With OpenSSH, you can enforce running only a single command on login on the *server* side; this is what we have done to prevent people from getting any kind of shell access. The good part about this is that you, as a DCS admin, can control this irrespective of any IT anything. We did have to get a patch from Hummingbird/Opentext to make this work with Exceed on Demand, as EoD by default insisted on running some kind of command -- which the OpenSSH server, when configured this way, rightly rejected. I'm not sure if you can pass arguments to said command; we don't need to in our installation. We disable omsets in the /usr/fox/wp/data/[wp51|am]_cmds files based on criteria determined by logic in the login script. However, anyone with graphics building access and sufficient knowledge can create a back door. If you build all the graphics, you control that too, but it's something to think about. Corey Clingo BASF Corp. "Brown, Stanley" <stan.brown@xxxxxxxxxxxxxxxxx> Sent by: foxboro-bounce@xxxxxxxxxxxxx 03/29/2010 08:06 AM Please respond to foxboro@xxxxxxxxxxxxx To "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx> cc Subject Re: [foxboro] disabling sets Good point. What I am planning to do is have the IT supplied terminal server connect using ssh running a specific script. This is the direct analog of "rsh script". I do not expect the user to ever see a prompt for this. Once this script has been run, then the terminal server will run VNC to connect to the appropriate connection. One of the reasons for this is because, since the connection is from a terminal serve, all the connections come from the same IP address. The person working on this from the IT side assures me he can pass as an argument to this script, what I will call, a session number. Thus I can have VNC run on the appropriate point. So, it looks like I can just have this script run the appropriate shell command to disable omsets, right? _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave