Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IBM Director Padlocked systems

Status
Not open for further replies.
Salido165

Salido165

MIS
Dec 2, 2005
2
US
When ever we discover a new system in Director 5.1 as a level 0 System the machine comes in locked. That's ok, but the only way we can unlock the system is by using the Build In Local Administrator account. I am a domain admin and have local admin rights on the box. I have even added my account to the local admins group and I am still unable to unlock the system using my credentials. Has anyone encountered this? How do I get Director to work with members of the Administrators Group not with just the Administrator Account.
 
Sort by date Sort by votes
when you installed director, did you set the services up to run as an account with domain privilages or as the local admin because the local admin account has no authority over other systems?

Stiddy

HTH - Stiddy
 
Upvote 0 Downvote
If you installed it as a local account, simply create a domain account, stop all director services, set the to run as the new account, start all services.

HTH - Stiddy
 
Upvote 0 Downvote
It was installed as a domain user. Does the domain user account that was used to install Director need to be an administrator on all of the servers in our domain?
 
Upvote 0 Downvote
I like service accounts to have as few priveleges as possible, so we installed Director using a local account also, not a domain acount or domain admin account.

You have to way the princible of least privilege againt the usefullness of having IBM director atomaticly have admin controll of boxes it scans. Now boxes running the full agent are already very controllable, it seems that in this case my own windows domain admin credentials I logged onto the Director console with, are used to control agent actions.

The systems we have discovered and are now level 0 clients, I am happy to leave them padlocked untill I need them, and even then, IBM director remembers the admin creds for these systems.

But I would much much rather have it that IBM simply try my own logon creds when attempting to contact level 0 clients, instead of forcing you to local admin creds. It should not be done using the IBM service account creds, that is a very wrong approach to isolation and security.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Manu_
  • Locked
  • Question
IBM x3650 M3 power on failure
Replies
0
Views
171
Manu_
Manu_
aziyard
  • Locked
  • Question
iam on IBM power 7 server. i cance
Replies
0
Views
65
aziyard
aziyard
Molasar31
  • Locked
  • Question
IBM Power720 Linux Temperature Monitoring?
Replies
1
Views
103
Molasar31
Molasar31
madusanka
  • Locked
  • Question
IBM DS Storage Manager software (DS3500 Serious)
Replies
0
Views
136
madusanka
madusanka
DanR87
  • Locked
  • Question
IBM X3690 X5 HDD Fault
Replies
0
Views
70
DanR87
DanR87

Part and Inventory Search

Sponsor

Back
Top