2 Replies Latest reply on Oct 21, 2015 8:20 PM by Avikal Jain

    Enable BSA Repeaters to authenticate via Automation Principal.

    Avikal Jain

      Hello everyone,


      I am planning to raise an idea/rfe so that BSA Repeaters have functionality to authenticate to target server when AP's are used and would like to get your feedback before I do so.


      There has always been a reservation against creation of a local admin accounts or use existing local admin accounts due to the various security policies in place (at least in my current and previous organizations), the situation complicates further when local admin account is part of a policy such as "Deny Logon as a Batch". I know that it is clearly mentioned in the documents that for an agent to function properly via User Privileged Mapping, the mapped account should not be part of Deny logon as batch policy. Consider if for some reason we cannot amend this policy and if we decide to use AP, we have to keep AP's limitations in mind, especially the one which mentions that repeaters cannot be used when roles are mapped to an AP. Well point taken, however what to do when we have to patch the servers across the globe.


      Do you guys think this requirement of providing capability of using an AP in conjunction with repeater deserves to be looked by BMC via an idea or rfe? or does anyone know if this is already in pipeline and might be a new feature in upcoming versions (we are running 8.6 and this is not included in v8.7 which was released last month)

      My current organizations view is that there is a clear gap in capability with the product which should really inherently support the federated architecture with repeaters.

      Please let me know your feedback from the past experiences and also if this deserves to be submitted to BMC as an idea or rfe (I am currently bound to raise an idea/RFE for this, but your comments will form the baseline for it :-) ).


      Avikal Jain