update process.

x If you just want to install WAC Server into a new place, run SETUP.EXE, and click

"Next" to go to the page that contains "Re-setup button", press that button to continue your re-setup process. And after successfully reinstalled, you can remove those installed files in previous installation directory.

Setup Affection

The following is a list of what the WAC Server setup will affect your system:

1. A installation directory will be created for you if not previous existing, this directory

is specified by user during installation;

2. WAC Server executable and WAC applications are copied to this installation

directory;

3. A "Program Group" called "Foxit WAC Server" is created, it includes two shortcuts,

the first is Uninstall, and the second is WAC Server Manager. And the WAC Server Manager was automatically created at desktop as a shortcut;

4. A special print port called "WAC:" (

a special printer "WAC_PRINTER" (Fig.2) appears in your available printer lists if you have installed "Generic / Text Only" driver on your computer;

Fig.1

) appears in your available printer ports. And

Page 18 of 231

Fig.1

Fig.2

5. A registry key is created as" HKEY_LOCAL_MACHINE\Software\ Foxit

Software\WAC Server"(

Fig.3

), all WAC Server configurations are kept under this key.

Page 19 of 231

Fig.3

6. A file named "pubkey.txt" is generated in the installation directory, it contains the

SSH server public key, you should export this file to your SSH clients if you want them to verify the server;

7. A service named "Foxit WAC Server" will be created if not previously existing. This

service will be set to "Auto" start which means the WAC Server will be started automatically when system restart;

8. The "Telnet" service (Microsoft's telnet server) will be stopped, and disabled so it

won't get started when system restart (if you still want to keep Microsoft telnet server, you should change the WAC Server's telnet port, and manually re-enable the Microsoft telnet service);

9. The WAC installation directory is added to the system path.

Uninstall

To remove WAC Server from your system, simply click Start, and go to Programs, find the Foxit WAC Server line, and run the UNINSTALL.EXE file. It will undo all the changes made by the installation process, except the Microsoft Telnet Server will stay disabled, if you want to enable it, go ahead and use the Windows Service Manager.

Page 20 of 231

CHAPTER THREE

Getting Started

To access WAC Server, you can use WAC Native Clients, or Other 3rd party clients. And even you can authenticate yourself by using user public key over other compliant SSH clients.

This chapter contains the following three sections: x The “ Connecting Using WAC Native Clients” section briefly introduces ways to open

WAC Native Clients to connect with WAC Server. Details of this section are provided in Chapter Seven of Part Two – WAC Native Clients.

x The “ Connecting Using Other 3rd party Client” section introduces some notices when

using 3rd party clients like terminal settings, screen size adjustment.

x The “ Authenticating Using User Public Key” section briefly introduces how to

authenticate to WAC Server using the compliant SSH client. Details of this section are provides in Chapter Five – User Public Key Authentication.

Page 21 of 231

Connecting Using WAC Native Clients

Follow the following instructions to open WAC Native Client Window. x On the local server machine, you can open the client window from the Run line, the

command prompt or the icon in the WAC Server installation directory.

For example, from the Run line, click Start, click Run, in the Open line, input "wacterm <IP Add or Host Name> or wacssh <IP Add or Host Name>", and click Ok. If you are connecting to the local host, on the Run line, simply type "wacterm localhost or wacssh localhost ".

At this point, WAC Client window is open with being connected, and you get WAC Server logon banner such as welcome text, evaluation number and host information, and the prompt for username and password to login.

x On the remote client machine, you can open the client window by directly clicking

the WAC Client desktop shortcut icon.

At this point, WAC Client Windows is open with prompt for the IP address or host name of the machine you are connecting to.

For further information about connecting using WAC Native Client, see “ WAC Native

Clients -- Getting Started” .

Connecting Using Other 3rd Party Client

To connect to WAC Sever using 3rd party client, you might need to make adjustments to some of the settings (like "terminal settings or size") of your client programs to get the best result.

Adjust Terminal Settings

In this section we will be discussing some settings on “ VTNT” , “ Other terminals” , and “ Keyboard mapping.

VTNT

An alternative client is Microsoft's telnet client for Windows 2000 and later. If you are not running Windows 2000/XP on your client machine, you can actually copy the TELNET.EXE file from a Windows 2000 machine and try to run it on your other

Page 22 of 231

Windows platform. This telnet client supports a special terminal type called VTNT, which is defined by Microsoft and supported by WAC Server.

VTNT takes full advantages of PC keyboard and output attributes, but it doesn't support mouse operations, is not quite convenient for all those WAC applications.

There are some other terminal products on the market that support VTNT terminal too.

Other Terminals

If you use clients other than WAC Native Clients or VTNT, make sure your terminal is set to DEC-VT compatible mode, or ANSI compatible mode. Please note: some terminals claim to be DEC-VT compatible or ANSI compatible, they are actually not. So if you experience some problems like messy screen or input inconsistency, you should take a look at the settings of those terminals, or use another better terminal program, like KoalaTerm from Foxit. (http://www.Foxitsoftware.com/download.htm)

The character set of the terminal, if possible, should be set to "MS-DOS" or "IBM-PC" character set, which will allow you to display most of the special characters in the Windows console screen.

If your terminal support mouse, please set it to DEC compatible mode so the mouse movement and click events can be correctly sent to the server applications.

The recommended minimum terminal screen size is 80x25, which will allow you to run most of the console applications without program. WAC applications support larger terminal size too.

Keyboard Mapping

If your terminals other than WAC Native Clients or VTNT, you need to carefully set your keyboard mapping if you want to make use of special function keys and key combinations like ALT-keys.

Keyboard mapping means you can change the settings in your terminal program so when you press certain key or key combination at the terminal, some code sequence will be sent to the server.

You have to set the keyboard mapping of your terminal in such a way that the code sequences can be recognized by WAC Server so your server application gets the correct keyboard code information.

For a list of code sequences recognized by WAC Server (equivalents of VT terminal keys are also listed), see Appendix B.

Page 23 of 231

Resize terminal screen

While standard size for DOS command prompt is 25 lines and 80 characters per line, and that's suitable for most of the case, you might found this standard size needs to be changed sometimes.

You might think your screen should display more contents and of course, your monitor is large enough to hold a large window, then you can increase the terminal size of your WAC session.

WAC Server detects the terminal size when the session is connected, therefore, you need to re-logon if you want to use another terminal size.

If you use a serial terminal to connect with WAC Server, there is no way for WAC Server to automatically detect the terminal screen size, so WAC Server assume all terminals connected through serial ports have the size of 80x24 which is the default size of VT serial terminals. If your terminal actually has a different screen size, you have to tell the server about it, using the following command:

WAC term [<port name>] [Width=<Mw>] [Height=<ah>]

For example: WAC term COM1 width=80 height=25 NOTE: You have to log out from the port and re-logon again to make the new size

effective.

Authenticating Using User Public Key

Except the username/password authorization, WAC Server also supports public key authentication for SSH2. If you want to use public key to logon, you need to do the followings:

x Generate a public/private key pair using the generation utility of your SSH client

program (WACSSH client doesn't support user public key authentication, so you have to use other SSH 3rd client to do this.);

x Copy the public key file to server, and on the server machine, execute "wac userkey

add <filename> <username>" command to add the key file to server accepted public

key list;

When logon, choose the private key in the client program.

Page 24 of 231

The first time logon using public key will always be rejected, unless you the user doesn't have a password. You need to input the server's password for the user. Once the password accepted, you won't need to input password again.

NOTES:

x Please note some clients might have bugs with the standards, if you experience

problem with third party clients, please change the SSH version or cipher algorithm settings and try again.

x For more detailed information, see “ User Public Key Authentication” .

Page 25 of 231

CHAPTER FOUR

Working with WAC Server

This chapter contains the following nine sections:

The “ Managing Sessions” section introduces the command line utilities and console tool that can be used to manage the session, and described what operations you do in an interactive session with those utilities.

x The “ Managing Services” section introduces the command line utilities and console

tool that can be used to manage the session and briefly described what you can do with those service utilities.

x The “ Managing User and Group” section introduces the console application that can

be used to manage the user and group on the remote host machine, and provides some tips on for the XP system users.

x The “ Managing System Tools” section introduces some tools that facilitate your

remotely managing the host system, like “ Event Viewer” , “ System Information” , “ Process Viewer” and “ Registry Editor” .

x The “ Managing Files” section introduces some tools that facilitate your remotely

managing files and resources on the host machine, like “ Text Editor” , “ Binary Editor” and “ WAC Explorer” .

x The “ Checking Mails” section introduces a tool that facilitates your remotely

checking and composing outlook inbox mails on the host machine, like “ WAC Inbox” .

x The “ Chatting” section introduces a tool that facilitates your starting an instant chat

dialog with the online current users during a session.

x The “ File Transfer” section introduces on “ file transfer server side configuration” ,

“ file directories” and “ sending files with three WAC tools” .

x The “ WAC Command Line Utilities” section provides detailed introductions to all

WAC command line utilities and their usage.

Page 26 of 231

Managing Sessions

Each log-on connection is called a "session" in WAC Server. The maximum number of concurrent session allowed in a WAC Server is determined by the license number you purchased. For evaluation users, maximum 2 sessions can be logged onto the server at the same time.

You can view and change the other session information using the WAC session management utilities. To manage the sessions, you must be a member of the server's administrator’ s group. Otherwise you can only do something on your own session(s).

Session Managing Utilities

In a WAC Server session, users in the administrator’ s group can perform many useful tasks with session managing utilities, including a full-screen console application "Session Manager" and a handful of command line Utilities

x The "Session Manager", a text-based application, displays the current users and

provides methods to watch, control, take over, reconnect to and abort a session, to send messages or broadcast system messages to users. To run it from the command line, type SesMan and press Enter. See WAC Toolkit – “ Session Manager” in Part Three.

x The command line utilities including "wac who", "wac whoami ", " wac send", " wac

watch” , “ wac control” , “ wac takeover” , and "wac abort". These command tools serve for you to manage the sessions from the command prompt. See Chapter Six Command Line Utilities in Part Two.

For what you can do with these session utilities, See “ Session Inter-operations” section below.

Session Inter-Operations

There are a lot of things can be done between WAC Server user sessions. In this section, we just succinctly guide you through the session inter-operation. If you want the detailed how-to instructions, you need to refer to their respective help documents.

Page 27 of 231

Session Info View

WAC Server provides a mechanism for users to view and observe all current active user sessions. The session Info contains the “ Session ID” , the “ Username” , the “ Port Type” , the “ IP Address” , the “ Term” (client name), and the “ Connection Start Time” .

View All Current Active Sessions Info

x When you start “ Session Manager” , you will see a list of all current sessions, when

there are new sessions and session terminated late, the list will automatically updated with highlighting flicker.

x At the command line, you can use "wac who" to get a list of all current sessions.

View Your Current Active Session Info

x At command line, you can use "wac whoami" to get information about the session

you are currently working in.

Alert messages

WAC Server provides a mechanism for users to post short messages to other session(s). The message will pop up on the other session's screen, and the screen will be frozen until the user press any key to dismiss the message and return to normal screen.

You can post the message to a particular session or all sessions under a particular user, or broadcast messages to all active sessions (yourself will get that message too!).

Post Message to Particular Session

x In "Session Manager", select the session you want to post message to, and select

Message button.

x At the command line, you can use "wac send <session id> <message>” command to

send message to the session under this session ID. Or use “ wac send <username> <message>” to send message to the session(s) under this username.

Page 28 of 231

Broadcast Message to All Sessions

x In "Session Manager", select the session you want to post message to, and select

Broadcast to send message to everyone.

x At the command line, you can use "wac send all" command to send messages to

everyone.

Session Watch

WAC Server provides a mechanism for authorized users to watch, control, take over, and reconnect to other session's screen. You have to be a member in the administrator’ s group to do this. Also you can always watch the session under the same user name as yours.

Session watch features are very helpful if you want to monitor remote sessions, or do remote demonstration. They also are great powerful training/ QA tool

Monitor Other Session

When the screen of another session is monitored, the output of the watched session will appear on both watched session and watcher session. More than one watcher can watch the session at the same time

In “ Session Manager” , select the session you want to watch, and select Watch

button, to end the watch state, press Enter key.

At the command line, you can use “ wac watch <session id> |<username>” command

to watch, press Enter key to end watch. NOTES: x In WAC Server, you can use “ User Admin Settings” in WAC configuration tools to

configure a particular user or user group to monitor your session (See Chapter Five “ Specify the Watching Users” ).

x You can't monitor the session you are currently working on, because that doesn't

make sense.

Control Other Session

When the session is controlled, the session is under interactive input. Both you and the other side user can enter data into the session. To end the session control, press <ctrl -d>

Page 29 of 231

x In "Session Manager", select the session you want to watch, and select Control

button, to end the control, press <ctrl-d> key.

At the command line, you can use "wac control <session id> |<username>"

command to control, press <ctrl-d> key to end control.

NOTES:

x In WAC Server, you can use “ User Admin Settings” in WAC configuration tools to

configure users or user groups to control your session (See Chapter Five - Specify the Controlling or Takeover Users).

x You can't control the session you are currently working on, because that doesn't make

sense.

Take Over Other Session

When the session is taken over, only you can do the operations on the session, while the other side session is disabled and not able to enter any data except watching the session.

x In "Session Manager", select the session you want to watch, and select Takeover

button, to end the takeover, press <ctrl-d> key.

x At the command line, you can use "wac takeover <session id> |<username>"

command to take over, press <ctrl-d> key to end takeover

NOTES:

x In WAC Server, you can use “ User Admin Settings” in WAC configuration tools to

configure users or user groups to take over your session (See Chapter Five - Specify the Controlling or Takeover Users).

x You can't take over the session you are currently working on, because that doesn't

make sense.

