When using the PATROL Console to configure or manage the PATROL KM for Microsoft Windows OS, verify that the console connection account, the account that you use to connect to the agent, meets the following requirements:
If the console connection account does not meet these requirements, the features described in the following table are not available
The following table lists the features that are require local admin rights:
KM | Functionality | Menu command | Behavior |
---|---|---|---|
PATROL KM for Microsoft Active Directory | Running the AD Operations report | AD Operations Report | System Output details the need for a sufficient connection account. One can grant read/write permission to the connection account to %PATROL_HOME%\Patrol\tmp for this to work or add the connecting user to the Server Operators group on the agent computer. |
PATROL KM for Microsoft Cluster Server | Deleting account information | Delete Access Information | Message is displayed with failure to remove account information. |
PATROL KM for Windows Domain Services | Running an availability report with the Remote Servers KM | Availability Report | A blank report is displayed. This report uses Agent history data. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure |
Running a Server Information report with the Remote Servers KM | Server Information Report | A blank report is displayed. Give full access to the %PATROL_HOME%\tmp directory structure to the connecting account. | |
Displaying information about a user using the Users KM | Display User Information | A blank report is displayed. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure | |
Stopping or Starting the WINS service | Start/Stop WINS Service | A message is displayed detailing the inability to access the resource. Add the connecting account to the built-in Administrators group on the Agent computer. | |
Starting or stopping the DFS service | Start/Stop DFS Service | Message is displayed indicating inability to access service. Add the connecting account to the built-in Administrators group on the Agent computer. | |
Running the DFS Operations report | DFS Operations Report | Report is blank. Give the connecting account full access to the %PATROL_HOME%\tmp directory structure, or add the account to the Server Operators group on the Agent computer. | |
PATROL KM for Windows Domain Services, continued | Starting or stopping the DFS Replica service | Start/Stop Replica DFS Service | Message is displayed indicating inability to access service. Add the connecting account to the built-in Administrators group on the Agent computer. |
Disconnecting DFS users | View/Disc. Connected Users | Users are not disconnected. Add the PATROL Agent default account to the Account Operators, Print Operators or Server Operators built-in group. | |
Compressing the DHCP database | Compress DHCP Database | Message is displayed indicating inability to access database. Add the connecting account to the built-in Administrators group on the Agent computer. | |
Starting or stopping the DHCP service | Start/Stop DHCP Service | Message is displayed indicating inability to access service. Add the connecting account to the built-in Administrators group on the Agent computer. | |
Stopping or Starting the DNS service | Start/Stop DNS Server Service | A message is displayed detailing the inability to access the resource. Add the connecting account to the built-in Administrators group. | |
PATROL KM for COM+ | Starting or Stopping the DTC | Start/Stop DTC Service | Access Denied message is displayed. Add the connecting account to the built-in Administrators group on the Agent computer. |
Viewing application properties | View application properties | An unable to view message is displayed. Add the connecting account to the built-in Administrators group. | |
PATROL KM for MSMQ | Starting or stopping the MSMQ service | Start/Stop MSMQ Service | Access Denied message is displayed. Add the connecting account to the built-in Administrators group on the Agent computer. |
PATROL KM for Microsoft Windows OS | Configuring Blue Screen KM (NT_BSK) system recovery actions | Set System Recovery Actions | A pop-up window displays a message stating that the connecting user must have administrator privileges. |
Configuring Blue Screen monitoring (NT_BSK) | Configure BlueScreen Monitoring | You can use the three options provided to configure the KM. The KM looks for the crash dump file as well as the event (ID 6008). | |
Configuring Windows operating system quotas | Configure Operating System Quotas | The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent computer. For more information, see Supplying an impersonation account. | |
Managing Windows services, such as starting and stopping services or changing service startup properties | Manage Windows Operating System Services | The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent computer. For more information, see Supplying an impersonation account. | |
Viewing the Windows security event log | Windows Event Viewer | You can view event logs, other than the security event log, but you cannot change properties. Add the right Manage Auditing And Security Log to the agent account and the console connection account. | |
Managing Windows event logs | Windows Event Viewer | The KM prompts you to supply an administrative account that includes the user right Log on as batch job on the PATROL Agent computer. For more information, see Supplying an impersonation account |
On Windows 2000, the user right, Act as part of the operating system is also required by the PATROL Agent when it impersonates an account. That is, when it uses an account that you enter to perform the requested action. If the agent default account has this right and it has the user right Log on as batch job, but PATROL still cannot perform the request, you may need to also assign the user right Bypass traverse checking to the PATROL Agent default account.