Is it possible to restrict running of NASTIE (Now a simple tool in Excel) on system i
Is it possible to restrict running of NASTIE (Now a simple tool in Excel) on system i
Software/Hardware used:
Software/Hardware used:
ASKED:
November 3, 2009 1:31 PM
UPDATED:
November 6, 2009 2:45 AM
RELATED QUESTIONS
Answer Wiki:
I can't find much of anything about "nasty" with a google search, but it sounds like a scripting language for Excel. Excel uses the network Remote SQL server, so if you shut down *NETSVR, *DIRSVR, HOSTDATABASE and *EDRSQL it won't be able to connect. If you want to limit it to particular users you will have to control the access with exit programs for those servers or have very tight object level security.
To see all answers submitted to the Answer Wiki: View Answer History.
Hi JohnsonMumbai,
I too, could not find anything on NASTIE; however, if you are trying to pull data from your iSeries into Excel, you may find the techniques presented here well worth a look:
http://itknowledgeexchange.techtarget.com/beyond-excel/
There is no way to answer this question until we learn what NASTIE is.
Phil
Nastie captures iseries screens and uses scripting language and macros in excel to input information on to iseries. This is typically used for bulk data entry.
Please note data to be entered into iseries is entered in the excel sheet.Eg each fields information is entered on a different column.
The user logs into iseries and goes to the screen where the data entry is to be done.
Simultaneously he opens the NASTIE macro screen, which is in excel, this excel sheet also contains the sheet wherein the data that is to be entered is populated.
Once he begins the nastie macro all data in the excelsheet is entered on the iseries.
This is similiar to running macros on clientaccess workstation.
We would like to restrict running of such macros to selected users.
So this is entierly an excel function .. no macro script in Client server.
Client Server and the 400 thinks the screen is being file out by user.
Very hard to stop..
some web pages make you respond by repeating a random set of letters displayed on the screen along with your request. They show them in bizaar scripts to make it hard to machine read. This is to stop something like this. You could only put these out in simple text and NASTIE could probably be altered to read these from the screen and echo them back.
Phil
Is there any way by which recording and playing of macros on local client access workstations be controlled centrally. Will this help in stopping such macros from executing via excel.
johnson
Do any client access macro’s run?
I did not get your question.
What i meant was, in Client access when a repeated activity is required to be executed, we record the steps entered on i series screen into a macro in local client access and thereafter play the macro. In this the repeated steps need not be manually keyed in, instead while playing the macro the steps are rerun.
Nastie basically is doing the same thing only in this case the variable data is stored in excel worksheet.
Johnson
Is this using ODBC to connect and pass the data to he iSeries? If so you can look into an exit program that will let you restrict ODBC access to certian users.
Check out this thread:
http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161
Here is an example of exit program I use to do just this.
********************************************************************** * SET COMPILER OPTIONS ********************************************************************** HOPTION(*NODEBUGIO:*SRCSTMT) ********************************************************************** * PROGRAM NAME: ODBCEXITR * CREATION DATE: 07/23/08 * PURPOSE OF PROGRAM: ODBC EXIT PROGAM TO PREVENT FILE UPDATES. ********************************************************************** * FILES USED BY PROGRAM. ********************************************************************** FODBCEXITPFIF A E K DISK ********************************************************************** * ENTRY PARMS. ********************************************************************** D ENTRYPARMS PR ExtPgm('EXITPGM') D REQUEST_STATUS... D 1 D REQUEST_STRING... D 1024 D ENTRYPARMS PI D REQUEST_STATUS... D 1 D REQUEST_STRING... D 1024 ********************************************************************** * FIELD DEFINITIONS. ********************************************************************** D USER_PROFILE S 10 INZ(*BLANKS) D SERVER_ID S 10 INZ(*BLANKS) D FORMAT_NAME S 8 INZ(*BLANKS) D FUNCTION S 4 INZ(*BLANKS) D CODETYPE S 4 INZ(*BLANKS) D FILE_CHANGE S 6 INZ(*BLANKS) ********************************************************************** * DATA STRUCTURE FOR REQUEST STRING ********************************************************************** D DS INZ D REQUEST 1 364 D USER 1 10 D SRVID 11 20 D FORMAT 21 28 D FUNC 29 32 D FILNAME 33 161 D LIBNAME 162 171 D MEMBERNAME 172 181 D AUTHORITY 182 191 D Based_on_file_name... D 192 319 D Based_on_library_name... D 320 329 D Override_file_name... D 330 339 D Override_library_name... D 340 349 D Override_member_name... D 350 364 // ****************************************************************** // * START FREE FORM CALCS. // ****************************************************************** /FREE // ****************************************************************** // * WRITE REQUEST TO FILE. // ****************************************************************** REQUEST_STATUS = '1'; ODBSTATUS = REQUEST_STATUS; ODBREQUEST = REQUEST_STRING; REQUEST = REQUEST_STRING; ODBUSER = USER; ODBSRVID = SRVID; ODBFORMAT= FORMAT; ODBFUNC = FUNC; // ****************************************************************** // * IF THE REQUEST IS FROM ANYONE EXCEPT FAST FAX OR B&L'S MPC. // ****************************************************************** IF ODBUSER <> 'FFXSYS' AND ODBUSER <> 'MPC'; // ****************************************************************** // * CHECK THE REQUEST STATUS. // * IF THIS IS AN UPDATE OR INSERT (ADD A RECORD) REQUEST, CHANGE // * THE STATUS TO 0. THIS WILL DENY THE REQUEST. // * // * WHEN THE ODBC DRIVER SEES THAT THE REQUEST IS DENIED, IT WILL // * KILL THE JOB. // ****************************************************************** FILE_CHANGE = %SUBST(ODBREQUEST : 240 : 6); IF FILE_CHANGE = 'UPDATE' OR FILE_CHANGE = 'INSERT'; REQUEST_STATUS = '0'; ENDIF; ENDIF; *INLR = *ON; RETURN; /End-FreeIs this using ODBC to connect and pass the data to he iSeries? If so you can look into an exit program that will let you restrict ODBC access to certian users.
