- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: Security abnormality with domain administrator...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2008 05:14 AM
тАО07-15-2008 05:14 AM
We discovered in our testing environnement that domain administrators do not need to be in any hp roles to have full access to remote lights-out management. Is there a way to counter this phenomenon ?
We have certain persons in our production environnement that need to have domain administrators rights for certain reasons, but we do not want them to have access to the remote lights-out management.
Thanks in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2008 06:34 AM
тАО07-15-2008 06:34 AM
Re: Security abnormality with domain administrators
For more information Page 130:
http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c00553302/c00553302.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2008 07:33 AM
тАО07-15-2008 07:33 AM
Re: Security abnormality with domain administrators
We're using HP extended schema. We created various hp roles with different rights to test the different security issues we encountered with the active directory integration. Everything works fine. If a user isn't in the right hp role, he doesn't have the rights to do the things he want while logged on the remote lights-out card.
The abnormality we discovered is that even though a user with domain administrative rights isn't in any of our hp roles, he still has full power over any of the remote lights-out card that is integrated in the active directory.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2008 08:31 AM
тАО07-15-2008 08:31 AM
SolutionThe Directory Administrators and role creators have implicit ability to read the role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2008 09:10 AM
тАО07-15-2008 09:10 AM
Re: Security abnormality with domain administrators
Thanks again for your help acartes.