Client Management Suite

 View Only

  • 1.  Are Domain Admin rights required to run Altiris Services

    Posted Apr 18, 2014 11:31 AM

    Hi  All,

    1. In my environment Currently Altiris Services  in Notification Servers   are running with  dedicated AD ID (which is mentioned under Application Identity) Credentials. If we change it to “ Local System Account “ will it work or is it required for running services?

     

    2. The  domain ID  which is  mentioned in  Application identity has the Domain Admin Rights .What  will be the impact if we remove Domain Admin Group membership for this ID and add same ID  in    “Local Administrator “  group in local systems  through  AD  Group Policy ?

     

    4.Are the  Domain Admin group membership required for  ID which is used for running Altiris Services ?

     

    My environment is mix like  Active Directory as well as Workgroup  computers .

    Single  NS , 1 DB , 3 Task servers and 60 PS.

     

    Please help.



  • 2.  RE: Are Domain Admin rights required to run Altiris Services

    Posted Apr 18, 2014 02:27 PM
    The appid can be just a normal domain user as long as it has admin rights to its own server. Dping so; however, will mean that other accounts will need to be used instead of the appid whenever admin rights on clients are needed.


  • 3.  RE: Are Domain Admin rights required to run Altiris Services

    Posted Apr 20, 2014 12:40 PM

    Hi vinayak patil,

    By default the Altiris Services will run using the ApplicationId account defined during the installation. This is the recommended mode of operation. This account needs local administrator rights to the Notification Server.

    Regards,



  • 4.  RE: Are Domain Admin rights required to run Altiris Services

    Posted Apr 21, 2014 04:23 AM

    Hi ,Thanks .

    So do  you mean the ID mentioned under "Application ID " does not require Domain Admin Rights ?

    If Yes how to  push  Agents remotely on domain systems ?

     

    Regards

     



  • 5.  RE: Are Domain Admin rights required to run Altiris Services

    Posted Apr 21, 2014 04:51 AM
    That is correct. The push page like other areas that require credentials allows you to specify an account that can perform the required action.


  • 6.  RE: Are Domain Admin rights required to run Altiris Services

    Broadcom Employee
    Posted Apr 22, 2014 05:03 PM

    A few points on this:  

    1.  Which ever account you're leveraging for the application service will be, by default, the account used to authenticate and install a client agent during agent push.     With that being said, you'll want to ensure:

           A.   The account has local administrator rights on the client you're pushing to.

           B.   The account has file level access to the folder repositories where your agents download from. 

    2. If I want to use a different account to push the agents, (in cases where we don't have Active Directory, or our servers have multi-tenant security scopes which grant different specific accounts local admin access on the client) you can specify a different account in the Agent Push screen. 

    3.  If you're watching the Altiris log viewer during agent installation, and you notice a warning message about not being able to validate a computers DNS entry prior to agent delivery, don't worry about that message.. it will deliver under IP enumeration just fine.