IBM Tivoli Software IBM Tivoli Software

[ Bottom of Page | Previous Page | Next Page | Contents ]


Implementing the concurrent login feature

This section explains how to install, configure, and use the concurrent login feature to prevent the end user from logging in to the workstation during critical distributions.

Installing the concurrent login feature

Before you can install this feature, you must have installed Software Distribution and Activity Planner, as described in IBM(R) Tivoli(R) Configuration Manager: Planning and Installation Guide.

The 4.1.1-TMF-0044 Tivoli Framework patch must also be installed on the Tivoli server and gateways.

To install the concurrent login feature, perform the following steps:

  1. Install the 4.2.2-SWDSRV-FP01 Software Distribution server patch to update the Software Distribution command line and GUI.
  2. Install the 4.2.2-SWDGW-FP01 Software Distribution gateway patch to update Windows(R) endpoints.
  3. Install the 4.2.2-APM-FP01 Activity Planner patch to update the Activity Planner GUI.
  4. Upgrade the Activity Planner plug-ins, as described in Upgrading plug-ins.
  5. Distribute the Tivoli_login_control_4.2.2.spb software packages to the endpoints.
  6. Type the following command to enable the feature on the specified endpoint:
    wep endpoint_name set allow_distribution_control on
    where:
    endpoint_name
    Is the name of the endpoint where the feature is to be enabled.
    Repeat the command for each endpoint where the feature is to be enabled.
  7. Download the wdepcem.exe file from the /LoginControl folder on CD 2 to the endpoints.

Configuring the concurrent login feature

After installing the concurrent login feature as described in Installing the concurrent login feature, you can configure the registry keys created on the endpoints with the Tivoli_login_control_4.2.2.spb software package.

The registry keys are created in the following locations within the Registry Editor:

To view and edit the registry keys, use the wdepcem command. For more information on this command, see wdepcem.

The following is a list of all the registry keys created on the endpoints:

Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification

IsEnabled
Specifies whether the concurrent login feature is enabled. Supported values are 1, which means that the feature is enabled, and 0, which means that the feature is disabled. The default value is 1.
TraceLevel
Specifies the tracing level. Supported values are as follows:
0
Traces are disabled. This is the default value.
1
Standard tracing is enabled.
2
Verbose tracing is enabled.
TracePath
Specifies the full path and name of the trace files. The default value is: $(system_drive)\SWDnotification.log.
DenyPopupEnabled
Specifies whether a message must be displayed on the endpoint to notify the user that login is temporarily disabled. Supported values are 1, which means that the dialog is displayed, and 0 which means that the dialog is not displayed. The default value is 1.
PopUpTimeout
Specifies how many seconds the message must be displayed on the endpoint if you set the DenyPopupEnabled key to 1. The default value is 10.
LoginDeniedTitle
Defines the title of the dialog box displayed on the endpoint if you set the DenyPopupEnabled key to 1. The default value is SWDNotification.
LoginDeniedMsg
Defines the text contained in the dialog box displayed on the endpoint if you set the DenyPopupEnabled key to 1. When customizing the message, you can use the \r\n symbols for inserting a carriage return. The default value is: "Distribution in progress\r\nLogon temporarily disabled."
DenyLogonOnPauseError
Specifies whether the user can be allowed to log in to the workstation if an error occurs during an attempt to pause the distribution. Supported values are 1, which means the user is not allowed to log in, and 0, which means the user is allowed to log in. The default value is 1.
LoginDeniedMsgOnPauseError
Defines the text contained in the dialog box displayed on the endpoint if the distribution cannot be paused and you set the DenyLogonOnPauseError key to 1. When customizing the message, you can use the \r\n symbols for inserting a carriage return and the $(DIST_ID) variable which is replaced at run time with the distribution ID. The default value is: " The pause failed for distribution $(DIST_ID)\r\n Contact system administrator."
SwitchPopupDesktop
Specifies whether the message displayed on the endpoint if you set the DenyPopupEnabled key to 1, must be shown on a new Windows desktop. Supported values are 0, which means the default Windows desktop is used, and 1, which means a new Windows desktop is used. The default value is 1.
LogoffType
Specifies which type of logoff must be performed. Supported values are as follows
0
Performs a standard logoff. This is the default value.
1
Performs a forced logoff ending all active processes.
2
Performs a logoff ending active and hung processes.
DefaultShutdownAllowdBeforeReset
Defines the number of shutdown operations after which the user is allowed to log in again. This key prevents the user from being irrecoverably logged out of the workstation. The default value is 20.
CompletionPopupEnabled
Specifies whether a message is displayed on the endpoint to notify the user that the distribution has completed and login is allowed. Supported values are 0, which means the message is not displayed, and 1, which means the message is displayed.
CompletionProgramPath
Specifies the path to the application that manages the message to be displayed if you set the CompletionPopupEnabled to 1. Use this key if you modified the path where wcompmsg.exe is installed or if you want to use a different application for managing the message.
CompletionPopupTitle
Defines the title of the dialog box displayed on the endpoint if you set the CompletionPopupEnabled key to 1. The default value is SWDNotification.
CompletionPopupMsg
Defines the text contained in the dialog box displayed on the endpoint if you set the CompletionPopupEnabled key to 1. When customizing the message, you can use the \n symbol for inserting a carriage return. The default value is: "Distribution complete\nLogon is now permitted."
ShutdownPopupEnabled
