|
The problem is that "no remote anonymous access to the rpc
interfaces" is allowed as of SP-1. In a lot of ways, this is a good thing,
it just sucks for our purposes since WUG relies on this to be
accessible.
I spoke with Ipswitch tech support on Friday and they
suggested that I was more or less on my own.
I also agree that putting the WUG account in the
administrators group is not an acceptable option, especially because the boxes
we're monitoring are Domain Controllers, and we want to restrict our access to
them to "absolutely need to have". That is, making the WUG account a
domain admin for 40,000 users and all of the servers in our organization seemed
to be a bit to ask from our monitoring group.
If the server(s) in question are not domain controllers,
and therefore have "local" accounts, one way around the issue is to create a
passthrough local account with the same username/password as the WUG
account. Depending on whether or not the box is SP-1d, you may or may not
have to make this account a local admin group member on the server in
question. This is kludgy, but it may help you in the short term.
I've done this on some of our non-domain servers that need to be monitored and
have no knowledge of the domain account we're using to monitor
with.
If anyone does find out more about this issue, I'm sure
that a bunch of the people, including myself, would love to hear about the
solution(s).
I agree that Ipswitch should be paying attention to to this
one as it may make agent based services begin to look more
attractive.
Dan . . .
Dan Arsenault The message is intended only for the use of the intended recipient(s). It is confidential and may also be privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message is strictly prohibited and may be illegal. If you are not the intended recipient(s), or have received this message in error, please notify the sender immediately by return E-mail and delete this message. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Lawler Sent: Friday, April 29, 2005 8:22 AM To: [email protected] Subject: RE: [WhatsUp Forum] Windows Server 2003 SP1 Rod,
I am having the same
problem. I do not have the W2K3 firewall enabled yet and I am still
getting these problems. Seems like the ONLY way for WU to talk to the
service control manager is to be an administrator on the server it’s
monitoring. This is unacceptable and we are currently trying to figure out
a way around it. I hope ipswitch has people working on
this… Thanks, Andy
Lawler Penn State
University From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists) Windows Firewall
Service. Add WU as a trusted app. John
T eServices For
You -----Original
Message-----
|
- [WhatsUp Forum] Windows Server 2003 SP1 Rodney . Cameron
- RE: [WhatsUp Forum] Windows Server 2003 SP1 John Tolmachoff \(Lists\)
- RE: [WhatsUp Forum] Windows Server 2003 SP1 Andy Lawler
- RE: [WhatsUp Forum] Windows Server 2003 SP1 Eric Dami
- Arsenault Dan
