This file holds the site parameters for this installation of the Kernel. It will have only one entry -- the domain name of the installation site. Some parameters are defined by the systems manager during the installation process. These include Agence, volume set multiple, Default parameters. Others may be edited subsequent to installation. Spooling, response time, and audit parameters may be established. Priorities may be set for interactive users and for TaskMan. Defaults for fields such as timed read, auto menu, and ask device are defined for use when not otherwise specified for a user or device.
.001number11Used to have VA fileman only have one entry in the file.
.01domain name(+)0;1POINTER4.2BThis is the name of this installation of the kernel, as it is known to the rest of the network. It must appear in the DOMAIN file. This name applies to all CPUs or Volume sets which access this ^XMB global.
.02irm mail group(+)0;2FREE TEXTThis field holds the name of the Mail Group that should get messages or bulletns about problems on the system.
.03after hours mail group0;3FREE TEXTThis field holds the name of a mail group that should get messages and bulletins after hours or on weekends and holidays.
.05mixed os0;5SET OF CODES0:No
This field tells Kernel that this is a MIXED OS environment. This is only supported on a Cache ECP client/server setup. The PRIMARY OS is VMS and the SECONDARY OS is non-VMS.
.07local tmp0;7BOOLEAN0:No
Set this field to Yes if ^TMP, ^UTILITY, and ^XUTL("XQ") are local to each node in a multi-node system as in Cache. Set it to No if everything is clustered together.
9agency code0;8SET OF CODESV:VA
This field defines what agency uses this computer. It sets a flag which may be accessed by application programs which need to know this information. For example, a scheduling program may operate one way in an Air Force environment, and another in a VA environment.
9.8routine monitoringRM;1SET OF CODESn:No
This field controls how the routine monitoring program behaves. Weather to look at all routines or just selected name spaces.
9.81routine n-space to monitorRM1;0MULTIPLE8989.309
11auto-generate access codes3;1BOOLEANn:NO
If this field is set to YES, then the user will not be allowed to choose their ACCESS CODE - it will be assigned for them.
11.2auto-generate verify codes3;3BOOLEANn:No
During the C&A review of VistA the current practice of leaving the VERIFY CODE blank until the user signed on the first time was found to not comply with VA DIRECTIVE 6504. This field will be used when someone other than the user goes to enter a verify code. The system will select a strong verify code and tell the operator what the new code is.
12user characteristics template3;2POINTER.402This field contains the name of the input template to be used for the EDIT USER CHARACTERISTIC option. If there is a ScreenMan form with the same name it will be used, terminal type permitting. If it is left blank, the XUEDIT CHARACTERISTICS template will be used. You may want to define different fields. The TERMINAL TYPE question is asked before the template is called.
13academic affiliation waiver3;4BOOLEAN0:No
The VA Handbook 6500 page 60 requires: 6. POLICY AND PROCEDURES, c. Technical Controls, (2) Logical Access Controls. d. Accounts are automatically disabled if inactive for 30 days. The Office of Academic Affiliation requested a waiver to the 30 day disabling of inactive accounts asking it be 90 days and this waiver was approved. This field controls if the VA Handbook 6500 30 day limit is used or the site has an Academic Affiliation and the 90 day limit is to be used. There is a copy of the waiver attached to Remedy Ticket 283028.
19option audit19;1SET OF CODESn:NO AUDIT
This field indicates what should be audited between the 'Initiate Audit' date and 'Terminate Audit' date fields. The 'Option to Audit' Subfile along with the 'Namespace to Audit' Subfile hold the lists of specific options that would be audited (choosing "s"). The 'User to Audit'
19.1option to audit19.1;0MULTIPLE8989.36This subfile holds a list of options to audit.
19.2namespace to audit19.2;0MULTIPLE8989.35This subfile holds a list of namespaces to audit.
19.3user to audit19.3;0MULTIPLE8989.34This subfile holds a list of users to audit.
19.4initiate audit19;2DATE-TIMEThis field indicates the date when an audit will begin. The 'Option 'Audit' Field defines the nature of the audit that will be performed. Auditing will only be done if there is both a 'Initiate Audit' and 'Terminate Audit' data.
19.5terminate audit19;3DATE-TIMEThis field indicates when the audit will end. The start date is set in the 'Initiate Audit' Field.
