| Author |
Message |
Adam White
Guest
|
 Posted:
Mon Oct 24, 2005 12:50 am Post subject:
Security context of Server-side responses? |
|
|
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the mgmt server
and connect to remote computers. The commands work if I run the batch file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM runs the
batch file response, these commands fail in the same way as they do when run
as a non-admin.
Does anyone know how to run a batch file response in a specific security
context in MOM, or otherwise resolve this?
Thanks
- Adam |
|
| Back to top |
|
 |
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Mon Oct 24, 2005 12:50 am Post subject:
Re: Security context of Server-side responses? |
|
|
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
| Quote: | Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the mgmt
server
and connect to remote computers. The commands work if I run the batch file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM runs the
batch file response, these commands fail in the same way as they do when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Adam White
Guest
|
| Posted:
Mon Oct 24, 2005 12:50 am Post subject:
Re: Security context of Server-side responses? |
|
|
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something like
that.
The MOM agent action account on the management server is a domain user, and
an Administrators group member on remote computer. If I run "setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and providers
run as yourdomain\youruser", is there anything else I need to do? I use the
same account for agent action account and MOM server action account. It has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
| Quote: |
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the mgmt
server
and connect to remote computers. The commands work if I run the batch file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM runs the
batch file response, these commands fail in the same way as they do when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Mon Oct 24, 2005 6:40 am Post subject:
Re: Security context of Server-side responses? |
|
|
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed Computers.
Can you try to use Domain Admins account for Agent Action Account for each
Managed Computer and MOM Action Account? Please add the MOM Action Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
| Quote: | Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something like
that.
The MOM agent action account on the management server is a domain user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I use
the
same account for agent action account and MOM server action account. It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the mgmt
server
and connect to remote computers. The commands work if I run the batch
file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM runs
the
batch file response, these commands fail in the same way as they do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Adam White
Guest
|
| Posted:
Mon Oct 24, 2005 7:38 am Post subject:
Re: Security context of Server-side responses? |
|
|
I will try that. In the meantime, what is the reason why the batch file works
properly when I run it manually on the console of the management server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
| Quote: |
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed Computers.
Can you try to use Domain Admins account for Agent Action Account for each
Managed Computer and MOM Action Account? Please add the MOM Action Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something like
that.
The MOM agent action account on the management server is a domain user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I use
the
same account for agent action account and MOM server action account. It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the mgmt
server
and connect to remote computers. The commands work if I run the batch
file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM runs
the
batch file response, these commands fail in the same way as they do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Mon Oct 24, 2005 7:52 am Post subject:
Re: Security context of Server-side responses? |
|
|
Hello,
Thank you for your posting!
You should not logon as action account, it is used for service only.
And, Any error, fail message of the batch response?
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:57295F95-1272-4CE7-BD9B-868489599B59@microsoft.com...
| Quote: | I will try that. In the meantime, what is the reason why the batch file
works
properly when I run it manually on the console of the management server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed
Computers.
Can you try to use Domain Admins account for Agent Action Account for
each
Managed Computer and MOM Action Account? Please add the MOM Action
Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to
run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something
like
that.
The MOM agent action account on the management server is a domain user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I use
the
same account for agent action account and MOM server action account. It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the
mgmt
server
and connect to remote computers. The commands work if I run the
batch
file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM
runs
the
batch file response, these commands fail in the same way as they do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Mon Oct 24, 2005 8:12 am Post subject:
Re: Security context of Server-side responses? |
|
|
Hello,
Thank you for your posting!
Please also uncheck the "Disable execution of custom responses on Management
Servers" in Global settings/Security Tab.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:57295F95-1272-4CE7-BD9B-868489599B59@microsoft.com...
| Quote: | I will try that. In the meantime, what is the reason why the batch file
works
properly when I run it manually on the console of the management server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed
Computers.
Can you try to use Domain Admins account for Agent Action Account for
each
Managed Computer and MOM Action Account? Please add the MOM Action
Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to
run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something
like
that.
The MOM agent action account on the management server is a domain user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I use
the
same account for agent action account and MOM server action account. It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the
mgmt
server
and connect to remote computers. The commands work if I run the
batch
file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM
runs
the
batch file response, these commands fail in the same way as they do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Mon Oct 24, 2005 8:51 am Post subject:
Re: Security context of Server-side responses? |
|
|
Hello,
Thank you for your posting!
Then, I think the most possible reason is Permission of the Action Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:33F67F4C-0977-4219-947E-28DD9FE6A5D5@microsoft.com...
| Quote: | Yes I do have that setting disabled (turned off). Some of the commands in
my
batch file work, but the ones that require admin rights to the remote
computer fail silently.
How can I determine the security context of a response at runtime? It
seems
to me that setactionaccount.exe does not return accurate information in
this
case, possibley becuase the agent is running on the mangement server.
Does this work for you - do server side responses run in the context of
the
server action account on your systems?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please also uncheck the "Disable execution of custom responses on
Management
Servers" in Global settings/Security Tab.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:57295F95-1272-4CE7-BD9B-868489599B59@microsoft.com...
I will try that. In the meantime, what is the reason why the batch file
works
properly when I run it manually on the console of the management
server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed
Computers.
Can you try to use Domain Admins account for Agent Action Account for
each
Managed Computer and MOM Action Account? Please add the MOM Action
Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That
is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying
to
run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something
like
that.
