About Support Tools Security | Cisco Systems 2.1(1) specification

Chapter 6

About Support Tools Security

Support Tools Security Features

Support Tools operates with the following security features/restrictions:

1.Access to Support Tools is limited to the local network. Remote access via the Internet is not supported. Users must authenticate against the network in order to use Support Tools.

2.Users must login to the Support Tools Dashboard using their network ID and password, or the ID and password of a valid Windows account.

Note: The Support Tools Login page uses SSL by default so that user passwords and all communication between the server and the web client are encrypted and secure.

3.Within the Support Tools Dashboard, access to specific utilities is determined by Windows User Group membership. Only members of the user group designated as the Support Tools privileged group can use utilities capable of system modification from the Dashboard.

Non-privileged users are limited to information gathering functionality only. Note that Support Tools utilities used outside of the Dashboard environment (namely, via command-line) do not impose these levels of privilege.

The use of Support Tools utilities outside of the Dashboard environment (accessed via command line interface on a node) is not controlled by a login/password. System administrators can use Windows privileges to limit this method of access to specific users or groups.

4.Optionally, to enhance security, on Windows 2003 systems, you can use Support Tools' automated deployment of IPSecurity to authenticate requests from the Support Tools Server to a node. Automated IPSec setup is not available on non-Windows 2003 systems, but IPSec can be configured manually, if desired.

Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)

43

Image 57

Cisco Systems 2.1(1) manual About Support Tools Security, Support Tools Security Features