Reconnect to Session

During watching the session, if needed, you can reconnect to a broken or active session, and continue work on that session.

When you perform the Reconnect task, your current session is actually terminated, and at once got reconnect to the session you selected. If it is a broken session you reconnect to, the broken session will be recovered and appears in your current session. If it is an active

Page 30 of 231

session you reconnect to, the original active session will be aborted and at once becomes into your current session.

x In "Session Manager", select he session you want to reconnect to, and select

Reconnect button, your current session will be terminated and at once switched to the selected session.

x At the command line, you can use "wac reconnect <session id> |<username>"

command to reconnect, your current session will be terminated and at once switched to o the selected session

NOTES:

x Besides this watching Reconnect feature, WAC Server also provides another

Reconnect feature that allows you to automatically reconnect to a broken or an active session the next time when re-log in. And this can be accomplished by setting up Auto Reconnect in “ User Admin Settings” within WAC configuration tools (See Chapter 5).

x Broken sessions are created when the Keep Session value in “ User Admin Settings”

page is set and a connection has got broken illegally, and the user has not yet reconnected to their broken session. (See Chapter Five - Broken Session Keeper )

x You can't monitor, control, take over and reconnect to the session you are currently

working on, because that doesn't make sense.

Abort Session

You can abort a particular active session or a broken session (this will abort all running applications of that session and disconnect it), if you are authorized: you have to be the same user, or a user in the Administrator’ s group.

In "Session Manager", select the session you want to abort, and select Abort button.

At command line, use the "wac abort <session id> |<username>" command.

Managing Services

On your server system, there might be running a lot of services. Often you need a service management program to look after them.

On your host system, you can use the Windows “ Services" to perform the tasks. This tool can be found inside the "Administrative Tools" group.

Page 31 of 231

You can also use the WAC service management utilities to perform the tasks, locally and remotely. See WAC Service Managing Utilities.

NOTE: You might need to be logged on as an administrator or a member of the administrator’ s group. Otherwise some features of service management utilities are unavailable.

WAC Service Managing Utilities

After logon to the remote host machine via WAC Server, you might want to disable or enable some services that are on the background, or to view and change some service properties. To do all the changing to services, you can use the WAC “ Service Manager” . And many times, you might need to manage service system such as shutdown or reboot a remote host machine, and change the system logon password, all this can be accomplished by the WAC command line service utilities inside WAC Server.

x The "Service Manager", a text based application, displays all services running on

your host machine and provides methods to start/stop/restart the services, to modify the service properties and even connect to another computer and do operations. This program functions like Windows ‘ Services” yet with some better features. To run it from the command line, type svcman and press Enter. See WAC Toolkit – “ Service Manager” in Part Three.

x The command line service utilities including "wac shutdown | reboot", "wac

password" and “ wac disable | enable telnet | ssh | serial” . These command utilities serve for you to manage the remote service system from the command prompt. If you want to manage Foxit WAC Server from the command line, you can use “ WAC start | stop | restart” command to do.

NOTE:

x For the how-to instructions with the WAC service managing utilities, please refer to

their respective help documents. Here is the brief list of what you can do with these utilities:

 Shutdown a computer from the command line;  Reboot a computer from the command line;  Change login password from the command line;  Start, stop and restart WAC Server from either the command line or SvcMan;  Disable or enable the telnet, ssh or serial port service from either the command

line or SvcMan;

 View and manage all remote services from the SvcMan;  Connect to another computer from the SvcMan;  View and change the services’ properties from the SvcMan;  More…

Page 32 of 231

Managing User and User Group

WAC Server acts like a gateway between the host (Windows) machine and the client machine, so to log onto WAC Server is actually to log onto the host machine. You should use your Windows user account (including username and password ) to try to logon, as if you are sitting in front of the machine and trying to logon.

Thus if you want to create a new user account, or change some settings of the exiting accounts, you should need at least a user management utility.

On your local host machine, you can use the Windows "Local Users and Groups" to perform the tasks. This application can be found in "Administrative Tools > Computer Management > Local Users and Groups".

You can also use WAC user management utility to achieve the tasks, locally and remotely. See User Managing Utility.

User and Group Managing Tool

Often in a WAC session, you might need to manage the user account on the host machine and / or create new account for the user. WAC Server provides you a full-screen application --"User Manager" to help you achieve this task.

x The WAC "User Manager" was designed to view and manage the host users and

groups in a session environment. You can use this program to view, add or delete users and user groups, and even more. It functions just like Windows "Local Users and Groups" except it is a text-based application. To run it from the command line, type UserMan and press Enter. See Chapter Ten – “ User Manger” in Part Three.

Tips for Windows XP Users

Windows XP allows you to create user accounts without password required, and you might think it's very convenient to logon without a password. Yet this will cause logon failure when you log on to WAC Server. Windows XP has a setting called "Limit local account use of blank passwords to console logon only", and by default, this setting is enabled, that means you can't logon to Windows system through other means without passwords except sitting at the machine and click on the user icon.

If you want to logon XP through WAC Server, you either need to assign a password to your user, or disable this setting using "Security Options" in "Local Security Policies".

Page 33 of 231

We strongly recommend you to add a password to your user, because it's very dangerous to allow user to logon from remote machine, without a password.

NOTE: "Security Options" locates at "Administrative Tools > Local Security Policies>Local Policies".

Managing System Tools

WAC Server provides ways for you to monitor the recorded system events, such as “ Event Viewer” ; to view the device information, such as “ System Information” ; to monitor the running processes, such as “ Process Viewer” , and to modify your system registry, such as “ Registry Editor” .

x To run “ Event Viewer” from the command line, type eventview and press Enter. For

more information about it, see WAC Toolkit - Event Viewer in Part Three.

x To run “ System Information” from the command line, type sysinfo and press Enter.

For more information about it, see WAC Toolkit - System Information in Part Three.

x To run “ Process Viewer” from the command line, type procview and press Enter.

For more information about it, see WAC Toolkit – Process Viewer in Part Three.

x To run “ Registry Editor” from the command line, type regedit and press Enter. For

more information about it, see WAC Toolkit - Registry Editor in Part Three.

Managing Files

Often in a session, you need to edit and manage files on your server machine. In a WAC session, there are three tools can be used to achieve the task:

x The "Text Editor", a powerful and efficient Windows text editor, much better than the

old DOS editor. To run it from the command line, type “ edit” and press “ Enter” .

x The "Binary Editor", a binary file viewer and editor. In this program, the file can be

opened at both text and binary format in one screen, and you can modify the text file by changing the binary file. To run it from the command line, type “ binedit” and press “ Enter” .

x The "WAC Explorer", a great text-only alternative to Windows Explorer. You can

use this program to manage your local and remote files simply by drag and drop actions, and even explore to your network neighborhood. To run it from the command line, type “ wacexplorer” and press “ Enter” .

Page 34 of 231

NOTE: For further information and how-to instructions, please refer to their respective help documents on the WAC Toolkit of Part three.

Checking Mails

If you have an Outlook mail account on your server machine, you have to often go there to take care of your mails if you not always be there physically. Now in a WAC session, you don't need to do that. WAC "Email Inbox" helps you to do this task.

x The "Email Inbox", is a text-based program that can access to your Outlook Inbox

and display all messages in front of you. In this program, you can view, compose and reply emails, and even store your mail address. To run it from the command line, type

inbox and press Enter.

Chatting

WAC Sever provides a chat utility -- "Phone" for you to start a chart dialog with someone who locates on your host machine. A message will pop up in the called user's screen, prompt the called user to use chat utility to answer. If there is no response in 20 seconds, WAC Server will drop back you a "call canceled" message.

WAC "Phone" (phone.exe) is a full-screen console chat application. To chat at Phone, you need to call the user first, when the other user accepts your calling request, you can only begin the chat. It is easy to do, simply enter your text into the typing screen, and the responses will be got display in the displaying screen.

To run "Phone" from the command line, type "phone" and press "Enter". For detailed information, please see WAC Toolkit – Chat Tool in Part Three.

File Transfer

WAC Server provides a very convenient way for you to remotely access your server from your desktop PC, you can do a lot on the remote server with WAC applications as well as command line utilities, but sometimes you may want to exchange some data, i.e.; doing file transferring between your desktop PC and the server.

Although there are a lot of ways to do the file transfer, in the WAC environment, the best way is through file transfer facilities that built-in with WAC native clients or WAC Server.

Page 35 of 231

Configuring File Transfer on Server Side

File transfer is one of WAC Server build-in utilities, so you can use one of WAC configuration tools to control the file transfer on the server side, like disabling or enabling the file transfer service, or conditionally enabling the file transferring service: server to terminal only, terminal to server only, or both ways interactively. Here are the instructions:

x If you use WAC Manager (wacman.exe), you need to go to the “ Server Global

Settings” page, and then modify the “ File Transfer for WAC Native Clients” .

x If you use CONFIG.EXE, you need to go to the “ Server Settings” page, and then

modify the “ FileTransfer” value.

For detailed instructions, see Server Global Settings – “ File Transfer” .

File Directories

Before you do the transferring, you might want to change the directory of the file. It involves two directories: the local directory on the machine running WAC Native Clients (WACTERM or WACSSH), and the remote directory on the server.

When you do file transferring, the file is looked up in the sending machine's current directory and will be placed in the receiving machine's current directory.

To change the directory of the file, you need to press Ctrl+} to temporarily leave the WAC talking session and shift to the command screen of WAC Native Clients.

x To change the local directory, use "LCD" command, for example:

WACSSH> lcd mydir

If you want to see the current local directory, just type "LCD":

WACSSH> lcd x To change the remote directory, use "CD" command, for example:

WACSSH> cd mydir

If you want to see the current remote directory, just type "CD"

Page 36 of 231

WACSSH> cd

NOTE: For further information about the commands, see "WAC Client Command line Utilities" in Chapter Eight of Part Two.

If you don't specify the file directories, WAC Clients will set the local current directory as the current directory when you run the WAC Clients, and WAC Server will set the remote current directory as the user's initial directory (

Initial Directory"

directory available. When you run "WAC Explorer" (wacexplorer.exe), it automatically set the remote

current directory to the directory currently listed in "WAC Explorer", this will give you much convenience to send files to server when you run "WAC Explorer" on the server, just explore to the directory you want to place the received file, and issue "SEND" in the command screen.

However, if you don't want the file to be placed in WAC Explorer's current directory, you can always use "CD" command to override the remote current directory before you send.

), or set the installation directory of WAC Server in case of no user initial

see User Admin Settings - "Logon

Sending Files to Server with WAC Client Command Utility

When you want to send files on your local machine (where WAC Clients are running on) to the machine on which the WAC Server is running, you should press CTRL-] to switch to the command screen of WAC Clients, and use "SEND" command, for example:

WACSSH> send myfile.txt

If you want to send more than one files, you can use wildcard characters (*) in the command, like:

WACTERM> send *.txt

Right now, directory structures can't be transferred over the WAC Clients commands, you may use WAC Explorer to create the directory structure on server first then do the transfer for each of the directories.

In case you want to send some file that's not in the local current directory, you can either use "LCD" command to change the local current directory, or directory type relative or absolute path of the file in "SEND" command, like:

WACTERM> send...\mydir\myfile.txt

Page 37 of 231

Or WACTERM> send c:\mydir\myfile.txt

NOTES:

x This kind of command won't change the local current directory. x To quit the WAC Clients command screen and return to terminal session, press

"Enter" or "Ctrl -]" again.

x For more information about WAC Clients commands, see "WAC Client Command

Line Utilities" in Chapter Eight of Part Two.

Sending Files to Terminal with WAC Explorer

To send files from the server machine to your desktop machine on which WACTERM or WACSSH is running, you can use the "WAC Explorer" (WACEXPLORE.EXE). You can start the File "WAC Explorer" from the user menu when you log on to WAC Server, or type "WACEXPLOER" at the command prompt.

In the "WAC Explorer", there is a menu item "Send" under the "File" menu, when you selected a text file in the file list, you can select this menu item to send to file. The figure below is the example.

Right now you can only send one file at a time, and the sending will be done at background so when it's sending, you should be able to continue with your "WAC Explorer" session (of course, due to the communication usage, you'll experience some slow down).

Page 38 of 231

During the file transferring, you can't start the sending for another file. You have to wait for the current file to be finished. In future version of WAC Server, a queue will be implemented allowing a bunch of files to be started at the same time.

In case the file is rejected by the receiving machine (due to access denied, or out of disk, etc.), you will see an alert message popping up on the terminal screen, you'll have to resend that file again after the problem got fixed. The figure below is the example.

NOTE: For more information about "WAC Explorer", please see "WAC Explorer" in Part Three.

Sending Files to Terminal with WAC Command Line Utility

When you logged onto WAC Server, at command prompt, you can directly use WAC Command Line tool (WAC.EXE) to send files to your client machine.

The command syntax is:

WAC SendFile <filename> like: WAC SendFile myfile.txt WAC SendFile ...\mydir\myfile.txt WAC SendFile c:\mydir\myfile.txt

NOTE: For more information about the "send" command, please see "WAC SendFile" in the "WAC Command Line Utilities" section.

Page 39 of 231

Right now you can only send one file at a time, and the sending will be done at background so when it's sending, you should be able to continue with your session (of course, due to the communication usage, you'll experience some slow down).

WAC Command Line Utilities

Within a WAC session, including the great WAC Toolkit applications, you can also use the command line utilities to do the remote administration.

WAC command utilities are command line executive programs. Most of them are embraced in an executive program called "wac.exe", which resides in WAC Server installation directory. Thusly, if you want to get all the command line help files, just issue "wac" at the command line, and you should get a list of help information shown as the following figure.

