4 Replies Latest reply on Jul 9, 2008 3:40 PM by Greg Kullberg

    export file for variable named administrator

    Alessandro Iacopetti

      currently we are deploying agents with bulk installer with a default export file like:

      • rw,user=administrator


      we are now running into a large batch of machines (several hundreds) where the local administrator has been renamed into


      so our default export is no longer useful


      renaming back "Administrator" account is considered a security violation by our customer, and creating a new admin account could not be accepted for the same reason


      any ideas to overcome such a mess?

        • 1. Re: export file for variable named administrator
          Bill Robinson

          Mapping all incoming connections to the Administrator account is not a best practice - this means anyone who connects to the agent can do things as Administrator.


          Normally, you would use the ADMIN_ACCOUNT property to handle this, setting it to "??HOST??-user001" as the default in the Property Dictionary, and then Push ACLs.


          To make this work w/ the exports file, after you run the installer (bulk agent installer?) you need to run a post install script like:

          echo " * rw,user=%COMPUTERNAME%-user001" > %SYSTEMROOT%\rsc\exports


          you may have to play w/ the double quotes - DOS does echo a little different then *nix.

          • 2. Re: export file for variable named administrator
            Alessandro Iacopetti

            I was a bit too optimistic

            infact we discovered that even the "user001" part is not fixed but variable without a fixed rule.

            the use of a domain account common to all machines could solve our problem, but the documentation clearly states that one must use a local account.

            Is it really not possible to use a domain account for the user= option of the exports file?

            • 3. Re: export file for variable named administrator
              Bill Robinson

              if the username still has the computer name in it, you can still figure it out, though you'd be using some DOS Batch scripting to do it.


              you would list the users on the system, search for the %COMPUTERNAME%, assuming that is the only user on the system w/ the hostname in the username, and then echo that into your exports file.

              • 4. Re: export file for variable named administrator

                As Bill was saying, ideally when installing an agent you don't want to provide any mapping in your exports file. I would recommend this:



                • rw



                BLAdmins:BLAdmin rw,map=-user001



                Then once you've installed the agent and added the server to Config Manager, you'll want to run the ACL Push Job as BLAdmins:BLAdmin. Is there any way to update your users.local file on each target to provide mappings to the correct local admin user?


                To answer a previous question of yours, you have to map to a local user on the remote host. Domain accounts will not work.