21new person identifiersNPI;E1,245FREE TEXTThis field holds MUMPS code to set the variable DR to the string of fields (Not a template) to be used as Identifiers when adding entries to the NEW PERSON file. #9 (SSN) is required if the user does not hold the XUSPF200 key. These fields can be added to by the application.
30.1ccow token timeout30;1NUMERICThis field holds the value for how long a CCOW token is good for in seconds. When the current time is greater that the CCOW token create time plus the timeout seconds, the CCOW token will no longer be valid. If this value is too small (short) users will be frustrated that the SSO part doesn't work. If the value is too large (Long) there is a chance that it could be used to break into the system. A default value of 5400 (1.5 hours) will be used.
31.1max spool lines per userSPL;1NUMERICThis field holds the MAX number of lines of spooled output any user may spool. If the user has more that this number then they will not be allowed to spool any more until some of their spooled documents are deleted. This only controls the granting of new spool documents and doesn't terminate a the number of lines that will be transfered into the spool data file. Recommended value 9999.
31.2max spool documents per userSPL;2NUMERICThis field limits the number of spooled documents that any user may have on the system. Recommended value 10-100.
31.3max spool document life-spanSPL;3NUMERICThis field controls the number of days that a spooled document will be allowed to remain in the spooler before deletion by the XU-SPL-PURGE option that needs to be setup to run in the background.
32alpha/beta test packageABPKG;0MULTIPLE8989.332This multiple field is used to identify any packages which are currently in alpha or beta test at the site.
33alpha,beta test optionABOPT;0MULTIPLE8989.333This is a multiple field which is used to keep a log of usage of the options associated with an alpha or beta test of a package based on the namespace(s) indicated for the alpha or beta test package.
41volume set4;0MULTIPLE8989.304This is the set of all CPU names in this domain.
51dns ipDNS;1FREE TEXTThis field holds the IP addresses of the DNS(s) that XLFNSLK will use. Data must be in the form of nnn.nnn.nnn.nnn To list more that one separate them with commas (,).
53.1pki serverIP1;1FREE TEXTThis field holds one to three IP addresses for the PKI servers for this site. Each IP address is separated by comas. Example:,
101path to mwapi bitmaps101;1FREE TEXT
202default # of attemptsXUS;2NUMERICThis is the default number of attempts that a user may try to sign-on before the device is locked. This field is overridden by a similar field in the DEVICE File. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. The maximum value (5) is set by the VA INFORMATION SYSTEM ACCOUNT AND PASSWORD MANAGEMENT POLICY.
203default lock-out timeXUS;3NUMERICThis is the default time in seconds that a locked device must be idle before another sign-on attempt will be allowed. This time is overridden by a similar field in the DEVICE File. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. The minimum value is set by the VA INFORMATION SYSTEM ACCOUNT AND PASSWORD MANAGEMENT POLICY.
204default multiple sign-onXUS;4SET OF CODES0:NO
2:Only one IP
This is the default value for whether users may sign-on at more than one terminal at a time. It is overridden by similar fields in the DEVICE and NEW PERSON Files. If you select "Only one IP" be sure to put a value into the "MULTIPLE SIGN-ON LIMIT" field so users can sign-on at least once. Current Values 0 = Multiple signon not allowed. 1 = Multiple signon Allowed. 2 = Multiple sign only allowed from one IP address.
205ask device type at sign-onXUS;5BOOLEAN0:NO
This is the default for whether a user/terminal should be asked for their terminal type at sign-on. This is overridden by a similar field in the DEVICE and NEW PERSON Files. terminals DEVICE ATTRIBUTES message, if it is a know one then the terminal type is set to this. Otherwise the user is prompted. If set to NO then the one from the Last Sign-on field or device subtype will will be used.
206default auto-menuXUS;6BOOLEAN0:NO
This is the default for whether auto-menu is turned ON or OFF. It is overridden by similar fields in the DEVICE and NEW PERSON Files.
207default languageXUS;7POINTER.85This field points to the default language that is used by the site. The value can be replaced by a language field in the New Person file (200.07).
209default type-aheadXUS;9BOOLEANN:NO
This is the default as to whether or not Type-Ahead is allowed. It is overridden by similar fields in the DEVICE and NEW PERSON Files.