WAC Command Line Help Files

Page 40 of 231

WAC Info

Display your remote operating system information, such as "host name, version#, service state, etc".

Example:

To display your host machine operating system during a WAC session, at the command prompt, type "wac info", then type "Enter".

WAC Who

Display a list of information of all concurrent users on the host machine such as "Session ID, User Name, Client Type, IP Address and Port, Protocol, Start Time etc".

Example:

To find who are currently working on your host machine, at the command prompt, type "wac who", then type "Enter". You should get a list of elements that something like the following figure:

WAC WHO INFOMATION

NOTES:

x You can also use "Session Manager" to perform this task. x The above figure, except telling you the basic user information, it also speaks: there

are five sessions that have been created on you host machine, only two (#3 and #5) are currently active. Then where are the other sessions? Why they aren’ t shown? The reason is:

x During a WAC connection, unless WAC Server service is restarted, WAC Server

holds records of every logon session no matter this session is currently active or already disconnected. On the other hand, however, WAC Server display only the currently existing sessions when you use the "wac who" or "Session Manager" to view the session information. Thus naturally, when there are logon and logoff users in a WAC connection, there would always be absent sessions.

Page 41 of 231

x If you want to track information of those absent sessions, you can go to WAC

Server installation directory, find the folder named "Logfiles" inside which all the daily basic logon information is recorded there.

WAC Whoami

Display the information of the current active session that you are working with, such as "Session ID, User Name, Client Type, IP Address and Port, Protocol, Start Time etc".

Example:

To view your own information, at the command prompt, type "wac whoami", then type "Enter". You should get a list of elements that something like the following figure:

WAC WHOAMI INFORMATION

WAC Send

Post short messages to the particular session or all sessions under the same user name, and broadcast messages to all active sessions as well.

Examples:

x To post message(s) to the particular session, using this command:

WAC send [<session ID>] [<"message">]

i.e.; wac send 5 "hello John" x To send message(s) to all sessions under the same user name, using this command:

WAC send [<user name>] [<"message">]

i.e.; wac send Administrator “ hello John " x To broadcast message(s) to all active sessions, using this command:

WAC send [<all]> [<"message">]

i.e.; wac send all "how are you"

NOTES:

Page 42 of 231

x The quotation marks ("") for messages are mandatory when your message is more

than one word.

x You can also use "Session Manager" to perform this task.

WAC Watch

Monitor other user's active session screen.

Examples:

x To watch other screen by user's session ID, using this command:

WAC watch [<session ID>]

i.e.; wac watch 5 x To watch other screen by name, using this command:

WAC watch [<user name>]

i.e.; wac watch John

If there are several active sessions under the name as John, WAC Server will list all

these active session IDs for you to select. In this case, you should choose a session

ID from the list, and then you are possible to watch other screen. If you want to exit

this watch action, type <ctrl – d>.

NOTES:

x You have to be a member in the administrator's group to do this. x You can't watch the session you are currently working on, because that doesn't make

sense. But you can watch the session under the same name as yours.

x You can also use "Session Manager" to perform this task. x You can also use “ WatchUsers” in “ User Admin Settings” within WAC configuration

tools to configure a list of users to watch your session. See Chapter Five - User Admin Settings - “ Specifying the Watching Users” .

WAC Control

Monitor other user's active session screen with interactive input.

Page 43 of 231

Examples:

x To control other screen by user's session ID, using this command:

WAC control [<session ID>]

i.e.; wac control 5 x To control other screen by name, using this command:

WAC control [<user name>]

i.e.; wac control John

If there are several active sessions under the name John, WAC Server will list all

these active session IDs for you to select. In this case, you should choose a session

ID from the list, and then you are possible to control other screen. If you want to exit

this control action, type Ctrl -D.

NOTES:

x You have to be a member in the administrator's group to do this. x You can't control the session you are currently working on, because that doesn't make

sense. But you can control the session under the same name as yours.

x You can also use "Session Manager" to perform this task. x You can also use “ ControlUsers” in “ User Admin Settings” within WAC

configuration tools to configure a list of users to watch your session. See Chapter Five - User Admin Settings - “ Specifying the Controlling and Takeover Users” .

WAC Takeover

Monitor other user's active session screen with disabling input of the original side. Once a session is taken over by you, only you can do operations on the session, while the other side can do nothing except watching.

Examples:

x To take over other screen by user's session ID, using this command:

WAC control [<session ID>]

i.e.; wac control 5 x To take over other screen by name, using this command:

Page 44 of 231

WAC control [<user name>]

i.e.; wac control John

If there are several active sessions under the name John, WAC Server will list all

these active session IDs for you to select. In this case, you should choose a session

ID from the list, and then you are possible to take over other screen. If you want to

exit this takeover action, type Ctrl -D.

NOTES:

x You have to be a member in the administrator's group to do this. x You can't take over the session you are currently working on, because that doesn't

make sense. But you can take over the session under the same name as yours.

x You can also use "Session Manager" to perform this task. x You can also use “ ControlUsers” in “ User Admin Settings” within WAC

configuration tools to configure a list of users to watch your session. See Chapter Five – User Admin Settings - “ Specifying the Controlling and Takeover Users” .

WAC Reconnected

Reconnect to an existing (broken or active) session while watching the session.

When you select a session and reconnect to it, on your side, your current session is terminated and at once got reconnected to the selected session; on the selected side, his/her session is automatically aborted, and then becomes into your current session.

Examples:

x To reconnect to an existing session by user's session ID, using this command:

WAC reconnect [<session ID>]

i.e.; wac reconnect 5 x To reconnect to an existing session by username, using this command:

WAC reconnect [<user name>]

i.e.; wac reconnect John

If there are several existing (broken or active) sessions under the name John, WAC

Server will list all these active session IDs for you to select. In this case, you should

Page 45 of 231

choose a session ID from the list, and then you are possible to reconnect to other

session.

NOTES:

x You have to be a member in the administrator's group to do this. x You can't reconnect to the session you are currently working on, because that doesn't

make sense. But you can reconnect to the session under the same name as yours.

x You can also use "Session Manager" to perform this task. x Besides this watching Reconnect feature, WAC Server also provides another

WAC Abort

Kick off a session including all running applications under this session.

Examples:

x To abort and disconnect a session by session ID, using this command:

WAC abort [<session ID>]

i.e.; wac abort 5 x To abort and disconnect a session by a user name, using this command:

WAC abort [<user name>]

i.e.; wac abort John

If there are several active sessions created by the user John, WAC Server will list all

the active session IDs for you to select. In this case, you should choose a session ID

from the list, and then you are possible to abort the user's session. If you want to

cancel this action, just type "0" (zero).

NOTES:

x You have to be the same authorized user, or a user in the "Administrators" group. x You can also use "Session Manager" to perform this task.

Page 46 of 231

WAC Port

View and change WAC communication port settings. WAC port includes such parameters: “ Baud rate” , “ Data length” , “ Parity check” , and “ Stop bits” .

Examples:

x To view the current port parameters, using this command:

WAC port [<port name>]

i.e.; wac port com1 x To change WAC port parameters, using this command:

WAC port [<port name>] [Baud=<b>] [Parity=n|e|o] [Data=<d>] [Stop=<s>]

i.e.; wac port com1 baud=9600 parity=n data=8 stop=1

NOTES:

x Where <port name> is the name of the port you want to use, like "COM1". x You can also use “ Communication Settings” within WAC configuration tools to this

port setting. For further information, see Chapter Five – Serial Port Settings - “ Set the Communication Parameters” .

x Please note the changed terminal port only takes effective after you re-logon on WAC

Server.

WAC Term

Set a different serial terminal screen size. The default serial terminal size is 80x24.

Examples:

x To view current terminal information, using this command:

WAC term [<port name>]

i.e.; wac term com1 x To reset the display size of your screen buffer, using this command:

WAC term [<port name>] [Width=<w>] [Height=<h>]

i.e.; wac term com1 width=80 height=25

Page 47 of 231

NOTES:

x The changed terminal size only takes effective after you re-logon to WAC Server

using the port, because WAC Server detects the terminal size only when session got started.

x You can also use “ Communication Settings” within WAC configuration tools to this

port setting. For further information, see Chapter Five – Serial Port Settings - “ Set the Communication Parameters” .

WAC Start | Stop | Restart

Disable or enable Foxit WAC Server service by executing start, stop or restart task.

Examples:

x To start WAC Service, do like this:

At the command line, type wac start, and then type Enter. You should see an "Operation success" message if WAC Server service has been started.

If the WAC Service has been stopped on your host machine, you can't create any connection from your client machine before it is started, you have to go to the host machine to start it by the command prompt, Windows "Services", WAC "Service Manager" or WAC Manager.

If you have copied WAC "Service Manager" into your client machine, you can use it to remotely start WAC Service. For instructions, please see "Connect to Another Computer" in the "Service Manager" section of Part Two.

x To stop WAC Service, do like this:

Within a WAC session, at the command line, type wac stop, and then type Enter. Your current session connection will be closed.

Use this command, WAC Server will close and disconnect all your current terminal sessions before it is stopped and you can't get connected again until the WAC Server is restarted. So if you want to reconnect shortly after stop the service, it is better to use wac restart.

x To restart WAC Service, do like this:

At the command line, type wac restart, and then type Enter. Your current session connection will be closed.

Page 48 of 231

This command will also close and disconnect all your current terminal sessions, but you can reconnect after a short period of time.

WAC disable | enable Telnet | SSH | Serial

Turn on or off WAC Telnet, SSH, and Serial Port Service. After disabling any of the service, you are not able to connect with WAC Server over this service any longer until enabling it again.

Examples:

x To disable or enable Telnet service, do like this:

At the command line, type wac disable telnet or wac enable telnet, and then press

Enter. You will be prompt to confirm your action, conform it, press Y, otherwise press N.

x To disable or enable SSH service, do like this:

At the command line, type wac disable ssh or wac enable ssh, and then press “ Enter” . You will be prompt to confirm your action, conform it, press Y, otherwise press N.

x To disable or enable Serial Port service, do like this:

At the command line, type wac disable serial or wac enable serial, and then press

Enter. You will be prompt to confirm your action, conform it, press Y, otherwise press N .

NOTE:

x You can also use “ Server Global Settings” within WAC configuration tools to disable

or enable the Telnet, SSH, Serial Port service. See Chapter Five - “ Server Global Settings” .

WAC SendFile

Transfer files from WAC Server to your local client machine.

Example:

x To send file, using this command:

Page 49 of 231

WAC sendfile [filename]

i.e.;

wac sendfile myfile.txt

wac sendfile ..\mydir\myfile.txt

wac sendfile c:\mydir\myfile.txt

NOTES:

x Right now you can only send one file at a time, and the sending will be done at

background so when it's sending, you should be able to proceed with your session

x During the file transferring, you can't start the sending for another file. You have to

wait for the current file to be finished. In future version of WAC Server, a queue will be implemented allowing a bunch of files to be started at the same time.

x In WAC session, you can use more than one way to transfer files between you server

machine and client machine. For details, please see the "File Transfer" section in Chapter Four.

WAC Shutdown | Reboot

Shutdown or reboot a local or remote machine.

Examples:

x To shutdown a computer, do like this:

Within a WAC session, at the command line, type wac shutdown <plus the remote machine name>, and then type Enter, press Y when prompted to confirm.

If typing wac shutdown and pressing Enter will close down the local computer.

x To reboot a remote machine, do like this: Within a WAC session, at the command line, type wac reboot <plus the remote

machine name>, and then type Enter, press Y when prompted to confirm. If typing wac reboot and pressing Enter will restart the local computer.

Using this command option, the computer will be automatically started after a period of short time.

Page 50 of 231

WAC Password

Allow users to change the login password on your host machine. The user will be prompted for old password, new password and new password confirmation.

Example:

x To change the login password on your host machine, at the command line, type:

"wac password <plus login username>"

"i.e.; wac password John"

And then type the old password, new password, and finally confirm it. Users will

see a "Password has been changed" message if the password was changed

successfully.

NOTES:

x Every Windows user possesses a password and username. If you are an Administrator

and know this user's name and password, you can change it.

x You can also use “ User Manager” to change the login password for users or for

yourself. For more information, see Chapter One – “ User Manager” in Part Three.

WAC SSHKey

Allow you to regenerate the SSH server (host) key (see SSH Server Key Regeneration in Chapter Six).

Example:

x To regenerate the SSH server key, at the command line, type wac sshkey and press

Enter. You will be prompted to wait a moment while regenerating the key. And if

succeed, you will see an “ Operation Success” message.

NOTES:

x During installation, WAC Server automatically generates SSH server key for you and

stores the public key as “ pubkey.txt” into WAC Server installation directory.

x You can also use WAC Configuration tools to regenerate the SSH key. For more

information see Chapter 5 – “ Regenerate SSH Server Key” .

Page 51 of 231

WAC Userkey

Allow you to add a generated user public key to WAC Server, or remove a previously imported public key from WAC Server. You can also use WAC Manager to import the public key. See Chapter Five - “ User Public Key Authentication” .

Examples:

x To import the generated public key to the WAC Server, using this command:

WAC UserKey Add <Public Key File> <User Name> <password>

i.e.; wac userkey add c:\file path\pubkey filename John welcome

You will see an "Operation success" message if the public key has been imported to WAC Server.

Where:

x The <Public Key File> is the file name for the transferred public key. You should

tell the full path where public key file locates at.

x The <Username> is the name of Windows user who will use the public key to

authenticate later. Sometimes the public key file includes information about the user, in this case you don't need to supply the user name.

x The <Password> is the password of Windows user. If you provide password here,

you will be not asked for to provide password when login even though you are the first logon using the public key However if you don't provide the password here, you can just press Enter to ignore it if there requires password. See the “ User Public Key Authentication” section for more information.

