HP BL480c HP Insight Management WBEM Providers for Windows Server 2003 and Win - Page 18
Security, Security concerns, Implementation, Best practices
UPC - 882780759664
View all HP BL480c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 18 highlights
Security Security concerns Users can increase security by switching to Insight Provider-based server management from an SNMP Agent-based server management. The HP Insight Management WBEM Providers for Windows® use Windows-based authentication for local and remote access to server management data. Implementation The Insight Providers for Windows® are implemented as a set of WMI providers. The access control is in the form of standard Windows® account level access restrictions. An administrator account has sufficient rights and security group memberships to access the Insight Providers management information for both local and remote access. For a standard user account, there are two considerations for configuring security in order to access WMI information from the Insight Providers: • WMI namespace security • Distributed COM Users group membership A standard user account needs security configurations to remotely access the Insight Provider management information on a remote server. For more information, see Security Requirements for the Insight Providers (on page 10). WMI namespace security settings govern access to WMI information. Windows user accounts can be allowed or denied specific privileges per WMI namespace. For more information on namespace security, see Access to WMI Namespaces (http://msdn2.microsoft.com/en-us/library/aa822575.aspx). Only standard users who belong to the Distributed COM Users group can remotely connect to WMI and access management information. Administrators are in this group by default. Non-administrator users must be added to the Distributed COM Users group for remote WMI connectivity. For more information, see Connecting to WMI on a Remote Computer (http://msdn2.microsoft.com/enus/library/aa389290.aspx). Best practices HP recommends using a low-level rights user account (non-administrator) to perform most read-only management tasks. Use of certain Insight Provider functionality, such as rebooting the system, requires an administrator-level account. The user does not need to be an administrator of the managed system and does not need logon rights. HP recommends that the domain administrator creates a special purpose domain account. Security 18