 Old Advance Man
Humble Servant
Posts: 4041
Loc: USA
Post Rank (AVG):
FMP: 11 Advanced
OS: Cross Platform
Member: Platinum
Skill: Certified Trainer
Certified:
    
 FMPug
 Tweet This Post!
|
OS Level Scripting and Account Privileges: A New FileMaker Server® 11 Feature
By:
Wim Decorte and Steven H. Blackwell
FileMaker Server and FileMaker Server Advanced both allow for the running of OS level scripts such as VB Scripts, Windows batch files, Shell scripts and AppleScripts. FileMaker Pro developers must manage privileges that such scripts require to execute properly in these instances. Because they are triggered by FileMaker Server they run in the Local System bubble on Windows and the fmserver bubble on Macintosh. Frequently these accounts do not have privileges that the OS level script needs to perform the action a developer might assign it. A frequently encountered example is copying files from the FileMaker Server machine to some other location on the network.
While there have been workarounds to address this issue, often times they are complex and convoluted. In the just released FileMaker® Server 11 Advanced, FileMaker, Inc. added the ability to specify alternate Accounts (and therefore alternate privileges) for OS level scripts. This however raises several new questions. We want to offer some suggestions for best use of this new feature.
1. What is an OS level script?
Both Windows and Mac support various types of OS level scripts; these are typically plain text files containing a few lines of executable code saved with a specific extension so that the Operating System knows how process them.
They can range from simple commands contained in Windows batch files (with either the .BAT or .CMD extension) and Shell scripts on Mac (with the .sh extension) to very complex code in VBscript and PowerShell scripts on Windows and AppleScripts on Mac.
Note that FileMaker Server supports these kinds of OS-level script to be executed from a FileMaker Server schedule:
- batch / command files on Windows
- VBscripts on Windows
- Shell scripts on Mac
- AppleScripts on Mac
2. What is a system level account and why is it needed?
By default FileMaker Server runs under the “Local System” account on Windows and under the fmserver account on Mac. This is done so that security can be kept tight and controlled and to avoid having to use custom accounts that need to be documented and potentially need to be maintained (frequent password changes, account expiration,…).
Using the Local System account (Windows) and the fmserver account (Mac) is the safest possible deployment. It also allows for the FileMaker Server executable to be run with no user actively logged into the server machine, thus enhancing security and performance.
3. What privileges does an alternate Account need to have vis a vis FileMaker Server itself?
Depending on the task that you are automating with the OS-level script, you may require your script to create, copy or move files from different areas on the FileMaker Server machine or from across the network.
On Windows the “Local System” account can reach all files and folders on its own machine but not on the network. On Mac, the fmserver account has even more strict privileges in that it will not be able to create or copy files in folders that it has not been explicitly given rights to, even on the FileMaker server itself.
Rather than changing the account that the FileMaker Server service runs under on Windows or giving the fmserver account or the fmsadmin group access to folders and files outside the normal FileMaker Server folder structure, using FileMaker Server 11 you can now specify explicit credentials to use for FileMaker Server schedules that run OS-level scripts (either by themselves or as part of a script sequence).
4. What are some examples of actions these OS level scripts can now perform more easily than was the case in the past?
The most common command actions in OS-level scripts are pulling files from across the network to the FileMaker Server machine for nightly import routines. Or the reverse, scheduled exports from FileMaker Server that need to be pushed to a network share.
5. Where can I learn more about OS level scripts in FileMaker® Server 11 and FileMaker Server 11 Advanced?
FileMaker Server schedules that use OS-level scripts are covered extensively in VTC’s FileMaker Server video training tutorial [http://www.vtc.com]. Any questions you may have can always be posted to the FileMaker Server section of fmforums.com or the excellent RealTech mailing list.
 Attachment:(21.59 KB)  Steven H. Blackwell
Platinum Member, FileMaker Business Alliance
Partner Member, FileMaker Solutions Alliance (1997-2007)
FileMaker 11 Certified Developer
FileMaker 10 Certified Developer
FileMaker 9 Certified Developer
FileMaker 8 Certified Developer
FileMaker 7 Certified Developer
FileMaker Authorized Trainer 9|10|11
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com |
|
JerrySalem
journeyman
Posts: 275
Loc: Philadelphia PA
Post Rank (AVG):
FMP: 11 Advanced
OS: Cross Platform
Skill: Expert
FMPug
Tweet This Post!
|
In response to Old Advance Man
Using this technique can I get FMS11 to create an instance of Filemaker Client under a different account? (using a batch or applescript)
This would be big, I could get rid of the last remaining Robot machines!
Jerry Salem
IT Solutions, Inc.
--
If not now... When? |
|
Old Advance Man
Humble Servant
Posts: 4041
Loc: USA
Post Rank (AVG):
FMP: 11 Advanced
OS: Cross Platform
Member: Platinum
Skill: Certified Trainer
Certified:
FMPug
Tweet This Post!
|
In response to JerrySalem
I don't think so. This feature is for OS level scripts.
Steven
Steven H. Blackwell
Platinum Member, FileMaker Business Alliance
Partner Member, FileMaker Solutions Alliance (1997-2007)
FileMaker 11 Certified Developer
FileMaker 10 Certified Developer
FileMaker 9 Certified Developer
FileMaker 8 Certified Developer
FileMaker 7 Certified Developer
FileMaker Authorized Trainer 9|10|11
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com |
|
BrentHedden
master
Posts: 392
Loc: San Diego, CA
Post Rank (AVG):
FMP: 11 Advanced
OS: Windows XP
Member: TechNet
Skill: Advance
Certified:
  
Tweet This Post!
|
In response to Old Advance Man
That would be nice Jerry, as I'm having to do the same thing as you are (robot machine) to create PDF reports.
But unfortunately, Stephen is right. It's just to run the OS batch files under a certain account. Which is a big deal, especially if directory access is limited to certain accounts or other restrictions.
|
Toadster
novice
Posts: 7
Loc: Portsmouth NH
FMP: 11 Advanced
OS: Windows 7
Skill: Intermediate
Tweet This Post!
|
 This is Toadster's fourth post.
Hi,
FileMaker Pro 11 Advanced
Windows 7
Intel i5
2.53 GHz
Installed Memory 4 GB
62 Bit Operating System
I have this FileMaker Pro 11 Advanced database and then I launch it I get this massage:
FileMaker cannot share files because another user is already sharing files using FileMaker Pro on this computer.
What is happening?
Steve
|