The above command will register the public key into WAC Server registry and it will be got back to compare with the submitted public key later when the user tries to authenticate using public key method.

x To remove a previously imported public key from WAC Server, using this command:

WAC UserKey Del <User Name>

i.e.; wac userkey del John

You will see an "Operation success" message if the public key has been removed from WAC Server.

NOTE: You can also use WAC Manager to import or delete the user public key. For more information see Chapter five – User Public Key Authentication.

Page 52 of 231

Page 53 of 231

CHAPTER FIVE

Configuring WAC Server

This chapter includes the following three sections: x The “ Configuration Tools” section briefly describes the tools that can be used to

configure WAC Server, and the details are provided in the “ References” section.

x The “ Advanced Configuration Features” section gives an overview on the five parts

of WAC Server configuration settings and detailed introductions to the configuration meanings and how-to methods.

x The “ References” section exists to complement the above two sections.

Page 54 of 231

Configuration Tools

During the installation of WAC Server, you will be asked for some configurations like the port number of telnet or SSH service, the list of serial communication ports, local print port number etc., all these configurations are saved into server registry and are taken by the server when it starts. These configurations, along with some other settings, can be also modified after the installation using the following two WAC configuration tools:

Local GUI-based configuration program "WAC Manager (wacman.exe)"

Remote text-based configuration program "CONFIG.EXE"

WAC Manager and CONFIG.EXE actually functions alike in the server configuration except that WAC Manager is a GUI program that is desirable for local operation, and CONFIG.EXE is a console program that is desirable for remote operation. Most of configuration settings WAC Server provides that are set up in CONFIG.EXE can also be achieved in WAC Manager.

For setting instructions, please refer to “ Advanced Configuration Features” in the next session, for the tools, refer to the “ Reference” section.

Advanced Configuration Features – An Overview

In WAC Server, five head parts of settings constitute the advanced configuration features. They includes Server Global Settings, User Settings, Access Control, Serial Port Settings and SSH Settings.

x “ Server Global Settings” is the configuration for whole server. This head part can be

configured either by “ Sever Settings” in CONFIG.EXE, or by its appropriate settings page in WacMan.exe

x “ User Settings” , including “ User Preference” and “ User Admin Settings” . This part

can be configured either by “ User Preference” and “ Admin Settings” in CONFIG.EXE, or by “ User Preference for Current User” and “ User Admin Settings” in WacMan.exe.

x “ Access Control” , including “ User Access Control” and “ Host Access Control” . This

head part can be configured either by “ Admin Settings” in CONFI.EXE, or by “ User Access Control” and “ Host Access Control” in WacMan.exe.

x “ SSH Settings” is for all supported SSH services and SSH key settings. This head

part can be configured either by its appropriate settings page in CONFIG.EXE, or by “ SSH Settings” in WacMan.exe.

Page 55 of 231

x “ Serial Port Settings” is for serial port communication settings. This head part can be

configured either by “ Communication Settings” in CONFIG.EXE, or by “ Serial Port Settings” in WacMan.exe.

Server Global Settings

When working with WAC Server, you may want to disable or enable some configuration settings for whole server. WAC Server provides lots of global configurable settings for you to do. These settings include:

x User logon settings like “ domain settings” , “ max retry” , “ timeout” and “ logon

banner” ;

x Session settings like “ output redirection” and “ terminal update rate” ; x “ Telnet” , “ SSH” , and “ serial port” communication settings; x “ File transfer” , “ SFTP” , and “ anonymous account” settings; x “ LPT port” for client side print settings x “ Log Mask” and “ Log Path” for event logging file settings.

NOTES:

 After you have modified the settings, you must RESTART WAC Server to take

your changed configuration settings effective.

 All the above settings can be accomplished by either WacMan.exe or CONFIG.EXE.

User Logon Domain Name (UseDomain)

This configuration feature disables or enables the domain option when user logs on. If its value is enabled, when user connects to WAC Server, the server will ask the user for the domain name after the user name and password were asked for. This domain name will then to be used to verify the logon information.

If you disable this configuration, WAC Server won't ask the user for the domain name, then WAC Server will always use the local domain which means the user name and password are only checked locally.

Even if domain selecting is enabled, the user can also ignore the domain name by just press Enter when asked for the domain name. In this case the local domain is used. If you feel that all your users log onto the local domain only, disabling this configuration will be definitely more convenient for them because no need to press an extra Enter .

Page 56 of 231

The default value for this configuration is enabled, which means the user will be asked for the domain name he/she wants to log onto.

Here are instructions for domain configurations in either WacMan.exe or CONFIG.EXE: x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ ask for domain name when user logs on” . Check it to enable, decheck it to disable. By default, it is checked.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ UseDomain” , and then set “ 1” to enable, "0" (zero) to disable.

NOTE: You have to restart WAC Server service to take your changing effective.

User Logon Max Retry (MaxLogRetry)

The maximum number of retries will be allowed for each user logon. If the user still can't provide the correct user name and password information after this number of retries, WAC Server will disconnect the user connection.

Sometimes you might want to increase this number if somehow your users often can't get logged on within this particular number of retries, or, if serial port connection is used, since the serial port communication is not reliable, the logon might often fail due to the data loss or false data caused by the poor quality of the link.

But you should beware of large retries number being used, because this will provide convenience to those intruders who try to figure out the password by trying to logon again and again.

The default value for this configuration is 3, which means the server will disconnect if the user fails 3 times logging on.

Here are instructions for logon retry configurations in either WacMan.exe or CONFIG.EXE:

x If you use WAC Manager, you need to go to “ Server Global Settings” page, and there

is a setting called “ Max Logon Retry” , you can just enter the retry numbers in the adjacent edit box for it.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ MaxLogonRetry” , and then set the retry numbers for it.

NOTE: You have to restart WAC Server service to take your changing effective.

Page 57 of 231

User Logon Timeout (LogonTimeOut)

The maximum number of seconds for a period that the server waits for user input before it disconnect during the logon process. The user has to keep typing during the logon, if he/she keeps inactive for a period of time, the server will think that this guy don't want to logon anymore, or the link between terminal and server is actually broken, then the server will disconnect.

The default value for this configuration is 300, which means if you keep inactive for 5 minutes during the logon, you'll be disconnected. This is a quite long period actually. You might want to decrease it if you want to kick out those inactive or broken links as soon as possible.

Here are instructions for logon timeout configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ Logon Time Out” , you can just enter the timeout value for it in the adjacent edit box.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ LogonTimeout” , and then set the timeout value for it.

NOTE: You have to restart WAC Server service to take your changing effective.

User Logon Banner (LogonBanner)

The welcome text that got displayed on the top area in a client window upon connection before logging in, is called logon banner. See the figure below:

Logon Banner

Page 58 of 231

This feature is for licensed copy only. If you are a licensed user, you can change the logon banner as you want. Your banner will be viewed by all client users in the connecting period.

Here are instructions for logon banner configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ More Server Settings” page, and there is

a setting called “ Logon Banner” , you can just enter the banner contents for it in its adjacent edit box.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ LogonBanner” , and then in the edit line enter the banner contents for it.

NOTE: You have to restart WAC Server service to take your changing effective.

Global Agent Redirection (AgentRedirection)

This configure feature is used to control the way WAC session agent monitors the session output. WAC session agent has some effect on the output of some command line applications. For more information, please refer to Chapter One - “ WAC Session Agent” .

You can enable and disable the redirection, or conditionally enable and disable the redirection.

The default value is conditionally enabled, which means the server conditionally enable the redirection when using VT compatible terminal of such a kind, and disable the direction when using WAC Native Clients, VTNT of such a type of terminals

Here are instructions for redirection configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ Redirect Program Output” , you can just check the relevant box to ‘ not redirected’ , ‘ always redirected’ , or ‘ conditionally not redirected and redirected’ which is the default value.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ AgentRedirect” , then in the edit line set the value for it. “ 0” to disable, “ 1” to enable, “ 2” to conditionally enable and disable. The default value is “ 2” .

NOTES:

Page 59 of 231

x You have to restart WAC Server service to take your changing effective.

This “ Agent Redirection” is configured for the global server, yet, the system administrator can also configure this setting for a certain user or user group. For details, see User Admin Settings - “ User Agent Redirection” in this chapter.

Session Tick for Terminal Update (SessionTick)

As described in the "WAC Session Agent” section agent keeps monitoring the screen output by applications in the session, and if any changes found, the changes will be sent to the terminal. The session agent checks the output periodically and the period between two checks is controlled by this "Session Tick" configuration. The value for this configuration represents the number of milliseconds.

The default value for this configuration feature is -1, which means "ASAP", the session agent will pick an appropriate time interval for monitoring the session output.

Set a large interval for session agent will decrease the CPU usage of the session agents, but it will also increase the response time of sessions.

Here are instructions for session tick configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ Session Tick” , you can just enter the tick value in its adjacent edit box.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ SessionTick” , and then in the edit line set the value for it.

NOTE: You have to restart WAC Server service to take your changing effective.

(see chapter one)

, the WAC session

Telnet Service (EnableTelnet)

The telnet service can be turned on or off by this configuration feature.

Telnet service allows telnet clients to connect to the server and create user sessions. If disabled, when a telnet client tries to connect to WAC Server, it will get a "connection refused" or "can't connect" error.

Page 60 of 231

By default the telnet service is enabled. Sometimes you might need to disable the telnet service when you don't want to use it because:

x You are using another telnet server, and it will conflict with WAC Server's telnet

service (unless different port number is used, refer to the “ Telnet Port” configuration);

x You don't want the users to use the insecure telnet service, and you have SSH service

available to them;

x You experienced some problem with the WAC Server's telnet service and you want to

shut it down temporarily.

Here are instructions for telnet service configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ Enable Telnet” . Check it to enable, and de-check it to disable. By default the box is checked.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ EnableTelnet” , and then in the edit line set the value for it: “ 1” to enable, “ 0” to disable.

NOTE: You have to restart WAC Server service to take your changing effective.

Telnet Port (TelnetPort)

The TCP port which the WAC Server's telnet service listens on. By default, telnet service listens on port number 23, this is defined by the Internet

standard, most likely you should use this port so all telnet clients can get connected with your server easily. But sometimes you might need to change the default port to another port due to:

x You have another telnet server running and you don't want to conflict with it. On the

same host, there can't be two applications listening on the same port, so if you don't want to change the port settings of another telnet server, you have to change the WAC Server.

x Somehow the firewall settings of your network requires you to use another port

number because the default port number is disabled or something;

x You just want to use another port so that no outsider can easily find the port number

and get connected with your server.

Page 61 of 231

Here are instructions for telnet port configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ Telnet Port” , you can just enter the port number in its adjacent edit box.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ TelnetPort” , and then in the edit line set the port value for it.

NOTE: You have to restart WAC Server service to take your changing effective.

SSH Service (EnableSSH)

This configuration feature is set to turn on or off the SSH service.

SSH service allows SSH clients to connect to the server and create user sessions. If disabled, when an SSH client tries to connect to WAC Server, it will get a "connection refused" or "can't connect" error.

By default the SSH service is enabled. Sometimes you might need to disable the SSH service when you don’ t want to use it because:

x You are using another SSH server, and it will conflict with WAC Server's SSH

service (unless different port number is used, refer to the " SSH Port” configuration);

x You don't want to set up the SSH keys and/or publish them to your users; x You experienced some problem with the WAC Server's SSH service and you want to

shut it down temporarily.

Here are instructions for SSH Service configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ SSH Settings” page, and there is a setting

called “ Enable SSH Service” . Just check it to enable, or de-check it to disable. By default, this setting is enabled.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ EnableSSH” , and then in the edit line set the value for it: “ 1” to enable, “ 0” to disable.

NOTE: You have to restart WAC Server service to take your changing effective.

Page 62 of 231

SSH Port (SSHPort)

The TCP port which the WAC Server's SSH service listens on.

By default, SSH service listens on port number 22. This is defined by the Internet standard. Most likely you should use this port so all SSH clients can get connected with your server easily. But sometimes you might need to change the default port to another port due to:

x You have another SSH server running and you don't want to conflict with it. On the

same host, there can't be two applications listening on the same port, so if you don't want to change the port settings of the another SSH server, you have to change the WAC Server;

x Somehow the firewall settings of your network requires you to use another port

number because the default port number is disabled or something;

x You just want to use another port so that no outsider can easily find the port number

and get connected with your server.

Here are instructions for SSH port configurations in either WacMan.exe or CONFIG.EXE:

x If you use WAC Manager, you need to go to “ Server Global Settings” page, and there

is a setting called “ SSH Port” , you can just enter the port number in its adjacent edit box.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ SSHPort” , then in the edit line set the port value for it.

NOTE: You have to restart WAC Server service to take your changing effective.

Serial Port Service (EnableComm)

This configuration feature is set to turn on or off serial port service.

Serial port service allows serial port terminals to connect to the server and create user sessions. If disabled, when a terminal tries to connect to WAC Server, it will get nothing.

By default the serial port service is enabled. But you can’ t use port service unless you declare serial ports in the “ Serial Port List” .

Page 63 of 231

Sometimes you might need to disable the serial port service temporarily due to some problem with it.

Here are instructions for serial service configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Serial Port Settings” page, and there is a

setting called “ Enable Serial Port Access” . Just check it to enable, or de-check it to disable. By default the box is checked.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ EnableComm” , and then in the edit line set the value for it. “ 1” to enable which is the default value, “ 0” to disable.

