Before HPOM for Windows 8.00, to deploy an agent to nodes with the Windows operating system, you had to add a domain group (called HP-OVE-GROUP by default) to the node's local administrators group. You could do this manually or using the Windows Node Security Setup dialog box. On the management server, the policy management and deployment (PMAD) service ran under an account that was a member of this domain group, and therefore had administrative access the nodes.
HPOM now enables you to install the HTTPS agent using the credentials that you are currently logged in to Windows with. This is called impersonation, because the PMAD service runs under it's own user account (called HP-OVE-Deleg-User by default), but uses your credentials to access to the nodes. (This requires that the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server.)
Alternatively, you can now also install the HTTPS agent using the credentials of a user who already has access to the node. For example, you can specify the user name and password of the node's local administrator.
Therefore, it is no longer necessary to add a domain group to the node's local administrators group. Nevertheless, you can still give the PMAD user administrative access to nodes. This may be useful if you need to install DCE agents on Windows nodes, or so that console users who do not otherwise have administrative access can install agents.
HPOM enables you to add the PMAD user to the nodes' local administrators group in the following ways:
Alternatively, if you are installing DCE agents on Windows nodes, HPOM starts the Windows node security setup automatically.
NOTE:
Windows node security setup can add the PMAD user to nodes in the
same domain as the user that you are currently logged in to Windows
with. For nodes in untrusted domains or workgroups, you must
manually create the PMAD user in the nodes' local administrators
group. The management server uses pass-through authentication to
access these nodes. Therefore, you must ensure that the name and
password of user that you create are identical to those that the
PMAD service runs under.
Select the Expert Mode check box.
Click Namespaces, and then click Policy Management and Deployment. A list of values appears.
The Windows Node Security Setup dialog box displays the following information:
Note: displays a message explaining the reported status.
If the attempt to add the user fails for any node, click the node, and then click Details. An error message appears, which explains the cause of the failure and suggests actions to correct the problem. Examples of the problems that can occur are as follows:
Related Topics: