[ Bottom of Page | Previous Page | Next Page | Contents ]
This section explains how to install, configure, and use the concurrent
login feature to prevent the end user from logging in to the workstation during
critical distributions.
Before you can install this feature, you must have installed Software Distribution
and Activity Planner, as described in IBM(R) Tivoli(R) Configuration Manager: Planning and Installation Guide.
The 4.1.1-TMF-0044 Tivoli Framework patch must also be installed
on the Tivoli server and gateways.
To install the concurrent login feature, perform the following steps:
- Install the 4.2.2-SWDSRV-FP01 Software Distribution
server patch to update the Software Distribution command line and GUI.
- Install the 4.2.2-SWDGW-FP01 Software Distribution
gateway patch to update Windows(R) endpoints.
- Install the 4.2.2-APM-FP01 Activity Planner patch
to update the Activity Planner GUI.
- Upgrade the Activity Planner plug-ins, as described in Upgrading plug-ins.
- Distribute the Tivoli_login_control_4.2.2.spb software
packages to the endpoints.
- Type the following command to enable the feature on the specified endpoint:
wep endpoint_name set allow_distribution_control on
where:
- endpoint_name
- Is the name of the endpoint where the feature is to be enabled.
Repeat the command for each endpoint where the feature is to be enabled.
- Download the wdepcem.exe file from the /LoginControl folder on CD 2 to
the endpoints.
After installing the concurrent login feature as described in Installing the concurrent login feature,
you can configure the registry keys created on the endpoints with the Tivoli_login_control_4.2.2.spb software package.
The registry keys are created in the following locations within the Registry
Editor:
- HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification
- HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\upcall
- HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\wmansd
To view and edit the registry keys, use the wdepcem command. For more information on this command, see wdepcem.
The following is a list of all the registry keys created on the endpoints:
Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification
- IsEnabled
- Specifies whether the concurrent login feature is enabled. Supported
values are 1, which means that the feature is enabled,
and 0, which means that the feature is disabled. The
default value is 1.
- TraceLevel
- Specifies the tracing level. Supported values are as follows:
- 0
- Traces are disabled. This is the default value.
- 1
- Standard tracing is enabled.
- 2
- Verbose tracing is enabled.
- TracePath
- Specifies the full path and name of the trace files. The default value
is: $(system_drive)\SWDnotification.log.
- DenyPopupEnabled
- Specifies whether a message must be displayed on the endpoint to notify
the user that login is temporarily disabled. Supported values are 1, which means that the dialog is displayed, and 0 which
means that the dialog is not displayed. The default value is 1.
- PopUpTimeout
- Specifies how many seconds the message must be displayed on the endpoint
if you set the DenyPopupEnabled key to 1. The default value is 10.
- LoginDeniedTitle
- Defines the title of the dialog box displayed on the endpoint if you
set the DenyPopupEnabled key to 1.
The default value is SWDNotification.
- LoginDeniedMsg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the DenyPopupEnabled key to 1. When customizing the message, you can use the \r\n symbols
for inserting a carriage return. The default value is: "Distribution in progress\r\nLogon
temporarily disabled."
- DenyLogonOnPauseError
- Specifies whether the user can be allowed to log in to the workstation
if an error occurs during an attempt to pause the distribution. Supported
values are 1, which means the user is not allowed to
log in, and 0, which means the user is allowed to log
in. The default value is 1.
- LoginDeniedMsgOnPauseError
- Defines the text contained in the dialog box displayed on the endpoint
if the distribution cannot be paused and you set the DenyLogonOnPauseError key to 1. When customizing the message, you can
use the \r\n symbols for inserting a carriage return and the $(DIST_ID)
variable which is replaced at run time with the distribution ID. The default
value is: " The pause failed for distribution $(DIST_ID)\r\n Contact system
administrator."
- SwitchPopupDesktop
- Specifies whether the message displayed on the endpoint if you set the DenyPopupEnabled key to 1, must be
shown on a new Windows desktop. Supported values are 0, which means the default Windows desktop is used, and 1, which means a new Windows desktop is used. The default value
is 1.
