The user ID and password used for Data Scoping rule evaluation when using the Management Command Center varies.
Enter the domain account in the form “Domain1\User1” in the Management Command Center SignOn dialog, regardless of where the Management Command Center is running.
The domain of the computer where the MDB resides must be the same domain or trust the domain of the domain account used for authentication. For example, if you enter Domain1\User1 in the Management Command Center signon dialog, the computer that contains MDB must be logged into Domain1 or DomainX, where DomainX trusts Domain1. If not, the authentication fails when Data Scoping is active and Data Scoping rules are not evaluated. If you enter the account in the form “User1,” then it is considered a local user account defined to the computer where Management Command Center is running.
The domain user must be a member of the TNDUsers group, either directly or indirectly through a domain group. Data Scoping rule evaluation occurs as described for local computers in Data Scoping Rule Evaluation Using Windows Domain Groups. A local user is authenticated as described for local computers in Data Scoping Rule Evaluation Using Windows Local Groups.
Note: You should use the TNDUsers group for any Windows user ID that is authenticated using Management Command Center remotely.
Management Command Center running on a UNIX/Linux client can use Windows domain accounts to authenticate when Data Scoping is active because all Data Scoping rule evaluation occurs on the Windows computer that contains the MDB.
When Data Scoping is deactivated, you can use any domain account that is authenticated.
|
Copyright © 2010 CA.
All rights reserved.
|
|