HP DL360 HP Insight Management WBEM Providers for Windows Server 2003 and Wind - Page 18

Security, Security concerns, Implementation, Best practices

Get HP DL360 - ProLiant - G3 PDF manuals and user guides
UPC - 613326948835
View all HP DL360 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Security Security concerns Users can increase security by switching to Insight Provider-based server management from an SNMP Agent-based server management. The HP Insight Management WBEM Providers for Windows® use Windows-based authentication for local and remote access to server management data. Implementation The Insight Providers for Windows® are implemented as a set of WMI providers. The access control is in the form of standard Windows® account level access restrictions. An administrator account has sufficient rights and security group memberships to access the Insight Providers management information for both local and remote access. For a standard user account, there are two considerations for configuring security in order to access WMI information from the Insight Providers: • WMI namespace security • Distributed COM Users group membership A standard user account needs security configurations to remotely access the Insight Provider management information on a remote server. For more information, see Security Requirements for the Insight Providers (on page 10). WMI namespace security settings govern access to WMI information. Windows user accounts can be allowed or denied specific privileges per WMI namespace. For more information on namespace security, see Access to WMI Namespaces (http://msdn2.microsoft.com/en-us/library/aa822575.aspx). Only standard users who belong to the Distributed COM Users group can remotely connect to WMI and access management information. Administrators are in this group by default. Non-administrator users must be added to the Distributed COM Users group for remote WMI connectivity. For more information, see Connecting to WMI on a Remote Computer (http://msdn2.microsoft.com/enus/library/aa389290.aspx). Best practices HP recommends using a low-level rights user account (non-administrator) to perform most read-only management tasks. Use of certain Insight Provider functionality, such as rebooting the system, requires an administrator-level account. The user does not need to be an administrator of the managed system and does not need logon rights. HP recommends that the domain administrator creates a special purpose domain account. Security 18

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
Security 18
Security
Security concerns
Users can increase security by switching to Insight Provider-based server management from an SNMP
Agent-based server management. The HP Insight Management WBEM Providers for Windows® use
Windows-based authentication for local and remote access to server management data.
Implementation
The Insight Providers for Windows® are implemented as a set of WMI providers. The access control is in
the form of standard Windows® account level access restrictions.
An administrator account has sufficient rights and security group memberships to access the Insight
Providers management information for both local and remote access.
For a standard user account, there are two considerations for configuring security in order to access WMI
information from the Insight Providers:
WMI namespace security
Distributed COM Users group membership
A standard user account needs security configurations to remotely access the Insight Provider
management information on a remote server. For more information, see Security Requirements for the
Insight Providers (on page
10
).
WMI namespace security settings govern access to WMI information. Windows user accounts can be
allowed or denied specific privileges per WMI namespace.
For more information on namespace security, see Access to WMI Namespaces
(
).
Only standard users who belong to the Distributed COM Users group can remotely connect to WMI and
access management information. Administrators are in this group by default. Non-administrator users must
be added to the Distributed COM Users group for remote WMI connectivity.
For more information, see Connecting to WMI on a Remote Computer (
us/library/aa389290.aspx
).
Best practices
HP recommends using a low-level rights user account (non-administrator) to perform most read-only
management tasks. Use of certain Insight Provider functionality, such as rebooting the system, requires an
administrator-level account. The user does not need to be an administrator of the managed system and
does not need logon rights. HP recommends that the domain administrator creates a special purpose
domain account.