Contents

Cisco Support Tools User Guide for Cisco Unified Software Page Table of Contents Part 3. Installing, Upgrading and Configuring Support Tools Iii Part 4. The Support Tools DashboardPage Part 6. Using Cisco Common Tools 153 Page Vii 193 Viii Sqlew Part 8. Reference 249 Page List of Figures Xii Preface PurposeAudience Organization Related DocumentationConventions Cisco.com Obtaining Documentation You can access international Cisco websites at this URL Documentation FeedbackProduct Documentation DVD Ordering Documentation Reporting Security Problems in Cisco Products Product Alerts and Field NoticesCisco Product Security Overview Cisco Technical Support & Documentation Website Obtaining Technical Assistance Definitions of Service Request Severity Submitting a Service Request Obtaining Additional Publications and Information Preface Obtaining Additional Publications and Information Preface Obtaining Additional Publications and Information Page Page Chapter New Features in this Release New Features in this Release Support Tools Node Requirements This section contains the following topicsCisco Intelligent Contact Above All Management ICM and IP Support Tools Node Hardware Requirements Support Tools Server RequirementsSupport Tools Node Software Requirements Support Tools Server Hardware Requirements Support Tools Port Requirements Support Tools Server / Node Version CompatibilitySupport Tools Server OS Requirements Support Tools Server Network Requirements Support Tools Listening Port Support Tools Dashboard Web Browser Requirements Part 2 Support Tools Overview Page About Cisco Support Tools Key Features About Support Tools Components Key Features About Support Tools Network Topology Support Tools ServerSupport Tools Node What is the benefit of Support Tools? Frequently Asked Questions Who can use Support Tools? About Cisco Support Tools Frequently Asked Questions Support Tools Utilities List About Support Tools Utilities Trace and Log Tools Web Tools Cisco Common Tools Enable specific debug tracing in the call router 3rd Party Common ToolsViewing status, statistics, etc. It is also possible to Use to view user-defined number of lines from Use to view statistics for the local Workstation Automatically restart the host after 60 seconds Displays and configures event triggers on local Privileged Utilities Utility Installation Locations Non-Dashboard Utilities Command-Line vs GUI Access About Support Tools Utilities Command-Line vs GUI Access Interactive Mode vs. Batch Mode Working in Interactive ModeWorking in Batch Mode Using Tools in Batch Mode Canceling a Batch Mode JobPending Jobs Click Cancel Interactive Mode vs. Batch Mode Pending Jobs About Support Tools Security Support Tools Security Features Automated IPSec Implementation Using IPSecurity with Support Tools Manual IPSec Implementation Page Part 3 Installing, Upgrading and Configuring Support Tools Page Installing Support Tools About Installing Support ToolsSupport Tools Installation Tasks Collect information for the install How to Collect Information for Support Tools Installation Post-Installation Configuration How to Create Support Tools User Groups How to Create the Distinguished User Account To Create Support Tools User GroupsCreating Local Accounts on the Support Tools Server How to Install the Support Tools Server How to Create the Distinguished User AccountPage Page How to Install the Support Tools Node How to Test the Support Tools Installation Press Enter. The Support Tools Dashboard Login screen opensPassword field, enter your Windows password case-sensitive Page Page About Configuring Support Tools Configuring Support Tools How to Modify Support Tools Basic Configuration TCP/IP Port How to Disable Continuous Virus Scan for the Repository Supporttoolsroot\repository\system files\ Page List/wmi.asp Configuration of sysquery and Trace How to Uninstall Support Tools Uninstalling, Reinstalling and Upgrading Support Tools Upgrading Support Tools How to Reinstall Support Tools Part 4 The Support Tools Dashboard Page Support Tools Dashboard Using the Support Tools Dashboard Using the Dashboard for the First Time Accessing the Dashboard and PrivilegesAccessing the Dashboard Accessing Utilities in the Dashboard Adding a System to the System List Selecting a System to Work With in Interactive Mode How to Access the Support Tools Dashboard To access the Support Tools DashboardNavigating and Refreshing Pages in the Dashboard To Add a Node to the System List How to Use the System Management Screen To Test the Connection to a Node To Automatically Add CVP and Support Tools Server NodesTo Delete a Node from the System List Click the Add System Button Using the Select System Screen Using the Select System Screen Adding a Support Tools Node to the System List How to End a Dashboard SessionPage Page Part 5 Using Support Tools Web Tools Page How to Use the System Interrogate Screen Using Support Tools Utilities from the DashboardPage Component & Sub-components InteractiveMode Odbc Cisco ICM/IPCC Agent Reskilling Component & Sub-components Retrievable Only Interactive Mode Cisco Agent Desktop CAD Cisco CallManager Cisco Ipcc Express Component & Sub-components Cisco Support Tools To Retrieve System Information in Interactive Mode To Save System Information to a File To Retrieve System Information in Batch Mode To Save Files Returned from a System Interrogate How to Use the History Screens To Set an Expiration Date for History Files To View a Saved FileTo Rename a File How to Use the Registry Screen To Delete a FileTo Download a File To use the Registry Screen How to Use the Registry Compare Screen To Compare the Current System to Another To Compare the Current System to a Saved Registry FileTo Compare Two Saved Registry Files Understanding the Compare Registries Display Click the Compare Registries Files button100 Viewing Registry Keys for Multiple Customer Instances To Copy Key Values Between Registries and Files101 102 To Save a Registry Comparison to a File How to Use the Processes Screen To View Processes103 To Save a Process How to Use the Services ScreenTo Terminate a Process 104 To View Services To Stop or Start a Service105 To Save the Services List to a File Trace and Log106 How to Use the Create Log Group Screen To Create a Log Group107 108 Click Next 109 Viewing Log Groups How to Use the Log Groups ScreenEditing Log Groups Renaming Log Groups Deleting Log Groups How to Use the Create Trace Group Screen Batch ModeRefreshing the Log Groups Screen 111 How to Use the Create Trace Group Screen Interactive Mode Creating a Trace Group112 How to Use the Trace Groups Screen Viewing a Trace Groups Settings113 Viewing a Trace Groups File Editing a Trace Group114 Deleting Trace Groups Renaming Trace GroupsRefreshing the Trace Groups Screen 115 How to Use the Schedule Trace Screen Scheduling a Trace116 Products Supported for Log Collection About Log CollectionCollect Logs General Steps 117 118 What are Merged Logs? How to Use the Collect Logs Screen Batch Mode To Create a Log Collection119 120 How to Use the Log Collections Screen To View Details of Log Collections To Download Collected Logs121 To Delete a Log Collection Log File Naming ConventionsTo Rename a Log Collection Log files use the following naming conventions For ICM 123 How to Use the Collect Logs Screen Interactive Mode 124 125 Using Cisco Tools from a Command Line Selecting a System to Use Command-Line Mode vs Interactive ModeSelecting a Different Application Server 126 Selecting a Different Target System Getting Help for Command Line ToolsViewing a list of targetable systems Saving, Viewing, and Retrieving Files To Access the Services Utility from a Command Line How to Use the Services Utility from a Command LineEmbedded Spaces 128 Utility Displays syntax for a specified command Using the Services Utility from a Command LineSpecified, the utility is run on the local system Specified, the utility is run against the local system Stop Stops a started service on the target system Starting a serviceReadfile, read Directs command input to another input file Quit, q Ends the program How to Use the Processes Utility from a Command Line Viewing and Stopping a Service ExamplesTo Run the Processes Utility from a Command Line 132 Using the Processes Utility from a Command Line Kill Terminates a started process on the target system Viewing and Killing a Service ExamplesServer 133 To Run the System Interrogate Utility from a Command Line Using the System Interrogate Utility from a Command Line134 135 Repository on the application server Viewing System Information Examples How to Use the Registry Utility from a Command Line To Run the Registry Utility from a Command Line Using the Registry Utility from a Command Line137 Command Description Instance whose registry values will be returned138 Invokes the Registry utility Viewing Registry Information ExamplesNamed customer1 Timestamp.xml To Run the Compare Registries Utility from a Command Line Using the Compare Registries Utility from a Command Line140 Compare, comp By SRC =141 142 Compare Registries Examples Cases these may not be identical instances How to Use the Log Groups Utility from a Command LineApply 143 Using the Log Groups Utility from a Command Line To Run the Log Groups Utility from a Command LineEnter lgtool 144 145 Rl logname Lsl Lgdesc description Closelg Lslg Creating a Log Group Examples Repository Renameloggroup, renlg146 To Run the Log Collection Utility from a Command Line How to Use the Log Collection Utility from a Command LineUsing the Log Collection Utility from a Command Line Enter lctool Lcdesc Seticmbinary, bin Ccolreq Specifies the new collections nameEndtime 148 149 Downloadlog, download Log Collection Examples As your application server150 151 152 153 Part 6 Using Cisco Common Tools 154 Call Routers but can X be run from any ICM component Vrutrace Use to output tracing information from a Voice Utility Description Name155 156 How to Use the CICMan Utility Using Cisco Common ToolsTo Access CICMan from the Dashboard 157 To Access CICMan from a Command Line on a Node Using CICMan Command line Options158 How to Use the CTITest Utility To Access CTITest from the Dashboard159 To Access CTITest from a Command Line on a Node Using CTITest Configuring160 Using CTITest Opening a Session Using CTITest Logging161 Below is list of frequently used commands in CTITest Command Parameters162 To Access DBDiff from the Dashboard How to Use the DBDiff UtilityCommand 163 To Access DBDiff from a Command Line on a Node How to Use the DumpCfg UtilityUsing DBDiff 164 To Access DumpCfg from the Dashboard How to Use the Icmdba UtilityTo Access DumpCfg from a Command Line on a Node Using DumpCfg Accessing Icmdba How to Use the MPTrace UtilityTo Access MPTrace from the Dashboard To run MPTrace from the Support Tools Dashboard To Access MPTrace from a Command Line on a Node Using MPTrace Command Line Options167 To Access Nicroi from the Dashboard How to Use the Nicroi UtilityTo Access Nicroi from a Command Line on a Node 168 Using Tracing in Nicroi Capturing Nicroi Data to niclog.xxx169 Capturing Nicroi Data to Roilog.txt Copying Nicroi Log Files170 Setting the Download Directory How to Use the NMStart UtilityTo Access NMStart from the Dashboard Transferring Files To Access NMStart from a Command Line on a Node How to Use the NMStop UtilityUsing NMStart To Access NMStop from the Dashboard To Access NMStop from a Command Line on a Node How to Use the OPCTest UtilityUsing NMStop To Access OPCTest from the Dashboard To Access OPCTest from a Command Line on a Node Using OPCTest174 175 Example Debug Information176 To Access Procmon from the Dashboard How to Use the Procmon UtilityUse the quit command to exit OPCTest Exiting and Quitting OPCTest To Access Procmon from a Command Line on a Node Using ProcmonProcmon Basic Commands How to Use the RTRTrace Utility Procmon Process-Specific and Troubleshooting Commands179 Accessing RTRTrace How to Use the RTTest UtilityTo Access RTTest from the Dashboard 180 To Access RTTest from a Command Line on a Node Using RTTest181 Status Output Process Process LastStateChange LastHeartBeat182 Transfer to the other side Equipment use UTC time as a common time referenceSignifies that the process is running fine Process synchronized Status Output Controller With the ICM call routerDate Current date Time Current local time ICM peripheral gateway Status Output PeripheralBeen established with the ICM peripheral gateway Data are sent to the ICM peripheral gateway 186 Parameter Descriptions 187 188 Turning up ICM Call Router Tracing with RTTest 189 Turning Off Debug Tracing in RTTest How to Use the VRUTrace Utility How to Use the SS7NICTrace UtilityAccessing SS7NICTrace To Access VRUTrace from the Dashboard Using VRUTrace Command Line Options To Access VRUTrace from a Command Line on a NodeVRUTrace Examples 191 192 Utility Name Description Systems193 194 195 Their properties Eventtriggers Network Logman196 TasklistCSV Displays a list of applications and services Tasklist Displays a list of applications and servicesProperties, such as RAM, disk space, Network cards Taskkill 197 198 Arp -a Using 3rd Party Common ToolsCat Use the CAT utility to display, print, and combine files To Access CAT from the Dashboard Using CAT Command Line Options200 Using Chmod Command Line Options To Access Chmod from the DashboardChmod Use the Chmod utility to set file permissions Using CP Command Line Options To Access CP from the DashboardUse the CP utility to copy files 202 203 To Access DF from the Dashboard To Access Diff from the Dashboard Using DF Command Line OptionsDiff 204 205 Using Diff Command Line Options To Access DU from the Dashboard Using DU Command Line Options206 Using FGrep Command Line Options To Access FGrep from the DashboardFgrep 207 To Access Findstr from the Dashboard FindStr208 209 Using Findstr Command Line Options To Access Grep from the Dashboard Grep210 211 Using Grep Command Line Options Using Head Command Line Options To Access Head from the DashboardHead 212 IPConfig /all Count defaults to213 214 To Access Isql from the Dashboard Using Isql Isql uses the following options215 To Access LS from the Dashboard Accessing ISQL/WUse the LS utility to view directory listings 216 217 Using LS Command Line Options To Access MV from the Dashboard Using MV Command Line Options218 To Access NBTStat from the Dashboard NBTStat219 Using NBTStat Command Line Options Net Session220 Net Statistics Server To Access NetStat from the DashboardNet Statistics Workstation NetStat To Access NSLookup from the Dashboard Using NetStat Command Line OptionsNSLookUp 222 To Access PathPing from the Dashboard Using NSLookup Command Line OptionsUsing PathPing Command Line Options PathPing Using Ping Command Line Options To Access Ping from the DashboardPing Options for Ping are 225 PStat Using RM Command Line Options To Access RM from the DashboardRoute -PRINT 226 Using Stopshut Command Line Options To Access Stopshut from the DashboardShutdown Tool StopShut To Access Strings from the Dashboard Accessing SqlewStrings 228 To Access Tail from the Dashboard Using Strings Command Line OptionsTail 229 To Access Touch from the Dashboard Using Tail Command Line OptionsTouch 230 231 Using Touch Command Line Options Using Tracert Command Line Options To Access Tracert from the DashboardTo Access WC from the Dashboard Tracert To Access Which from the Dashboard Using WC Command Line OptionsWhich 233 Using Which Command Line Options Winmsd234 Accessing WinMSD BootcfgqryDisplays the Boot.ini file settings of the selected system NetshDump Defragreport To Access Eventtriggers from the DashboardDriverquery Eventtriggers To Access Logman from the Dashboard Using Eventtriggers Command Line OptionsGetmac Logman 238 Logman Command Line options 239 Openfiles Relog240 To Access Relog from the Dashboard Using Relog Command Line Options241 242 Answer yes to all questions without prompting Examples To Access Schtasks from the Dashboard Schtasks243 Using Schtasks Command Line Options SysteminfoTable244 SysteminfoCSV SysteminfoListTaskkill 245 Eq, ne Eq, ne Service nameEq, ne Image name Eq, ne, gt, lt, ge, le PID value Tasklist TasklistTableTasklistCSV 247 248 249 Part 8 Reference 250 251 Starting and Stopping Support Tools Server/Node Processes How to Stop and Start the Support Tools Server How to Enable/Disable the Stpa ProcessHow Stop and Start the Node Agent Service 252 253 254 How to View Support ToolsInstall Logs How to View Support Tools LogsHow to View Support Tools Server and Stna Log Files How to View Stpa Log Files 256 How to Examine Your IPSec Policy IPSec Settings and ProceduresSelect the IP Security Policy Management snap-in 257 How to Verif the PreShared Key How to Enable/Disable the IPSec Policy258 259 260 261 How to Modify the Login Screen Disclaimer 262 263 How to Confirm the Support Tools Build Number 264 Installation Problems Support Tools TroubleshootingInstall Hangs Support Tools Fails to Install Support Tools Installs Disabled Dashboard TroubleshootingConnection Problems Services are not created and/or do not start Can Access Dashboard Login Page but cannot log Login ProblemsIncorrect or invalid username or password entered Re-enter username and password as follows Network Users Error When Selecting Host Utility ProblemsSupport Tools Server fails to connect to the Node Agent Local Users Error Processing Request Utilities Missing269 Error Processing Request Dashboard ProblemsDashboard Will Not Load Dashboard Online Help Does Not Display Popup blockers enabled on client machine Dashboard online help does not display when selectedDisable popup blocking 271 272 Index Index