Need more restrictions for user accounts

[sc123]

I need to achieve the following with some of my GroupWise 6.5SP1
users:
-Remove the "Novell GroupWise Address Book". I don't want them to be
able to see the others users on the system
-Restrict login times so they can only login during ceratin hours on
certain days
-Restrict the size of the messages the can send
Thanks!
SC

 

[sc123]

Bump
SC

 

[Dogers]

you dont need to remove the address book (i dont believe you can anyway), you need to remove the people from that address book..

in nwadmin (im assuming this is the same in v6!) for each of the users, you need to set their Visibility to None, under the Groupwise Account section!
works ok if you have a few users, but if you have a big group, well..

i dont know of a way to restrict when they can login, however..

but as for file sizes, the only place im aware that can do that is on the GWIA - which is external emails, not internal, which i guess doesnt help you?

 

[terry712]

it's console1 in 6
nwadmin should NEVER be used for 6 and above

gwia is the only way to restrict message sizes
login times - cant do that for mail - you can limit the user's login time - this should kick him off but they would be able to use work station only

cant understand why you wouldnt want them to see system book
you can remove visability but that's a global command and i assume you only want this restriction for certain people
i think in mail you can delete the novell address book but not sure if this would take tham all

i will have a look tomorrow - if i have time

 

[sc123]

Dogers: Thanks, but I think you misunderstood me. What I was asking was a bit hard to understand.

terry712: You told me what I thought I would hear. My situation is this: I am a K-12 Network Admin and I had to make a few E-Mail accounts for students. I wanted to make it so they couldn't see all of the other school system employees in the address book. I didn't think that was possible. Setting each user's visability to none only makes that single user invisible, which is not what I wanted. Because they are students, I also wanted to make it so they can only login during their class period and restrict the sizes of the files they can xfer. Oh well. Just thought I'd ask!

Thank you both for your assistance!
SC

 

[MichiganRon]

You should create another post office and change the visibility of "other school system employees" to "Post Office". Since the students will be in a different post office, they won't be able to to see the employees address books.

The "Class of Service" (found under the Access Control Settings tab) in GWIA can limit message size. This would only affect mail going to and coming from the Internet. I would recommend creating a different class of service for your students so that your employees are not limited in what they can send/receive.

To my knowledge you cannot limit the time of day which users can access their email. There may be a third party product out there which will do that. If the students access their email though the client you could use ZenWorks to limit the time of day which the client is available. You could then prevent them from being able to access their email through WebAccess (by using the "Class of Service" in the WEBACCESS gateway).

Hope this helps.
-Ron

-We are all given the same deck of cards, it's how we play the hand we are dealt which makes us who we are.

 

[sc123]

Darkshadeau:
Thanks for all of your information. I will take these options under consideration. 10 points to you for knowing all of that
SC

 

[FarOut]

Have you considered using NetMail as a solution for your Student accounts? I am also a K-12 Admin.. And we see that e-mail accounts for Students is coming real soon. And like you we want segregation between Students and Staff. So we have already setup a fully functional Netmail system in anticipation of this coming down the pipe. Just a thought.

FarOut
V-Peace-V

 

[terry712]

i thought of creating a new poa but then prob is the visability is the wrong way still

you are confining other users to postoffices and i would imagine most normal users would need to see each other across postoffices and domains

if you want to isolate it in that way then - its easier just to create a new groupwise system - and as it's probably in same tree or in fact even if it's not - it can still use the same gwia

the zen's a good idea - you can remove groupwise functionality between times for that

 

[sc123]

terry: Yes Zen would be fine to control the client access, but not WebAccess. They could access that anytime during the day and at home at night. It's a difficult issue, to be sure.

FarOut: I don't agree with you on student E-Mail accounts. I put up a fight about allowing these, but the online class required them. I will look into Netmail though, just to be prepared. There are certain things I think we'll have to concede once .NET really takes form and Single Sign On for everything becomes prevalent. I think school admins will find it harder and harder to block EVERYTHING. For example, with Win98SE and ZfD3.2 we were able to completely stop anything we wished, but with WinXP and ZfD4 we are finding our hands tied in certain areas, and the workarounds are monsterous.

SC

 

[MichiganRon]

SC,

Controlling access times to WebAccess shouldn't be a problem. You should be able to create a second "Class of Service" (similar to the one in the GWIA) for the students. From there you can limit the times that it is available to those users.

-Ron

-We are all given the same deck of cards, it's how we play the hand we are dealt which makes us who we are.

 

[sc123]

dark: I'll have to link into that then, because it's not as big a deal that they can't see the users in the address book as they have limited access to GroupWise.
Thanks
SC

 

[MichiganRon]

Oops. My last post was from home, where I didn't have access to my WebAcc object.

I just checked, and you cannot limit the access times via a class of service. You can only limit whether or not WebAccess is available to those users, not the times that it is available. If you decide to take advantage of this, it will allow you to prevent the students from ever using WebAccessing.

Sorry to have misled you.

-Ron

-We are all given the same deck of cards, it's how we play the hand we are dealt which makes us who we are.

 

[FarOut]

SC- When I said "And we see that e-mail accounts for Students is coming real soon" I meant for our school system, not as a standard for all school corporations. Beleive me I put up one heck of a fight against Student E-Mail accounts. But I can see the need for them for certain grade levels. Especially Juniors & Seniors. With us having the potential for having to create over 40,000 Student e-mail accounts, NetMail was the ONLY answer from an administrative point for us. Hope you find your solution to your problem. Have a good one!

FarOut
V-Peace-V

 

[terry712]

if the pupils are on a different poa then you could be really crude and cron the poa to be unloaded between those times and then reload in morning

crude but simple and effective

 

[sc123]

FarOut: I know for certain that students would exploit E-Mail not matter how restricted I could make it. When I was in school we used to exploit the IBM messenger service that wasn't even supposed to be useable on our Netware 3.12 servers. It tooks them months to disable it. Nowadays we've restricted everything so tightly that some of our teachers are actually encouraging the students to try and break our security so that they can benifit from less restrictions. I will never allow the general student population to have E-Mail or IM access until it becomes impossible to block it What are you guys doing about accounts for students in PreK-2nd grade? Do they login themselves or share generic accounts? We're currently working on creating a good solution to that issue.

terry: That's a good idea, but I don't think it would work in our scenario, since we use software to filter and block E-Mails that will only work on one POA on one server at a time. I like how you think though

SC