Windows Server

Guest · Posted: Wed Nov 02, 2005 5:51 pm Post subject: access denied

I am implementing mom 2005 to monitor my environment. I have added
specific users to MOM User security group. No problem, I can bring up
the MOM operator console on my laptop and connect to the mom server.
However, if I try to do any of the tasks, like event viewer or computer
management, I get access denied. What am I doing wrong. I would think
that MOM should be doing these actions on my behalf, and if the mom
userid has authority, that should be enough. Certainly, I don't have
to give all users of the MOM operator console access to all of the
mangaged servers, Do I?

Any feedback would be much appreciated.

Thanks,
Larry

Guest · Posted: Wed Nov 02, 2005 5:51 pm Post subject: Re: access denied

I'm not sure I understand what you are saying. Why have the task panel
on the operator console, if the people using the operating console
can't perform them.

davidtyra@hotmail.com · Guest

The users of the Operator console will have to have sufficient
permissions on the remote computer to perform the selected task. The
user context of the currently logged on user is used to run Tasks in
the Operator console.

Regards,

David Tyra

Daniel Lai [MVP-Managemen · Guest

Hello,

Thank you for your posting!

MOM Users had no rights to use the Tasks in MOM Operator Console.

If you have any questions, please feel to let me know. I am glad to be of
assistance.

--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
http://msmvps.com/daniel

<lkraus@riteaid.com> wrote in message
news:1130943280.866151.169950@g44g2000cwa.googlegroups.com...

davidtyra@hotmail.com · Guest

If anyone could run Tasks through the Operator console, it would pose a
substantial security risk. The idea is to ensure that operators can
only run the tasks that they would have the rights to run directly on
the remote server itself. It keeps unauthorized users from running
tasks.

Regards,

David Tyra

Blake Mengotto · Guest

David is right. Let's say MOM is in a NOC. And the operators in the NOC
see an issue on a Exchange server, and they want to bounce the MOM service,
chances are they would not be allowed because they are not local admins on
those servers. They would have to contact the exchange engineers and if
they had access to a MOM console, then they could remote out to the box, or
stop services, or bring up the event log.

The other issue people ask about is this: When selecting a server, some of
the tasks are grayed out. This is because you may be trying to run a AD
task against a Exchange server that is not a DC. So MOM is smart in knowing
that management pack related tasks can only be executed against computers
that belong to the correct management pack. As you can tell, many of the
tasks are generic and available for all servers, but there are specific ones
for SQL, AD, etc..

--
Regards,
Blake Mengotto
My Blog: http://spaces.msn.com/members/DiscussITnow/

Community Sites for MOM:
MOM Answers: http://www.momanswers.com
myITforum: http://www.myitforum.com
Momcommunity: http://www.momcommunity.com

Other Sites of Interest:
Silect Software: http://www.silect.com - MP Studio Express
eXc Software: http://www.excsoftware.com - MOM solution provider
Skywire Software: http://www.skiwiresoftware.com - MOM Connectors
<davidtyra@hotmail.com> wrote in message
news:1130950593.562653.238150@g14g2000cwa.googlegroups.com...

	Windows Server Forum Index -> MOM	All times are GMT
Page 1 of 1