HP Integrity rx7620 HP Insight Management WBEM Providers on Integrity Servers - Page 17
Security
View all HP Integrity rx7620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 17 highlights
5 Security Security is a major concern and one of the primary reasons to switch from SNMP Agent-based server management to Insight Provider-based server management. The HP Insight Management WBEM Providers for Windows use Windows-based authentication for local and remote access to server management data. Implementation The Insight Providers for Windows are implemented as a set of Windows Management Instrumentation (WMI) providers. The access control is in the form of standard Windows account level access restrictions. An administrator account has sufficient rights and security group memberships to access the Insight Provider management information for both local and remote access. For a standard user account, there are two considerations for configuring security in order to access WMI information from the Insight Providers: • WMI namespace security • Distributed COM user group membership A standard user account needs security configurations to remotely access the Insight Provider management information on a remote server. For more information, see "Security requirements for the Insight Providers" (page 11). WMI namespace security settings govern access to WMI information. Windows user accounts can be allowed or denied specific privileges per WMI namespace. For more information on namespace security, see Access to WMI Namespaces (http:// msdn2.microsoft.com/en-us/library/aa822575.aspx). Only standard users who belong to the Distributed COM Users group can remotely connect to WMI and access management information. Administrators are in this group by default. Non-administrator users must be added to the Distributed COM Users group for remote WMI connectivity. For more information on this topic, see Connecting to WMI on a Remote Computer (http://msdn2.microsoft.com/enus/ library/aa389290.aspx). Best Practices According to the principle of least privilege, HP recommends you use a low rights user account (nonadministrator) to perform most read-only management tasks. Use of certain Insight Provider functionality always requires an administrator level account. An example of this is a method to reboot the system. This user does not need to be an administrator of the managed system and does not need logon rights. HP recommends that the domain administrator creates a special purpose domain account. Configuring Insight Provider Security for a User Account via the Windows® Command Line The following procedure provides access rights to allow a standard user account to view most management information. However, you must use an administrator account to perform some management tasks, such as rebooting a server. To configure a domain user or local user (non-administrator) account for remote management: 1. Open a Command Prompt window. 2. Change to the \Program Files\HPWBEM\Tools folder of the system drive. Implementation 17