Equivalent commands in Netware 4.11

Posted on 1998-09-29
Last Modified: 2008-02-01
1) i would like to know how to create a workgroup manager or    user account manager( found in Netware 3.12) in Netware    4.11?
2) how to assign queues to printers in Netware 4.11? i don't    seem to find the equivalent procedures as in Netware 3.12
Question by:tyj
  • 2

Accepted Solution

aioudine earned 60 total points
ID: 1593592
1) Create object "Organizational role"
assign user-account manager as occupant of this object
Then make this object 9Org. role) trustee of group

Also you may directly make user trustee of group
for more information see manual

2) you may use NWADMIN or pconsole
If you not familar with this utilites use Quick Setup options in netadmin


Author Comment

ID: 1593593
1)can please be more detail on where to create an organizational role? whether i should create it under the current context or under an organizational unit? And what exactly does an organizational unit does?

 After creating the organizational role, can you tell me in more detail whether should i assign a particular group as trustees to the org. role or should i assign the role as trustees to the group?

Expert Comment

ID: 1593594
An Organizational Unit object helps you to organize leaf objects in the Directory tree. It
also allows you to set defaults in a login script, and create a user template for User objects you create in the Organizational  Unit container.

You can use an Organizational Unit object to designate a business unit within a company, a department within a division or univeristy, a project team within a department, and so on.

So, you may create OU Marketing, Sales, Support,
or OU Tokyo, Dallas, London
An Organizational Role object defines a position or role within an organization.
An example might be a department manager or vice president of sales, and so on.
You can assign any User object to be an occupant of the Organizational Role object.
Any occupant receives the same rights that were granted to the Organizational Role object.

You create an Organizational Role object to assign rights to a particular position in the organization where the person  holding the position might change frequently, while the actual responsibilities of the position do not change often. It can also be used when you have a job where you want different people to handle the same job at different times of the lear.

After creating the organizational role you should assign a role as trustees of the group
or you can grant OrgRole right to OU (All depend on tree design)
Below related TID from
NOTE: Here explained how to create User object, but I recomend you create OR
How do I create a Workgroup Manager in 4.1 ?  (Last modified: 06FEB1998)

     This document (2913382) is provided subject to the disclaimer at the end of this document.

     There is no easy way to create a Workgroup Manager (WGM) in NetWare 4.1 environment
     without giving this user too many rights. In fact, many people believe that there is NO WAY to
     have a WGM, unless we give him/her all of these excessive rights.

     The solution described below must be followed precisely, or the user will end up with too many
     rights or no rights at all over the container he or she will be responsible for.

     By the way, the sequence described here is based on the fact that the WGM created will be in
     fact a
      "CONTAINER" MANAGER, and not a "Group" Manager.

     The solution here can be found also in the Dynatext Library for Netware 4.1 "Building and
     Auditing a Trusted Network Environment with Netware 4", chapter 3 Section "Workgroup
     Manager" , with less details.


     Workgroup Manager

     Your organization may have security needs that require central administration but also allow for
     workgroup or departmental management. As seen in this example, it is possible to cut off
     administrative control to a branch of the tree. It is therefore imperative to set up security so that
     if the WorkGroup Manager administrator of a branch leaves the company under unfavorable
     circumstances, the resources in that branch can still be administered.

     To prevent cutting off administrative control from a branch of the tree, and to give rights to a
     WGM to perform daily tasks over a container like change or reassign passwords, create or delete
     users, carefully complete the following steps:

     1. Create a User called WGManager (or something appropriate).

     2. Assign this User an explicit trustee of the container to be administered by going to the
     container that needs to be administred, right click on it, go to "Trustees of this object" and ADD
     the WGManager user as a trustee of the container. Before closing the window, give the user the
     following rights:
     [BCDR] to object rights (Check in the left box )

     [RCWA] to All Properties rights (Check in the right box)

     Then click on "Selected Properties" and scroll down until you find the "Object Trustees (ACL)"
     and check

     [CR] ACL Property rights

     (Do not click OK yet. Wait for instructions about when to close this window (step 5.))

     (Reassignment of the ACL property rights override the rights assigned to All Properties rights,
     preventing the user WGManager from changing trustee assignments to the container.)

     3. ADD the user Admin as a trustee of this container by clicking the button "Add Trustee" and
     searching the tree.

     4. Assign Admin an explicit trustee assignment to the container of all Object Rights and
     properties Rights by checking:

     [SBCDR] object rights (Checking in the left box - Object Rights)

     [SRCWA] All Properties rights (Check in the right box - All Properties Rights)

     5. Now click OK to close the Container Box and save the changes.

     6. Right Click the user WGManager, go to "Trustees of this object" and ADD the user Admin as
     a trustee of this object.

     7. Assign Admin an explicit trustee assignment to the user WGManager of all Object Rights and
     All Properties Rights by checking:

     [SBCDR] object rights (Checking in the left box - Object Rights)

     [SRCWA] All Properties rights (Check in the right box - All Properties Rights)

     8. Revoke all inherited rights except B to the user WGManager by clicking in Inherited Rights
     Filter and checking with a " X " only the Browse. All other rights in both boxes must be without
     " X " , or blocked.

     IRF [B ] object rights only

     9. Now click OK to save the IRF box changes.

     (This is done so that the workgroup manager does not inherit rights to manage himself.)

     10. Reassign explicit rights to the user WGManager to the Object Right and Properties Rights by
     highlighting the user's name in the trustee list and checking:

     [ B ] object rights (Checking in the left box - Object Rights)

     [ R ] All properties (Checking in the right box - All Properties Rights)

     Check on "Selected properties" and check:

     [ RW] to the "Login script" property

     [ RW] to the "Print job configuration" property

     [CR ] to the "Object trustees (ACL)" property

     11. Click OK to close the user's box and save the changes

     (This gives the workgroup manager the same rights to manage himself that a user has by
     default, and prevents him from adding more rights to himself.)

     What makes this scenario work is the workgroup manager's inability to change trustee
     assignments for a container through restricted access to this container's ACL property.

PS For more information obtain Novell White book from NAEC (Netware Administration)

And read articles in Novell AppNotes on
"Planning a  Directory Tree" at

About Nw4.X Security read
"Implementing and Administering NetWare 4 Security" on


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now