2 Replies Latest reply on Jul 19, 2010 12:02 PM by David Lipsham

    Mapping BL users to windows domain accounts ....

      Hi guys,

      just wanted to clarify something .......


      When using "user mapping" in the agent config files on a windows server.


      in users file.


      BLAdmins:dlipsham  rw,map=Administrator

      ..... does the user being mapped to have to be a local user on the target server ?

      From what I read it does, unless it's a DC apon which the users are domain users.

      Just wanted to clarify, and see why I couldn't for example use a domain account that was a membe rof local group admins.


      It seems standard for people to use map=Administrator ( for windows ) and map=root ( for unix ).

      Are there any people out there who have sucessfully used other users.

      I guess it will work as long as the local user being mapped to has authority to execute the task Blade Logic is requesting.


      This leads me on to automation priciples.

      It appears as though you can create an automation principle that contains credentials for a domain account.

      If you then associate that automation principle to a particular role essentially any user with that role will run the job / command with the user defined in the automation principle?


      Any thoughts or ideas appreciated.



        • 1. Re: Mapping BL users to windows domain accounts ....
          Bill Robinson

          Typically it's a local account admin.  Doesn't have to be an administrator, it could be a normal user.  But then your Bladelogic executed task may not be able to do anything.  by the time the execution gets to the target system, Bladelogic should have restricted access enough that it's ok that whatever is running runs w/ admin privs even if the originating user would not be granted full admin rights on the box. 


          Automation principal will allow you to map to domain users instead of local accounts, but the same admin/normal issue applies.  And it's role based, so right, any Bladelogic user in that role will run jobs as that user in the automation principal.

          • 2. Re: Mapping BL users to windows domain accounts ....

            Thanks again for your quick confirmation Bill.

            I'll leave the question unanswered until the morning just in case any other people want to add their experiences.