Universal Configuration Manager - Universal Command Server

Owned by
Former user (Deleted)
Last updated: Feb 16, 2023 by
Stonebranch
14 min read

Universal Command Server

Universal Command Server: Message Options

Field

Description

Message Level

Error
Turns on message logging for errors only.
 
Warning
Turns on message logging for warnings and errors.
 
Info
Turns on message logging for all informational, warning and error messages.
 
Audit
Turns on message logging for all audit, informational, warning and error messages.
 
Trace
Allows all messages to be logged, including those used for debugging purposes.

Universal Command Server: Server Options

Field

Description

User Security Options

Require User ID and password to start process
When this option is checked, Universal Command will require a valid user ID and password to start a process.
 
Load the user’s environment
When checked, causes Universal Command Server to load the profile and the environment settings for the user account being used to execute the requested process. This is necessary only if the process requires access to user-specific environment variables, or registry values that are only stored under the HKEY_CURRENT_USER key.
 
Allow process to interact with desktop
When this option is checked, processes are run in a context that permits the current console logon session to interact with them. This also allows the process to invoke system functions that access desktop elements (for example, Windows, menus, buttons) associated with that session. Accordingly, this exposes a risk whereby a process could hijack the desktop and invoke malicious code using a (potentially) elevated security context.

  • Leaving this option unchecked causes user processes to execute in a context that isolates them from the current interactive logon session. Unless processes that require user interaction are executed, this is the recommended setting.
  • This option only applies if a user account (in whose security context a process is executed) is authenticated via an interactive logon. If the User must have batch logon right option is checked, a batch logon is done to establish the process's security context. This logon method requires additional privileges, but disallows all interaction with the desktop.

User must have batch logon rights
When this option is checked, the Log on as a batch job user right must be granted to the user ID passed to Universal Command before the process will run. This is an advanced user right that must be set using the NT User Manager.
 
Execute process with highest privileges
When this option is checked, user processes that UCMD Server executes receive an elevated access token. This gives the account used to execute the process the highest privileges available to it. Note that the account is not granted any new privileges, it simply receives the privileges necessary to execute tasks under User Account Control (UAC) restrictions.
 
Note that this option is only recognized for Windows platforms starting with Windows Vista. It is ignored for Windows XP and Server 2003.

Standard I/O redirection timeout

Specifies the length of time, in seconds, that a Universal Command Server will wait for stdin, stdout and stderr files of the process it starts to close. If the closure of those files is not detected within the time limit set by this value, the Universal Command Server will end, even if the process it started has not ended.

Universal Command Server: Server Options - Process Options

Field

Description

Command Execution Options

Command Type
The command type option specifies the default command type when one is not specified directly by the manager. The default is shell.
 
Script Type
The value type specifies the default script type when a Manager does not specify one. Windows script types are interpreted as file extensions. The script is executed by the program associated with the file extension. If no program association exists for the extension, the script will fail. The default is BAT.
 
Command reference directory
The command reference directory specifies where Universal Command Server searches for command references.

Assign all Server child processes to a single job object

This option instructs a Universal Command Server how to manage the relationship between it and the child processes it creates.
 
When this option is checked, the child process Universal Command Server starts – and any of that process's descendants – are assigned to a single entity known as a job. Assigning a process to a job simplifies process management, by causing all child processes (that is, the requested user process and any of its child processes) to terminate whenever their parent is cancelled (that is, Universal Command Server).
 
When this option is NOT checked, no relationship among child processes is maintained, and each child process must be terminated individually when a Universal Command Server component is cancelled. This is the behavior exhibited in Universal Command Server releases prior to v3.2.0.0.
 
Note: The value for this option may be overridden from the remote Universal Command Manager's command options on a per-request basis.

Universal Command Server: Network Options

Field

Description

Network Data Transfer Options

Compress Data
Controls compression of data transmitted across the network. Select the checkbox to turn this option on.
 
