By default on managed nodes with a Windows operating system, the DCE agent runs under the Local System account. However, you can configure the DCE agent installation defaults so that the agent runs under a different user account. For example, you may want the agent to run under an account with fewer permissions to the Local System account. Alternatively, you may want the agent to run under a domain account that gives the agent permission to access remote systems.
You must test whether the user account has appropriate rights to run the agent and manage the node correctly. You assign these user rights in the local Windows security settings on the node, or a group policy object in Active Directory. The user rights that you assign depend on your requirements. You may, for example, consider assigning the following user rights:
Required for installation.
Required to run actions as a user other than the agent user.
Required to run the agent as a service.
Required for a full switch user with password to get network access when executing tools.
Required during the execution of actions.
Required for the user switch in the action agent.
Required to shutdown the managed node.
cd "%OvInstallDir%\bin\OpC\install"
and then press Enter.opcpwcrpt <password>
and then
press Enter. Copy the output.SetMgmtServer /user <user> /password
<encrypted password>
and then press
Enter.
Replace <user> with the name of the user, for example AgentUser. The name must not contain spaces.
You can specify the name of a existing domain user, but do not specify the domain (for example, do not specify DOMAIN\account or account@domain). The domain user must belong to the same domain as the node, and no local user with the same name must exist on the node.
If you specify a user that does not exist, the agent installation creates a local user with the specified name on each node. The new user is a member of the local Administrators group.
Replace <encrypted password> with the output from
opcpwcrpt
, which you copied.
Caution:
If the specified account already exists on a node, but the default
password in the agent package does not match, the agent
installation removes the existing account and recreates it with the
same name but a different internal user ID.
Related Topics: