Error: Invalid spaceKey on retrieving a related space config.

Locking BMC Client Management Agent service

From the BMC Client Management console, you can lock the BMC Client Management Agent service (referred as the agent service) after it starts. Locking the agent service prevents the local administrator from stopping or disabling it so BMC Client Management administrator has uninterrupted access to the device.

During the BMC Client Management master server installation, you can select the option to lock the agent service, and set a password to unlock the service.

During installation, if you do not select the option, you can lock the agent service later from the console.

Perform the following tasks to lock or unlock the agent service:

Configuring lock for agent service

If you did not select the option to lock the agent service during installation, you can enable this option from the console:

  1. In the left pane, select Global Settings > System Variables.
  2. In the Security tab, double-click any row.
  3. In the Properties dialog box, select the Lock new installed agent services check box, and specify Service Unlock Password.
  4. Click OK to save changes.

When a new agent service is installed on a Windows device, the service is locked after it starts.

Locking agent service on a specific device

  1. In the left pane, do one of the following:

    • Select Device Topology > deviceName > Agent Configuration > Security
    • Select Device GroupsdeviceName > Agent Configuration > Security
  2. In the right pane, double-click any row.
  3. In the Properties dialog box, select the Lock the agent service check box, and click OK.
    The agent service is locked on the target device.

    You cannot lock the agent service on the master server.

Configuring rollout to lock agent service

  1. In the left pane, select Global Settings > Rollout(your rollout) > Agent Configuration > Security.
  2. In the right pane, double-click any row.
  3. In the Properties dialog box, select the Lock the agent service check box, and click OK.
    When the agent service is installed on a target device using this rollout, the service is automatically locked after it starts.

Configuring operational rule to lock and unlock agent service

You may need to lock and unlock the agent service when using operational rules. For example, for installing a patch, a step in the operational rule could unlock the agent service, and after other steps to install the patch are run, another step could lock the service again.

  1. In the left pane, select Operational Rules > (your operational rule).
  2. In the Step tab, add the Security Configuration step.
  3. In the Properties dialog box, ensure that the Lock the agent service check box is clear under Parameters.
    When this step is run, the agent service is unlocked.

    Note

    A password is not required when you unlock the agent service by using the operational rule step. The operational rules use the system account to retrieve and use the encrypted service unlock password.

  4.  Add other steps as required.
  5. Again add the Security Configuration step.

    Note

    Add this step only after all the other steps get run that require the agent service to be stopped and after the agent service is started again.

  6. In the Properties dialog box, ensure that the Lock the agent service check box is selected under Parameters.

  7. When this step is run, the agent service is locked again.

    Tip

    You can lock the agent service on all your devices by creating an operational rule with a step to lock the agent service and assigning it to all devices.

The following screenshot displays a sample operational rule with steps to unlock and lock the agent service.

(Click the screenshot to view it in higher resolution) 

Unlocking agent service

  1. In a browser, type <computer:port>/service/ in the address bar and press Enter.
    Replace computer with either the IP address or computer name of the device for which you want to unlock the service.
  2. Enter the local administrator or domain administrator credentials for authentication.
  3. In the Service Management for <device name> page, enter your service management password in the Password field to unlock the service, and click OK.
    A success message is displayed indicating the agent service is unlocked. The agent service now can be stopped or disabled.
Was this page helpful? Yes No Submitting... Thank you

Comments