Check out this thread:
http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161
Here is an example of exit program I use to do just this.
********************************************************************** * SET COMPILER OPTIONS ********************************************************************** HOPTION(*NODEBUGIO:*SRCSTMT) ********************************************************************** * PROGRAM NAME: ODBCEXITR * CREATION DATE: 07/23/08 * PURPOSE OF PROGRAM: ODBC EXIT PROGAM TO PREVENT FILE UPDATES. ********************************************************************** * FILES USED BY PROGRAM. ********************************************************************** FODBCEXITPFIF A E K DISK ********************************************************************** * ENTRY PARMS. ********************************************************************** D ENTRYPARMS PR ExtPgm('EXITPGM') D REQUEST_STATUS... D 1 D REQUEST_STRING... D 1024 D ENTRYPARMS PI D REQUEST_STATUS... D 1 D REQUEST_STRING... D 1024 ********************************************************************** * FIELD DEFINITIONS. ********************************************************************** D USER_PROFILE S 10 INZ(*BLANKS) D SERVER_ID S 10 INZ(*BLANKS) D FORMAT_NAME S 8 INZ(*BLANKS) D FUNCTION S 4 INZ(*BLANKS) D CODETYPE S 4 INZ(*BLANKS) D FILE_CHANGE S 6 INZ(*BLANKS) ********************************************************************** * DATA STRUCTURE FOR REQUEST STRING ********************************************************************** D DS INZ D REQUEST 1 364 D USER 1 10 D SRVID 11 20 D FORMAT 21 28 D FUNC 29 32 D FILNAME 33 161 D LIBNAME 162 171 D MEMBERNAME 172 181 D AUTHORITY 182 191 D Based_on_file_name... D 192 319 D Based_on_library_name... D 320 329 D Override_file_name... D 330 339 D Override_library_name... D 340 349 D Override_member_name... D 350 364 // ****************************************************************** // * START FREE FORM CALCS. // ****************************************************************** /FREE // ****************************************************************** // * WRITE REQUEST TO FILE. // ****************************************************************** REQUEST_STATUS = '1'; ODBSTATUS = REQUEST_STATUS; ODBREQUEST = REQUEST_STRING; REQUEST = REQUEST_STRING; ODBUSER = USER; ODBSRVID = SRVID; ODBFORMAT= FORMAT; ODBFUNC = FUNC; // ****************************************************************** // * IF THE REQUEST IS FROM ANYONE EXCEPT FAST FAX OR B&L'S MPC. // ****************************************************************** IF ODBUSER <> 'FFXSYS' AND ODBUSER <> 'MPC'; // ****************************************************************** // * CHECK THE REQUEST STATUS. // * IF THIS IS AN UPDATE OR INSERT (ADD A RECORD) REQUEST, CHANGE // * THE STATUS TO 0. THIS WILL DENY THE REQUEST. // * // * WHEN THE ODBC DRIVER SEES THAT THE REQUEST IS DENIED, IT WILL // * KILL THE JOB. // ****************************************************************** FILE_CHANGE = %SUBST(ODBREQUEST : 240 : 6); IF FILE_CHANGE = 'UPDATE' OR FILE_CHANGE = 'INSERT'; REQUEST_STATUS = '0'; ENDIF; ENDIF; *INLR = *ON; RETURN; /End-FreeIs this using ODBC to connect and pass the data to the iSeries? If so you can look into an exit program that will let you restrict ODBC access to certain users.
Check out this thread:
http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161
I’ve tried three different times to post the code of an exit program I have that does this and all three times the post has failed to come through. Let me know if you want it and I will email it to you.
If NASTIE uses System i Access emulator DDE/EHLLAPI interfaces to access the presentation space, you could look into turning that option off for that installation of the emulator.
If you allow PC users to change settings or they have PC Administrator levels of permissions, then you probably can’t stop them from installing in whatever form they choose. If that’s the case, then don’t allow the System i Access emulator to be installed — don’t make it available. Use a different emulator such as Mocha or a TN5250j emulator. (Or even a cheap 3270 emulator, since 3270 is supported; probably would require some automated keyboard mapping on your System i.)
Tom
I don’t think there is any ODBC or JDBC.
As I understand it, this excel program though it’s macro is writing the data into the as/400 client access screen. The AS/400 cannot tell that it isn’t actual keystrokes. Can a wall be put up to on the PC to protect the client access screen from Nasty??? That’s possible but you would be looking for someone with more PC/Client Access knowledge than I have.
Why is this a problem — these people have authority to use the system, how does the way they enter the keystrokes matter?
Phil
As data can be entered in bulk, similarly data can also be extracted in bulk. The objective is to limit the usage of such tools to few users.
Is it possible to only stop recording and playing of macros within client access and how.
and I think you would want to restrict the cient access data transfer functions which can do the same thing without excel?
Phil
DTF access has been restricted, how can access for running macros on client access be restricted.?
Johnson
This might help
http://itknowledgeexchange.techtarget.com/itanswers/disable-macro-function-in-client-access/
it removes the macro keys but I’m not sure it disables the Client Access macro capability and I’m still suspect that it’s an excel macro that you’re having problems with.
You might start a new tag with the line AS/400 disable client access macro. Perhaps someone has some good ideas.
Phil