Are you using an NSH proxy?
yes we have configured an NSH proxy now, which was not too easy as we use a Load-Balancer to connect to our Application Servers.
Due to this fact we had to configure two NSH proxys.
The first one answers with the URL of the LoadBalancer
The second one is used by the Job server for accessing the RSCD agents.
But so far everything works as expected.
We can see that the Automation principal is used for every action we trigger against a target server.
What is the communities feedback regarding this ?
As described, security denies local users as member of the local administrator group and therefore the default usage of an automation principal seems the only relieable way to us.
Do you see any issues with this approach ?
1 of 1 people found this helpful
we are working to setup this approach too for certain roles (although some roles still use the local admin account). It is also necessary if you want to install certain packages such as SQL 2005.
You do need to give the users some rights though, depending on what you want to allow. We have a job that gives the user the logon as batch privilege and also sets permissions to allow the user to access the RSCD/transactions and RSCD/tmp folders.
We have not had any problems with extended objects.