Remote Access on P91

Since we all want remote access, and we want it now, I have compiled this list of hints and secrets that allow you to customize your system to fit your own needs.

Contents

• 1 Adding a new user
• 2 Set the user group membership
• 3 Set the logon to ia_user.bat
• 4 Set the logon script and start-up directory
• 5 Set the idle time logout
• 6 Modify fv_cmds file
• 7 Advanced user setup
• 8 Testing the user account
• 9 Adding remote desktop to the mouse ‘right click’ menu in FoxView
• 10 To access the machine from a remote machine without Foxview.
• 11 Further information

Adding a new user

Since remote access is usually by many different people, being able to control individual access is important. Adding a new user is simple. The first step is to add the user to the Windows user list. This is accomplished by:

Start -> Programs -> Administrative Tools-> Computer Management

Then select “Computer Users”. Here you will find a user called IA. This user is set up by Foxboro for remote display usage. It does not contain the ability to access the desktop on the server remotely. (Except for the unknown backdoor.) Simply copy this user settings and you will have a new remote user.

1. Select Action -> New User
2. add a username
3. add a password
4. check “User must change password at next logon”

Set the user group membership

Under the “Member of” tab, click Add, Advanced, Find now. In the search results select the following groups:

• Exceed_Users
• Fox Services
• Performance Log Users
• Remote Desktop Users
• Users

For advanced users consider adding power users or admin rights.

Set the logon to ia_user.bat

Click on the Profile tab. It basically sets eXceed for remote sessions. It is located in D:\usr\fox\TS_files and does this…

@echo off
rem  This script can be employed as a logon script for user  accounts on
rem  a server running Microsoft Terminal Services. 
rem
rem  It sets up the DISPLAY environment variable to point to the X Window
rem  server handling the X Windows on the terminal at which the user is seated.  
rem  This will enable any X Window applications that are started by a remote 
rem  user to appear on that user's screen instead of appearing at the console 
rem  connected to the server where the X applications are actually running. 

set TmpLog="%USERPROFILE%\Local Settings\ia_logon.bat.log"
echo %0 > %TmpLog%
date /t >> %TmpLog%
time /t >> %TmpLog%

rem  Old NT 4.0 TSE method: if "%WINSTATIONNAME%" == "" GOTO LocalUsr
rem
if DEFINED WINSTATIONNAME GOTO GotWNAME
echo WINSTATIONNAME not defined >> %TmpLog%

if DEFINED SESSIONNAME GOTO GotSNAME
echo SESSIONNAME not defined >> %TmpLog%
GOTO LocalUsr

:GotSNAME
echo SESSIONNAME=%SESSIONNAME% >> %TmpLog%
set WINSTATIONNAME=%SESSIONNAME%

:GotWNAME
echo WINSTATIONNAME=%WINSTATIONNAME% >> %TmpLog%
if "%WINSTATIONNAME%" == "" GOTO LocalUsr
if "%WINSTATIONNAME%" == "Console" GOTO LocalUsr

rem *** Set up the Display Number for Apps using X Window Server (Exceed) ***

set SessionID=%WINSTATIONNAME:~8,8%
set DISPLAY=:%SessionID%.0

echo Remote User "%USERNAME%" SessionID: %SessionID% >> %TmpLog%

GOTO END

:LocalUsr
set DISPLAY=:0.0
echo Local User "%USERNAME%" >> %TmpLog%

:END
set TmpLog=

EXIT

Set the logon script and start-up directory

Click on the Enviroment Tab and check “Start the following program at logon:”

under “Program file name”:

startp /b %FOXDRIVE%\usr\fox\customer\config\ia_logon.cmd

under “Start in”:

%USERPROFILE%\Local Settings

I like to check “Connect client printers at logon” and “Default to main client printer”.

Note: For an advanced user simply uncheck “Start the following program at logon”. This will allow a user to have a desktop and access the programs on the server (trusted users). Then create an icon for FoxView or other programs. (See instructions for Advanced user setup.)

This basically starts up FoxView under the administrative account.