The MOM agent action account on the management server is a domain
user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I
use
the
same account for agent action account and MOM server action account.
It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action
Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to
be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for
a
particular rule. The batch file contains commands that run on the
mgmt
server
and connect to remote computers. The commands work if I run the
batch
file
manually as a user who has local Administrator rights to the
remote
computers. The MOM action account has these rights, but when MOM
runs
the
batch file response, these commands fail in the same way as they
do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Adam White
Guest
|
| Posted:
Mon Oct 24, 2005 8:51 am Post subject:
Re: Security context of Server-side responses? |
|
|
Yes I do have that setting disabled (turned off). Some of the commands in my
batch file work, but the ones that require admin rights to the remote
computer fail silently.
How can I determine the security context of a response at runtime? It seems
to me that setactionaccount.exe does not return accurate information in this
case, possibley becuase the agent is running on the mangement server.
Does this work for you - do server side responses run in the context of the
server action account on your systems?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
| Quote: |
Hello,
Thank you for your posting!
Please also uncheck the "Disable execution of custom responses on Management
Servers" in Global settings/Security Tab.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:57295F95-1272-4CE7-BD9B-868489599B59@microsoft.com...
I will try that. In the meantime, what is the reason why the batch file
works
properly when I run it manually on the console of the management server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed
Computers.
Can you try to use Domain Admins account for Agent Action Account for
each
Managed Computer and MOM Action Account? Please add the MOM Action
Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying to
run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something
like
that.
The MOM agent action account on the management server is a domain user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I use
the
same account for agent action account and MOM server action account. It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for a
particular rule. The batch file contains commands that run on the
mgmt
server
and connect to remote computers. The commands work if I run the
batch
file
manually as a user who has local Administrator rights to the remote
computers. The MOM action account has these rights, but when MOM
runs
the
batch file response, these commands fail in the same way as they do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Adam White
Guest
|
| Posted:
Tue Oct 25, 2005 6:22 am Post subject:
Re: Security context of Server-side responses? |
|
|
Well assuming setactionaccount.exe is correct in this context, my action
account is an administrator of the remote computer. But the response does not
work. How can I verify the security context of the response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
| Quote: | Hello,
Thank you for your posting!
Then, I think the most possible reason is Permission of the Action Account.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:33F67F4C-0977-4219-947E-28DD9FE6A5D5@microsoft.com...
Yes I do have that setting disabled (turned off). Some of the commands in
my
batch file work, but the ones that require admin rights to the remote
computer fail silently.
How can I determine the security context of a response at runtime? It
seems
to me that setactionaccount.exe does not return accurate information in
this
case, possibley becuase the agent is running on the mangement server.
Does this work for you - do server side responses run in the context of
the
server action account on your systems?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please also uncheck the "Disable execution of custom responses on
Management
Servers" in Global settings/Security Tab.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:57295F95-1272-4CE7-BD9B-868489599B59@microsoft.com...
I will try that. In the meantime, what is the reason why the batch file
works
properly when I run it manually on the console of the management
server,
while logged on as the action account user, but not as a rule response?
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Management Server included MOM local agent for Agentless Managed
Computers.
Can you try to use Domain Admins account for Agent Action Account for
each
Managed Computer and MOM Action Account? Please add the MOM Action
Account
to Domain Admins group too
If you have any questions, please feel to let me know. I am glad to be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:410754A2-D200-4B3A-B254-A476F4DB9746@microsoft.com...
Thanks for your response Daniel
By "agent managed compyter" do you mean the management server? That
is
where
the response is executing. The remote machine that the batch file
communicates with does not have a MOM agent installed. I am trying
to
run
shutdown.exe /m \\remotecomputer , I assume it uses RPC or something
like
that.
The MOM agent action account on the management server is a domain
user,
and
an Administrators group member on remote computer. If I run
"setactionacounnt
mgmtgrp -query" on the management server it returns "Responses and
providers
run as yourdomain\youruser", is there anything else I need to do? I
use
the
same account for agent action account and MOM server action account.
It
has
local Administrator rights to all computers.
Thanks
- Adam
"Daniel Lai [MVP-Management Infrastructur" wrote:
Hello,
Thank you for your posting!
Please try to change the Agent Managed Computers' Agent Action
Account
from
Local System to another Aministrative Account.
If you have any questions, please feel to let me know. I am glad to
be
of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:520AC97E-CD38-4DF9-98B4-6D64A613E55E@microsoft.com...
Hi there
I want to run a batch file response on the management server for
a
particular rule. The batch file contains commands that run on the
mgmt
server
and connect to remote computers. The commands work if I run the
batch
file
manually as a user who has local Administrator rights to the
remote
computers. The MOM action account has these rights, but when MOM
runs
the
batch file response, these commands fail in the same way as they
do
when
run
as a non-admin.
Does anyone know how to run a batch file response in a specific
security
context in MOM, or otherwise resolve this?
Thanks
- Adam
|
|
|
| Back to top |
|
|
Adam White
Guest
|
| Posted:
Mon Oct 31, 2005 1:50 am Post subject:
FIXED IT |
|
|
OK I gave up and used RunAs Professional. Now I can specify exactly which
context I want the response to run in and work around this bug. FYI I am
specifying the same account I use as the agent and server MOM action account
except it works this way.
http://www.mast-computer.com/c_9-l_en.html
- Adam |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in