Video Screencast Help

Configuring Data Collectors for more than one service account in the same Domain?

Created: 19 Nov 2012 • Updated: 08 Jan 2013 | 2 comments

CCS 10.5.1 Windows 2008R2

I have a domain in which our service account that we condifgured the Query Engine access for is a domain admin. We have a master and slave QE in that domain.

 

We have a new scenario in which we have a handful of newly built servers which only certain individuals can access. This being said our domain service account has not been granted access to these new servers. Hence, we need to create a new account which may or may not be a domain admin and grant this new account local administrative access on these new servers so that only the priveleged individuals can access these new servers.

 

I then need to configure bindview to be able to scan these new priveleged access servers in the same domain that we already have configured with our domain admin service account. Is anyone aware of a scenario in which the a domain query engine can be configured to allow multiple accounts/credentials access to scan the domain? The only other scenario I could think of would be to install two master query engines in the same domain, however i am not sure if that is even supported.

 

 

Comments 2 CommentsJump to latest comment

Matt Plourde's picture

(this should probably be moved to the CCS forum?)

To answer:

- Create a new credential database with the new credential for this domain

- Add the users to RMS who you described as "so that only the priveleged individuals can access these new servers"

- Assign this new creddb to the users created in the step above (they will use this new credential for scans in that domain, everyone else will continue using what they have).

That's it! :)

cmccoy2's picture

Will you be running just RMS Queries on this or will you be also doing data collection via standards?  If you are running just RMS Queries, then you should be able to do the following:

- Create the account that accesses the subset of new servers

- configure this account in RMS to use the existing query engines and make sure that you check the box "Use Credentials for Query".  

- Make sure the the new account is configured in a separate Credentials db like Matt mentioned.  This will use the existing QE infrastructure, but use the credentials assigned to the user.

If you want to use standards manager for this, I think you may need to do a bit more work.  You would need to do the following

- create a CCS Site to service the new servers

- install a DPS for this site on a different server

- configure the Windows Data Collector to use the Existing RMS Server with the user account that has the new Credentials db assigned. 

I believe that should work, but I haven't actually tried it so take the advice as is.

Hope this helps.