@echo off

rem  This script can be employed as a logon script for remote user accounts 
rem  at terminal server client stations.
rem
rem  If it is run as the "Initial program" for such a user account, it will
rem  restrict the user to only having access to the FoxView application and
rem  whatever other applications can be started from within the FoxView
rem  window.  No Start menu or task bar will be available on the desktop.
rem
rem  This script sets up the DISPLAY environment variable for any X Window 
rem  applications that might be started from the FoxView window and then 
rem  launches the FoxView application.
rem
rem  When the FoxView application is closed, the session is terminated.

set TmpLog="%USERPROFILE%\Local Settings\ia_logon.cmd.log"

echo %0 > %TmpLog%
date /t >> %TmpLog%
time /t >> %TmpLog%

rem  Old NT 4.0 TSE method: if "%WINSTATIONNAME%" == "" GOTO LocalUsr

if DEFINED WINSTATIONNAME GOTO GotWNAME
echo WINSTATIONNAME not defined >> %TmpLog%

if DEFINED SESSIONNAME GOTO GotSNAME
echo SESSIONNAME not defined >> %TmpLog%
GOTO LocalUsr

:GotSNAME
echo SESSIONNAME=%SESSIONNAME% >> %TmpLog%
set WINSTATIONNAME=%SESSIONNAME%

:GotWNAME
echo WINSTATIONNAME=%WINSTATIONNAME% >> %TmpLog%
if "%WINSTATIONNAME%" == "" GOTO LocalUsr
if "%WINSTATIONNAME%" == "Console" GOTO LocalUsr

set SessionID=%WINSTATIONNAME:~8,8%
echo Remote User "%USERNAME%" SessionID: %SessionID% >> %TmpLog%
GOTO END

:LocalUsr
echo User "%USERNAME%" at local console >> %TmpLog%

:END
echo DISPLAY: "%DISPLAY%" >> %TmpLog%

rem  Here is the application that the remote user will see when he/she logs on.

rem Set up working directory for application

cd /D %FOXDRIVE%\usr\fox

rem Start up FoxView for "ia" account logon

echo Starting up FoxView >> %TmpLog%
%FOXSYS32%\run_as_user -n %FOXROOT%opt\fox\wp\foxview\foxview.exe

echo application exited >> %TmpLog%

rem Close the remote client session.

%FOXSYS32%\TS_logoff.exe

EXIT

Set the idle time logout

Under the Sessions tab select the following:

• End a disconnected session: 1 minute
• Active session limit: Never
• Idle session limit: 1 hour
• When a session limit is reached or connection broken: End session
• Allow reconnection : From originating client only

For advanced users (with desktop) I like to have an idle session and disconnected session limit a bit higher since they might be using other programs or wish to come back.

Modify fv_cmds file

Since custom user setup is important to allow different people and different stations to start up in different ways, this file is very useful in controlling login and startup of FoxView.

dmcmd script			# magic number
= DMCMD ""			# clear previous messages
				#

!= _$CLIENTNAME _ setenv DM_LOCAL N 	# if remote Terminal Server session, reset DM_LOCAL
					# By default, remote FoxViews will be view-only

== $CLIENTNAME Console setenv DM_LOCAL Y	# if local console on XP

#------------------- Authorized users---------------------------
#root (Substitute your Client name for <YOUR_PC_NAME>)
#root (Substitute your enviroment for <YOUR_ENVIROMENT>)
#This will allow Foxview to open directly into your environment based on remote machine name.
#example
#== $CLIENTNAME <YOUR_PC_NAME>  setenv DM_LOCAL Y
#== $CLIENTNAME <YOUR_PC_NAME> setenv FVENV1 \opt\fox\env\<YOUR_ENVIROMENT>.env
# OR By remote username (OR BOTH)
#== $USERNAME <YOUR_USER_NAME>  setenv DM_LOCAL Y
#== $USERNAME <YOUR_PC_NAME> setenv FVENV1 \opt\fox\env\<YOUR_ENVIROMENT>.env
#NOTE: <YOUR_ENVIROMENT>.env must exist in \opt\customer\env or \opt\fox\env
#-------------------DCS Stations-------------------------------------
#PLANT AREA 11
== $GCLBUG AW0054 setenv DM_LOCAL Y
== $GCLBUG AW0054 setenv FVENV1 \opt\fox\env\area11.env