210default timed-read (seconds)XUS;10NUMERICThis is the default time-out for all READs and is overridden by similar fields in the DEVICE and NEW PERSON Files.
211bypass device lock-outXUS;11BOOLEAN0:NO
Setting this field to YES will cause all device lock-out checking to be bypassed. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. Can be overridden by the PERFORM DEVICE CHECKING field in the
*** This field is NO longer used. ***
212.1device to audit8989.33;0MULTIPLE8989.33If device auditing is activated, This holds a list of devises that are to be audited.
212.5failed access attempt auditXUS;14SET OF CODESA:ALL DEVICES/NO TEXT RECORDED
This field indicates whether an audit log is to be generated for failed access attempts. Audits can be done for all devices or specified devices only. Recording of what is entered is optional.
This field is reserved for future use.
214lifetime of verify code(+)XUS;15NUMERICThis is the number of days that a VERIFY code remains valid. After this time the user must choose a new VERIFY code.
216interactive user's priorityXUS;16NUMERICThis field will change the priority of interactive users on the system at sign-on time. There is a danger that using this field will cause the users to have poor response time from the computer.
217default institution(+)XUS;17POINTER4This field is used to define a default institution that will be assigned as the user's institution (DUZ(2)) for any user that doesn't have one. Other Developers are allowed to get this data directly from the
218default auto sign-onXUS;18SET OF CODES0:No
This field will control the Auto Sign-on (Single Sign-on) feature. To completely turn off this feature for all users: set to DISABLED. To allow only selected users: set to No. To allow ALL but selected users: set to Yes. The Yes and No values can be over ridden by the AUTO SIGN-ON field in the New Person file. Use of this feature impacts user connecting via Telnet and the Broker.
219default multiple sign-on limitXUS;19NUMERICThis field sets an upper limit on the number of concurrent sessions that one user can have from one IP address when the Multiple Sign-on field (#204) is set to "One IP"
230broker activity timeoutXWB;1NUMERICThis field controls how long the Broker server waits (in seconds) for some activity from the client. Its value is passed to client applications compiled with version 1.1*6 and above of the Broker. The client application will contact ("poll") the server at an interval based on this field's value to let the server know it is still there. If a client stops polling the server, the server knows that the client process has terminated. The "ghost" server job is therefore stopped, enabling locks and other resources to be freed. A small timeout value in this field creates more server and network activity. A large value leaves ghost jobs on the server longer. We recommend setting it to a value of 180 seconds as a good compromise.
231gui post sign-onXWB;2SET OF CODES0:Don't Send/Show
This field will control if the POST SIGN-ON message is sent to the GUI client. If it is sent then the GUI client should display the message before allowing the user to continue.
240intro messageINTRO;0WORD-PROCESSINGThis field holds the text that is initially displayed at signon, before the prompt for access code or other checking.
245post sign-in messagePOST;0WORD-PROCESSINGThis field holds the text that is displayed after the user has successfully passed the signon.
250peer systemsPEER;1FREE TEXTThis field holds a list of IP addresses that the GETPEER function will not pass back from the API. It is set to by default.
300log resource usage?XUCP;1BOOLEANY:YES
This Yes/No field is used to indicate whether resource usage data such as CPU seconds, DIO, BIO, etc. will be collected in ^XUCP(. If this field is set to "YES", every time a user goes in and out of an option and each time recorded.
320primary hfs directoryDEV;1FREE TEXTThis field holds a Primary (default) directory path to be used whenever a HOST file is referenced and a Directory is not included. Example: Cache/VMS might have USER$:[TEMP] Cache/NT might have T:\TEMP\ Cache/Linux might have /var/tmp/ If this field is left blank then HOST files that don't have an explicit directory path will go to the current processes working directory.
320.2secondary hfs directoryDEV;2FREE TEXTThis field holds the secondary HFS directory path.
321.01facility iso321;1POINTER200This field holds a pointer to the facility Information Security Officer in the NEW PERSON file (#200).
321.02facility cio321;2POINTER200This field holds a pointer to the facility CIO in the NEW PERSON file (#200)
405.1ip security on405;1BOOLEANn:No
This field turns on or off the IP security "Three strikes and you are out" code.
