Windows in the Enterprise: MOM 2005: The Action Account (or better yet ... The Action Account?!)

[Windows in the Enterprise: Best of myITforum]

Title: Windows in the Enterprise: Best of MyITForum

September 16, 2004 Published by  TechTarget Windows in the Enterprise: Best of MyITForum Issue Sponsored By:   > Argent   > Ipswitch, Inc -- Technology Focus Seminars   Choosing the Right Server Monitoring Model When evaluating server monitoring options, most systems managers are forced to choose between agentless or agent-based monitoring. In reality, they need both to maximize performance. This paper outlines a cost-effective monitoring solution that allows you to easily implement the best of both models to better meet enterprise demands: Agent-Optional Monitoring. To learn about the benefits of this solution, download this Free White Paper from Argent.   MOM 2005: The Action Account (or better yet ... The Action Account?!) [ by Marcus Oh, Contributor, myITforum.com ] During the installation of MOM 2005, you established an Action Account. Unfortunately, you were too busy being excited about what was cool about MOM 2005 to be paying attention to something as petty as security. Now that it's set, you're not sure what it does or what security it actually requires. In fact, you're not even sure where to change the account MOM uses. Being the imperturbable administrator, you simply panic. In all seriousness, the Action Account has various functions, many very integral to some of the tasks MOM 2005 performs. In this age of IT, a focus on security can be tantamount to the completion of the project. Take some time to read through some of the benefits of Action Account and how best to implement it in your environment. Benefits of an Action Account: Runs computer discovery and tasks issued from the MOM console. Performs agent push-installations (similar to SMS 2003 Client Push Installation account). Executes uninstallations and settings updates for agent-managed computers. Runs responses and scripts on agent-managed computers (including the Management Server). Manages actions on agentless and agent-managed computers. Collects data from agentless and agent-managed computers. Communicates with agentless and agent-managed computers. To perform some of the tasks listed above, the Action Account will need administrative privileges to MOM agents. Any agent running Windows 2003 can use a combination of a low-rights domain account with special privileges (aside from general push installations, which can be done through other methods). You can even use different Action Accounts for each agent; however, this may be a daunting task to maintain properly. More details on the exact permissions required for the Action Account on the management server, as well as MOM agents, can be found in the MOM 2005 Security Guide. Administering the Action Account: There are two ways you can administer the Action Account after it has been established during installation. The first is inside the MOM 2005 Administrator Console under Administration / Computers / Agent-managed Computers. If you're interested in establishing per agent Action Accounts, this is where to do it. (Keep in mind that while you can change the Action Accounts on agent-managed computers through this method, the Management Server Action Account must be administered through the second method.) Navigate to Agent-managed computers. Highlight the agents (some or all) for which you will be changing the Action Account. Right-click on the highlighted selection. Choose All Tasks > Update Agent Settings. Specify to use the default Management Server Action Account or specify an Action Account specific for the agent (or group of agents). The second method is through the SetActionAccount.exe tool located under %Program Files%\Microsoft Operations Manager 2005 directory. This is a command-line tool that only accepts two switches -- making it very easy to use. Running either command requires prefacing the command switch with the Configuration Group name. All changes to the MOM Action Account, must be followed by a restart of the MOM service on the Management Server for changes to become effective. Usage, example and output listed respectively: SetActionAccount.exe [Configuration Group Name] -query Issuing this command returns the current account information. Ex: SetAcctionAccount.exe MOM2005POC -query Providers and responses run as MOMDomain\MyMOMActionAccount SetActionAccount.exe [Configuration Group Name] -set [Domain] [UserName] Issuing this command starts a password dialog which will reset the Action Account on completion. Ex: SetActionAccount.exe MOM2005POC -set MOMDomain MyMOMActionAccount (notice no backslash between domain and username) Enter password : (input text is hidden) Re-enter password : (input text is hidden) Action account set. Additional Links: MOM 2005 Security Guide -- online documentation MOM 2005 Security Guide -- document download This article first appeared in myITforum, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of Web sites. To register for the site and sign up for the myITforum daily newsletter, click here ABOUT THE AUTHOR: Marcus Oh works for Cox Communications, Inc. in Alpharetta, GA., deploying MOM for 250+ servers, rolling out SMS 2003 and Windows 2003, and supporting the company's directory services infrastructure. MORE INFO:  >  MOM 2005 RTM  >  MOM 2005 Management Packs  >  MOM 2005 Terminology Changes  >  Microsoft Operations Manager 2005: My First Impressions   Free Technology Focus Seminar for the SMB Small and mid-sized businesses like yours have special needs in IT solutions. Join Ipswitch and our partners for the Technology Focus Seminars, the premier forum where IT professionals get solid information about technology trends and solutions that make sense. These free one-day seminars focus on network management and collaboration solutions for businesses that need results, not extra overhead. Register today for a seminar near you.   Contact Us Sales For sales inquiries, please contact us at: [EMAIL PROTECTED] Editorial For feedback about any of our articles or to send us your article ideas, please contact us at: [EMAIL PROTECTED] Free E-Newsletters! Select e-newsletters you would like to receive via e-mail! SearchWin2000: Today's News SearchWin2000: Tips from our experts Not a Member? We'll activate your membership with your subscription. ABOUT THIS E-NEWSLETTER This e-newsletter is published by TechTarget, the most targeted IT media and events company. Copyright 2004 TechTarget. All rights reserved. To unsubscribe from "Windows in the Enterprise: Best of MyITForum": Go to unsubscribe: http://searchTechTarget.techtarget.com/u?track=NL-36 Please note, unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed. Contact Us: TechTarget Member Services 117 Kendrick Street, Suite 800 Needham, MA 02494