HPE Community
Server Management - Systems Insight Manager
1833017 Members
2164 Online
110048 Solutions
New Discussion

What is possible without domain admin rights?

 
Danny H.
Occasional Contributor

‎12-11-2005 11:40 PM

‎12-11-2005 11:40 PM

What is possible without domain admin rights?

Q: As the company does not want a domain administrator account to be used for SIM, what is possible/not possible without these rights? (using the local admin is also not an option...)

Thanks,
Danny
0 Kudos
Reply
4 REPLIES 4
Maurice Skubski_1
Valued Contributor

‎12-12-2005 01:14 AM

‎12-12-2005 01:14 AM

Re: What is possible without domain admin rights?

not quite sure if i understand you right. you can setup local useres for the SIM Server. You can specify what the users can do in SIM. for the IM Agent discovery, you have to specify the Administrator login for your servers. here you can use the domain accout or the local admin account (you can set it in the defualt discovery field or for each system). hope this helps ...
0 Kudos
Reply
Jim Walsh_2
Frequent Advisor

‎12-12-2005 02:26 AM

‎12-12-2005 02:26 AM

Re: What is possible without domain admin rights?

i'd work something out with your security team to allow a new domain account for specific use by sim

if you cant get administrator rights to the box, sim is worthless
0 Kudos
Reply
Stuart_43
Advisor

‎12-12-2005 07:17 PM

‎12-12-2005 07:17 PM

Re: What is possible without domain admin rights?

With SIM 4.2 you had lots of configuration to do (changing security and xml files etc)if you do not install the software logged in as the local admin. (not sure if this is the same with 5, as far is i'm aware you do not need to be domain admin to install or use the software, but if you wish sim to pull in WBEM info it will need to use a DA account (this is configured under OPTIONS > PROTOCAL SETTINGS > GLOBAL PROTOCAL SETTINGS)
0 Kudos
Reply
Ferry Steenvoorde
Valued Contributor

‎12-12-2005 10:37 PM

‎12-12-2005 10:37 PM

Re: What is possible without domain admin rights?

It depends on what you want.

At least you can use any account that the HPSIM-server is able to resolve.
And you do not have to login on the HPSIM server console. A webpage to https://:50000 is enough to login.

In HPSIM 5, go to Options/Security/Users and Authorizations. Add any new user, whether it is a local account on the HPSIM-server or a domain account.
Then add any required Authorisations for this user:
-Toolbox: "All Tools" (everything) or "Monitor Tools" (read only)
-System group: "All Managed Systems" (everything discovered) or a custom group of systems.

Updating drivers and firmware is only possible if:
-your useraccount has access to "All Tools"
-your useraccount has access to "All Managed Systems", or at least some systems.
-the Managed Systems use Certificates for authorisation. This way any request from the HPSIM-server to the Managed System is Trusted, making separate authorisation unnecessary.

If a useraccount has only "Monitor Tools"-access, he can only read all settings, either on the HPSIM-server or the System Management Homepages on the Managed Systems.

Example:
I've got a hardware manager here that wants to query the HPSIM database for specific customer servers. My HPSIM-server is a standalone server, so I have to create a local account on the HPSIM-server for this hardware manager. This Windows account only has user-rights.
He connects to HPSIM using the webpage, and logs in with the local account I created on the HPSIM-server.
In HPSIM, this user only has "Monitoring Tools" for a specified range of servers (I've filtered out all testservers and other servers that do not belong to the Windows-group). He now can click on almost anything in HPSIM, can create Reports, but is unable to change a single setting anywhere.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.