Preventing users using Operations Navigator

900 pts.
Tags:
iSeries Access
Operations Navigator
Ops Nav
Ops Navigator
We have many users with Ops Navigator installed as part of their iSeries Access client software. Is there a way (preferably on the iSeries) to prevent these installations of Navigator working? Ops Nav should never have been installed (historical thing, long story...) and we have now built a custom install package without Ops Nav, but of course we will not easily be able to address the issue of existing installations (thousands of user globally..)
ASKED: April 29, 2009  2:30 PM
UPDATED: May 4, 2009  4:47 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

One way to handle this would be add it to your anti-virus program as an unwanted program. It would stop the execution of that application. Someone else will need to chime-in from the iSeries side of the house.

If you’re users are locked down with valid user profile settings…. there’s no concern.

So what if the users can launch the app. A stripped down user account would only see his spooled files in Ops Nav. All of the scary stuff wouldn’t be authorized to run under their user profile.

Ibmmer responds;
In My humble Opinion the best way to isolated the use of the “scary stuff” in Ops Nav would be to use Application Administration. Port Restrictions at best should be used <ul> sparingly </ul> If you block the ports for Ops Nav nobody would be able to use it. Application Administration will allow to assign individual application functions to user profiles or groups and will provide a central point of administration. You can also use to enforce you FTP usage policies if you are not using exit programs. You Can access it from System i Navigator by right clicking on your i Series and selecting Application administration. Again I recommend you use the Application Administration <ul> sparingly </ul> otherwise you run the risk of locking yourself out. If you are looking for documentation I would give 1-800-IBM-Serve a call and open a software ticket. They can provide with good procedural documentation on how to use Application Administration effectively.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • mcl
    GO CFGTCP Option #4 works with port restrictions. You could use that, but I think it is user by use and you would need a list of ports and users. That could be cumbersome. On the same menu, option #21 (Configure related tables) leads to Work With Service Table Entries. That will give you a list of ports - actually, using the NETSTAT command, option #3 will show you what ports are being used. If you have a firewall between your users and your system, you can probably restrict traffic on selected ports. Be careful of blocking ports 1 to 1023 - especially don't block 23.. There are probably also exit points on the system where you can trap access for specific ports. Whatever you do, remember that you may need iNav for some system administration tasks... Regards Mike
    2,740 pointsBadges:
    report
  • Yorkshireman
    If you have thousands of users, then presumably you have some geeks who administer those machines remotely - check for virus updates, install new releases and patches remotely etc. ?? If so, then tell them to update the local Navigato installations with your preferred configuration. Yorkshireman
    5,520 pointsBadges:
    report
  • graybeard52
    In Navigator there is a section call Applications where you can control what features users (or groups) are allowed to do. You can even allow file downloads, but not uploads, etc
    3,115 pointsBadges:
    report
  • Ibmmer
    Using port restriction would complete isolate the program but security is supposed to protect not inhibit. You must first Identify what it is you user need and which of them are allow to use what. Basically you need to have a good Security Policy otherwise the tendency is to lock down everything and that usually tends to be to much. Application Administration will Allow and i Series administrator to enforce specific polices without over doing it. When used with group profiles it can ease the administration of i series Navigator.
    365 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following