Back to Post
| Username | Post: OS Level Scripting and Account Privileges: A New FileMaker Server® 11 Feature | |
|---|---|---|
|
Old Advance Man Humble Servant Posts 4041 
|
03-09-10 05:51 AM - Post#352030
OS Level Scripting and Account Privileges: A New FileMaker Server® 11 Feature By: Wim Decorte and Steven H. Blackwell FileMaker Server and FileMaker Server Advanced both allow for the running of OS level scripts such as VB Scripts, Windows batch files, Shell scripts and AppleScripts. FileMaker Pro developers must manage privileges that such scripts require to execute properly in these instances. Because they are triggered by FileMaker Server they run in the Local System bubble on Windows and the fmserver bubble on Macintosh. Frequently these accounts do not have privileges that the OS level script needs to perform the action a developer might assign it. A frequently encountered example is copying files from the FileMaker Server machine to some other location on the network. While there have been workarounds to address this issue, often times they are complex and convoluted. In the just released FileMaker® Server 11 Advanced, FileMaker, Inc. added the ability to specify alternate Accounts (and therefore alternate privileges) for OS level scripts. This however raises several new questions. We want to offer some suggestions for best use of this new feature. 1. What is an OS level script? Both Windows and Mac support various types of OS level scripts; these are typically plain text files containing a few lines of executable code saved with a specific extension so that the Operating System knows how process them. They can range from simple commands contained in Windows batch files (with either the .BAT or .CMD extension) and Shell scripts on Mac (with the .sh extension) to very complex code in VBscript and PowerShell scripts on Windows and AppleScripts on Mac. Note that FileMaker Server supports these kinds of OS-level script to be executed from a FileMaker Server schedule: - batch / command files on Windows - VBscripts on Windows - Shell scripts on Mac - AppleScripts on Mac 2. What is a system level account and why is it needed? By default FileMaker Server runs under the “Local System” account on Windows and under the fmserver account on Mac. This is done so that security can be kept tight and controlled and to avoid having to use custom accounts that need to be documented and potentially need to be maintained (frequent password changes, account expiration,…). Using the Local System account (Windows) and the fmserver account (Mac) is the safest possible deployment. It also allows for the FileMaker Server executable to be run with no user actively logged into the server machine, thus enhancing security and performance. 3. What privileges does an alternate Account need to have vis a vis FileMaker Server itself? Depending on the task that you are automating with the OS-level script, you may require your script to create, copy or move files from different areas on the FileMaker Server machine or from across the network. On Windows the “Local System” account can reach all files and folders on its own machine but not on the network. On Mac, the fmserver account has even more strict privileges in that it will not be able to create or copy files in folders that it has not been explicitly given rights to, even on the FileMaker server itself. Rather than changing the account that the FileMaker Server service runs under on Windows or giving the fmserver account or the fmsadmin group access to folders and files outside the normal FileMaker Server folder structure, using FileMaker Server 11 you can now specify explicit credentials to use for FileMaker Server schedules that run OS-level scripts (either by themselves or as part of a script sequence). 4. What are some examples of actions these OS level scripts can now perform more easily than was the case in the past? The most common command actions in OS-level scripts are pulling files from across the network to the FileMaker Server machine for nightly import routines. Or the reverse, scheduled exports from FileMaker Server that need to be pushed to a network share. 5. Where can I learn more about OS level scripts in FileMaker® Server 11 and FileMaker Server 11 Advanced? FileMaker Server schedules that use OS-level scripts are covered extensively in VTC’s FileMaker Server video training tutorial [http://www.vtc.com]. Any questions you may have can always be posted to the FileMaker Server section of fmforums.com or the excellent RealTech mailing list.  Attachment:(21.59 KB) 
|
|
|
JerrySalem journeyman Posts 275 
|
03-09-10 09:29 AM - Post#352052
Using this technique can I get FMS11 to create an instance of Filemaker Client under a different account? (using a batch or applescript) This would be big, I could get rid of the last remaining Robot machines!
|
|
|
Old Advance Man Humble Servant Posts 4041
|
03-09-10 11:50 AM - Post#352078
I don't think so. This feature is for OS level scripts. Steven
|
|
|
BrentHedden master Posts 392 
|
03-11-10 10:21 AM - Post#352347
That would be nice Jerry, as I'm having to do the same thing as you are (robot machine) to create PDF reports. But unfortunately, Stephen is right. It's just to run the OS batch files under a certain account. Which is a big deal, especially if directory access is limited to certain accounts or other restrictions. |
|
|
Toadster novice Posts 7 |
06-28-10 07:47 PM - Post#359381
Hi, FileMaker Pro 11 Advanced Windows 7 Intel i5 2.53 GHz Installed Memory 4 GB 62 Bit Operating System I have this FileMaker Pro 11 Advanced database and then I launch it I get this massage: FileMaker cannot share files because another user is already sharing files using FileMaker Pro on this computer. What is happening? Steve |
|
|
|
|