Role Based Administration for LDMS 9.0 SP2



Similar documents
Mobile device management

Setting Up Jive for SharePoint Online and Office 365. Introduction 2

Create, Link, or Edit a GPO with Active Directory Users and Computers

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Microsoft Dynamics CRM Clients

Mobility Manager 9.5. Users Guide

Moving the Web Security Log Database

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Moving the TRITON Reporting Databases

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

Managing Identities and Admin Access

Thin Client Manager. Table of Contents. 1-10ZiG Manager. 2 - Thin Client Management. 3 - Remote client configurations. 1 of 16

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Fairfield University Using Xythos for File Sharing

Active Directory integration with CloudByte ElastiStor

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

SafeGuard Enterprise Administrator help

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

DeviceLock Management via Group Policy

History Explorer. View and Export Logged Print Job Information WHITE PAPER

NSi Mobile Installation Guide. Version 6.2

HDA Integration Guide. Help Desk Authority 9.0

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

4cast Server Specification and Installation

WatchDox Administrator's Guide. Application Version 3.7.5

LANDESK Service Desk. Desktop Manager

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

BusinessObjects Enterprise XI Release 2

LANDesk Management Suite 9.0. Getting started with Patch Manager

Using Jive for Outlook

Table of Contents SQL Server Option

Install the Production Treasury Root Certificate (Vista / Win 7)

LepideAuditor Suite for File Server. Installation and Configuration Guide

NETWRIX ACCOUNT LOCKOUT EXAMINER

Administrator s Plus. Backup Process. A Get Started Guide

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Test Automation Integration with Test Management QAComplete

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

Technical Bulletin 005 Revised 2010/12/10

Management Center. Installation and Upgrade Guide. Version 8 FR4

RSA Event Source Configuration Guide. Microsoft Internet Information Services

Dell SonicWALL Notice Concerning Multiple LDAP Vulnerabilities

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

MS Outlook 2002/2003. V1.0 BullsEye Telecom

Deep Freeze and Microsoft System Center Configuration Manager 2012 Integration

Configuration Manager

HDAccess Administrators User Manual. Help Desk Authority 9.0

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

NETWRIX WINDOWS SERVER CHANGE REPORTER

DeviceLock Management via Group Policy

5nine EASY Backup Quick User Guide

Delegated Administration Quick Start

Managing User Accounts

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

Managing User Accounts

Mobility Manager 9.0. Installation Guide

TAMUS Terminal Server Setup BPP SQL/Alva

SPHOL207: Database Snapshots with SharePoint 2013

Team Foundation Server 2012 Installation Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

How to Create a Delegated Administrator User Role / To create a Delegated Administrator user role Page 1

Attix5 Pro Server Edition

Security Development Tool for Microsoft Dynamics AX 2012 WHITEPAPER

STIDistrict SQL 2000 Database Management Plans

Amazon WorkMail. User Guide Version 1.0

RSA Security Analytics

Kaseya 2. User Guide. Version 6.1

Monitoring SQL Server with Microsoft Operations Manager 2005

Alfresco Online Collaboration Tool

Chapter 3 ADDRESS BOOK, CONTACTS, AND DISTRIBUTION LISTS

Installing Policy Patrol on a separate machine

Managed Security Web Portal USER GUIDE

4cast Client Specification and Installation

Outlook 2010 Desk Reference Guide

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

Database Administration Guide

Access It! Universal Web Client Integration

Richmond SupportDesk Web Reports Module For Richmond SupportDesk v6.72. User Guide

Integrating LANGuardian with Active Directory

Virtual Data Centre. User Guide

econtrol 3.5 for Active Directory & Exchange Administrator Guide

Endnote Web: Beginners Guide to Using Endnote Web and the Cite While You Write Function

WEST LIVENOTE ADMINISTRATION WEST CASE NOTEBOOK/WEST LIVENOTE

Chapter 3 Application Monitors

Acronis Backup & Recovery 11

Trend Micro KASEYA INTEGRATION GUIDE

Video Administration Backup and Restore Procedures

Configuring Controller 8.2 to use Active Directory authentication

User Management Guide

User's Guide. ControlPoint. Change Manager (Advanced Copy) SharePoint Migration. v. 4.0

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Welcome to the QuickStart Guide

Changing Your Cameleon Server IP

Using SSH Secure Shell Client for FTP

LANDesk Management Suite 9. Best Practices for Agent Configuration and Deployment (BKM)

Distribution List Manager User s Manual

Transcription:

Role Based Administration for LDMS 9.0 SP2 This article is designed to help you understand Role Based Administration for LDMS 9.0 SP2 and how to configure it. We will try to give you as much information about the different components of Role Based Administration for LDMS 9.0 SP2 and how to set each of those up. In 9.0 SP2, the Local Users and Group is key component to using LANDesk. Unlike previous version of LANDesk, the LANDesk Administrators, LANDesk Management Suite, and LANDesk Script Writers groups are only used to give users rights to the LANDesk directory structure. These groups do not add the users to the User Management console as they did in past versions, in fact the users do not need to be in these groups to add a user to the User Management console, but the user will not be able to log in to the console until they are added to a group. We will discuss this later in detail. These file level rights are necessary for using the different components within the LANDesk Console. The first thing that you need to do is understand what each of the LANDesk groups allow the user to access and how that will affect console usage. a. The LANDesk Administrators group is the failsafe group for console access. Anyone in this group has full rights in the console, including script writing. By default, the user account that installed Management Suite is added to this group. If you don't have many console users or you don't want to limit the console users that you do have, you can bypass role-based administration entirely and just add users to this group. b. The LANDesk Management Suite group allows basic core access. The Management Suite folders are read-only. Users in this group can't write to the scripts directory, so they won't be able to manage scripts. Patching vulnerabilities and OS deployment won't work correctly for users in this group because both those features use scripts. c. The LANDesk Script Writers group includes the rights of the LANDesk Management Suite group and it also allows users to write to the scripts folder. Patching vulnerabilities, OS deployment, or adding device to Bare Metal Servers require membership in this group. Add users to LANDesk group from the Windows Computer Management 1. Navigate to the server's Administrative Tools > Computer Management > Local Users and Groups > Groups utility. 2. Right-click the LANDesk group you want, and then click Add to group. 3. In the group's Properties dialog box, click Add. 4. In the Select the users and groups dialog box, select the desired users (and groups) from the list and click Add. 5. Click OK.

Creating the Authentication Source 1. Open the Core console 2. On the console toolbar, select Tools > Administration > User Management 3. In the User management tool, right-click Users and groups and click New Active Directory source. 3a. Or you can use the green (+) with the dropdown and click New Active Directory source. 4. In the Authentication source dialog box, enter credentials that give access to the Active Directory. To add a Management Suite console user or group 1. In the Users and groups tree, right-click the authentication source containing the user or group you want, and click New user or group.

2. In the authentication source directory, select the user or group you want to add and click Add. If you want to select individual users within a group, right-click the group and click Select users to add. You can then select the users you want and click Add selected users. NOTE: If the dialog box reminding you to manually add the user or group you selected to the appropriate local LANDesk Windows group, click OK. Click Close. If you haven't already, use the Windows Local Users and Groups tool to add the new user or group to the appropriate local LANDesk Windows group as described earlier in this section. Note: The user should end up looking like this in the console, prior to assigning the roles and scopes. (Notice the Roles and Scopes highlighted in yellow have no assignments) 3. Once you have added the User to, you will then need to assign that user to the Roles and Scope that define what you want the user to be able to do in the console.

4. To assign the Roles and Scopes, right click on the user or group and select Properties. You will then be presented with the IU shown above. Use the Edit buttons to add the Roles and Scopes. (See Below) Note: Once you get the Roles and Scopes assigned the user or group show look like this. Notice the difference between the LD Test Users group and the Test User.

Create Roles 1. In the User management tool, right-click Roles and click New role. 2. In the Role properties dialog box, enter a role Name. 3. Enable or disable the rights you want by clicking on the symbol in the appropriate column. Each click toggles the right's state. 4. In the tree click Users and groups and select the users and groups that will have the new role. Creating Scopes 1. Click Tools > Administration > User Management. 2. Right-click Scopes and click New Scope. 3. In the Scope Properties dialog box, enter a name for the new scope. 4. Specify the type of scope you want to create (LDMS query, LDAP or custom directory, or device group) by clicking a scope type from the drop-down list, and then clicking New. 5. If you're creating an LDMS query-based scope, define the query in the New scope query dialog box, and then click OK. 6. If you're creating a directory-based scope, select locations (LDAP directory and/or custom directory) from the Select visible devices list (you can browse the directory by clicking Browse directories), and then click OK. Click on the plus (+) and minus (-) signs to expand and collapse nodes in the directory tree. All nodes under a selected parent node will be included in the scope. LDAP directory locations are determined by a device's directory service location. Custom directory locations are determined by a device's computer location attribute in the inventory database. This attribute is defined during device agent configuration. 7. If you're creating a device group-based scope, select a group from the available device group list, and then click OK. 8. Click OK again to save the scope and close the dialog box. Create a Scope Based on an Existing Query 1. Right-click Scopes and click New scope from query. 2. Select the query you want and click OK. 3. A copy of the query will be made and a new scope appears in the tree with a name based on the source query name.

Using teams A role-based administration team is a group of users that can view and share ownership of tasks and configurations that belong to the team. For example, if you have multiple departments that want to share queries or tasks, you can group the departments into a team. A team's tasks and configurations appear in a special group named after the team in a tool's tree view. For example, if you have a team named "Salt Lake" that you are a member of, you would see a "'Salt Lake' devices" subgroup under the Devices group in the Network view. People can belong to multiple teams. Keep in mind that teams are not rights bases, meaning that you do not assign rights to a team, this is different than previous versions. People who aren't in a particular team won't see that team's group anywhere in the console. People with the administrator right see all teams and team content. While you can use public folders to share console content, public folder content is visible to everyone with rights to a tool. The advantage with teams is that only team members see team content, potentially making content more organized and accessible to team members. Teams consist of one or more group permissions. You can even create teams with as few as 1 or 2 people. For example, if a person is out sick, you can add that person's substitute to the same team. Or, if you have two people that share responsibilities, you can put them in the same team. Administrators and team members can change the ownership of tree items by right-clicking them and clicking Info. Information dialog boxes have an Owner drop-down list where you can select the item's owner. To create a team 1. In the User management tool, right-click Teams and click New team. 2. Enter a team Name. 3. Select the Users and Groups that you want in the team. 4. Click OK. Understanding rights and states There are four types of rights a user can have: View: Allows users to access a console tool. Edit: Allows users to make changes in the associated console tool. Includes the view right. Deploy: Allows users to create, modify, or delete any scheduled tasks associated with the associated console tool. Edit public: Allows users to create, modify, or delete items in a console tool's Public folder.

Not all rights support all types. For example, the "Public query management" right can only have the "Edit public" type. It wouldn't make sense to also have the "View," "Edit," or "Deploy" types. There are three states a right can have: A checkmark An X A not applicable symbol (Circle with Slash) Clicking on a checkmark or an X will toggle its state. If users have no rights for a tool, they won't see the tool when they log into the console. The tool won't appear in the Toolbox or in the Tools menu. The Scheduled tasks tool is only visible to users who have a "Deploy" right, and in that case, they can only work with tasks associated with the tool they have deploy rights for. All other tasks are read-only. Understanding the default roles There are a number of default roles under the Roles tree. You can edit or delete any of these default roles, except for LANDesk Administrator. IT Help Desk LANDesk Administrator Patch Management Power Management Provisioning Security Software distribution Software licensing LANDesk Administrators have full rights to all scopes and rights. They also have full access to the Users tool and can make any changes they want. Only users with the Administrator right can configure LANDesk services running on the core. Understanding the "Edit public" right A tool's Public group is visible to all users. Items in the public group are read-only, unless you have the "Edit public" right. Users that have "Edit public" rights on a feature can only edit public items for that feature. Other public items will be read-only. Read-only items are still useful, since users can copy those items to the "My..." tree group and edit them there. The Scheduled tasks tool's Public group works slightly differently. All tasks in the Public group are visible to users with a "deploy" right, including tasks for features users may not have access to. However, only tasks that users have a "Deploy" right for are editable. The rest are read-only. If you have "Edit Public" and "Deploy" right types, you can create new tasks in the Public group as well as add/remove tasks from it.

Viewing the user log and deleting users You can also use the Users and groups tree to delete console users or groups. When you delete a user or group, you'll be prompted to decide how you want to handle console items they are the owners of, such as queries, scheduled tasks, and so on. You can either have the console automatically delete any items they own or you can have the console reassign items they own to another user or group that you select. Note that deleting a user or group only deletes that user or group from the Management Suite user database. You'll need to also manually remove the user or group from local LANDesk Windows groups they are members of. If you don't do this, the deleted user will still be able to log into the console. To delete a console user Click Tools > Administration > User management. In the Users management tree, click Users and groups. Select the user or group you want to delete and press the Delete key. If you want to delete objects associated with the user, click OK. If you want to reassign objects associated with the console user, select Assign objects to the following user/group or team and click the user, group, or team you want to receive the objects and click OK. Remove the user from the local LANDesk Windows group or Active Directory group that gives them console access. Viewing user or group properties In the Users and groups tree, you can right-click a user or group in the right pane and click Properties. This properties dialog box shows all the properties and effective rights for that user. The properties dialog box has the following pages: Summary: Summarizes that user's/group's roles, scopes, teams, group membership, and effective rights. Effective rights: Shows a more detailed view of the user's/group's effective rights. Roles: Shows explicit and inherited roles. You can select which explicit roles apply to that user or group. Scopes: Shows explicit and inherited scopes. You can select which explicit scopes apply to that user or group. Teams: Shows explicit and inherited teams. You can select which explicit teams apply to that user or group. RC time restrictions: Allows you to apply and modify RC time restrictions. For more information, see Using remote control time restrictions in the help file. Group membership: Shows which groups that user is a member of. Group members: Shows the members of a group if a group is selected. Shows the group a user is a member of if a user is selected. If you make changes to the editable pages, you need to click OK to apply them. You can then re-open the properties dialog box if necessary.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information