NOTES:

x You have to restart WAC Server service to take your changing effective. x For general information about serial port and its settings, you can refer to the “ Serial

Port Settings” section in this chapter.

Serial Port List (CommPortList)

This is the list of serial ports that users can use to connect their serial port terminal to the WAC Server.

This configuration feature is only useful when serial port service is enabled. When you specify port list, you should use their port names, and separate them with comma, for example, "COM1"or "COM1, COM2". Please don't input any extra characters.

The default value for this configuration is empty means no serial port can be used to connect.

Here are instructions for serial port configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Serial Port Settings” page, and there is a

setting called “ Serial Port List” . To declare the port, in the edit box above the “ Add Port” button, enter the serial port, and click on “ Add Port” button. To remove the declared port, highlight the port in the “ Serial Port List” box, and then click on “ Remove” button.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ CommPortList” , and then in the edit line set the value for it.

Page 64 of 231

NOTES:

x You have to restart WAC Server service to take your changing effective. x For general information about serial port and its settings, you can refer to the “ Serial

Port Settings” section in this chapter.

File Transfer (FileTransfer)

This configuration feature is used to set up file transfer service for WAC Native Clients. You can disable the file transfer service, and can also conditionally enable it to send files: “ server to terminal only” , “ terminal to server only” , or “ both ways interactively” .

If you enable the file transfer type as "server to terminal only", your files can never be able to send to server from the client machine. And alike, if you enable the transfer type as “ terminal to server only” , your files can never be able to send to client from the server. While if you enable “ Both ways transfer” , you can be able to send files interactively.

The default value for this configuration is both ways transfer.

Here are instructions for file transfer configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ Server Global Settings” page, and there is

a setting called “ File Transfer for WAC Native Clients” . Just check the relevant check box to specify the transfer type you want.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ FileTransfer” , and then in the edit line set the value for it.

NOTES:

x You have to restart WAC Server service to take your changing effective. x For general information and instruction for file transfer in WAC session, please refer

to Chapter Four – “ File Transfer” .

Global SFTP Service (EnableSFTP)

This configuration feature is used to turn on or off the build-in SFTP service for the whole server.

Page 65 of 231

By default the SFTP service is enabled for the whole server, and normally all users who can access you server can sftp your sources on the server machine. While system administrator can change this access condition, he/she can use the “ Admin Settings” to disable or enable the SFTP service for a certain user or group, and even create the access root directory to restrict the users’ sftp activities.

Here are instructions for SFTP global configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ SSH Settings” page, and there is a setting

called “ Enable the build-in SFTP service for secure file transfer” . Just check the adjacent box to disable and enable SFTP service. By default, the box is checked..

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page, and from the left

side box, choose a setting called “ SFTP” , and then in the edit line set the value for it. “ 0” is to disable, “ 1” is to enable and is the default value

NOTES:

x You have to restart WAC Server service to take your changing effective. x This SFTP service configuration is for the whole server, yet, the system administrator

can also configure the SFTP service for a certain user or user group. See User Access Control - Restrict Users to Use SFTP Service in this chapter.

x For generation information and instructions about SFTP service, please refer to SSH

Settings - SFTP Service in this chapter.

Anonymous Access to SFTP Service

This configuration feature is used to configure anonymous access for SFTP access.

Anonymous access means any user can logon to SFTP service with "Anonymous" as user name, and anything as password. Since this no user authentication, anonymous access to SFTP Service should be strictly limited.

The configuration of anonymous access requires specifying a root directory and selecting an anonymous access type: “ No access” , “ Reading server only” , “ Writing server only” , “ Both Reading and Writing” .

Here are instructions for anonymous access configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ SSH Settings” page. In this page, you

should set the following parameters:

Page 66 of 231

 Root Directory: Click on 'Browse" to select folder for anonymous user access.  Anony Access: This parameter specifies the access types allowed for anonymous

access. The default option is "Reading server only". If you select "No access", anonymous account will be disabled.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page. In this page, you

should set up the following three configuration variables:

 AnonyAccount: This parameter should be set to 1 to enable anonymous account; if

this account is disabled, you are not able to use anonymous access.

 AnonyDir: This parameter should be set to the root directory allowed for

anonymous access; It should be strictly limited for you security.

 AnonyAccess: This parameter specifies the access types allowed for anonymous

access. 0 for no access, 1 for reading only, 2 for writing only, 3 for both reading and writing. The default is “ 1” . If you set the value to “ 0” , that is equal to disabling the anonymous account.

NOTES:

x You have to restart WAC Server service to take your changing effective. x For generation information and instructions about SFTP service, please refer to SSH

Settings – SFTP Service in this chapter.

LPT Port for Client Side Printing (LTPPort)

This configuration is used to specify LPT port number which will be mapped to WAC printing redirector, so that your DOS application can print server information at client side.

Most DOS-based programs print to the LPT1 or LPT2 ports by default. So to allow DOS application to use Client Side Printing, at least one LPT port has to be mapped to WAC Printing Redirector.

If you have installed WAC Server, you already know you can set the LPT port in progress of WAC Server Installation. And LPT port can be reset using one of WAC configuration tools.

Here are instructions for LPT Port configurations in either WacMan.exe or CONFIG.EXE:

Page 67 of 231

x If you use WacMan.exe, you need to go to “ More Server Settings” page, and there is

a setting called “ LPT Port” . Just check the relevant check box to specify the LPT port number you want. If you set “ No use LPT” , no LPT port will be mapped.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page. And from the left

side box, choose a setting called “ LPTPort” . Then in the edit line, enter the port number for it like “ LPT1, LPT2,” which are the most common used. If you don't need LPT port, just leave it empty.

NOTES: x You have to restart WAC Server service to take your changing effective.

For general information and instructions for WAC client side printing, please refer to

References - Client Side Printing in this chapter.

Log Mask for WAC Event Logging (LogMask)

This configuration is used to specify what kind of server information to be recorded into log file.

For details, please refer to References - WAC Event Logging – “ Define Log Mask” in this chapter.

Log Path for WAC Log File (LogPath)

This configuration is used to specify the directory where you want to place the log files in.

For details, please refer to References - WAC Event Logging – “ Change Log Path” in this chapter.

User Settings

The “ User Settings” in WAC Server actually includes “ User Preference” , “ User Admin Settings” and “ User Access Control” . In this section, we will be introducing “ User Preference” and “ User Admin Settings” ; and the “ User Access Control” will be describing within the section “ Access Control” .

In the “ User Settings” , when user logs into WAC Server, by default, the “ User Preference” settings will be used first, then the default settings. While if the administrator has enabled “ Supercede User” for this user or this user group in the “ User Admin

Page 68 of 231

Settings” page, when this user logs in, the admin settings will be used first, and this user preferences are ignored.

If you have configured WAC Server, you already know all settings that can be configured in “ User Preference” page can also be achieved in “ User Admin Settings” page. This is easy for the administrator to manage and control users’ preference settings.

The following user settings can be set by either user or administrator:

x Initial Directory (InitDir): The initial directory when the user logs on; x StartScript: the startup command that got automatically executed when the user logs

on;

x WAC Menu (WacMenu): Whether the WACMENU application will be displayed

after the user logs on;

x Agent Redirect (AgentRedirect): Whether the shell will be executed in a redirected

environment.

x Shell: The shell program. By default the Windows command interpreter (cmd.exe) is

used, but user or administrator can specify alternative shell program, like the WAC Protected Shell;

x Watch Users (WatchUsers): Specify a list of users who can watch your session. x Control User (ControlUsers): Specify a list users who can control or take over your

session

x Heart Beat: Specify the heart beat period, in seconds. x Keep Session: Specify the period for WAC Server to keep the broken session, in

seconds.

x Auto Reconnect: Whether to automatically reconnect to the broken or existing

session.

x SupercedeUser: Whether the user's settings should be disabled and use

administrator’ s settings.

User Preference

After you get used to WAC Server and its applications, you might want to make yourself more comfortable by introducing some settings especially for you and nobody else. All these settings are called "User Preference".

Every Windows user can specify their preferences. However, all these user preference settings can be set and reset by system administrator using “ User Admin Settings” . In other words, all the settings you have done on this page will not take effective once the system administrator chooses to reset and supercede your settings. For more information and the parameter references, please refer to the “ User Admin Settings” section.

Setting up the user preference can be accomplished by either WacMan.exe or CONFI.EXE.

Page 69 of 231

x If you use WacMan.exe, you need to go to “ User Preference for current user” page,

and then in the relevant settings line, just click on the "Browse" or "Choose" button, or check the "check box" to modify the settings.

x If you use CONFIG.EXE, you need to go to “ User Preferences” page, and then click

on each of the user preferences on the left side, the corresponding value and remark will be shown on the right side. Go ahead and change the value in the edit box, then continue on other values by clicking on another user preference, or when you are done, click the "OK" button.

User Admin Settings

As we introduced in the “ User Preference” section, in WAC Server, each individual user can have some of his/her own preferences on several settings, like the initial directory, start script, shell program, etc. But sometimes it might be needed for the system administrator to step in and help the user to set up the preferences. This kind of settings are called "administrator's settings for users", or in short, "user admin settings".

The system administrator can specify settings for each individual user or user group and force them to take his/her settings by enabling “ SupercedeUser” . If he/she doesn’ t specify a parameter for a particular user or not enabling “ SupercedeUser” , the user preference or the default settings for that parameter will be used instead.

And the administrator can also change the default settings for all users. The following are the general instructions for Admin Settings: x To specify settings for a particular user or user group, select this user or user group

from the "Current User/Group Name", and modify the settings for the corresponding configuration parameters. And then enable “ Supercede Users” .

x To supercede the user or user group preference settings, on the "User Admin

Settings" page, select this user or user group from the "Current User/Group Name", and then enable "Supercede User".

x To configure the settings for all users, you can choose "Default User Settings" from

the "Current User/Group Name", and then set up the parameters. If you want the default settings supercede the user preferences, you should enable “ Supercede User” .

x To save the modification on this page, just go ahead by clicking other page. Your

modification will be stored automatically.

Page 70 of 231

Logon Initial Directory (InitDir)

The first working directory when user logs on is called “ Initial Directory” . Users will directly land on this directory when log on if the “ Start Script” is left empty and “ WAC Menu” is disabled.

By default, WAC Server installation directory is the initial directory. You can use WAC configuration tools to change the directory, locally or remotely.

Here are instructions for initial directory configurations in either WacMan.exe or CONFI.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Initial Directory” edit box, enter the full path of the directory or click on “ Browse… ” button to select the directory.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ InitDir” , and in the edit line, input the full path for the directory.

Logon Start Script (StartScript)

The executable program file that got executed immediately when user logs on is called Start Script. If no value specified for this configuration feature, by default, WAC Server will run WAC Menu instead.

This file can be any executable file, like a standard .EXE file, or a batch command file with .BAT extension. Make sure you have access right to this file otherwise it won't be executed.

To modify this configuration, you should use the full path (starting with the driver name), WAC Server will start searching this file in your home directory and then the system path.

The default value for this preference is empty, which means no script or executable file will be executed.

Here are instructions for start script configurations in either WacMan.exe or CONFI.EXE: x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Start Script” edit box, enter the full path of the directory or click on “ Browse… ” button to select the directory.

Page 71 of 231

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ StartScript” , and in the edit line, input the full path for the directory.

Launch WAC Menu (WacMenu)

This configuration feature allows you to disable or enable the automatic launching of WacMenu application.

By default, when you log onto WAC Server, and you haven't specified any auto-run file using "StartScript" configuration feature, the server will automatically start WACMENU application for you, giving you easy access to most of the WAC applications.

If you don't need the menu to be automatically displayed, just disable "WacMenu". And if you want later to turn it back on again, enable it again.

If you specify any file in "StartScript" preference, WAC Server will NOT start WACMENU application automatically anymore, no matter how you set the WACMENU value. If you still want to see the menu, you should add the WACMENU.EXE command in your start script.

By default, WACMENU is enabled, which means if "StartScript" preference is empty, WAC Server will always launch the WACMENU automatically.

Here are instructions for WAC Menu configurations in either WacMan.exe or CONFI.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Display WAC Menu” line, check the relevant check box perform the task.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ WacMenu” , and in the edit line, input the value for it. “ 0” is to disable, “ 1” is to enable.

User Agent Redirection (AgentRedirection)

Page 72 of 231

The system administrator can disable or enable “ Agent Redirection” for a certain user or user group or all users based on your terminal conditions so that your terminal is able to receive some special characters like the bell signal.

There are three types of ways for you to control the redirection:

x Not Redirected: Disable WAC agent redirection. x Redirected: Enable WAC agent redirection. x Taking the Server Settings: Whether to redirect is up to the server global agent

redirection settings. See "Global Agent Redirection" in "Server Global Settings".

The default value for this configuration is “ Taking the Server Settings” which means the server uses the global “ Agent Redirect” configuration setting for the server.

Here are instructions for agent redirection configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then under the “ Agent Redirection” , check the relevant check box perform the task.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ AgentRedirection” , and in the edit line, input the value for it.

Specify User Shell (Shell)

This is a secure configuration feature that is used to specify the command line shell that got executed when a user logs in. By default, cmd.exe is executed, but you can change it to any other applications such as “ WAC Protected Shell” . See Chapter Five – References – “ WAC Protected Shell” .

Upon setting up the shell for a certain user or group, this user or users in this group will directly land on this shell when they log in. In this shell, they can only execute some commands or programs that the shell allowed. If they do the ultra vires execution, their sessions will be immediately closed. This is very useful in restricting user’ s access and activities in your server.

Setting up this figuration should use the full path, like "c:\program files\wac\pshell.exe". And you can also attach the command parameter to it, like "c:\program files\wac\pshell.exe wac.psh".

Page 73 of 231

All the above settings can be accomplished by one of WAC configuration tools. Here are instructions for shell configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Shell” edit box, enter the full path of the shell or click on “ Browser” to select the shell.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ Shell” , and in the edit line, input the full path for the shell.

Specify the Watching Users (WatchUsers)

This configuration feature is used to specify a list of users to watch your session. Use comma to separate users. And the specified users, even they are but normal Windows users, can watch your screen despite your Admin identity.

The specified users can use command tool "wac watch" or “ Session Manager” to monitor your screen.

This configuration can be accomplished by using one of WAC configuration tools. Here are instructions for watching user configurations for user or user group in either WAC Manager or CONFIG.EXE:

x If you use WAC Manager, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Watch Users” edit box, enter the users or click on “ Browse… ” button to select the users who you allow to monitor your session,

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ WatchUser” , and in the edit line, input the users separated by comma.

Specify the Controlling and Takeover Users (ControlUsers)

This configuration feature is used to specify users to control or takeover your session screen. Use comma to separate users. The specified users, even they are but normal Windows users, can control and takeover your screen despite your Admin identity.

And the specified users can use command tools "wac control" and "wac takeover", or “ Session Manager” to watch and operate on your screen.

Page 74 of 231

This configuration can be accomplished by using one of WAC configuration tools. Here are instructions for controlling user configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Control Users” edit box, enter the users or click on “ Browse… ” button to select the users who you allow to control your session,

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ ControlUsers” , and in the edit line, input the users separated by comma.

Session Heartbeat (HeartBeat)

This configuration is used to heart beat periods to help identify link or remote computer failures.

This configuration can be accomplished by using one of WAC configuration tools. Here are instructions for heart beat configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Heart Beat” edit box, enter the time in seconds.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ HeartBeat” , and in the edit line, input time in seconds.

Broken Session Keeper (KeepSession)

This configuration feature is used to specify the period for WAC Server to keep the broken session. When a reconnection is not performed within the specified period, the broken session will be gracefully terminated.

In the default behavior, upon a client or link failure, or exit illegally, a session will be normally terminated deleting all running data. This kind of session is termed to be broken. However after setting the “ keep session” , the users are given the opportunities to reconnect to the broken session to resume their work.

This configuration can be accomplished by using WAC CONFIG tools.

Page 75 of 231

Here are instructions for Keep Session configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Keep Session” edit box, enter the time in seconds.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ KeepSession” , and in the edit line, input time in seconds.

Session Logon Auto Reconnect (AutoReconnect)

This auto reconnect method is defined to automatically detect if there is an existing session (a broken or active session) for a user when he/she is logging in, if so, WAC Sever will automatically reconnect this user to his/her existing broken session or active session.

Broken sessions are only saved when you have set the period for the “ Keep Session”

Chapter Five- Server Global Settings - “ Broken Session Keeper” )

. And reconnections must be performed within this specified period, or the broken session will be automatically terminated by WAC Server.

To reconnect to a broken session or active session, a user must use the same login name and password.

There are three types of auto reconnect methods:

x Disable: Disallow auto reconnecting. In this case, you will always create a new

session whenever you log in.

x Reconnect to broken session: After enabling this type, when you are logging in, you

will be always reconnected to your broken session last time you left off.

x Always reconnecting: When enable this type, you can create only one session with

server no matter how many times you log in. That is because always reconnecting can automatically detect when you are logging in, and determine if there are any existing sessions (broken or active session) for you, if so WAC server will automatically reconnect you to the existing session. Thus you have not any chances to create a new session. This is useful if there is session limit or you need to log onto the same session from different PC.

By default, the auto reconnect is disabled, which means you can create as many sessions as your system allowed.

(See

Page 76 of 231

Here are instructions for Auto Reconnect configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Auto Reconnect” filed, check the relevant check box.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ AutoReconnect” , and in the edit line, input value for it: “ 0” for disable, “ 1” for reconnecting to the broken session, “ 2” for always reconnecting.

NOTE:

x Besides this “ Logon Auto Reconnect” , WAC Server also introduces another watching

“ Reconnect” feature that allows you to reconnect your session to an existing session when you are watching the sessions. See Chapter Four – Managing Session “ Reconnect to Session” .

Supercede User Settings (SupercedeUser)

This is Admin only configuration parameter that allows Admin settings to supercede the user preferences.

If the system administrator doesn't enable Supercede User for a particular user or group, this user or group’ s preference settings will be used first when they log in. Yet, if the other way round, the Admin settings will be used first when they log in, and the user preferences settings will be ignored.

Here are instructions for Supercede User configurations for user or user group in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ User Admin Settings” page. From the

“ Current User/Group Name” , select the user, user group or DefaultUserSettings that you want to control, and then in the “ Supercede User” line, check the relevant box.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page. From the

Current User/Group Name, select the user, user group or DefaultUserSettings that you want to control, and then from the left side box, choose “ SupercedeUser” , and in the edit line, input value for it: “ 0” for not supercede which is the default value, “ 1” for supercede..

Page 77 of 231

Access Control

The most important part of the five head parts in the WAC advanced configuration settings is “ Access Control” . WAC Server supports a very flexible access control plan. Access can be granted or revoked to any particular user, user group, or host address.

For your convenience, WAC Server also allows you to alter default access for all users and hosts.

User Access Control

For user or user group access control, system administrator can assign access to different types of service: SFTP service, port forwarding service, or remote execution service, interactive session. Besides, Administrator can also limit the session numbers, confine the user connections to some defined hosts and create root directory for SFFP file access.

In addition, the system administrator can also change the default settings for all Users. The following are the general instructions for Access Control: x To deploy the access control for a particular user or user group, select this user or

user group from the "Current User/Group Name", and then modify the relevant configuration parameters.

x To configure the settings for all users, you can choose "Default User Settings" from

the "Current User/Group Name", and then set up the parameters.

x To save the modification on this page, just go ahead by clicking other page. Your

modification will be stored automatically.

Restrict Users to Use SFTP Service (SFTP)

This configuration feature allows system administrator to restrict a certain user and user group to use SFTP file access by disabling or enabling SFTP Service.

Here are instructions for User SFTP Service configurations in either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to “ User Access Control” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings,, and then in the SFTP line, modify the check box.

Page 78 of 231

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings,, and then modify SFTP value: “ 0” for disallow, “ 1” for allow, “ leave it empty” for using default settings.

NOTES:

x This SFTP feature is configured for a certain user or group, yet, the system

administrator can also configure it for the whole server. See Global Server Settings – “ Global SFTP Service” in this chapter.

x For general information and instructions on SFTP service, please see SSH Settings –

“ SFTP Service” in this chapter.

Limit SFTP File Access (FileRoot)

This configuration feature is used to set a root directory to limit the file access of a certain user or user group’ s SFTP activities. After set the "Root Directory" or "FileRoot", all files and directories outside this specified directory won't be accessible to the user's SFTP session.

Here are instructions for SFTP File Access configurations in either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to "User Access Control" page, and from the

"Current User/Group Name", select the user or group you want to control, or the DefaultUserSettings, and then in the box under the "Root Directory for SFTP Service" enter the full directory path or click on "Browse" button to select the folder.

x If you use CONFIG.EXE, you need to go to "User Admin Settings" page, and from

the "Select User/Group" button, select the user or group you want to control, or the DefaultUserSettings, and then on the left box, choose "FileRoot" and enter the full directory path for it.

NOTE:

x For general information and instructions on SFTP service, please see SSH Settings –

“ SFTP Service” in this chapter.

Restrict Users to Use Port Forwarding Service (PortFwd)

This configuration feature allows system administrator to restrict a certain user and user group to do port forwarding over a SSH channel.

Page 79 of 231

Here are instructions for Port Forwarding configurations in either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to “ User Access Control” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then in the “ Port Forwarding” line, modify the check box.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then modify “ PorFwd” value: “ 0” for disallow, “ 1” for allow, “ leave it empty” for using default settings.

NOTE:

x For general information and instructions on Port Forwarding, please see SSH Settings

– “ Port Forwarding” in this chapter.

Restrict Users to Use Remote Execution (Exec)

This configuration feature allows the system administrator to restrict a certain user and user group to run remote command execution service through a SSH channel.

Remote Command Execution allows remote users to execute a single command on a remote server machine, using any remote execution client that follows the Remote Execute UNIX standard, including clients from UNIX, Linux, NT etc.

The Remote Execution is designed for executing a single command, such as a batch file, without having to start a interactive session.

In WAC Server, you can submit any Windows command or program (with parameters) to the server and get it executed. The output of the command or program will be sent back to client for display.

The Configuration of remote command execution can be set using one of the WAC configuration tools. As an administrator, you can configure which user or group can use this remote execution service, which are not. By default, the remote execution is enabled.

Here are instructions for Remote Execution configurations in either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to “ User Access Control” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then in the “ Remote Execution” line, modify the check box.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the

Page 80 of 231

DefaultUserSettings, and then modify “ Exec” value: “ 0” for disallow, “ 1” for allow, “ leave it empty” for using default settings.

Restrict Users to Use Interactive Session (Interactive)

This configuration feature is used to specify whether to grant a particular user or user group to logon interactively.

When the interactive session was disabled for a certain user or user group, this user or user group will be never able to access WAC Server except some special service like remote execution service. If she or he attempts to connect to WAC Server, her or his connection will be at once disconnected upon got connected.

Here are instructions for Interactive configurations in either WacMan.exe or CONFIG.EXE.

x If you use WAC Manager, you need to go to “ User Access Control” page, and from

the Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then in the “ Interactive Session” line, modify the check box.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then modify “ Interactive” value: “ 0” for disallow, “ 1” for allow, “ leave it empty” for using default settings.

Limit the Session Number (SessionLimit)

Many times, as a system administrator, you may want to limit the maximum number of sessions that a user can connect to. You can define the session number for a certain user or user group. By default, the session number is not limited, that means the users can connect as many sessions as the system permit.

Here are instructions for Session Limit configurations in either WacMan.exe or CONFIG.EXE.

x If you use WAC Manager, you need to go to “ User Access Control” page, and from

the Current User/Group Name, select the user or group you want to control, and in the Session Limit line, input the session number you. allow for the selected user or user group

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then choose “ SessionLimit” and input the session number that you allow for the selected user or user group

Page 81 of 231

Restrict Host IP Connections of User (HostList)

The system administrator may want to confine the connections of certain user or user group only to certain particular host IP addresses or a company network. This feature is great useful when you want your user to connect to WAC Server only from the company network not any other place.

Once the host IP addresses are assigned to the selected user or user group, this user or user group will never be able to connect to WAC Server outside the listed IP address. In a short, theses users’ connections only from the IP Addresses listed in Host List are allowed.

Here are instructions for Host List configurations in either WacMan.exe or CONFIG.EXE.

x If you use WAC Manager, you need to go to “ User Access Control” page, and from

the Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and in the “ Host List” line, input the host IP address that you allow for the selected user or user group to connect only from.

x If you use CONFIG.EXE, you need to go to “ Admin Settings” page, and from the

Current User/Group Name, select the user or group you want to control, or the DefaultUserSettings, and then choose “ HostList” and input the host IP address that you allow for the selected user or user group to connect only from.

NOTE:

The host addresses must be IP addresses separated by comma. You can use " * ", like

"192.168.2.* " to specify a network segment.

Host Access Control

For particular host address control, you can allow and disallow connections to WAC Server. You can also assign stored user/password to any particular address so the client can logon without typing anything. This configuration feature is very useful when using RF devices to connect. And also it is great helpful when there are computers in a defined set of company network that you would not allow to connection to WAC Server.

Allow and Disallow Host IP Connections

This feature is used to specify whether or not to allow a particular host IP address to connect to the server machine.

Page 82 of 231

To allow or disallow a host connection, you need to first add this host IP to the “ Configured Hosts” box, then assign allow or disallow value to it. Or if there are existing host that you want to control on the “ Configured Hosts” box, just highlight that host and then assign allow or disallow value to it. These can be accomplished by either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to “ Host Access Control” page. Then you can

do like this:

x To Add a Host: On the “ IP Address” line, input the valid IP address, or just select

from the “ Configured Hosts” box, and click on “ Add” button. The added the IP address should be displayed in the “ Configured Hosts” box. Then on the “ Allow Connect” check Enable, Disable or Default.

x To Remove a Host: On the “ Configured Hosts” list, highlight the host you want to

delete, and then click on the “ Remove” button.

x If you use WAC CONFIG.EXE, you need to go to “ Host Settings” page. Then you

can do like this:

x To Add a Host: On the “ Host” line, input the valid IP address, or just select from

the “ Configured Hosts” box, and click on “ Ok” button. The added IP address should be displayed in the “ Configured Hosts” box. Then on the “ Allow Connect” page, input the value as the remark prompt to enable or disable the added host.

x To Remove a Host: On the “ Configured Hosts” list, highlight the host you want to

delete, and then click on the “ Remove Host” button.

NOTE: You can’ t remove a “ DefaultUserSettings” , but you can enable and disable it for all uses. To do so, just select it from the “ Configured Lists” and assign value to it.

Store Username and Password for Certain IP Address

This configuration feature is used to store the windows system username and password on the server for the configured host so that host users can log onto server from this configured host without providing anything at client side.

To store the username and password for the configured host, you need fist select a configured host, and then save the username and password for it. These can be accomplished by either WacMan.exe or CONFIG.EXE.

x If you use WacMan.exe, you need to go to “ Host Access Control” page. And then

from the “ Configured Hosts” box, select the intended host, or just add the intended host to the “ Configured Host” box. Then on the “ Stored Username” and “ Stored Password” line, enter the valid name and password for this host.