- LogoffType
- Specifies which type of logoff must be performed. Supported values are
as follows
- 0
- Performs a standard logoff. This is the default value.
- 1
- Performs a forced logoff ending all active processes.
- 2
- Performs a logoff ending active and hung processes.
- DefaultShutdownAllowdBeforeReset
- Defines the number of shutdown operations after which the user is allowed
to log in again. This key prevents the user from being irrecoverably logged
out of the workstation. The default value is 20.
- CompletionPopupEnabled
- Specifies whether a message is displayed on the endpoint to notify the
user that the distribution has completed and login is allowed. Supported values
are 0, which means the message is not displayed, and 1, which means the message is displayed.
- CompletionProgramPath
- Specifies the path to the application that manages the message to be
displayed if you set the CompletionPopupEnabled to 1. Use this key if you modified the path where wcompmsg.exe
is installed or if you want to use a different application for managing the
message.
- CompletionPopupTitle
- Defines the title of the dialog box displayed on the endpoint if you
set the CompletionPopupEnabled key to 1. The default value is SWDNotification.
- CompletionPopupMsg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the CompletionPopupEnabled key to 1. When customizing the message, you can use the \n symbol
for inserting a carriage return. The default value is: "Distribution complete\nLogon
is now permitted."
- ShutdownPopupEnabled
- Specifies whether a message is displayed when you attempt to perform
a shutdown during a distribution for which the shutdown has been disabled.
You must choose between performing a logoff immediately, performing a restart
immediately, or performing a logoff immediately and subsequently a shutdown
when the distribution completes. See also LogoffShutdownString. Supported values are 0, which means the
message is not displayed, and 1, which means the message
is displayed. The default value is 1.
- ShutdownPopupMsg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the ShutdownPopupEnabled key to 1. When customizing the message, you can use the \n symbol
for inserting a carriage return. The default value is: "The machine will shutdown
when the distribution completes."
Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\upcall
- LCF_BINDIR
- Is the fully qualified path to the LCF_BINDIR.
- LCF_CACHEDIR
- Is the fully qualified path to the LCF_CACHEDIR.
- LCF_DATDIR
- Is the fully qualified path to the LCF_DATDIR.
- UpcallProgram
- Is the fully qualified path to the application which communicates with
the gateway.
- UpcallTimeout
- Specifies the timeout in seconds for communicating with the gateway.
The default value is 120 seconds.
Keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\SWDnotification\wmansd
- Title
- Defines the title of the dialog box displayed on the endpoint if you
set the ShutdownPopupEnabled key to 1 and the user attempts to perform a shutdown during a distribution for
which the shutdown has been disabled. The default value is SWDNotification.
- Message
- Defines the message contained in the dialog box displayed on the endpoint
if you set the ShutdownPopupEnabled key to 1 and the user attempts to perform a shutdown during a distribution for
which the shutdown has been disabled. When customizing the message, you can
use the \n symbol for inserting a carriage return. The default
value is: "Please choose one of the following."
- Timeout
- Specifies a timeout in seconds for choosing between a logoff, a restart,
and a logoff and shutdown. If you set the timeout to 0,
the message is not displayed and the default action is performed. Otherwise,
the default action is performed after the timeout expires. For more information
on the default action, see DefaultAction. The default
value is 0.
- LogoffString
- Defines the first option displayed in the message to request whether
a logoff should be performed. If you select this option, a logoff is performed
immediately. The default value is "Logoff".
- LogoffShutdownString
- Defines the second option displayed in the message to request whether
a logoff and a shutdown should be performed. If you select this option, a
logoff is performed immediately and a shutdown is performed when the distribution
completes. The default value is "Logoff and shutdown when complete".
- RestartString
- Defines the third option displayed in the shutdown message to request
whether a restart should be performed. If you select this option, a restart
is performed immediately. The default value is "Restart".
- DefaultAction
- Specifies the default action to be performed when the timeout expires
or is set to 0. Supported values are as follows:
- 1
- Performs a logoff immediately.
- 2
- Performs a logoff immediately and a shutdown when the distribution completes.
This is the default value.
