Controlling access to PCOMM features using Windows Group Policy Editor

IBM Personal Communication (PCOMM) provides many features to improve communication with the host application which can be achieved through menu and toolbar operations. Following are some of the most widely ones:
​

• Edit: Allows to work with the data from/to the green screen
• Settings: Alter Appearance, Setup your own Keyboard mapping, Mouse, Hotspots, etc.
• View: Work with PCOMM look and Menu/Toolbar/Status Bar items
• Communications: Configure Connection with Host
• Actions: Send-Receive Files to/From Host, Record-Playback-Edit Macros, etc.

​These and many other set of features makes PCOMM a very powerful tool and is been used by many mainframe customers for decades. However, with ‘more power comes more responsibility’! Corporates and Government agencies are more careful about data and security than ever! These organizations mandate secure communications to host, by using server-side authentication, client authentication, SSO etc. Still, there looms a danger of un-authorized access, identity theft, allowing imposters to use PCOMM for Sending/Receiving files to/from host, recording/running macro’s which could fetch sensitive data from host, altering host data. There are also chances of accidental data loss caused by un-intentional users.

In order to protect applications from any such security breaches on windows based OS (supported on PCOMM), Microsoft introduced the concept of Group Policies which allows administrators to centralize the management of domain controllers, member servers, and desktops. Thus, increasing the control on what all operations a user can perform on the Domain Computer and acting as an additional layer of securing corporate property.

​IBM Personal Communication supports Windows Group Policy. In this blog we will discuss about how Administrators/Domain Controllers manage features provided by IBM PCOMM.

Pre-requisite:

• Make sure Group Policy Editor (gpedit.msc) is Enabled/Installed on the computer. This can be operated only by domain administrator.
• Download “IBM Personal Communications (PCOMM) <Version> Documentation and Administrative Aids Multiplatform Multilingual” from Passport Advantage.

Steps:
1.    Close PCOMM.
2.    Extract the downloaded Admin Aids zip archive and browse to location                                            “PCOMM_<Version>_Docs_Admin->admin->policy” and copy the path.
3.    From windows machine access gpedit.msc and browse to ‘User                                                        Configuration->Administrative Templates’.

4.       Right click and ‘Add template’. Paste the copied path where Policy files are located.
5.       Based on the Language installation select the appropriate ‘.adm’ fle. For example, select             ‘enupol.adm’ file for PCOMM English installation.

6.       A new tree structure with name ‘Classic Administrative Templates (ADM)’ gets created.
7.       Now here, different directories and Sub-directories can be found, where various                             features/components in PCOMM can be Enabled/Disabled for users.
​

8.     As an example, to Disable the Macro record-playback feature within PCOMM, perform the           following steps.
9.     Browse to ‘IBM Personal Communication->Execution->Macro Play/Record’ and double                 click  on it.
10.   Select ‘Enable’ radio button and in Options Section->” Macro Play/Record” select “No                    access”.

11.       Apply and close the changes and Launch PCOMM

​With these changes PCOMM will not allow Record/Playback facility to the User. This means that Keystroke Recording Or VB Script recording and playback will be disabled for all the users. Attempt to Record/Playback a Macro in PCOMM will prompt user with the following error:

Similarly, other features in PCOMM can be managed by Group Admin Policy.
​

​Avinash Sable
Lead - Lab Services, IBM HACP & HATS
Avinash.sable@hcl.com