Specifies whether a message is displayed when you attempt to perform a shutdown during a distribution for which the shutdown has been disabled. You must choose between performing a logoff immediately, performing a restart immediately, or performing a logoff immediately and subsequently a shutdown when the distribution completes. See also LogoffShutdownString. Supported values are 0, which means the message is not displayed, and 1, which means the message is displayed. The default value is 1.
ShutdownPopupMsg
Defines the text contained in the dialog box displayed on the endpoint if you set the ShutdownPopupEnabled key to 1. When customizing the message, you can use the \n symbol for inserting a carriage return. The default value is: "The machine will shutdown when the distribution completes."

Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\upcall

LCF_BINDIR
Is the fully qualified path to the LCF_BINDIR.
LCF_CACHEDIR
Is the fully qualified path to the LCF_CACHEDIR.
LCF_DATDIR
Is the fully qualified path to the LCF_DATDIR.
UpcallProgram
Is the fully qualified path to the application which communicates with the gateway.
UpcallTimeout
Specifies the timeout in seconds for communicating with the gateway. The default value is 120 seconds.

Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\wmansd

Title
Defines the title of the dialog box displayed on the endpoint if you set the ShutdownPopupEnabled key to 1 and the user attempts to perform a shutdown during a distribution for which the shutdown has been disabled. The default value is SWDNotification.
Message
Defines the message contained in the dialog box displayed on the endpoint if you set the ShutdownPopupEnabled key to 1 and the user attempts to perform a shutdown during a distribution for which the shutdown has been disabled. When customizing the message, you can use the \n symbol for inserting a carriage return. The default value is: "Please choose one of the following."
Timeout
Specifies a timeout in seconds for choosing between a logoff, a restart, and a logoff and shutdown. If you set the timeout to 0, the message is not displayed and the default action is performed. Otherwise, the default action is performed after the timeout expires. For more information on the default action, see DefaultAction. The default value is 0.
LogoffString
Defines the first option displayed in the message to request whether a logoff should be performed. If you select this option, a logoff is performed immediately. The default value is "Logoff".
LogoffShutdownString
Defines the second option displayed in the message to request whether a logoff and a shutdown should be performed. If you select this option, a logoff is performed immediately and a shutdown is performed when the distribution completes. The default value is "Logoff and shutdown when complete".
RestartString
Defines the third option displayed in the shutdown message to request whether a restart should be performed. If you select this option, a restart is performed immediately. The default value is "Restart".
DefaultAction
Specifies the default action to be performed when the timeout expires or is set to 0. Supported values are as follows:
1
Performs a logoff immediately.
2
Performs a logoff immediately and a shutdown when the distribution completes. This is the default value.
3
Performs a restart immediately.
LeftLogonPopupEnabled
Specifies whether a message must be displayed on the endpoint listing the number of logins allowed on the workstation. You can define this key when limited logins are allowed during the distribution. If an error occurs and the distribution cannot be paused, the message is not displayed. Supported values are 0, which means the message is not displayed, and 1, which means the message is displayed. The default value is 1.
LeftLogonPopupMsg
Defines the message contained in the dialog box displayed on the endpoint if you set the LeftLogonPopupEnabled key to 1. When customizing the message, you can use the \n symbol for inserting a carriage return and the $(LEFT_LOGON) variable which is replaced at run time with the number of allowed logins. The default value is: "The current distribution has been paused\nYou can logon $(LEFT_LOGON) times."
wdepcem

Displays and configures the registry keys created when the concurrent login feature is installed on the endpoint. It can also unlock a workstation that has been locked by mistake.

Syntax

wdepcem [-r | -g property | -s property]

Options

-r
Unlocks a workstation that has been locked by mistake.
-g property
Displays the setting defined for the specified registry key.
-s property
Defines a setting for the specified registry key, as follows:
-e [true | false]
Specifies whether the concurrent login feature is enabled. Supported values are true, which means that the feature is enabled, and false, which means that the feature is disabled. The default value is true.
-p [true | false]
Specifies whether a message must be displayed on the endpoint to notify the user that login is temporarily disabled. Supported values are true, which means that the dialog is displayed, and false which means that the dialog is not displayed. The default value is true.
-t timeout
Specifies how many seconds the message must be displayed on the endpoint if you set the -p option to true. The default value is 10.
-l popup_title
Defines the title of the dialog box displayed on the endpoint if you set the -p option to true. The default value is SWDNotification.
-L popup_msg
Defines the text contained in the dialog box displayed on the endpoint if you set the -p option to true. The default value is: "Distribution in progress\r\nLogon temporarily disabled."
-m [true | false]
Specifies whether the user can be allowed to log in to the workstation if an error occurs during an attempt to pause the distribution. Supported values are true, which means the user is not allowed to log in, and false, which means the user is allowed to log in. The default value is true.
-M popup_msg
Defines the text contained in the dialog box displayed on the endpoint if the distribution cannot be paused and you set the -m option to true. When customizing the message, you can use the \r\n symbols for inserting a carriage return and the $(DIST_ID) variable which is replaced at run time with the distribution ID. The default value is: "The pause failed for distribution $(DIST_ID)\r\n Contact the system administrator."
-x level
Specifies the tracing level. Supported values are as follows:
0
Traces are disabled. This is the default value.
1
Standard tracing is enabled.
2
Verbose tracing is enabled.
-y pathname
Specifies the full path and name of the trace files. The default value is: $(system_drive)\SWDnotification.log.
-s [true | false]
Specifies whether the message displayed on the endpoint if you set the -p option to true, must be shown on a new Windows desktop. Supported values are true, which means a new Windows desktop is used, and false, which means the default desktop is used. The default value is true.
-d max_shutdowns
Defines the number of shutdown operations after which the user is allowed to log in again. This key prevents the user from being irrecoverably logged out of the workstation. The default value is 20.
-o [0 | 1 | 2]
Specifies which type of logoff must be performed. Supported values are as follows:
0
Performs a standard logoff. This is the default value.
1
Performs a forced logoff ending all active processes.
2
Performs a logoff ending also hung processes.
-c [true | false]
Specifies whether a message is displayed on the endpoint to notify the user that the distribution has completed and log in is allowed. Supported values are true, which means the message is displayed, and false, which means the message is not displayed. The default value is true.
-b pathname
Specifies the path to the application that manages the message to be displayed if you set the -c option to true. Use this key if you modified the path where wcompmsg.exe is installed or if you want to use a different application for managing the message.
-u popup_title
Defines the title of the dialog box displayed on the endpoint if you set the -c option to true. The default value is SWDNotification.
-v popup_msg
Defines the text contained in the dialog box displayed on the endpoint if you set the -c option to true. When customizing the message, you can use the \r\n symbols for inserting a carriage return. The default value is: "Distribution complete\nLogon is now permitted."
-w [true | false]
Specifies whether a message is displayed when you attempt to perform a shutdown during a distribution for which the shutdown has been disabled. You must choose between performing a logoff immediately, performing a restart immediately, or performing a logoff immediately and subsequently a shutdown when the distribution completes. See also the - H option. Supported values are true, which means the message is displayed, and false, which means the message is not displayed. The default value is true.
-z shut_popup_msg
Defines the text contained in the dialog box displayed on the endpoint if you set the -w option to true. When customizing the message, you can use the \n symbol for inserting a carriage return. The default value is: "The machine will shut down when the distribution completes."
-B pathname
Specifies the fully qualified path to the LCF_BINDIR.
-C pathname
Specifies the fully qualified path to the LCF_CACHEDIR.
-D pathname
Specifies the fully qualified path to the LCF_DATDIR.
-U pathname
Specifies the fully qualified path to the application which communicates with the gateway.
-W timeout
Specifies the timeout in seconds for communicating with the gateway. The default value is 120 seconds.
-E popup_title
Defines the title of the dialog box displayed on the endpoint if you set the -w option to true and the user attempts to perform a shutdown during a distribution for which shutdown has been disabled. The default value is SWDNotification.
-F popup_msg
Defines the message contained in the dialog box displayed on the endpoint if you set the -w option to true and the user attempts to perform a shutdown during a distribution for which the shutdown has been disabled. When customizing the message, you can use the \n symbol for inserting a carriage return. The default value is: "Please choose one of the following"
-G timeout
Specifies a timeout in seconds for choosing between a logoff, a restart, and a logoff and shutdown. If you set the timeout to 0, the message is not displayed and the default action is performed. After the timeout expires, the default action is performed. For more information on the default action, see the -J option. The default value is 0.
-T logoff_str
Defines the first option displayed in the message to request whether a logoff should be performed. If you select this option, a logoff is performed immediately. The default value is "Logoff".
-H logoff_and_shut
Defines the second option displayed in the message to request whether a logoff and a shutdown should be performed. If you select this option, a logoff is performed immediately and a shutdown is performed when the distribution completes. The default value is "Logoff & shutdown when complete".
-K restart_str
Defines the third option displayed in the shutdown message to request whether a restart should be performed. If you select this option, a restart is performed immediately. The default value is "Restart".
-J [1 | 2 | 3]
Specifies the default action to be performed when the timeout expires or is set to 0. Supported values are as follows:
1
Performs a logoff immediately.
2
Performs a logoff immediately and a shutdown when the distribution completes. This is the default value.
3
Performs a restart immediately.
-P [true | false]
Specifies whether a message must be displayed on the endpoint listing the number of logins allowed on the workstation. You can define this key when limited logins are allowed during the distribution. Supported values are true, which means the message is displayed, and false, which means the message is not displayed. The default value is true.
-Q message
Defines the message contained in the dialog box displayed on the endpoint if you set the -P option to 1. When customizing the message, you can use the \n symbol for inserting a carriage return and the $(LEFT_LOGON) variable which is replaced at run time with the number of allowed logins. The default value is: "The current distribution has been paused\nYou can logon $(LEFT_LOGON) times."

Return Values

The wdepcem command returns one of the following:

0
Indicates that wdepcem completed successfully.
other than zero
Indicates that wdepcem failed due to an error.

Examples

  1. To display the value set for the -p option, type the following command:
    wdepcem -g p
  2. To set the default action to be performed when the timeout expires so that an immediate logoff is performed, type the following command:
    wdepcem -s J 1

Using the concurrent login feature

Using the GUI or the command line, you can define a set of software packages for which user login and shutdown operations can be disabled while the distribution is taking place. This feature guarantees that critical distributions are not interrupted. You can also define a maximum number of logins that can be performed during a distribution. If the user logs in, the distribution is paused and restarts after the user logs off.

Using a series of configurable messages, you can notify the user of the distribution taking place on the workstation, list the number of logins allowed, if any, and prompt the user who is trying to perform a shutdown during a distribution for which the shutdown is disabled to choose between logoff options.

In the Software Distribution command line, the -X {none|first|middle|last|both}, -Y max_login_allowed, and -W options have been added to the following commands, as described below:

-X {none|first|middle|last|both}
Use this option to define a set of software packages for which user login and shutdown operations can be disabled while the distribution is taking place. If you define a package as first, this package is the first in a series for which you can define these options. Define the other packages in the series as middle and the last package as last. A software package defined as last must exist for each software package defined as first. If the series consists of just one package, define this package as both, which means the software package is both first and last in the series. The default value is none which means user login and shutdown operations cannot be disabled.
-Y max_login_allowed
Use this option to specify whether users can log on to the workstation while a distribution is taking place. This setting can be defined only for software packages defined as first or both. It applies to software packages defined as first, middle, last, or both. Supported values are 0 (no login is allowed), -1 (an unlimited number of logins is allowed), and any positive integer. If a login is performed while the distribution is taking place, the distribution is paused until the user performs a logoff.
-W
Specifies that the user cannot perform a shutdown while a distribution is taking place. If the user attempts to perform a shutdown and the timeout is set to a value other than zero using the Timeout key, a dialog box is displayed on the endpoint listing the allowed operations and requesting the user to select one. The user can choose between performing a restart, a logoff, or a logoff and shutdown. The restart and logoff operations are performed immediately, while the shutdown is performed after the last distribution has completed. If the user does not respond to the dialog within the allotted time, the default action is performed. The default action is logoff and shutdown.

In the Activity Planner and Software Distribution GUI, the Concurrent Login section was added to the panels for the following operations, as described below:

Type
Define a set of software packages for which user login and shutdown operations can be disabled while the distribution is taking place. If you define a package as first, this package is the first in a series for which you can define these options. Define the other packages in the series as middle and the last package as last. A software package defined as last must exist for each software package defined as first. If the series consists of just one package, define this package as both, which means the software package is both first and last in the series. The default value is none which means user login and shutdown operations cannot be disabled.
Max Login Allowed
Specify whether users can log on to the workstation while a distribution is taking place. You can specify this setting only for software packages defined as first or both. Packages defined as middle or last inherit the settings defined for the package defined as first. Supported values are 0 (no login is allowed), -1 (an unlimited number of logins is allowed), and any positive integer. If a login is performed while the distribution is taking place, the distribution is paused until the user performs a logoff.
Disable Shutdown
Select this check box to specify that the user cannot perform a shutdown while a distribution is taking place. If the user attempts to perform a shutdown and the timeout is set to a value other than zero using the Timeout key, a dialog box is displayed on the endpoint listing the allowed operations and requesting the user to select one. The user can choose between performing a restart, a logoff, or a logoff and a shutdown. The restart and log off operations are performed immediately, while the shutdown is performed after the last distribution has completed. If the user does not respond to the dialog within the allotted time, the default action is performed. The default action is log off and shutdown. You can specify this setting only for software packages defined as first or both. Packages defined as middle or last inherit the settings defined for the package defined as first.

Dataless packages cannot be paused, therefore you should add them in a series of packages and define them as middle.

For more information on the Software Distribution GUI and command line, refer to IBM Tivoli Configuration Manager: User's Guide for Software Distribution and IBM Tivoli Configuration Manager: Reference Manual for Software Distribution.


[ Top of Page | Previous Page | Next Page | Contents ]