- 3
- Performs a restart immediately.
- LeftLogonPopupEnabled
- Specifies whether a message must be displayed on the endpoint listing
the number of logins allowed on the workstation. You can define this key when
limited logins are allowed during the distribution. If an error occurs and
the distribution cannot be paused, the message is not displayed. Supported
values are 0, which means the message is not displayed,
and 1, which means the message is displayed. The default
value is 1.
- LeftLogonPopupMsg
- Defines the message contained in the dialog box displayed on the endpoint
if you set the LeftLogonPopupEnabled key to 1. When customizing the message, you can use the \n symbol
for inserting a carriage return and the $(LEFT_LOGON) variable which is replaced
at run time with the number of allowed logins. The default value is: "The
current distribution has been paused\nYou can logon $(LEFT_LOGON) times."
Displays and configures the registry keys created when the concurrent
login feature is installed on the endpoint. It can also unlock a workstation
that has been locked by mistake.
Syntax
wdepcem [-r | -g property | -s property]
Options
- -r
- Unlocks a workstation that has been locked by mistake.
- -g property
- Displays the setting defined for the specified registry key.
- -s property
- Defines a setting for the specified registry key, as follows:
- -e [true | false]
- Specifies whether the concurrent login feature is enabled. Supported
values are true, which means that the feature is enabled,
and false, which means that the feature is disabled.
The default value is true.
- -p [true | false]
- Specifies whether a message must be displayed on the endpoint to notify
the user that login is temporarily disabled. Supported values are true, which means that the dialog is displayed, and false which means that the dialog is not displayed. The default value
is true.
- -t timeout
- Specifies how many seconds the message must be displayed on the endpoint
if you set the -p option to true.
The default value is 10.
- -l popup_title
- Defines the title of the dialog box displayed on the endpoint if you
set the -p option to true. The
default value is SWDNotification.
- -L popup_msg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the -p option to true.
The default value is: "Distribution in progress\r\nLogon temporarily disabled."
- -m [true | false]
- Specifies whether the user can be allowed to log in to the workstation
if an error occurs during an attempt to pause the distribution. Supported
values are true, which means the user is not allowed
to log in, and false, which means the user is allowed
to log in. The default value is true.
- -M popup_msg
- Defines the text contained in the dialog box displayed on the endpoint
if the distribution cannot be paused and you set the -m option
to true. When customizing the message, you can use the
\r\n symbols for inserting a carriage return and the $(DIST_ID) variable which
is replaced at run time with the distribution ID. The default value is: "The
pause failed for distribution $(DIST_ID)\r\n Contact the system administrator."
- -x level
- Specifies the tracing level. Supported values are as follows:
- 0
- Traces are disabled. This is the default value.
- 1
- Standard tracing is enabled.
- 2
- Verbose tracing is enabled.
- -y pathname
- Specifies the full path and name of the trace files. The default value
is: $(system_drive)\SWDnotification.log.
- -s [true | false]
- Specifies whether the message displayed on the endpoint if you set the -p option to true, must be shown on
a new Windows desktop. Supported values are true, which means a new Windows desktop is used, and false, which means the default desktop is used. The default value is true.
- -d max_shutdowns
- Defines the number of shutdown operations after which the user is allowed
to log in again. This key prevents the user from being irrecoverably logged
out of the workstation. The default value is 20.
- -o [0 | 1 | 2]
- Specifies which type of logoff must be performed. Supported values are
as follows:
- 0
- Performs a standard logoff. This is the default value.
- 1
- Performs a forced logoff ending all active processes.
- 2
- Performs a logoff ending also hung processes.
- -c [true | false]
- Specifies whether a message is displayed on the endpoint to notify the
user that the distribution has completed and log in is allowed. Supported
values are true, which means the message is displayed,
and false, which means the message is not displayed.
The default value is true.
- -b pathname
- Specifies the path to the application that manages the message to be
displayed if you set the -c option to true. Use this key if you modified the path where wcompmsg.exe is installed
or if you want to use a different application for managing the message.
- -u popup_title
- Defines the title of the dialog box displayed on the endpoint if you
set the -c option to true. The
default value is SWDNotification.
- -v popup_msg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the -c option to true.
When customizing the message, you can use the \r\n symbols for inserting
a carriage return. The default value is: "Distribution complete\nLogon is
now permitted."
- -w [true | false]
- Specifies whether a message is displayed when you attempt to perform
a shutdown during a distribution for which the shutdown has been disabled.
You must choose between performing a logoff immediately, performing a restart
immediately, or performing a logoff immediately and subsequently a shutdown
when the distribution completes. See also the - H option.
Supported values are true, which means the message is
displayed, and false, which means the message is not
displayed. The default value is true.
- -z shut_popup_msg
- Defines the text contained in the dialog box displayed on the endpoint
if you set the -w option to true.
When customizing the message, you can use the \n symbol for inserting a carriage
return. The default value is: "The machine will shut down when the distribution
completes."
- -B pathname
- Specifies the fully qualified path to the LCF_BINDIR.
- -C pathname
- Specifies the fully qualified path to the LCF_CACHEDIR.
- -D pathname
- Specifies the fully qualified path to the LCF_DATDIR.
- -U pathname
- Specifies the fully qualified path to the application which communicates
with the gateway.
- -W timeout
- Specifies the timeout in seconds for communicating with the gateway.
The default value is 120 seconds.
- -E popup_title
- Defines the title of the dialog box displayed on the endpoint if you
set the -w option to true and
the user attempts to perform a shutdown during a distribution for which shutdown
has been disabled. The default value is SWDNotification.
- -F popup_msg
- Defines the message contained in the dialog box displayed on the endpoint
if you set the -w option to true
and the user attempts to perform a shutdown during a distribution for which
the shutdown has been disabled. When customizing the message, you can use
the \n symbol for inserting a carriage return. The default value is: "Please
choose one of the following"
- -G timeout
- Specifies a timeout in seconds for choosing between a logoff, a restart,
and a logoff and shutdown. If you set the timeout to 0,
the message is not displayed and the default action is performed. After the
timeout expires, the default action is performed. For more information on
the default action, see the -J option. The default
value is 0.
- -T logoff_str
- Defines the first option displayed in the message to request whether
a logoff should be performed. If you select this option, a logoff is performed
immediately. The default value is "Logoff".
- -H logoff_and_shut
- Defines the second option displayed in the message to request whether
a logoff and a shutdown should be performed. If you select this option, a
logoff is performed immediately and a shutdown is performed when the distribution
completes. The default value is "Logoff & shutdown when complete".
- -K restart_str
- Defines the third option displayed in the shutdown message to request
whether a restart should be performed. If you select this option, a restart
is performed immediately. The default value is "Restart".
- -J [1 | 2 | 3]
- Specifies the default action to be performed when the timeout expires
or is set to 0. Supported values are as follows:
- 1
- Performs a logoff immediately.
- 2
- Performs a logoff immediately and a shutdown when the distribution completes.
This is the default value.
- 3
- Performs a restart immediately.
- -P [true | false]
- Specifies whether a message must be displayed on the endpoint listing
the number of logins allowed on the workstation. You can define this key when
limited logins are allowed during the distribution. Supported values are true, which means the message is displayed, and false, which means the message is not displayed. The default value is true.
- -Q message
- Defines the message contained in the dialog box displayed on the endpoint
if you set the -P option to 1.
When customizing the message, you can use the \n symbol for inserting a carriage
return and the $(LEFT_LOGON) variable which is replaced at run time with the
number of allowed logins. The default value is: "The current distribution
has been paused\nYou can logon $(LEFT_LOGON) times."
Return Values
The wdepcem command returns one of the following:
- 0
- Indicates that wdepcem completed successfully.
- other than zero
- Indicates that wdepcem failed due to an error.
Examples
- To display the value set for the -p option, type
the following command:
wdepcem -g p
- To set the default action to be performed when the timeout expires so
that an immediate logoff is performed, type the following command:
wdepcem -s J 1
Using the GUI or the command line, you can define a set of software packages
for which user login and shutdown operations can be disabled while the distribution
is taking place. This feature guarantees that critical distributions are not
interrupted. You can also define a maximum number of logins that can be performed
during a distribution. If the user logs in, the distribution is paused and
restarts after the user logs off.