Enable max compression
Select this option to use the zlib compression algorithm, which usually results in a very high compression rate. When this option is not selected, the hasp compression algorithm will be used. This algorithm is not as CPU-intensive as the zlib algorithm, but the resulting data is a little less compressed.
 
Encrypt Data
Controls encryption of data transmitted across the network. Select the checkbox to turn this option on.
 
Verify Data integrity
Controls whether or not data integrity is verified. When this option is selected, authentication checks will be done to insure that the data sent is the same data received. If the data changed, the data integrity is jeopardized and the transmission terminates.

Keep live Interval

This value specifies the frequency with which a keep alive message will be sent to the Universal Command Manager. The manager uses this message to verify that a network connection still exists with the server during periods of network inactivity.

Code Page

Sets the translation table used to translate text-based data transmitted across the network.

Network Fault Tolerant Options

Job Retention
The job retention option specifies the time to retain the exit status of the command executed after termination of the command if the network connection to the manager is down. This allows a manager to reestablish the connection after the command has completed. The value is stored in seconds, and the default is 172800 seconds, or 2 days.

Universal Command Server: Spooling Options

Field

Description

Enable spooling of redirected standard i/o data

Controls whether or not the Universal Command Server will allow redirected input and output to be spooled. When checked, the Universal Command Server will spool redirected i/o, provided the Universal Command Manager has requested it. If this option is not checked, no spooling will be done, and all requests by Universal Command Managers to do so will be rejected.

Spool file directory

The directory where spool files for each component instance will be stored. This directory must be located on local storage. It may not be located on any storage area accessed via the network which includes but is not limited to NFS, SAMBA, Microsoft File Sharing.

Universal Command Server: SSL/TLS Protocol Options

Field

Description

Data Session SSL Cipher List

Universal Command uses the SSL/TLS protocol for data encryption. SSL/TLS has a variety of encryption and message digest algorithms that can be used for network communication.
 
The SSL/TLS cipher suites available for network communication over the data session are listed here.
 
The cipher suites to use may be specified by checking the box to the left of the cipher name. The order in which the suites are applied may also be specified by selecting the up/down arrows to the right of the list. Please note that the order may be changed for any of the ciphers listed, but only those with a check next to their name will be used.
 
The following cipher suites are available:

  • RC4-SHA
    128-bit RC4 encryption, SHA-1 message digest
  • RC4-MD5
    128-bit RC4 encryption, MD5 message digest
  • AES256-SHA
    256-bit AES encryption, SHA-1 message digest
  • AES128-SHA
    128-bit AES encryption, SHA-1 message digest
  • DES-CBC3-SHA
    128-bit Triple-DES encryption, SHA-1 message digest
  • DES-CBC-SHA
    128-bit DES encryption, SHA-1 message digest
  • NULL-SHA
    No encryption, SHA-1 message digest
  • NULL-MD5
    No encryption, MD5 message digest

Require and encrypted control session

Select this option to require encryption over the control session between the UCMD Manager and Server.
 
When this option is selected, the UCMD Server will not accept a control session SSL/TLS cipher of NULL-NULL from the remote UCMD Manager. When this option is not selected, the UCMD Server will accept any control session cipher from the UCMD Manager, even one that disables SSL/TLS encryption.
 
This option is checked by default.

Negotiate sessions using

(No help available.)

Universal Command Server: Event Subsystem Options

Field

Description

Event Generation Options

Generate activity monitoring events
When this option is selected, the Universal Command Server will generate events that monitor product activity.
 
Persistent event list
Specifies which events are to be generated and processed as persistent events. A persistent event is saved in a Universal Enterprise Controller (UEC) event database for long-term storage.
 
Enter a list and/or range of numeric event types, separated by a comma. To exclude an event or range of events, precede the entry with an upper- or lower-case 'X'. Use an asterisk (star) to specify all event types.
 
