A Boot Server offering Share Access regularly changes the password of the user account canonprv. As canonprv refers to the same user account on all Domain Controllers inside a domain, changing the password on a Domain Controller would affect the share access of OSIM target machines to all other Boot Servers running on Domain Controllers in the same domain.
Therefore the automatic password update will be disabled when a Boot Server is installed on a Windows Domain Controller.
For security reasons the password of canonprv should be changed regularly when using share access. You can achieve this in one of two ways depending on your network environment:
Note: The policy must be updated each time you manually update canonprv's password.
Note: When using DOS-based boot images to access shares at a Windows 2003 Active Directory domain controller, digital SMB signing must be disabled.
Open the Default Domain Controller Security Settings and set ‘Local Policies/Security Options/Microsoft network server: Digitally sign communications (always)’ to ‘Disabled’.
Copyright © 2013 CA.
All rights reserved.
|
|