5 Replies Latest reply on Mar 24, 2011 5:18 PM by Bill Robinson

    Access control and audit trail

      Hi all,


      I'm currently working in a server automation 8.0 deployment. My customer has raised a quiestion on how to apply access control to operators if they need to access a Windows application that can only be managed through a Windows forms GUI.

      AFAIK, there is a custom command for windows servers called "Remote Desktop Connection", but it only opens a MSTSC console to log in to the remote servers, and then they must provide a local user account in the remote server in order to access.

      Do someone know if there is some way to achieve what I'm asked for with BLSA? Are there any workarounds to that? And finally, in case that access control must by bypassed through MSTSC, what is the best way to keep track of user actions in the remote server?


      Thanks in advance.


        • 1. Re: Access control and audit trail
          Bill Robinson

          Bbsa is really good at tracking scripted and command line interactions.  If you can only use the console bbsa can’t really help much there.


          Is this a COTS application or a custom one?  is there a command line or scripted interface?  What specifically do they need to do w/ this application?

          1 of 1 people found this helpful
          • 2. Re: Access control and audit trail

            To highlight Bill’s points, BBSA is an automation tool for automating repeatable tasks. For example, if they need to login and use a machine to use excel to enter some data, then that is not a use case for BladeLogic. But, if they need to login to a system to get a certain dataset from an application (like a data export, or version information) , then perhaps that is something that could be scripted via an API interface to that application.

            • 3. Re: Access control and audit trail

              Hi Bill, thank you for your quick answer.


              The fact is that we are facing with a 2000+ servers environment, so they are pretty sure that this cases will appear (problably both COTS and custom applications). Unfortunately, I haven't an example of a specific application.


              I've read that there are some ways to configure system logs and the audit them from BBSA. So, assuming that there is no way to control the access to a windows console application from BBSA, our choice should be to implement a rigorous tracking log on the remote server. Is that right?

              • 4. Access control and audit trail

                You can apply RBAC on custom commands so at least from BL its restricted.

                When machines are accessed then it is down to the security event log to provide audit trail and domain/user access controls for access.

                • 5. Access control and audit trail
                  Bill Robinson

                  yes - for commands that are not going through bbsa you need to rely on the OS level logging that is available to track what you want to track.