Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Administration Guide

17.40 jdnrnetctrl (controlling network access)

Functionality

This command controls network access of devices by updating the network control list of the management server.

Messages generated while this command is running are written into the network control command message file. For details about the causes and actions concerning the output messages, see the JP1/IT Desktop Management 2 Messages.

Format

jdnrnetctrl -action {allow|deny}{ -hostname host-name| -ip IP-address| -hostname host-name -ip IP-address| -controlfile network-connection-control-file}[ -matchoption {exact|forward}] -settingfile network-control-command-configuration-file

Arguments

-action {allow|deny}

Specify whether to allow the network access of the device.

allow: Allows the network access of the device.

deny: Does not allow the network access of the device.

-hostname host-name

Specify the host name of a device whose network access you want to control. When this argument is combined with -ip, the system finds a device that has the specified host name and the specified IP address to control network access.

-ip IP-address

Specify the IP address of a device whose network access you want to control. When this argument is combined with -hostname, the system finds a device that has the specified host name and the specified IP address to control network access.

-controlfile network-connection-control-file

Specify the absolute path of a CSV file (network connection control file) that contains the device information of network-connected devices.

-matchoption {exact|forward}

Specify how to match the specified host name to a host name of the device managed in JP1/IT Desktop Management 2.

exact (default): The system controls the network access of a device managed in JP1/IT Desktop Management 2 when its host name exactly matches the host name specified with the command.

forward: If the host name specified with the command is not an FQDN, the system controls the network access of a device managed in JP1/IT Desktop Management 2 when the device's host name part matches the host name specified with the command. If the host name specified with the command is an FQDN, the system controls the network access of a device managed in JP1/IT Desktop Management 2 when the device's host name exactly matches the host name specified with the command. We recommend that you specify this option value when there is a device that joins a domain group.

-settingfile network-control-command-configuration-file

Specify the absolute path of the network control command configuration file (ini file).

Storage location

Executing this command in an environment other than that of the management server

Store the files listed below in any folder located in the environment in which you are going to execute this command, and then execute the command.

JP1/IT Desktop Management 2-installation-folder\mgr\remote\

jdnrnetctrl.exe

jdnrnetctrl.ini

Executing this command on the management server

JP1/IT Desktop Management 2-installation-folder\mgr\bin\

You can execute this command without specifying the storage location for the executable file, by using the command prompt provided by JP1/IT Desktop Management 2.

Edit the network control command configuration file shown below. Specify this as the argument of the command.

JP1/IT Desktop Management 2-installation-folder\mgr\conf\jdnrnetctrl.ini

Format of the network connection control file

The following table describes the specifications of the network connection control file:

Item

Description

File format

Comma-separated values (CSV) file

Encoding

UTF-8 (without BOM)

The following table describes the format of the network connection control file:

Row

Field

Required or optional

Description

Acceptable value

1

Host name

At least, either the host name or the IP address must be specified.

Host name

A character string of 1 to 256 characters

2

IP address

IP address (IPv4)

A character string in the format xxx.xxx.xxx.xxx

xxx: A number from 0 to 255

The following example shows lines of code in the network connection control file:

Host-A

,192.168.1.2

Host-C,192.168.1.3

Format of the network control command configuration file

The following table describes the format of the network control command configuration file:

Section

Key

Value

Default value

Acceptable value

settings

host

The host name or IP address of a management server

Blank

A character string of 1 to 256 characters

port

The connection port number on the management server

31080

A number from 2 to 49,151

user

The ID of the JP1/IT Desktop Management 2 user who can execute the command

Blank

A character string of 1 to 64 characters

pass

The password of the JP1/IT Desktop Management 2 user ID#

Blank

A character string of 1 to 32 characters

sys

A property for the internal process of JP1/IT Desktop Management 2 (not editable)

Blank

None

#: When the command is executed and the user authentication succeeds on the management server, pass becomes empty. To set the password again, set a character string for pass.

The following example shows lines of code in the network control command configuration file:

[settings]

host=SERVER-A

port=31080

user=userA

pass=password01

sys=

Output format of the network control command message file

The following table describes the specifications of the network control command message file:

File name

Output folder

Number of retained files

Size

jdnrnetctrlCn.log (n:1 to 2)

folder-containing-the-jdnrnetctrl-command\log, or JP1/IT Desktop Management 2-Manager-installation-folder\mgr\log

2

1 MB

The following shows the output format of the network control command message file:

date time process-ID message-ID message-text CRLF (end of line)

Notes

Return value

The following table shows the return values of the jdnrnetctrl command:

Return value

Description

0

The command finished normally.

1

The command finished normally. However, an invalid line is found in the specified network connection control file.

11

The format for specifying the command arguments is invalid.

21

Failed to connect to the management server.

22

Authentication failed on the management server.

31

Another command (or another network control command) is being executed.

51

You do not have the permissions to execute this command.

150

The command execution failed.

Example

The following example shows how to configure this command when you want to execute the network control command on the management server set in C:\temp\jdnrnetctrl.ini and block the network access of the device whose host name is hostname001.

jdnrnetctrl -action deny -hostname hostname001 -settingfile C:\temp\jdnrnetctrl.ini

Collecting troubleshooting information

When you execute the network control command, you might encounter a problem with an unknown cause or unresolved issues. In this case, you need to collect troubleshooting information to make inquiries to the support service. If you have executed the network control command in an environment other than that of the management server, you need to collect troubleshooting information from both the management server and the environment (computer) in which you have executed the command.

The procedure below describes how to collect troubleshooting information from the environment (computer) in which you have executed the command. You must have Administrator permission to carry out this procedure.

  1. Open the command prompt and move to the folder in which the network control command is stored.

  2. Create a troubleshoot folder, and then move to the created folder.

    mkdir troubleshoot

    cd troubleshoot

  3. Execute the commands for collecting troubleshooting information.

    Execute the commands shown below. If a system information dialog box appears, do not click the Cancel button. Instead, wait until the dialog box closes.

    systeminfo > systeminfo.txt

    netstat -a > netstat_a.txt

    netstat -nr > netstat_nr.txt

    netstat -no > netstat_no.txt

    ipconfig -all > ipconfig.txt

    wevtutil qe Application /f:text /rd:true > event.txt

    wevtutil qe Security /f:text /rd:true >> event.txt

    wevtutil qe System /f:text /rd:true >> event.txt

    tasklist /V > tasklist.txt

    sc query > service.txt

    msinfo32.exe /report msinfo32.txt

  4. Close the command prompt.

You will find the folders shown below under the folder in which the network control command is stored. These folders contain troubleshooting information. After making inquiries to the support service, delete the troubleshoot folder.

To collect troubleshooting information from the management server, execute the getlogs command.

If you have executed the network control command stored in the JP1/IT Desktop Management 2-installation-folder\mgr\bin folder on the management server, information collected by the getlogs command contains troubleshooting information for the command as well. On the other hand, if you have executed a network control command that is stored in a location other than the JP1/IT Desktop Management 2-installation-folder\mgr\bin folder, collect also the log folder located under the folder in which the network control command is stored as the troubleshooting information.

Related Topics:

To Page Top

Copyright (C) 2019, 2022, Hitachi, Ltd.

Copyright (C) 2019, 2022, Hitachi Solutions, Ltd.

Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.