Using a series of configurable messages, you can notify the user of the
distribution taking place on the workstation, list the number of logins allowed,
if any, and prompt the user who is trying to perform a shutdown during a distribution
for which the shutdown is disabled to choose between logoff options.
In the Software Distribution command line, the -X {none|first|middle|last|both}, -Y max_login_allowed,
and -W options have been added to the following commands,
as described below:
- waccpst
- wcommtsp
- winstsp
- wspmvdata
- wremovsp
- wundosp
- -X {none|first|middle|last|both}
- Use this option to define a set of software packages for which user
login and shutdown operations can be disabled while the distribution is taking
place. If you define a package as first, this package
is the first in a series for which you can define these options. Define the
other packages in the series as middle and the last
package as last. A software package defined as last must exist for each software package defined as first. If the series consists of just one package, define this package
as both, which means the software package is both first
and last in the series. The default value is none which
means user login and shutdown operations cannot be disabled.
- -Y max_login_allowed
- Use this option to specify whether users can log on to the workstation
while a distribution is taking place. This setting can be defined only for
software packages defined as first or both. It applies to software packages defined as first, middle, last, or both. Supported values are 0 (no login is allowed), -1 (an unlimited number of logins is allowed), and any positive
integer. If a login is performed while the distribution is taking place, the
distribution is paused until the user performs a logoff.
- -W
- Specifies that the user cannot perform a shutdown while a distribution
is taking place. If the user attempts to perform a shutdown and the timeout
is set to a value other than zero using the Timeout key,
a dialog box is displayed on the endpoint listing the allowed operations and
requesting the user to select one. The user can choose between performing
a restart, a logoff, or a logoff and shutdown. The restart and logoff operations
are performed immediately, while the shutdown is performed after the last
distribution has completed. If the user does not respond to the dialog within
the allotted time, the default action is performed. The default action is
logoff and shutdown.
In the Activity Planner and Software Distribution GUI, the Concurrent Login
section was added to the panels for the following operations, as described
below:
- Accept
- Commit
- Delete
- Install
- Retrieve
- Send
- Remove
- Undo
- Type
- Define a set of software packages for which user login and shutdown
operations can be disabled while the distribution is taking place. If you
define a package as first, this package is the first
in a series for which you can define these options. Define the other packages
in the series as middle and the last package as last. A software package defined as last must exist for each software package defined as first. If the series consists of just one package, define this package as both, which means the software package is both first and
last in the series. The default value is none which
means user login and shutdown operations cannot be disabled.
- Max Login Allowed
- Specify whether users can log on to the workstation while a distribution
is taking place. You can specify this setting only for software packages defined
as first or both. Packages defined
as middle or last inherit the
settings defined for the package defined as first. Supported
values are 0 (no login is allowed), -1 (an unlimited number of logins is allowed), and any positive integer.
If a login is performed while the distribution is taking place, the distribution
is paused until the user performs a logoff.
- Disable Shutdown
- Select this check box to specify that the user cannot perform a shutdown
while a distribution is taking place. If the user attempts to perform a shutdown
and the timeout is set to a value other than zero using the Timeout key, a dialog box is displayed on the endpoint listing the allowed
operations and requesting the user to select one. The user can choose between
performing a restart, a logoff, or a logoff and a shutdown. The restart and
log off operations are performed immediately, while the shutdown is performed
after the last distribution has completed. If the user does not respond to
the dialog within the allotted time, the default action is performed. The
default action is log off and shutdown. You can specify this setting only
for software packages defined as first or both. Packages defined as middle or last inherit the settings defined for the package defined as first.
Dataless packages cannot be paused, therefore you should add them in a
series of packages and define them as middle.
For more information on the Software Distribution GUI and command line,
refer to IBM Tivoli Configuration Manager: User's Guide for Software Distribution and IBM Tivoli Configuration Manager: Reference Manual for Software Distribution.
[ Top of Page | Previous Page | Next Page | Contents ]