For example:

  • x*
    Do not generate any events (this is the default)
  • *
    Generate all event types
  • 100
    Generate all event types except 100
  • 100,200-205
    Generate event type 100 and 200 through 205
  • 100,200-205,x202
    Generate event types 100 and 200 thru 205, excluding event type 202

Entries are processed from left to right, and the list is order dependent. For example, an entry of x*,100 prevents generation of all event types except 100, while an entry of 100,x* prevents generation of all event types (the right-most entry takes precedence).

Universal Command Server: Access Control List

Universal Command Server: Access Control List - Access ACL

Field

Description

Access Control List

Displays the entries contained in the Universal Command Server Access Control List (ACL). This list is used to grant or deny access to Universal Command Server based on the remote system's IP address, the user account running the Universal Command Manager, and the user account with which the Server is executed. The order in which ACL entries are evaluated and applied are based on their position in this list. Use the Move Up and Move Down buttons to change an entry's priority.

Add Button

Displays a dialog box that allows an entry to be added to the Access Control List. The fields in this dialog are populated with default values.
 

 
Remote Host Name/IP Address
The IP address or name of the remote host for which access will be allowed or denied. To apply an access control entry to all IP addresses, use the keyword ALL (in all caps).
 
Universal Command Manager User Account
(No Help provided.)
 
Local User Account
The local user account that will be used to run the requested process.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Edit Button

Displays a dialog that allows the selected Access Control List entry to be modified.
 

 
Remote Host Name/IP Address
The IP address or name of the remote host for which access will be allowed or denied. To apply an access control entry to all IP addresses, use the keyword ALL (in all caps).
 
Universal Command Manager User Account
(No Help provided.)
 
Local User Account
The local user account that will be used to run the requested process.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Delete Button

Removes the selected item from the Access Control List.

Move Up Button

Moves the selected item up one position in the list.

Move Down Button

Moves the selected item down one position in the list.

Universal Command Server: Access Control List: Request ACL

Field

Description

Request ACL List

Displays the entries contained in the Universal Command Request Access Control List (ACL). The order in which ACL entries are evaluated and applied are based on their position in this list. Use the Move Up and Move Down buttons to change an entry's priority.

Add Button

Displays a dialog box that allows an entry to be added to the Access Control List. The fields in this dialog are populated with default values.
 

 
Remote Host Name/IP Address
The IP address or name of the remote host for which access will be allowed or denied. To apply an access control entry to all IP addresses, use the keyword ALL (in all caps).
 
Universal Command Manager User Account
The ID of the user account executing the Universal Command Manager.
 
Local User Account
Specifies the name of the local user account to which this ACL entry will be applied. An entry of * indicates that the entry applies to all local user accounts.
 
Request Type
Specifies the type of request issued by the UCmd Manager. Valid request types for UCmd Servers running on Windows are included in the list. * may also be specified to indicate the rule applies to all valid UCmd Manager request types.
 
Request Name
Enter the name of a command or a command reference here to set access for the specified local user account based on the UCmd Manager request (as specified by the -cmd command line option). Use the default value of * to grant or deny access to all commands requested by the user.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Edit Button

Displays a dialog that allows the selected Access Control List entry to be modified.
 

 
Remote Host Name/IP Address
The IP address or name of the remote host for which access will be allowed or denied. To apply an access control entry to all IP addresses, use the keyword ALL (in all caps).
 
Universal Command Manager User Account
The ID of the user account executing the Universal Command Manager.
 
Local User Account
Specifies the name of the local user account to which this ACL entry will be applied. An entry of * indicates that the entry applies to all local user accounts.
 
Request Type
Specifies the type of request issued by the UCmd Manager. Valid request types for UCmd Servers running on Windows are included in the list. * may also be specified to indicate the rule applies to all valid UCmd Manager request types.
 
Request Name
Enter the name of a command or a command reference here to set access for the specified local user account based on the UCmd Manager request (as specified by the -cmd command line option). Use the default value of * to grant or deny access to all commands requested by the user.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Delete Button

Removes the selected item from the Access Control List.

