Installing DCE agents on backup domain controllers

If you need to install a DCE agent to run under the HP ITO account on a Windows backup domain controller, you must complete several prerequisite steps. You do not have to complete these steps if you install the HTTPS agent on a domain controller, or if you install the DCE agent to run under the Local System account. HP recommends that you use the Local System account if you install the DCE agent on a domain controller.

Before you install a DCE agent to run under the HP ITO account on a Windows backup domain controller, you must complete the following steps:

1. Add the primary domain controller as a managed node.
2. Install the DCE agent on the primary domain controller.
3. Synchronize your backup domain controllers.

NOTE:
You must ensure that all or none of the domain controllers in the domain are managed nodes.

CAUTION:
If you add a Windows domain controller as a managed node, you allow tools and scheduled commands to run without a password. This means that any administrator who configures tools in HPOM can configure a tool to run as any user (including domain administrator) in that domain without a password.

You can address this security concern using SetMgmtServer /auth /on to configure the DCE agent installation defaults before you remotely install DCE agents.

Related Topics:

• Configure DCE agent installation defaults
• User accounts for tools