405.12failed attempts limit - irm405;2NUMERICThis field holds the value of how many Failed Attempts must be counted by the XUSFACHK routine before a message is sent to the IRM during normal business hours (8:00 am to 4:30 pm). This can be change by the value in the TOTAL COUNT INCREASE field.
405.13failed attempts limit - aod405;3NUMERICThis field holds the value of how many Failed Attempts must be counted by the XUSFACHK routine before a message is sent to the AOD during after hours (4:30 pm to 8:00 am). This can be changed by the value in the TOTAL COUNT INCREASE field.
405.14user locking405;4BOOLEANn:No
This field controls if Users are locked out of the system because of exceeding the limit on bad attempts. The ACCESS code must be correct so we can identify the user, and it is just the VERIFY code that is being entered wrong.
405.15last run failed attempts check405;5DATE-TIMEThis field holds the date time of the last run of the FAILED ATTEMPTS checking routine (XUSFACHK). This field is filled in by the routine and doesn't need user entry.
405.16default ts slack405;6NUMERICThis field holds a default value for how many times in 10 minutes a Terminal Server can have a sign-on failure (entries in the FAILED ACCESS ATTEMPTS LOG) before it is locked. A default value is 2 is used if no value is entered.
405.17keep threshold405;7NUMERICThis field holds the number of Failed Access Attempts in the current sample period that will cause the count to be saved for the next sample period. This is used by the routine XUSFACHK and the value will need to be smaller for a more frequent running and larger for less frequent running. A starting value could be 10 if XUSFACHK is scheduled to run every 30 minutes.
405.18total count increase405;8NUMERICThis field holds the value to be added to the IRM or AOD limits. If the total number of Failed Access Attempts in the sample period is greater than the IRM (or AOD) limit plus the TOTAL COUNT INCREASE then it will trigger the sending of the failed attempts message.
405.2terminal server ip405.2;0MULTIPLE8989.305
This field holds a flag to indicate if this is a Production account. It is a Yes/No flag with internal values of 1 = Yes, 0 = No. It is set by the system after comparing the System ID with the current System ID, at some point in the future will be checked against a master system.
502system idSID;2FREE TEXTThis field holds the SYSTEM ID, if this is a production system. This value is compared with the current system value and at some point in the future will be checked against a master system.
503sid last checkedSID;3DATE-TIMEThis field holds the date/time that the SID was last checked. If the SID has not been compared with the stored one today a full check will be done, otherwise the PROD api will just return the current value.
504logical disk nameSID;4FREE TEXTThis field holds a logical disk name that is stored in the cache cpf file for client system in a ECP client-server setup.
505physical diskSID;5FREE TEXTThis field hold the Physical disk name that Cache VMS converts the logical name(#504) in to.
520.1error limitZTER;1NUMERICThis field holds the maximum number of a particular error to be recorded on one day. The count will continue in the ERROR SUMMARY file (#3.077) field FREQUENCY (#4) even though the error is not recorded in the error trap. It is used in the $$SCREEN^%ZTER logic to tell the error trap to skip recording the error.
520.2send error summaryZTER;2BOOLEAN0:No
This field controls if the error summary routine sends a record to a consolidating facility when it has finished running. The mail message is sent to the mail group XTER SUMMARY LOAD. In the VA this will include the remote entry G.XTER SUMMARY LOAD@DOMAIN.EXT.
520.3keep error trapZTER;3NUMERICThis field holds the number of days to keep the entries in the Detail Error Trap. Defaults to 7 if left blank.
520.4keep error summaryZTER;4NUMERICThis field holds the number of days to keep the entries in the Error Trap Summary since they were last seen. Defaults to 90 if left blank.
900new person enumeration startedMPI;1DATE-TIMEThis field will note when the New Person File (#200) began the VPID Enumeration Process.
901paid enumeration startedMPI;2DATE-TIMEThis field will note when the PAID EMPLOYEE (#450) file began the VPID Enumeration Process.
902new person enumeration finishMPI;3DATE-TIMEThis field will note when the New Person (#200) file completed the VPID Enumeration Process.
903paid enumeration finishMPI;4DATE-TIMEThis field will note when the PAID EMPLOYEE (#450) file completed the VPID Enumeration Process.

Referenced by 1 types

  1. VDEF PARAMETERS (579.5) -- vdef system