== $DM_LOCAL N setenv SYS_PROT 100
== $DM_LOCAL N dmcmd protect value 100	# protect access to single instance applications
== $DM_LOCAL N dmcmd disable omsets	# disable OM sets for all remote DMs by default
== $DM_LOCAL N dmcmd disable clralm	# disable clearing CAD alarms for all
                               	# remote DMs by default
== $DM_LOCAL Y getenv CADDD CADDD # set CAD redirection variables to configured
== $DM_LOCAL Y getenv CADTP CADTP #   values when running locally
== $DM_LOCAL Y getenv CADUS CADUS #
== $DM_LOCAL Y dmcmd enable omsets

== $DM_LOCAL N = CADDD ""	# clear CAD redirection variables
== $DM_LOCAL N = CADTP ""	#   when running on remote
== $DM_LOCAL N = CADUS ""	#   terminal

disable monitor                 # don't set OM monitoring variables
mount $TMHST			# mount the logical host
dmcmd ojinit			#
$OPTFOX/env/Initial.env		# call in initial environment
$FVENV1		# call in the configured FoxView first environment

#These will put your remote variable values in the Msglin in the Foxview
msglin fvenv1_$FVENV1
msglin clientname_$CLIENTNAME
msglin gclbug_$GCLBUG
msglin username_$USERNAME
msglin initdisp_$INITDSP
msglin SESSIONNAME_$SESSIONNAME

= TCTOUT 10			# set on-line trend cfg timeout to 2 sec
$INITDSP			# call in initial display
setenv APP_TYPE FV		# indicate this is a FV, not DM

Advanced user setup

I want the total access to the power of a server. Some settings will need to be added to allow these users the access from a remote station.

Add a shortcut to the ‘All Users’ desktop. The target is:

D:\usr\fox\system32\run_as_user.exe -n d:\opt\fox\wp\foxview\foxview.exe

This allows the program to be run with admin rights.

Check for programs you don’t want the default user and all users to have. Windows does like to add programs (email) that we don’t want advanced users to have access to.

Testing the user account

By trying a login you can verify that the account is going to work successfully by the user.

You should try their account first to create the necessary files until you are familiar with the way to set them up.

To do this access remote desktop and login with their username and password. Then reset their password and mark it so they must change their password at first login. (See Adding a new user.)

Adding remote desktop to the mouse ‘right click’ menu in FoxView

In the remote stations I want to be able to access the server. Therefore it can be added to the menu on the remote stations.

When I log in as software engineer the right click has a custom entry to allow remote desktop. This is without a local desktop on the station. This makes it very easy for me to access my server remotely from control rooms and such.

In your env script add the following comnands:

shortcut_menu_style configurable
shortcut_menu -type object -file $ENV_DIR/obj_eng.mnu
shortcut_menu -type display -file $ENV_DIR/disp_eng.mnu

Then add file named disp_eng.mnu to your env directory (/opt/fox/env)

COMMAND -label "Previous Display" -cmd "close"
COMMAND -label "Page Ack" -cmd "pageack"
COMMAND -label "Open with FoxDraw" -cmd "run \opt\fox\wp\FoxDraw\foxdraw $SELDISP -fvname $DMNAME" -p 100,101
SEPARATOR
COMMAND -label "Moveable" -cmd "ov_mode -move -sticky" 
COMMAND -label "Stationary" -cmd "ov_mode -fdconfig"
SEPARATOR
COMMAND -label "Explorer" -cmd "run explorer.exe"
COMMAND -label "Remote Desktop" -cmd "run $windir\system32\mstsc.exe"
SEPARATOR
COMMAND -label "Close" -cmd "close"

To access the machine from a remote machine without Foxview.

Simply go to:

Start -> Programs -> Accessories -> Communications -> Remote Desktop Connection

Select the IP address or machine name of your server, add login name and password and it should log you on.

Further information

Those who want to know more can contact me at:

Ron Schafer

10026 Old Ridge Rd
Ashland, VA 23009
804-227-4034