Remote Access on P91
Since we all want remote access, and we want it now, I have compiled this list of hints and secrets that allow you to customize your system to fit your own needs.
Adding a new user
Since remote access is usually by many different people, being able to control individual access is important. Adding a new user is simple. The first step is to add the user to the Windows user list. This is accomplished by:
Start -> Programs -> Administrative Tools-> Computer Management
Then select "Computer Users". Here you will find a user called IA. This user is set up by Foxboro for remote display usage. It does not contain the ability to access the desktop on the server remotely. (Except for the unknown backdoor.) Simply copy this user settings and you will have a new remote user.
- Select Action -> New User
- add a username
- add a password
- check "User must change password at next logon"
Set the user group membership
Under the "Member of" tab, click Add, Advanced, Find now. In the search results select the following groups:
- Fox Services
- Performance Log Users
- Remote Desktop Users
For advanced users consider adding power users or admin rights.
Set the logon to ia_user.bat
Click on the Profile tab. It basically sets eXceed for remote sessions. It is located in D:\usr\fox\TS_files and does this...
@echo off rem This script can be employed as a logon script for user accounts on rem a server running Microsoft Terminal Services. rem rem It sets up the DISPLAY environment variable to point to the X Window rem server handling the X Windows on the terminal at which the user is seated. rem This will enable any X Window applications that are started by a remote rem user to appear on that user's screen instead of appearing at the console rem connected to the server where the X applications are actually running. set TmpLog="%USERPROFILE%\Local Settings\ia_logon.bat.log" echo %0 > %TmpLog% date /t >> %TmpLog% time /t >> %TmpLog% rem Old NT 4.0 TSE method: if "%WINSTATIONNAME%" == "" GOTO LocalUsr rem if DEFINED WINSTATIONNAME GOTO GotWNAME echo WINSTATIONNAME not defined >> %TmpLog% if DEFINED SESSIONNAME GOTO GotSNAME echo SESSIONNAME not defined >> %TmpLog% GOTO LocalUsr :GotSNAME echo SESSIONNAME=%SESSIONNAME% >> %TmpLog% set WINSTATIONNAME=%SESSIONNAME% :GotWNAME echo WINSTATIONNAME=%WINSTATIONNAME% >> %TmpLog% if "%WINSTATIONNAME%" == "" GOTO LocalUsr if "%WINSTATIONNAME%" == "Console" GOTO LocalUsr rem *** Set up the Display Number for Apps using X Window Server (Exceed) *** set SessionID=%WINSTATIONNAME:~8,8% set DISPLAY=:%SessionID%.0 echo Remote User "%USERNAME%" SessionID: %SessionID% >> %TmpLog% GOTO END :LocalUsr set DISPLAY=:0.0 echo Local User "%USERNAME%" >> %TmpLog% :END set TmpLog= EXIT
Set the logon script and start-up directory
Click on the Enviroment Tab and check "Start the following program at logon:"
under "Program file name":
startp /b %FOXDRIVE%\usr\fox\customer\config\ia_logon.cmd
under "Start in":
I like to check "Connect client printers at logon" and "Default to main client printer".
Note: For an advanced user simply uncheck "Start the following program at logon". This will allow a user to have a desktop and access the programs on the server (trusted users). Then create an icon for FoxView or other programs. (See instructions for Advanced user setup.)
This basically starts up FoxView under the administrative account.
@echo off rem This script can be employed as a logon script for remote user accounts rem at terminal server client stations. rem rem If it is run as the "Initial program" for such a user account, it will rem restrict the user to only having access to the FoxView application and rem whatever other applications can be started from within the FoxView rem window. No Start menu or task bar will be available on the desktop. rem rem This script sets up the DISPLAY environment variable for any X Window rem applications that might be started from the FoxView window and then rem launches the FoxView application. rem rem When the FoxView application is closed, the session is terminated. set TmpLog="%USERPROFILE%\Local Settings\ia_logon.cmd.log" echo %0 > %TmpLog% date /t >> %TmpLog% time /t >> %TmpLog% rem Old NT 4.0 TSE method: if "%WINSTATIONNAME%" == "" GOTO LocalUsr if DEFINED WINSTATIONNAME GOTO GotWNAME echo WINSTATIONNAME not defined >> %TmpLog% if DEFINED SESSIONNAME GOTO GotSNAME echo SESSIONNAME not defined >> %TmpLog% GOTO LocalUsr :GotSNAME echo SESSIONNAME=%SESSIONNAME% >> %TmpLog% set WINSTATIONNAME=%SESSIONNAME% :GotWNAME echo WINSTATIONNAME=%WINSTATIONNAME% >> %TmpLog% if "%WINSTATIONNAME%" == "" GOTO LocalUsr if "%WINSTATIONNAME%" == "Console" GOTO LocalUsr set SessionID=%WINSTATIONNAME:~8,8% echo Remote User "%USERNAME%" SessionID: %SessionID% >> %TmpLog% GOTO END :LocalUsr echo User "%USERNAME%" at local console >> %TmpLog% :END echo DISPLAY: "%DISPLAY%" >> %TmpLog% rem Here is the application that the remote user will see when he/she logs on. rem Set up working directory for application cd /D %FOXDRIVE%\usr\fox rem Start up FoxView for "ia" account logon echo Starting up FoxView >> %TmpLog% %FOXSYS32%\run_as_user -n %FOXROOT%opt\fox\wp\foxview\foxview.exe echo application exited >> %TmpLog% rem Close the remote client session. %FOXSYS32%\TS_logoff.exe EXIT
Set the idle time logout
Under the Sessions tab select the following:
- End a disconnected session: 1 minute
- Active session limit: Never
- Idle session limit: 1 hour
- When a session limit is reached or connection broken: End session
- Allow reconnection : From originating client only
For advanced users (with desktop) I like to have an idle session and disconnected session limit a bit higher since they might be using other programs or wish to come back.
Modify fv_cmds file
Since custom user setup is important to allow different people and different stations to start up in different ways, this file is very useful in controlling login and startup of FoxView.
dmcmd script # magic number = DMCMD "" # clear previous messages # != _$CLIENTNAME _ setenv DM_LOCAL N # if remote Terminal Server session, reset DM_LOCAL # By default, remote FoxViews will be view-only == $CLIENTNAME Console setenv DM_LOCAL Y # if local console on XP #------------------- Authorized users--------------------------- #root (Substitute your Client name for <YOUR_PC_NAME>) #root (Substitute your enviroment for <YOUR_ENVIROMENT>) #This will allow Foxview to open directly into your environment based on remote machine name. #example #== $CLIENTNAME <YOUR_PC_NAME> setenv DM_LOCAL Y #== $CLIENTNAME <YOUR_PC_NAME> setenv FVENV1 \opt\fox\env\<YOUR_ENVIROMENT>.env # OR By remote username (OR BOTH) #== $USERNAME <YOUR_USER_NAME> setenv DM_LOCAL Y #== $USERNAME <YOUR_PC_NAME> setenv FVENV1 \opt\fox\env\<YOUR_ENVIROMENT>.env #NOTE: <YOUR_ENVIROMENT>.env must exist in \opt\customer\env or \opt\fox\env #-------------------DCS Stations------------------------------------- #PLANT AREA 11 == $GCLBUG AW0054 setenv DM_LOCAL Y == $GCLBUG AW0054 setenv FVENV1 \opt\fox\env\area11.env == $DM_LOCAL N setenv SYS_PROT 100 == $DM_LOCAL N dmcmd protect value 100 # protect access to single instance applications == $DM_LOCAL N dmcmd disable omsets # disable OM sets for all remote DMs by default == $DM_LOCAL N dmcmd disable clralm # disable clearing CAD alarms for all # remote DMs by default == $DM_LOCAL Y getenv CADDD CADDD # set CAD redirection variables to configured == $DM_LOCAL Y getenv CADTP CADTP # values when running locally == $DM_LOCAL Y getenv CADUS CADUS # == $DM_LOCAL Y dmcmd enable omsets == $DM_LOCAL N = CADDD "" # clear CAD redirection variables == $DM_LOCAL N = CADTP "" # when running on remote == $DM_LOCAL N = CADUS "" # terminal disable monitor # don't set OM monitoring variables mount $TMHST # mount the logical host dmcmd ojinit # $OPTFOX/env/Initial.env # call in initial environment $FVENV1 # call in the configured FoxView first environment #These will put your remote variable values in the Msglin in the Foxview msglin fvenv1_$FVENV1 msglin clientname_$CLIENTNAME msglin gclbug_$GCLBUG msglin username_$USERNAME msglin initdisp_$INITDSP msglin SESSIONNAME_$SESSIONNAME = TCTOUT 10 # set on-line trend cfg timeout to 2 sec $INITDSP # call in initial display setenv APP_TYPE FV # indicate this is a FV, not DM
Advanced user setup
I want the total access to the power of a server. Some settings will need to be added to allow these users the access from a remote station.
Add a shortcut to the 'All Users' desktop. The target is:
D:\usr\fox\system32\run_as_user.exe -n d:\opt\fox\wp\foxview\foxview.exe
This allows the program to be run with admin rights.
Check for programs you don’t want the default user and all users to have. Windows does like to add programs (email) that we don’t want advanced users to have access to.
Testing the user account
By trying a login you can verify that the account is going to work successfully by the user.
You should try their account first to create the necessary files until you are familiar with the way to set them up.
To do this access remote desktop and login with their username and password. Then reset their password and mark it so they must change their password at first login. (See Adding a new user.)
Adding remote desktop to the mouse ‘right click’ menu in FoxView
In the remote stations I want to be able to access the server. Therefore it can be added to the menu on the remote stations.
When I log in as software engineer the right click has a custom entry to allow remote desktop. This is without a local desktop on the station. This makes it very easy for me to access my server remotely from control rooms and such.
In your env script add the following comnands:
shortcut_menu_style configurable shortcut_menu -type object -file $ENV_DIR/obj_eng.mnu shortcut_menu -type display -file $ENV_DIR/disp_eng.mnu
Then add file named disp_eng.mnu to your env directory (/opt/fox/env)
COMMAND -label "Previous Display" -cmd "close" COMMAND -label "Page Ack" -cmd "pageack" COMMAND -label "Open with FoxDraw" -cmd "run \opt\fox\wp\FoxDraw\foxdraw $SELDISP -fvname $DMNAME" -p 100,101 SEPARATOR COMMAND -label "Moveable" -cmd "ov_mode -move -sticky" COMMAND -label "Stationary" -cmd "ov_mode -fdconfig" SEPARATOR COMMAND -label "Explorer" -cmd "run explorer.exe" COMMAND -label "Remote Desktop" -cmd "run $windir\system32\mstsc.exe" SEPARATOR COMMAND -label "Close" -cmd "close"
To access the machine from a remote machine without Foxview.
Simply go to:
Start -> Programs -> Accessories -> Communications -> Remote Desktop Connection
Select the IP address or machine name of your server, add login name and password and it should log you on.
Those who want to know more can contact me at:
10026 Old Ridge Rd
Ashland, VA 23009