What version is this ?
oh yes important one: 7.6.0 r243
agent 760 r 115
For 7.6, you need to use psexec or something like runas. You will need the password. I have not tried this myself anytime.
External commands should run at the mapped user, not BladeLogicRSCD. BladeLogicRSCD should not be in any local groups – it should be an unprivileged account.
I think you might see the processes start up as BladeLogicRSCD but it should run as the mapped account.
What is in the users and users.local for the role:user to mapped account ?
the users file looks somewhat like this:
the rscd.log shows
INFO1 rscd - 10.64.0.1 2556 BladeLogicRSCD@SC000410->admin@SC000410:PrivilegeMapped (DEV_PACKAGER:user1@DOMAIN): CM: > [Deploy] Job 'BDJ-D9S-D9S_0002-v1.1.0' is applying
but when I try to run commands that can only be run as "admin" it fails. Checking the user context with whoami shows i'm sc000410\BladeLogicRSCD