- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- iLO 1.50 Directory Authentication - AD Domain Admi...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-04-2004 06:18 AM
тАО01-04-2004 06:18 AM
It appears, from my testing, that if a user is a Windows Domain Administrator, that they have full iLO admin rights, regardless of them being any role member.
If I remove their domain admin rights and verify they aren't in any iLO roles, iLO doesn't even let them login, which is what I would expect.
I also verified that the domain admins group wasn't a member of any iLO role, or role group.
I find this troubling, since I don't want all domain admins to always have full iLO admin rights.
Have I misconfigured something, or is this the desired HP behavior?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2004 02:50 AM
тАО01-05-2004 02:50 AM
Re: iLO 1.50 Directory Authentication - AD Domain Admins access?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2004 02:55 AM
тАО01-05-2004 02:55 AM
Re: iLO 1.50 Directory Authentication - AD Domain Admins access?
For non-domain admins the role access method is in force. I can send a screen shot of the directory test to a private e-mail address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2004 11:09 AM
тАО01-05-2004 11:09 AM
SolutionAdministrator from being included in a specific role, which happens because the Administrator has the rights to read the role object as it's owner. You can solve the problem by:
1) Changing the owner of the role to something other than the Administrators Group; perhaps a specific administrator. This may be the best solution.
2) Removing the "read" rights granted to administrators (often the "Creator/OWNER" security principal) on the security tab of the role object.
3) Adding a specific "Deny" "read" for that user to the role, using the security tab of the role object.
4) Adding a "Deny" "read" or removing "read" rights for the particular "hpqLOMRight*" attributes of the role object, using the "Advanced" features of the security tab of the role object. This has the advantage of allowing the administrator to manage the membership and restrictions of the role (though not the rights assigned), without granting them rights.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2004 01:41 PM
тАО01-15-2004 01:41 PM