Hi List,
My question is related to the $root_user id map. We are running seven TMRs and 450 GW all running Windows2000. The Tivoli infrastructure is in a domain running in Active Directory. There are two-way trusts between the two resource domains and the domain that the Tivoli servers are on. We have defined a domain account called tivprod and use this account as our root_user for w32-ix86.
In the past we have only being running Tivoli tasks against the Tivoli servers ie TMRs and GWs. However we have recently had a requirement to run tasks against our workstations(which are 90% WINNT4). When we tried running the tasks we got the "can't run tasks as user tivprod". Upon investigation we found that the tivprod account was only added to the local Administrators group and not the Tivoli_Admin_Privileges group. Upon investigation we found that in order to run tasks on ep's that $root_user(tivprod in our case) is part of local administrators group and Tivoli_Admin_Privileges. The reason why our Tivoli servers are setup this way is that there is AD policy to add these accounts. However on the nt4 machines the lan admins using their id's install the ep code. This results in their login accounts getting added to Tivoli_Admin_Privileges. Now in order to run tasks againts the endpoints we need to go and add tivprod to Tivoli_Admin_Privileges on every machine. We have a script to do this but I would like to know how do other people handle this situation. We have approx. 16500 endpoints.
Sorry for the lengthy note.
Thank You
Pritesh
My question is related to the $root_user id map. We are running seven TMRs and 450 GW all running Windows2000. The Tivoli infrastructure is in a domain running in Active Directory. There are two-way trusts between the two resource domains and the domain that the Tivoli servers are on. We have defined a domain account called tivprod and use this account as our root_user for w32-ix86.
In the past we have only being running Tivoli tasks against the Tivoli servers ie TMRs and GWs. However we have recently had a requirement to run tasks against our workstations(which are 90% WINNT4). When we tried running the tasks we got the "can't run tasks as user tivprod". Upon investigation we found that the tivprod account was only added to the local Administrators group and not the Tivoli_Admin_Privileges group. Upon investigation we found that in order to run tasks on ep's that $root_user(tivprod in our case) is part of local administrators group and Tivoli_Admin_Privileges. The reason why our Tivoli servers are setup this way is that there is AD policy to add these accounts. However on the nt4 machines the lan admins using their id's install the ep code. This results in their login accounts getting added to Tivoli_Admin_Privileges. Now in order to run tasks againts the endpoints we need to go and add tivprod to Tivoli_Admin_Privileges on every machine. We have a script to do this but I would like to know how do other people handle this situation. We have approx. 16500 endpoints.
Sorry for the lengthy note.
Thank You
Pritesh