HPE Community
Server Management - Systems Insight Manager
1833167 Members
3286 Online
110051 Solutions
New Discussion

Re: Domain account to run services on?

 
Allister_2
Occasional Advisor

‎09-06-2005 04:58 AM

‎09-06-2005 04:58 AM

Domain account to run services on?

I have a small domain with three servers and a few clients. I've installed SIM5 for windows on my Small Business Server 2003 server. I used my credentials for all of the services during the install.

Is there a doc somewhere that will tell me how to create a domain account and secure it so that it can be used by all of these services? I don't want to create some domain admin account and have services running with all of those access rights.

I just want to make an account for these things with the rights that they need.

If anyone has any helpful information for me, I'd love to hear it.

Thank you for your time,

-Allister
0 Kudos
Reply
6 REPLIES 6
Pat Wilson_1
Valued Contributor

‎09-06-2005 08:01 AM

‎09-06-2005 08:01 AM

Re: Domain account to run services on?

You can make any kind of domain account as long as it has administrative rights on the CMS server. Due to some security concerns here, I installed HPSim using a machine-local account that is a member of the local administrators group. Since it is a local account, it doesn't even appear in domain user listings. This works fine for us.
0 Kudos
Reply
Allister_2
Occasional Advisor

‎09-06-2005 09:59 AM

‎09-06-2005 09:59 AM

Re: Domain account to run services on?

Hm, since you specified a local account, is your install working with other machines or does it only manage itself?

I thought that if the services were not running as a domain admin account that it wouldn't be able to access other servers and all that.

0 Kudos
Reply
Pat Wilson_1
Valued Contributor

‎09-07-2005 03:29 AM

‎09-07-2005 03:29 AM

Re: Domain account to run services on?

HPSim communicatres with the client agents via SNMP. You need a read-only community for HPSim to receive notifications, and a read-write or read-create community for HPSim to manage the clients.

If I deploy a PSP or something similar, then I supply domain or remote-local administrator credentials at that time. Otherwise all the HPSim services run as the local user on the CMS.

I am using a local MSDE database, and OpenSSH to run custom commands for paging (TeleAlert).
0 Kudos
Reply
Allister_2
Occasional Advisor

‎09-07-2005 04:19 AM

‎09-07-2005 04:19 AM

Re: Domain account to run services on?

Cool, thanks for the info. :-) So basically any time that more credentials are needed it will ask you for them before you do the action?
0 Kudos
Reply
Pat Wilson_1
Valued Contributor

‎09-07-2005 05:27 AM

‎09-07-2005 05:27 AM

Re: Domain account to run services on?

Yup. That's my experience with it.

Once the 'Initial Proliant Support Pack' is installed (<-this will prompt for credentials), and configured to 'Trust by Certificate', you are rarely challenged if you work from the CMS. The client agents run as 'Local System' and report all the required info, or set thresholds as required.

Good Luck !!
0 Kudos
Reply
Allister_2
Occasional Advisor

‎09-07-2005 05:43 AM

‎09-07-2005 05:43 AM

Re: Domain account to run services on?

Hm, I have this installed on a DC so I don't think I'll be able to create a local account. I guess I could create a local domain user account and then take away that users ability to log on remotely or at the console. Think that would be ok? I just really don't want these services running as me or some general domain admin account.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.