Symantec 14541094 Administration Guide - Page 73

Performing centralized management 73 About the Microsoft Distributed Component Object Model (DCOM) administrators can modify the default security settings in DCOM to allow or deny access to a system. Modifying DCOM security settings on a managed computer might require adjustments to the DCOM settings on the administrator computer. Ensure that all managed computers are authenticating on the same Windows NT domain or on trusted domains. When an administrator connection is made to a remote computer, the centralized management software attempts to impersonate the user who is making the connection. If the user is not logged on with administrator privileges, this impersonation fails. To further ensure security, callers who do not have administrator privileges cannot perform administrator functions or have access beyond what they would normally have when logged on to the computer directly. To avoid connection problems because of access denied errors, run the dcomcnfg.exe utility to check the security settings for the client. Edit the default security and add only the domain users or administrators who are allowed to access the host. For more information, consult the dcomcnfg.exe online documentation. To modify DCOM settings ◆ Do one of the following: ■ In Windows NT/2000/2003 Server/XP, open the \WinNT\System32 folder, and then run dcomcnfg.exe. ■ In Windows 98/Me, open the \Windows\System folder, and then run dcomcnfg.exe. About AwShim AwShim is the management component that bridges pcAnywhere and the centralized management integration. The pcAnywhere Host Administrator tool uses AwShim to start and stop host and remote sessions. For each action, you can assign specific host or remote configuration files. AwShim uses the following parameters: ■ -A Action ■ -B Bhf File Name ■ -C Chf File Name ■ -H HostName on which to perform action ■ -R Remote machine to which to connect