Skip to Content

Accounts

This section describes how to set up a PATROL installation account for Windows and Unix platforms.

Windows Environment

PATROL requires a dedicated user account, known as the PATROL default account, in the Windows environment. The PATROL default account must be created before you install PATROL. The PATROL default account can be either a local or a domain account:

  • Stand-alone workgroup servers must use a local user account as a PATROL default account.
  • Servers that are trusted members of a domain may use either a local or domain account.
  • PATROL default accounts on domain controllers must be only domain accounts.

Administrative Rights

BMC Software recommends that you make the PATROL default account a member of the local Administrators group of the computer where the agent will reside. On a domain controller, BMC Software recommends that you make the account a member of the domain Administrators group. However, you can choose to remove the PATROL default account from the Administrators group. If you do so, the PATROL Agent may not be able to perform all of its administrative tasks. For example, the PATROL Agent may not be able to run recovery actions or perform other activities that requires administrative rights on the monitored machine.

Creating a Separate Account

Although you can use an existing Windows user account, BMC Software recommends that you create a separate Windows user account for PATROL.

Error
Warning

Do not use a built-in Window s domain or local Administrator account as the PATROL default account. Such account usage causes files created by PATROL to be owned by the Administrator, which could result in security or file access problems.

Console Connection Accounts

BMC Software recommends that you create a separate account, in addition to the PATROL default account, for PATROL console operators who don't need administrative privileges. Operators can use this account to connect the console to the agent. To configure KMs from the console, however, you need to give the console connection account administrative rights.

Unix Environments

BMC Software recommends that if you require a Unix account, the account that you create must meet the following conditions:

  • The account .login, .profile, .cshrc, and .kshrc files must contain as little user customization as possible. Specifically, be sure that the account has no aliases and that no commands in these files can change the unmask setting. The recommended umask setting for the installation account is 022. In addition, verify that the prompt is set to the default.
  • Do not use the root account to install PATROL products because this may create security risks.
  • Ensure that the account has permission to create directories in the directory where you will install PATROL products.
  • Ensure that the computers on which you want to install PATROL have ftp and telnet enabled.

PATROL configuration requires permissions usually reserved for the system administrator. These permissions include access to a root account on the computer where you want to install PATROL.

BMC Software recommends that you install PATROL on local partitions, not on NFS-mounted partitions. If you do install PATROL on NFS-mounted partitions, the root account must have been granted root access permissions on the NFS server.

The account that you use to install PATROL must have permission to write the installation logs to the $HOME and /tmp directories on the computer where you are installing products.

Your PATROL product may have other restrictions with regard to the logon accounts and the default PATROL account. Check with your developers for text that more fully describes the logon and PATROL account requirements for your product. Many products require, for example, that the default PATROL account have the same rights as the third-party product that your KM monitors.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL for Event Management 2.9.00