Page 83 of 231

x If you use CONFIG.EXE, you need to go to “ Host Settings” page. And then from the

“ Configured Hosts” box, select the intended host, or just add the intended host to the “ Configured Host” box, and click “ Ok” . Then on the “ Stored Username” and “ Stored Password” page, enter the valid name and password for this host.

SSH Settings

WAC Server offers several different levels of SSH setting to meet the security needs of a wide variety of computing environments. The different SSH security features are listed below:

x SSH Server Key Regeneration: SSH server key regeneration is one of WAC Server

security feature. In WAC Server you can regenerate the SSH server key if you suspect the old server key was compromised or corrupted somehow. For further information, see “ SSH Server Key Generation” in the following section.

x User Public Key Authentication: Besides username / password authentication,

WAC Server also supports user public key authentication for SSH2, and use the DSA algorithm, the USA's federal Digital Signature Standard. For further information, see “ User Public Key Authentication” in the following section.

Besides, WAC Server also provides the following services based on the secured channel established between SSH client and the server:

x SFTP Service: You can use SFTP client to connect to WAC Server and transfer files

between client and server machines securely. Anonymous account is also supported by WAC SFTP server (can be disabled and enabled). For details, please see “ SFTP Service” in the following section.

x SCP Service: SCP program is a simple command line program for copying files

between machines securely. WAC Server supports SCP service through its SFTP server. So you can use SFTP client to connect to WAC Server and perform the copy task.

x Port Forwarding: You can use your SSH client (like WACSSH or FSLink) and

WAC Server to form a secured firewall to protect your existing applications when communicating over untrusted network (like Internet). For details, please see “ Port Forwarding” in the following section.

x Remote Command Execution: You can submit any Windows command or program

(with parameters) to WAC Server and get it executed. The output of the command or

Page 84 of 231

program will be sent back to client for display. For further information, see User Access Control - “ Restrict Users to Use Remote Command Execution”

SSH Server Key Regeneration

SSH server key regeneration is one of WAC Server security feature. You can regenerate the SSH server key if you suspect the old server key was compromised or corrupted somehow. SSH server key contains a pair of keys: server public key and private key, the public key is open and can be viewed.

SSH Server Key

To prevent the network spoofing attack, each server has a unique identity. This identity here is called server key (or host key). The server key includes a pair of carefully selected large primary numbers (1024 bits). One number is exposed as public key (called server public key), and the other is kept for private key.

When WAC Server installed, the server public key is recorded in a file named "pubkey.txt" under the WAC installation directory, and the private key is saved into the server registry list.

If you want you SSH clients to verify the server, you should export the "pubkey.txt" file to your SSH clients. You can manually copy the "pubkey.txt" into all your clients and they should be able to import that file into their "authenticated server list".

Or more conveniently, you don't have to do the transfer and import, just go ahead and connect with your SSH client, it will inform you a new server public key is received, and ask you whether you want to accept it or not. If you are concerned about the security, you can view the content of the received key and compare it with the content in the "pubkey.txt" file generated by WAC Server installation, if the keys look exactly the same, then you can accept the key and next time the verification is automatically done. Of course if you feel like confident, you can just accept the key, no need to deal with the "pubkey.txt" file at all.

Regenerate SSH Server Key

In some cases you might want to regenerate your server key pairs, like when you suspect the old key was compromised or corrupted somehow. You can use "Regenerate Server Key" in WAC CONFIG Tools or use the command line utility "wac sshkey" to perform the task. Here are the instructions:

Regenerate Server Key from the WAC Manager (wacman.exe)

1. Run WAC Manager (wacman.exe);

Page 85 of 231

2. Click 'SSH Settings" on the left index panel;

3. On the "SSH Settings" page, click on the button "Regenerate Server Key...".

Regenerate Server Key from the CONFIG.EXE

1. Run WAC CONFIG.EXE.

2. On the CONFIG panel, click the button that is labeled as "Regenerate Server

Key", or just press the "R" key.

Regenerate Server Key from the Command Line

x At the command line, type "wac sshkey" and press "Enter". You will be prompted to

wait for while during reproducing the SSH server key.

NOTE: x The generated keys are stored as "pubkey.txt" into the WAC Server installation

directory.

View Server Public Key

After generate or regenerate SSH server key, for some cases, you might want to view the sever public key. Then there are four ways for you to view its contents:

From the Pubkey File

x Go to WAC Server installation directory, open the file "pubkey.txt" that contains the

public key contents of the host.

From the WAC Manager (wacman.exe)

1. Run WAC Manager (wacman.exe);

2. Click 'SSH Settings" on the left index panel;

3. On the "SSH Settings" page, click on the button "View Server Public Key...".

User Public Key Authentication

WAC Server also supports public key authentication method for SSH2. With this method, you don't need to input a password when get connected to WAC Server.

“ Public key authentication” is one of the most secure methods of identifying yourself to a login server. Before using the public key authentication, you need to generate a pair of keys -- one public and one private on your SSH client machine, and copy or import the public key to the WAC Server machine. Then, when you connect to WAC Server by

Page 86 of 231

telling it that you want to use public key authentication to log on, WAC Server will happily authenticate you against your private key.

Generate User Public Keys

Before you can setup public key authentication with WAC Server, you need to create a pair of public/private keys on your client machine. This can be done by the key generation utility of your SSH client. The key generation process will typically generate two files: one for private key and another for public key.

After finishing the key generation, you need to import the public key to WAC Server

“ Import Public Keys to WAC Server” in the next section),

and store the private key into the disc

of your client machine.

NOTES:

x WAC Server's native SSH client, WACSSH, doesn't support public key

authentication, so it can't create key pairs either.

x Currently WAC Server only supports DSA keys. So when you generate the SSH keys,

you should choose DSA key type.

(see

Import Public Key to WAC Server

Once you created the key pair for the server to verify the public key later, you need to transfer the generated public key to WAC Server. You can use one of the following ways to add the public key to the list of recognized keys:

Import Public Key from WAC Manager (wacman.exe)

1. Run WAC Manager (wacma.exe);

Click "SSH Settings" on the left index panel;

3. On the "SSH Settings" page, in the "Allowed User Public Keys" pane, click on

the button "Import";

4. On the pop-up "Enter File Name" box, input the key file name or click "Browse"

to bring up the "Open" box, and select the file;

5. Click "Ok" after finish the file name;

6. On the pop-up "User Name" box, input a user name or use the existing username

for the key file and click "Ok". If you click "No", the import process will be ceased. NOTE: For the "username", see the “ Where” note in the “ Import Public Key from the Command Line” section.

7. After successfully accomplish the above steps, the imported public key is listed

by the username in the left box.

Page 87 of 231

NOTES:

x After import the “ public key” , you can save your login password for this key so that

even thought you are the first logon using user public key, you are not asked for the password. See “ The First Logon Using User Public Key” . To store the login password for the public key, select one public key from key list in the left box, and then click on "User Password"; and then n the pop-up "User Password" box, enter the password and confirm it, then click "Ok" to finish.

x If your Public Key Authentication fails to connect with WAC Server, you can try

saving the password first, and then test again.

Import Public Key from the Command Line

At the command line, type:

WAC UserKey Add <Public Key File> <User Name> <Password> For example: wac userkey add filename John welcome

You will see an "Operation success" message if the public key has been successfully imported to WAC Server.

Where:

The <Public Key File> is the file name for the transferred public key. You should

tell the full path where public key file locates at.

The <UserName> is the name of Windows user who will use the public key to

authenticate later. Sometimes the public key file includes information about the user, in this case you don't need to supply the user name. If you use the same username for the imported file, always the previously imported public key file will be overwritten.

The <Password> is the login password that associates with the Windows login username and it's an optional parameter. You do not have to provide it. If you provide password here, you will be not asked for to provide password when login even though you are the first logon using the public key. However if you don't provide the password here, you can just press “ Enter” to ignore it if there requires password.

View the Imported Public Key

After import the user public key, you can view its contents, here are the instructions:

Page 88 of 231

View from the WACMAN.EXE

1. Run WAC Manager (WACMAN.EXE);

2. Click "SSH Settings" on the left index panel;

3. On the "SSH Settings" page, in the "Allowed User Public Keys" pane, click on the

button "Details";

4. You should see a pop-up box that contains the public key contents. Click "Ok" to

close the box.

View from the Registry

1. Run Windows Registry Editor or WAC Registry Editor (regedit.exe);

2. Go to "HKEY_LOCAL_MACHINE\Software\ Foxit Software\WAC

Server\SSH2\UserKeys".

3. On the UserKeys pane, you should see the imported public key was listed by the

username that you provided when you imported the key. Just double click the username, and you can view key contents.

Remove the imported Public Key

After imported the user public key, if for some cases, you want to delete it from the recognized list, you can using the following ways to execute the task:

Remove the Public Key from the WACMAN.EXE

1. Run WAC Manager (WACMAN.EXE);

2. Click "SSH Settings" on the left index panel;

3. On the "SSH Settings" page, in the "Allowed User Public Keys" pane, select one

public key from key list in the left box, and then click on "Remove";

Remove the Public Key from the Command Line

At the command line, type WAC Userkey Del <UserName> and press Enter.

Where: <UserName> is the windows username that you provided when imported the

public key to server.

Store Password for the Imported Public Key

After you import the user public key to WAC Server, you can store the corresponding Windows password for this public key, so that even when first logging in server using User Public Key, you don't need to submit it again.

Page 89 of 231

NOTE: The corresponding password means this password must associate with the username that you provide when you import the public key.

If your Public Key Authentication fails to connect with WAC Server, you can try saving the password first, and then test again.

Here are the how-to steps:

Store Password from the WACMAN.EXE

1. Run WAC Manager (WACMAN.EXE);

2. Click "SSH Settings" on the left index panel;

3. On the "SSH Settings" page, in the "Allowed User Public Keys" pane, select one

public key from key list in the left box, and then click on "User Password";

4. On the pop-up "User Password" box, enter the password and confirm it, then click

"Ok" to finish.

Store Password from the Command Line

1. At the command line, when you use "WAC UserKey Add" to import a public key,

attach the <password> to this command option, then you will store the password.

NOTE: Normally, the <password> in the "WAC UserKey Add <Public Key File> <User Name> <Password>" is a an optional parameter, you don't have to provide it, you can just press Enter to ignore it.

The First Logon Using Public Key

After generate the key pair, and import the key to WAC Server, now you are ready to use public key method to logon to WAC Server. You should configure your client program to use public key authentication method. For some client programs, you need to specify a private key file, and the private key must match the public key registered in WAC Server. Note the client program might store the private key encrypted by another passphrase, in order to access that private key, you have to supply the passphrase for verification.

WAC Server will first verify the public key and digital signature supplied by your client program, if verified successfully, for the first logon, WAC Server will require you to input a password. This password is required by Windows system to grant system access to you. While, if you set the password for the public key ahead, you will not be asked for the password. For details, see "Store Password for the Imported Public Key".

After the password got verified by Windows system, WAC Server will store the password securely in its registry, so you don't need to provide the password any more.

Page 90 of 231

Logon Using Public Key

After the first logon, you can use public key authentication method without Windows password. (But the private key passphrase, if required, can't be omitted.) If somehow the Windows password got changed later, when you use public key to logon, WAC Server will again ask you to provide the correct password. You have to input the new password and it will again be securely stored for later use.

SFTP Service

SFTP stands for Secure File Transfer Protocol, it serves the need to transfer files between server and client using an SSH session.

WAC Server has a build-in SFTP service, which is automatically activated on your server machine when you installed WAC Server. So if you have the compliant SFTP client you can use them to do file transferring securely over a WAC session.

This SFTP service supports both version 3 and version 4 of SFTP protocol. Make sure your SFTP client supports those protocol versions in order to connect with WAC Server's SFTP service.

SFTP Configurations

SFTP is automatically installed and enabled when you installed WAC Server. However, you can later manually disable or enable SFTP service for the whole server, or for the certain user or group.

x To disable or enable SFTP for the whole server, you should use either WacMan.exe

or CONFIG.EXE to modify the “ SFTP Service” . For detailed instructions, see Server Global Settings - “ SFTP Service” in this chapter.

x To disable or enable a particular user or group to access SFTP service, you should use

either WACMAN.EXE (wacman.exe) or CONFIG.EXE to modify the “ SFTP” for this user or group. For detailed instructions, see User Access Control - “ Restrict Users to Use SFTP Service” in this chapter.

Sometimes it might be needed to limit the file access of a certain user or group’ s SFTP activities within a certain directory, in this case administrator can set the root directory for the user or group. After this root directory set, all files and directories outside the specified root directory won’ t be accessible to the user’ s SFTP session. For detailed instructions, see “ Limit SFTP File Access” in the “ User Access Control” section.

Page 91 of 231

Anonymous SFTP Configurations

Like anonymous FTP access, WAC Server also supports anonymous access to SFTP service. That means any user can logon to SFTP service with "Anonymous" as user name, and anything as password.

Since no user authentication is done, anonymous access to SFTP service should be strictly limited. WAC Server requires a root directory to be specified for anonymous access. Anything outside the root directory won't be able to be accessed anonymously.

To configure anonymous SFTP access, you need to use one of the WAC Configuration tools to set their parameters.

x If you use WAC Manager (wacman.exe), you need to go to “ SSH Settings” page, and

modify the root directory and anonymous access type.

x If you use CONFIG.EXE, you need to go to “ Server Settings” page, and modify the

“ AnonyAccount” , “ AnonyAccess” and “ AnonyDir” .