Move Up Button

Moves the selected item up one position in the list.

Move Down Button

Moves the selected item down one position in the list.

Universal Command Server: Access Control List - Certificate ACL

Field

Description

Certificate ACL List

Displays the entries contained in the Universal Command Certificate Access Control List (ACL). The order in which ACL entries are evaluated and applied are based on their position in this list. Use the Move Up and Move Down buttons to change an entry's priority.

Add Button

Displays a dialog box that allows an entry to be added to the Access Control List. The fields in this dialog are populated with default values.
 

 
Certificate ID
When a UCmd Manager specifies a certificate ID from its command line, its corresponding UCmd Server compares it to the certificate ID entered here. If a match is found and the certificate ID has a corresponding entry in the Certificate Map list, the authority to execute the request is granted or denied to the specified local user account.
 
Local User Account
The local user account that will be used to run the requested process.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Edit Button

Displays a dialog that allows the selected Access Control List entry to be modified.
 

 
Certificate ID
When a UCmd Manager specifies a certificate ID from its command line, its corresponding UCmd Server compares it to the certificate ID entered here. If a match is found and the certificate ID has a corresponding entry in the Certificate Map list, the authority to execute the request is granted or denied to the specified local user account.
 
Local User Account
The local user account that will be used to run the requested process.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Delete Button

Removes the selected item from the Access Control List.

Move Up Button

Moves the selected item up one position in the list.

Move Down Button

Moves the selected item down one position in the list.

Universal Command Server: Access Control List: Certificate Request ACL

Field

Description

Certificate Request ACL List

Displays the entries contained in the Universal Command Certificate Request Access Control List (ACL). The order in which ACL entries are evaluated and applied are based on their position in this list. Use the Move Up and Move Down buttons to change an entry's priority.

Add Button

Displays a dialog box that allows an entry to be added to the Access Control List. The fields in this dialog are populated with default values.
 

 
Certificate ID
When a UCmd Manager specifies a certificate ID from its command line, its corresponding UCmd Server compares it to the certificate ID entered here. If a match is found and the certificate ID has a corresponding entry in the Certificate Map list, the authority to execute the request is granted or denied to the specified local user account.
 
Local User Account
The local user account that will be used to run the requested process.
 
Request Type
Specifies the type of request issued by the UCmd Manager. Valid request types for UCmd Servers running on Windows are included in the list. * may also be specified to indicate the rule applies to all valid UCmd Manager request types.
 
Request Name:
Enter the name of a command or a command reference here to set access for the specified local user account based on the UCmd Manager request (as specified by the -cmd command line option). Use the default value of * to grant or deny access to all commands requested by the user.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Edit Button

Displays a dialog that allows the selected Access Control List entry to be modified.
 

 
Certificate ID
When a UCmd Manager specifies a certificate ID from its command line, its corresponding UCmd Server compares it to the certificate ID entered here. If a match is found and the certificate ID has a corresponding entry in the Certificate Map list, the authority to execute the request is granted or denied to the specified local user account.
 
Local User Account
The local user account that will be used to run the requested process.
 
Request Type
Specifies the type of request issued by the UCmd Manager. Valid request types for UCmd Servers running on Windows are included in the list. * may also be specified to indicate the rule applies to all valid UCmd Manager request types.
 
Request Name:
Enter the name of a command or a command reference here to set access for the specified local user account based on the UCmd Manager request (as specified by the -cmd command line option). Use the default value of * to grant or deny access to all commands requested by the user.
 
Access Type
Will cause the Universal Command Server to accept/reject incoming connections from the specified host, provided the Universal Command Manager is executed by the specified user account and the process is owned by the specified local user account.

Delete Button

Removes the selected item from the Access Control List.

Move Up Button

Moves the selected item up one position in the list.

Move Down Button

Moves the selected item down one position in the list.