DSRAZOR for GroupWise
Auditing and administration of GroupWise's configuration as well as some important administrative functionality is supported sparsely or not at all. The following details how DSRAZOR for GroupWise enhances, refines and supplements your ability to audit and administer your GroupWise installation. DSRAZOR for GroupWise has been designed for GroupWise versions 5.5 through 12.0.
Auditing GroupWise Accounts
Auditing your GroupWise installation requires knowing how the accounts are defined and being used. When auditing GroupWise, the following are of particular value:
- Proxy access assignments
- Disk space in-use, threshold and number of messages
- Date of last account login
- Accounts that have no password assigned
Refining GWCHECK's output
Inspection of your GroupWise installation is enabled by the GWCHECK utility that is included by default with GroupWise. With this tool you can perform many important functions. You may already be familiar with it and its use.
An important function provided by GWCHECK is its ability to report the details of all accounts including proxy access assignments, disk space in-use, number of messages, and date of last account access/login of each.
Due to the comprehensive "all or nothing" nature of GWCHECK's reporting, its report output for 200 GroupWise accounts can easily run in excess of 100 megabytes! This output size is attributed to the inclusion of all varieties of account activity. For an account that has been in-use for a while the output can easily exceed 1MB of data. The result is complex and cumbersome data that is not readily usable.
Imagine viewing and using an unformatted GWCHECK report in excess of 100 megabytes, it can be very challenging. The abundance of data and its formatting as generated by GWCHECK can essentially render its manual processing useless.
Proxy access assignments
GroupWise's proxy access assignments provide the ability to grant specific rights between different accounts. These assignments include:
- READ: Mail/Phone
- WRITE: Mail/Phone
- READ: Appointments
- WRITE: Appointments
- READ: Reminder Notes
- WRITE: Reminder Notes
- READ: Tasks
- WRITE: Tasks
- SUBSCRIBE to my alarms
- SUBSCRIBE to my notifications
- MODIFY options/rules/folders
- READ items marked private
There are two primary methods to obtaining GroupWise proxy access assignments. The first is to login to each account and manually check the proxy access assignments; this method requires knowledge of the account password. The second is to use GWCHECK to create a report.
The data format of GWCHECK's output regarding proxy access assignments is difficult to use for two reasons, (1) it is intermixed with other output regarding the particular account which means you must examine the entire output for each account, as mentioned earlier this can easily exceed 1MB per account; (2) the proxy access assignment data is confusing due to the use of numbers to represent access privilege values, in preceding example the access privileges are described by numeric values.
When you use DSRAZOR for GroupWise, the output is formatted to be more user friendly. The output can have rules set that can help you quickly identify those accounts that contain specific access assignments such as those that allow writing to other accounts.
Disk space in-use, threshold and number of messages
The details regarding disk space in-use, disk space threshold and number of messages in the INBOX, OUTBOX and WASTEBASKET are revealed by GWCHECK. the "User stats" line does not indicate the user/account name being detailed. This name is revealed once, at the top of the particular account's listing which requires "backing up" through 1MB or more of data to obtain. Therefore, manually connecting the GWCHECK report output user/account name to its disk space data can be a daunting challenge.
When you use DSRAZOR for GroupWise, the output is formatted to be more user friendly. Each of the columns can be sorted and rules can be applied to report just those accounts of interest whether they be using excessive amounts of disk space with no threshold set or simply have a very high number of "trash" messages.
Date of last account login
Determining the last date of activity of your GroupWise accounts requires GroupWise 6.0 through 12.0, earlier versions do not provide this functionality. To view the last date of activity, use the Audit Report option within GWCHECK.
DSRAZOR for GroupWise will extract the last date of activity for each of your GroupWise accounts by automatically running GWCHECK. In addition to providing a more user-friendly view of the last date of activity, for instance, making the last activity date sortable, each account displayed can be acted upon. For instance, the account can be deleted or you can reset its password. This ability to take action directly from the report is one of the most powerful features of DSRAZOR for GroupWise.
Accounts that have no password assigned
Within GroupWise there is no setting that requires each account to have a password. And, because the GroupWise account password is not inextricably linked to any other agent (such as eDirectory, Active Directory and so on), it is entirely possible for accounts to have no password and for you to not know it.
GroupWise accounts that do not have a password can result in unintended security consequences. DSRAZOR for GroupWise provides you with the ability to scan and test each account to find those that do not have a password. You decide the action to take regarding those accounts with no password. For instance, from the same report that reveals such accounts you can immediately assign a password.
Incorporating DSRAZOR for GroupWise into your GroupWise toolset will complement your ability to successfully audit your GroupWise installation.