DOCUMENT:Q236847 06-AUG-2002 [sna] TITLE :SNACFG Should Allow Configuration of Host Security Domains PRODUCT :Microsoft SNA Server PROD/VER:WINDOWS:4.0,4.0 SP1,4.0 SP2 OPER/SYS: KEYWORDS:kbsna400sp3fea kbFEA sna4 kbsna400sp1 kbsna400sp2 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, versions 4.0, 4.0 SP1, 4.0 SP2 ------------------------------------------------------------------------------- SUMMARY ======= Configuring Host Security Domains can only be done using SNA Manager. Customers that rely on SNA Server's command line utility (Snacfg.exe) are unable to set configurations for Host Security Domains. SNA Server's command-line interface has been enhanced so it is now possible to create, delete, or modify Host Security Domains. The Host Security Integration feature requires that information about Host Security Domains is stored on the Host Security Database hosted on the Windows NT primary domain controller. Creating a Host Security domain also creates two user groups, one for the Users and one for Proxy. Therefore, this enhancement can't really be used offline: the administrator must be logged on to the Windows NT domain where the SNA subdomain configuration file will be used. The syntax of this command is: SNACFG HSDOMAIN /LIST SNACFG HSDOMAIN hsdomainname SNACFG HSDOMAIN hsdomainname /PRINT SNACFG HSDOMAIN hsdomainname /ADD [options] SNACFG HSDOMAIN hsdomainname [options] SNACFG HSDOMAIN hsdomainname /DELETE Available options are: /NAMES:{ MAP | REPLICATE } /PASSWORDS:{ MAP | REPLICATE } /OVERRIDE:{ Yes | No } /ENABLEUSER: /DISABLEUSER: /ENABLEPROXY: /DISABLEPROXY: /INSERTCONN: /REMOVECONN: implies that a comma separated string is accepted. /ENABLEUSER adds the named users to the group created for the host domain. /DISABLEUSER removes the named user from the group created for the host domain. /ENABLEPROXY adds the named users to the group created for the host domain proxy. /DISABLEUSER removes the named user from the group created for the host domain proxy. /INSERTCONN adds the named connections to the host domain. The connection must already exist. /REMOVECONN removes the named connection from the host domain. MORE INFORMATION ================ This feature is available in the latest service pack for SNA Server version 4.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: Q215838 How to Obtain the Latest SNA Server Version 4.0 Service Pack This feature was first included in SNA Server version 4.0 Service Pack 3. Additional query words: ====================================================================== Keywords : kbsna400sp3fea kbFEA sna4 kbsna400sp1 kbsna400sp2 Technology : kbAudDeveloper kbSNAServSearch kbSNAServ400 kbSNAServ400SP1 kbSNAServ400SP2 Version : WINDOWS:4.0,4.0 SP1,4.0 SP2 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.