×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Space banner

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Client Management 12.8 Administering

Locking BMC Client Management Agent service

From the BMC Client Management console, you can lock the BMC Client Management Agent service (referred as the agent service) after it starts. Locking the agent service prevents the local administrator from stopping or disabling it so BMC Client Management administrator has uninterrupted access to the device.

During the BMC Client Management master server installation, you can select the option to lock the agent service, and set a password to unlock the service.

During installation, if you do not select the option, you can lock the agent service later from the console.

Perform the following tasks to lock or unlock the agent service:

Configuring lock for agent service

If you did not select the option to lock the agent service during installation, you can enable this option from the console:

  1. In the left pane, select Global Settings > System Variables.
  2. In the Security tab, double-click any row.
  3. In the Properties dialog box, select the Lock new installed agent services check box, and specify Service Unlock Password.
  4. Click OK to save changes.

When a new agent service is installed on a Windows device, the service is locked after it starts.

Locking agent service on a specific device

  1. In the left pane, do one of the following:

    • Select Device Topology > deviceName > Agent Configuration > Security
    • Select Device GroupsdeviceName > Agent Configuration > Security
  2. In the right pane, double-click any row.

  3. In the Properties dialog box, select the Lock the agent service check box, and click OK.
    The agent service is locked on the target device.

    You cannot lock the agent service on the master server.

Configuring rollout to lock agent service

  1. In the left pane, select Global Settings > Rollout(your rollout) > Agent Configuration > Security.
  2. In the right pane, double-click any row.
  3. In the Properties dialog box, select the Lock the agent service check box, and click OK.
    When the agent service is installed on a target device using this rollout, the service is automatically locked after it starts.

Configuring operational rule to lock and unlock agent service

You may need to lock and unlock the agent service when using operational rules. For example, for installing a patch, a step in the operational rule could unlock the agent service, and after other steps to install the patch are run, another step could lock the service again.

  1. In the left pane, select Operational Rules > (your operational rule).
  2. In the Step tab, add the Security Configuration step.

  3. In the Properties dialog box, ensure that the Lock the agent service check box is clear under Parameters.
    When this step is run, the agent service is unlocked.

    Note

    A password is not required when you unlock the agent service by using the operational rule step. The operational rules use the system account to retrieve and use the encrypted service unlock password.

  4.  Add other steps as required.

  5. Again add the Security Configuration step.

    Note

    Add this step only after all the other steps get run that require the agent service to be stopped and after the agent service is started again.

  6. In the Properties dialog box, ensure that the Lock the agent service check box is selected under Parameters.

  7. When this step is run, the agent service is locked again.

    Tip

    You can lock the agent service on all your devices by creating an operational rule with a step to lock the agent service and assigning it to all devices.

The following screenshot displays a sample operational rule with steps to unlock and lock the agent service.

(Click the screenshot to view it in higher resolution)

Unlocking agent service

  1. In a browser, type <computer:port>/service/ in the address bar and press Enter.
    Replace computer with either the IP address or computer name of the device for which you want to unlock the service.
  2. Enter the local administrator or domain administrator credentials for authentication.
  3. In the Service Management for <device name> page, enter your service management password in the Password field to unlock the service, and click OK.
    A success message is displayed indicating the agent service is unlocked. The agent service now can be stopped or disabled.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Jubin Thomas on Jul 18, 2017
bmc_client_management_agent_service agent_service lock_agent_service unlock_agent_service lock unlock

Comments

Log in or register to comment.

Configuring mobile device management
Customizing the end-user dialogs to provide a personalized experience
© Copyright 2013 - 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.