For detailed instructions, see Server Global Settings - “ Anonymous Access to SFTP Service” in this chapter.

Connecting to SFTP Service

You can use any standard compliant SFTP client to connect with WAC Server's SFTP service.

Like other SSH connection, you need to pass the user authentication before an SFTP session can be established. You can use password or public key to authenticate yourself. After authenticated, if SFTP is not disabled for the whole server or the particular user, you can start to issue SFTP commands to WAC Server.

WAC Server supports all available SFTP commands defined in protocol version 3 and version 4.

The file path in SFTP commands can be either in Unix format (using "/" as separator) or Windows format (using "\" as separator).

Port Forwarding

Port Forwarding, or SSH tunneling, is used to route data over the secure SSH connection. There are two types of port forwarding that SSH offers: local and remote forwarding. They are also called outgoing and incoming tunnels. Local forwarding forwards traffic coming to a local port, and then from there onto a specified remote host port. Remote

Page 92 of 231

forwarding is similar to local forwarding but in the other direction. It forwards traffic coming to a remote port, and then onto a specified local port.

To use the port forwarding, you need to do some settings on both server side and client side.

Configure Port Forwarding on WAC Server

WAC Server has a build-in port forwarding service, and by default, it is enabled when WAC Server is started. So you don't need to do any configurations in server for port forwarding, just use your SSH clients that support port forwarding to tunnel to the remote machine via WAC Server.

However, as a system administrator, you might for some reasons need to ban the forwarding service or decline a certain user or user group to tunnel to your server, in this case, you can use one of WAC configuration tools to modify the "Port Forwarding". Here are the instructions:

x If you use WAC Manager (wacman.exe), you need to go to “ User Access Control"

page, and modify the “ Port Forwarding”

x If you use CONFIG.EXE, you need to go to "User Admin Settings" page, and modify

the “ PorFwd” value.

For detailed instructions, see “ Restrict Uses to use Port Forwarding Service” in the “ User Access Control” section.

Configure Port Forwarding on WACSSH

Before do forwarding with SSH client, you should configure your SSH client. In our case, we will be configuring our client -- WACSSH to accept the connections.

During a WAC session, press "Ctrl+}" to temporarily leave your virtual server screen and switch to the WACSSH command screen. Then on this command screen, you can set up the settings for local and remote forwarding. Here are the instructions:

Local Port Forwarding

At the WACSSH command screen, type "help fwdlocal". You should get help information about local forwarding. Then issue the following command to forward local connections to server:

"fwdlocal <local port> <remotehost>:<remote port>" i.e.; fwdlocal 3001 server1.remote.com:22

Page 93 of 231

WACSSH will be listening on port 3001, any connections coming to this port will be forwarded to the server, where the connection will be further forwarded to the host server1.remote.com:22. (The server and this host can be the same machine.)

If you want to view all the previous local configurations, type "fwdlocal". This command will list all the schemed local port forwarding for you.

If you want to remove the previously configured local port forwarding, type "fwdlocal <local port>". This command will drop this port from the schemed local port forwarding list.

Remote Port Forwarding

At the WACSSH command screen, type "help fwdremote". You should get help information about remote forwarding. Then issue the following command to ask server to forward connection to us:

"fwdremote <remote port> <local host>:<local port> " i.e.; fwdremote 3002 server1.local.com:22

WACSSH will send a request to the server, if approved, the server will be listening on the port 3002, any connection that coming to this port will be forwarded to WACSSH, where the connection is further forwarded to the host server1.local.com:22. (WACSSH client and this local host can be the same machine.)

If you want to view all the previous remote configurations, type "fwdremote". This command will list all the schemed remote port forwarding table for you.

If you want to remove the previously configured remote port forwarding, type "fwdremote <local port>". This command will drop this port from the schemed port forwarding list.

Serial Port Settings

WAC Server supports serial port communications, which means you can use a plain-old terminal (or a terminal emulator) and connect it to your NT/2000/XP server through a serial cable. Right now WAC Server only support terminals that are compatible with DEC VT series terminals.

Before you can get connected over a serial cable, both the serial port on the client and server machine must have identical communication settings. Configuring serial port communications in WAC Server involves enabling the "serial port" and specifying the "serial ports", setting the communication parameters that control the baud rate and the serial data.

Page 94 of 231

Enable the Serial Port Service (EnableComm)

Before you can access the server using a serial port, you need to declare it to WAC Server so the server can listen on that port. What you need to declare is enable the “ serial port” using one of the WAC configuration tools.

If you use WacMan.exe, you need to go to the “ Serial Port Settings” page and then modify the setting. If you use CONFIG.EXE, you need to go to the “ Server Settings” page, and then modify the “ EnableComm” value. For detail instructions, please see Server Global Settings – “ Serial Port Service” in this chapter.

NOTE: x Enabling the serial port is not enough, you also need to specify the serial port list to

WAC Server, so the server can know which serial port it should be listening.

x You have to restart the WAC Service to take your settings effective.

Specify the Serial Port List (CommPortList)

If you have installed WAC Server, you already know you can specify the serial port list during installing WAC Server. If you didn't specify the port list during the installation, then when you user CONFIG.EXE and try to open the “ Communication Settings” , you will see a pop-up message as below:

In this case, you need to go to the "Server Settings" panel to configure the “ CommPortList” value. Or you can't set the communication settings nor use the serial port access. You can specify more than one port in this list.

If you use WacMan.exe to specify the serial port list, you will not fall across the above condition. For detailed instructions please refer to Server Global Settings - “ Serial Port Service” and “ Serial Port List” in this chapter.

When you have specified or installed more serial ports, you might have COM5 - COM12. If you have installed an additional serial communication adapter with 8 ports, you can go ahead and include them into your WAC Server port list, like "COM1, COM5, COM6, COM7, COM8, COM9, COM10, COM11, COM12". All these ports will be accessible using serial terminals.

Page 95 of 231

Set the Communication Parameters

Before you can communicate, communication parameters need to be figured out and properly set. These parameters include the "Baud rate, Data length, Parity check, and Stop bits". Communication parameters have to be exactly the same for both terminal and the corresponding port on WAC Server, otherwise the communication is impossible.

To change the parameters for your terminal (or emulator), consult the user manual of the terminal (or emulator), to change the parameters for WAC port, you can use one of the WAC configuration tools to perform the task.

x If you use WacMan.exe, you need to go to “ Serial Port Settings” page, and in the

“ Communication Settings” area, select the port from the “ Port” combo box, and then set the relevant parameters for this port..

x If you use CONFIG.EXE, you need to go “ Communication Settings” page. In this

page, from the left side “ Port” list box, select the port you want to set, and then at the right side, set the relevant parameters.

NOTE:

x You can also use WAC Command Line tool “ wac port” to perform this task.

Notes and Tips

Serial cables are considered connected all the time, so when you want to end the session, be sure to log out, otherwise, even if you turned off the terminal (or closed the terminal emulator), WAC Server will still think you are connected, then next time when you back online, you'll automatically get connected without logon, because you never logged off. And anybody else can get into the system too, so be sure to log off.

Serial communications are not reliable, that means sometimes data might get lost between the server and the terminal. In this case, the screen might be corrupted and look messy, don't be panic, you can press CTRL-R to refresh the screen (WAC Server will send the screen data one more time), and most likely you will see everything OK now. Of course the final resort is restarting the terminal and/or restarting the session.

One thing you need to note, the default terminal size for DEC VT terminal is 24 lines, which is different from the default size of DOS command prompt (25 lines), you might lose the last line of the display of some applications. If your terminal supports more lines, you should notify the server about it. For more information about the terminal size change, please refer to "Resize Terminal Size” or WAC command line tool “ wac term” section.

Page 96 of 231

References

This section exists to complement the “ Advanced Configuration Features” section.

WAC Event Logging

WAC Server provides detailed event logging information for user activities. And the system administrator can selectively enable or disable the information to be recorded by setting “ Log Mask” .

Logging information is written into “ Logfiles” which resides in WAC Server installation directory, and the system administrator can change the directory by setting “ Log Path” and to view those logging information real time using “ View Log File” in WAC Manager

If the user uses WAC Protected Shell, administrator can choose to log all user activities like executed commands and programs. See References – WAC Protected Shell – “ Define Pshell File” in this chapter.

NOTE:

WAC Server also provides a console tool – “ Event Viewer” to log important events in

your host Windows system. Use this tool, you can remotely view and manage your system events. See Chapter One - “ Event Viewer” in Part Three.

Define Log Mask (LogMask)

The configuration “ Log Mask” is used to specify what kind of server information to be recorded into log file.

WAC Server provides five types of event information for system administrator to choose to log. The system administrator can use WAC configuration tools to accomplish the task. Here is the information type and their descriptions:

x Server Info: This information is logging events such as " the WAC Server running

status, the various services state and their corresponding ports, and the basic server information like 'Licensee, SN: , Maximum Sessions, system name, OS’ etc” .

x Basic Session Info: This information is logging events such as "connection type,

source IP, terminal info, and session ID etc ".

Page 97 of 231

x Detailed Session Info: This information is logging events of session inter-

operation such as "session watch, session control, session takeover, session abort etc".

x Authorization Related Info: This information is logging events such as " the

domain name, the logon user name, the authorization state, and the authorization methods like ‘ the stored password auth, public key auth, SSH signature auth’ etc ".

x File Transfer Info: This information is logging transferring activities between

server and terminal. All trails including your deleting file, creating/deleting directory, renaming file, anonymous reading or writing during transferring file will be recorded.

By default, all the five types of logging information are enabled.

Here are instructions for logging information configurations in either WacMan.exe or CONFIG.EXE:

x If you use WacMan.exe, you need to go to “ More Server Settings” page, and there is

a setting called “ Log Mask” . Just check the relevant check box to enable or disable the logging information you want.

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page. And from the left

side box, choose a setting called “ LogMask” . And then in the edit line, input the value for it. “ -1” is the default value that means all logging information is enabled.

The "LogMask" value is using the position of bit mask in a bit-wise field to set and reset the state of individual bits, thus to specify the information. Here is the value syntax and using examples”

x “ 1" for Server Info; x "2" for Basic Session Info; x "4" for Detailed Session Info; x "8" for Authorization Related Info; x "16" for File Transfer Info.

Examples

1. If you want to log "server info" and "authorization related info" into “ Logfiles” ,

you should use the plus outcome of their values “ 5” to specify the log mask. In a word, in the edit line, you should set the value to “ 5” to log the two types of information.

2. If you want to log “ server info” , "detailed session info" and "file transfer info", in

the text edit box, you should set the value to "21" which is the plus outcome of the three values (1 +4+16).

Page 98 of 231

NOTE: You have to restart WAC Server service to take your changing effective.

View Log File

A “ log file” is a daily-delimited text file, which actually records all logging information in one day and is stored with the date stamp into the “ Logfiles” . For example, on the day 2003-7-16, you and other users log into WAC Sever, and do many operations and then log off. All you activities on this day then will be stored into “ Logfiles” with the name “ WAC030716.TXT” .

In the “ Logfiles” directory, there contains many a daily “ log file” , and you can easily view some day log file by recognizing the saving name

There are two ways for you to view the log files: x In WAC Manager, in the WAC Server Status page, select the date from the calendar,

and click on the "View Log File" button to bring up a text file that contains all the logging information in this date.

x Go to WAC Server installation directory, open the directory “ Logfiles” , you can see a

list of daily “ log file” , just double click the log file you want to view.

NOTE: For your conveniences, can create shortcut for “ Logfiles” by copying or dragging it to somewhere that you feel convenient to view afterwards.

Change Log File Path (LogPath)

The configuration “ Log Path” is used to change the directory which contains all the logging information.

By default, the logging information is written into “ Logfiles” which a folder locates in the WAC Server installation directory. You can create shortcut for “ Logfiles” by copying or dragging it to somewhere that you feel convenient to view afterwards. You can also change its path using WAC configuration tools.

Here are instructions for log path configurations in WAC Manager and CONFIG.EXE: x If you use WAC Manager, you need to go to “ More Server Settings” page, and there

is a setting called “ log path” . Just enter the path in the adjacent edit box, or click “ Browse… ” button to select the path.

Page 99 of 231

x If you use CONFIG.EXE, you need to go to “ Sever Settings” page. And from the left

side box, choose a setting called “ LogPath” . Then in the edit line, enter the path for it.

NOTE: You have to restart WAC Server service to take your changing effective.

Client Side Printing

While you remotely run applications on server machine, you can print locally on the most convenient printer. WAC Server can redirect server printing to client program for each user.

To use Client Side Printing, you need to do some settings on both server and client side.

Server Side Setup

1. Install WAC Printing Redirector

This step was completed during you installed WAC Server.

After you installed WAC Server, a special print port called WAC_PRINTER will appear in the available printer ports in your server machine. It has two features:

x This WAC_PRINTER essentially is WAC Printing Redirector (or called Virtual

Printer Port), it can redirect server side printing to client side when there are any print job demands.

x This WAC_PRINTER is shared after installation.

After creating WAC_PRINTER, you might need to map a DOS print port like LPT1 or LPT2 to WAC_PRINTER, because most DOS-based programs print to the LPT1 or LPT2 ports by default. See the step two below.

After producing this mapping, when you require print job from a DOS-based program, the printer output seems to be printed to LPT port, however, actually printed onto WAC_PRINTER, thus WAC_PRINTER is able to redirect the printing to client side.

NOTE: If you found no WAC_PRINTER was installed after installing WAC Server, please see Troubleshooting.

2. Map LPT port to WAC Printing Redirector

You can use the following methods to accomplish this task:

Page 100 of 231

Foxit WAC Server User's Manual

Specifications and Main Features

Frequently Asked Questions

User Manual