Change the user of an HTTPS agent on a Windows node


By default on nodes with a Windows operating system, the HTTPS agent runs under the built-in Local System account. However, you can configure the HTTPS agent to run under a different user account. For example, you may want the agent to run under an account with fewer permissions than the Local System account. Alternatively, you may want the agent to run under an account that has permission to access remote systems over the network.

You must test whether the user account has appropriate rights to run the agent and manage the node correctly. You assign these user rights in the local Windows security settings on the node, or a group policy object in Active Directory. The user rights that you assign depend on your requirements. The user account may, for example, need the following user rights:

The following procedure assigns the above user rights to a user group that you specify. You may need to assign additional rights for the management tasks that you need to perform. For example:

To change the user of an HTTPS agent

  1. Optional. Create a new user for the agent to run under.

  2. Optional. Create a new group, and add the user as a member of this group.

  3. On the node, open a command prompt, and type the following command:

    cscript "%OvInstallDir%\bin\ovswitchuser.vbs"-existinguser <DOMAIN\USER> -existinggroup <GROUP> -passwd <PASSWORD>

    Note NOTE:
    The command assigns the user rights required for basic agent functionalityat group level, not to the individual user. Therefore, take care when you select the group to use. It is advisable to create a new group specifically for the agent user, and add the agent user as a member.

  4. Type the following commands:

    1. ovc -kill

    2. ovc -start

    The control service and agent processes now run as the user that you specified.

Related Topics: