| Author |
Message |
JX
Guest
|
 Posted:
Thu Nov 10, 2005 5:51 pm Post subject:
MOM Scope!!! |
|
|
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
| Back to top |
|
 |
Dipu
Guest
|
| Posted:
Thu Nov 10, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
| Quote: | Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
Scot Woodyard
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
If you're using WIndows 2003 server sp1 that's normal.
"Obell" wrote:
| Quote: | Hello again
Seems it was my fault all along. I did not "Commit Configuration Change" to
server. Once this was done every thing worked fine. Thanks for all the help,
really appreciate it.
One final question, in other posts I notice that general advice to grant
access to the operator console is adding users to the local "MOM Users" group
alone. However i had to add my users to the Distributed COM Users group as
well to get it to work. Could there be a problem with my setup?
"Obell" wrote:
Hi Dipu
Thanks for the quick response. I just tried it but I got access denied.
I then added my test user to the Distributed COM Users group on the
management server and i got it but i am still seeing the MOM User scope and
not the scope I defined.
"Dipu" wrote:
Obell,
My answer to your questions:
1. Add your users to the local group called "MOM Users" on the MS. If you
want to give your users to author management packs, add them to "MOM Authors"
group, so on so forth.
2. You can use the existing Computer Groups. It is difficult to see what
computers are in these default computer group -- from admin console. It will
make your life easier and once you create nested custom group you will be
able to represent your network diagramatically as well in the Operator
Console. What ever suits your requirement.
Let me know if you have any more questions.
Thanks.
Dipu
"Obell" wrote:
Hi all,
I'm having the same problem too, and the previous instructions didn't work
for me. What i need to know is in order to give a user access to a new custom
console scope
1. What local groups do i need to add the user to on the management server
2. Why do i have to create a new computer group if existing computer groups
have the servers that I need?
"Dipu" wrote:
Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
Obell
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
Hi Dipu
Thanks for the quick response. I just tried it but I got access denied.
I then added my test user to the Distributed COM Users group on the
management server and i got it but i am still seeing the MOM User scope and
not the scope I defined.
"Dipu" wrote:
| Quote: | Obell,
My answer to your questions:
1. Add your users to the local group called "MOM Users" on the MS. If you
want to give your users to author management packs, add them to "MOM Authors"
group, so on so forth.
2. You can use the existing Computer Groups. It is difficult to see what
computers are in these default computer group -- from admin console. It will
make your life easier and once you create nested custom group you will be
able to represent your network diagramatically as well in the Operator
Console. What ever suits your requirement.
Let me know if you have any more questions.
Thanks.
Dipu
"Obell" wrote:
Hi all,
I'm having the same problem too, and the previous instructions didn't work
for me. What i need to know is in order to give a user access to a new custom
console scope
1. What local groups do i need to add the user to on the management server
2. Why do i have to create a new computer group if existing computer groups
have the servers that I need?
"Dipu" wrote:
Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
Dipu
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
Obell,
My answer to your questions:
1. Add your users to the local group called "MOM Users" on the MS. If you
want to give your users to author management packs, add them to "MOM Authors"
group, so on so forth.
2. You can use the existing Computer Groups. It is difficult to see what
computers are in these default computer group -- from admin console. It will
make your life easier and once you create nested custom group you will be
able to represent your network diagramatically as well in the Operator
Console. What ever suits your requirement.
Let me know if you have any more questions.
Thanks.
Dipu
"Obell" wrote:
| Quote: | Hi all,
I'm having the same problem too, and the previous instructions didn't work
for me. What i need to know is in order to give a user access to a new custom
console scope
1. What local groups do i need to add the user to on the management server
2. Why do i have to create a new computer group if existing computer groups
have the servers that I need?
"Dipu" wrote:
Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
Obell
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
Hi all,
I'm having the same problem too, and the previous instructions didn't work
for me. What i need to know is in order to give a user access to a new custom
console scope
1. What local groups do i need to add the user to on the management server
2. Why do i have to create a new computer group if existing computer groups
have the servers that I need?
"Dipu" wrote:
| Quote: | Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
Obell
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 pm Post subject:
RE: MOM Scope!!! |
|
|
Hello again
Seems it was my fault all along. I did not "Commit Configuration Change" to
server. Once this was done every thing worked fine. Thanks for all the help,
really appreciate it.
One final question, in other posts I notice that general advice to grant
access to the operator console is adding users to the local "MOM Users" group
alone. However i had to add my users to the Distributed COM Users group as
well to get it to work. Could there be a problem with my setup?
"Obell" wrote:
| Quote: | Hi Dipu
Thanks for the quick response. I just tried it but I got access denied.
I then added my test user to the Distributed COM Users group on the
management server and i got it but i am still seeing the MOM User scope and
not the scope I defined.
"Dipu" wrote:
Obell,
My answer to your questions:
1. Add your users to the local group called "MOM Users" on the MS. If you
want to give your users to author management packs, add them to "MOM Authors"
group, so on so forth.
2. You can use the existing Computer Groups. It is difficult to see what
computers are in these default computer group -- from admin console. It will
make your life easier and once you create nested custom group you will be
able to represent your network diagramatically as well in the Operator
Console. What ever suits your requirement.
Let me know if you have any more questions.
Thanks.
Dipu
"Obell" wrote:
Hi all,
I'm having the same problem too, and the previous instructions didn't work
for me. What i need to know is in order to give a user access to a new custom
console scope
1. What local groups do i need to add the user to on the management server
2. Why do i have to create a new computer group if existing computer groups
have the servers that I need?
"Dipu" wrote:
Hi JX,
If you have tech teams that you want to give restrictive access to
particular group of computers -- create computer group and add the name of
the servers/computers manually in that group. And under each scope add the
right user and right computer groups. This will restrict your user from
seeing only alerts,events etc for the computers in that computer group in the
operator console.
Regarding the users are able to see everything in the Administrator Console:
The accounts under MOM Users group will not be able to see "Management Packs"
and "Administration" nodes. The accounts under MOM Authors group will see
everything except "Administration" nodes. MOM Administrators will be able to
see everything. Unless the accounts have been added as an Admin on the MS
box, the should not be able to view everything in the Administrator Console.
Hope this helped. Let me know.
Dipu
"JX" wrote:
Hi all -
I have MOM 2005 in production on a Windows 2003 SP1. I have created custom
console scopes for each of the tech teams. I have added the appropriate
operations folks to the "MOM Users" group and the "DCOM users" group on the
management server. After this, i have added them to the appropriate console
scopes. But these users can still see everything on admin and ops
consoles.... (just like a MOM admin).. is there a hotfix for this or am I
doing something wrong??
thanks for the help
John.. |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in