42 lines
4.0 KiB
HTML
42 lines
4.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Protect workstations from remote commands and procedures" />
|
|
<meta name="abstract" content="IBM iSeries Access for Windows provides the capability of receiving remote commands on the PC." />
|
|
<meta name="description" content="IBM iSeries Access for Windows provides the capability of receiving remote commands on the PC." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvsecstation.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="resprotworkstation" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Protect workstations from remote commands and procedures</title>
|
|
</head>
|
|
<body id="resprotworkstation"><a name="resprotworkstation"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Protect workstations from remote commands and procedures</h1>
|
|
<div><p>IBM<sup>®</sup> iSeries™ Access for Windows<sup>®</sup> provides the capability of receiving remote commands on the PC.</p>
|
|
<p> You can use the Run Remote Command (RUNRMTCMD) command on the server to run a procedure on an attached PC. The RUNRMTCMD capability is a valuable tool for system administrators and help-desk personnel. However, it also provides the opportunity for damaging PC data, either deliberately or accidentally. </p>
|
|
<p>PCs do not have the same object authority functions as iSeries servers. Your best protection against problems with the RUNRMTCMD command is to carefully restrict the system users who have access to the command. IBM iSeries Access for Windows provides the capability to register which users can run remote commands on a specific PC. When the connection is via TCP/IP, you can use the properties control panel on the client to control remote-command access. You can authorize users by user ID or by the remote system name. When the connection is via SNA, some client software provides the capability to set up security for the conversation. With other client software, you simply choose whether or not to set up the incoming-command capability. </p>
|
|
<p>For each combination of client software and connection type (such as TCP/IP or SNA), you need to review the potential for incoming-commands to attached PCs. Consult the client documentation by searching for “incoming command” or “RUNRMTCMD”. Be prepared to advise your PC users and network administrators about the correct (secure) way to configure clients to permit or prevent this capability.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsecstation.htm" title="After you secure printer output, you should secure your workstations. You authorize workstations just like you authorize other objects on the system. Use the EDTOBJAUT command to give users authority to workstations.">Secure your workstations</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |