Bonjour,
Je vous soumets un probleme.
J'ai un serveur CTM windows et un agent Windows en v 6.2.01.500, jusqu'a present j'utilise l'agent en local system (Log on as user =N).
On me demande qu'un traitement CTM, recopie un fichier sur un disque partagé, j'ai teste la commande de move de fichier.( J'ai un acces refuse).
J'ai essaye egalement : la commande dir du disque partagé.(j'ai un acces refuse).
Par contre quand je suis sur le serveur la commande passe bien.
Un collegue me dit qu'il faut passer la commande avec un OWNER qui a l'autorisation de voir le disque partagé.
J'ai donc créer un nouvel utilisateur (user) sur le serveur ou se trouve l'agent, j'ai mis le logon as user=Y, j'ai fait un arret/relance de l'agent, et cela ne marche toujours pas.
Faut-il faire autre chose??
Le fait de mettre l'agent a logon as user=Y, faudra-t-il modifier tous les owners des traitements qui passent en local system (c'est a dire avec un owner quelconque).
----------------------------------------------------------------------------------------
Hello,
I subject a problem to you.
I have a CTM Server under Windows and a Windows agent in v 6.2.01.500, until now I use the agent in localsystem (Log one have to use =N).
It is asked me that a treatment CTM, recopy a file on a shared disc, I have test the order to move a file. (I have accesse denied).
I have also test: the order to dir shared disc. (I have access denied).
On the other hand when I am on the Server the order run well.
A colleague says to me that it is necessary to place the order with a OWNER which has the authorization to see the shared disc.
I have thus to create a new user (to use) on the server or is the agent, I put the logon have user=Y, I made a stop/restart the agent, and that still does not go.
Should another thing be made??
The fact of putting the agent has logon have user=Y, will be necessary it to modify all the owners treatments which pass in localsystem (i.e. with an unspecified owner)
Merci d'avance.
Cordialement. Yves31
Launch treatment with user account
-
sunform2
Si ma mémoire est bonne, tu dois donner un owner à ton job.
Cet owner est le compte de domaine dont tu as besoin pour acceder au fichier (comme si tu le faisait manuelement). Mais ce compte pour se loguer à besoin d'un mot de passe.
Ce mot de passe, tu le renseigneras via l'utilitaire ctmcpt sur l'agent.
Mais je ne suis pas un spécialiste Windows, il y a certainement de meilleurs spécialistes sur le forum.
-------------------------------------------------------------------------------------
If my memory is good, you must give a owner to your job.
This owner is the domain account for which you require to reach the file (as if you did it manuelement). But this account need a password to log on.
This password, you will inform it via the utility ctmcpt about the agent.
But I am not a specialist Windows, there are certainly better specialists on the forum.
Cet owner est le compte de domaine dont tu as besoin pour acceder au fichier (comme si tu le faisait manuelement). Mais ce compte pour se loguer à besoin d'un mot de passe.
Ce mot de passe, tu le renseigneras via l'utilitaire ctmcpt sur l'agent.
Mais je ne suis pas un spécialiste Windows, il y a certainement de meilleurs spécialistes sur le forum.
-------------------------------------------------------------------------------------
If my memory is good, you must give a owner to your job.
This owner is the domain account for which you require to reach the file (as if you did it manuelement). But this account need a password to log on.
This password, you will inform it via the utility ctmcpt about the agent.
But I am not a specialist Windows, there are certainly better specialists on the forum.
Hi Yves31
There is 3 possibilities conncerning account with a Control-M Agent under Windows.
As Unix Agent, Control-M Agent under Windows need to have all rights to execute your jobs.
1- Local System Account logon as user=N, owner doesn't matter.
Setting as default configuration this solution take Administrator right on the server, but only on it and network drive having same level of access rights.
2- Domain System Account logon as user=N, owner doesn't matter.
This Account will be created in your Active Directory Architecture as an System Account with an access to all directory where if must work.
You can specify an application account but you must to be sure this account have all rights to do same sort of work on your server and shared drives.
BMC Admin Guide extraction
The administrator selected as part of This Account, must have the following permissions in the Local Security Settings window:
■ Act as part of the operating system (Windows 2000 users, only)
■ Increase quotas
■ Replace a process level token
■ Log on as a service
The service’s log on account must be a member of the Local Administrative Group.
On Windows 2000, the Act as part of operating user privilege is granted to the account.
3- logon as user=Y , owner is used, but to work you must create account with CTMPWD utility.
That solution need to record user in a docmentation in case of crash.
And if you mutiply user and need to change password you need to come back with CTMPWD to change it on each server.
My advice will be to use second solution with all correct rights, available to a Control-M Agent service and Tracker.
The last solution could be applied on a stand alone server behind a firewall for example.
There is 3 possibilities conncerning account with a Control-M Agent under Windows.
As Unix Agent, Control-M Agent under Windows need to have all rights to execute your jobs.
1- Local System Account logon as user=N, owner doesn't matter.
Setting as default configuration this solution take Administrator right on the server, but only on it and network drive having same level of access rights.
2- Domain System Account logon as user=N, owner doesn't matter.
This Account will be created in your Active Directory Architecture as an System Account with an access to all directory where if must work.
You can specify an application account but you must to be sure this account have all rights to do same sort of work on your server and shared drives.
BMC Admin Guide extraction
The administrator selected as part of This Account, must have the following permissions in the Local Security Settings window:
■ Act as part of the operating system (Windows 2000 users, only)
■ Increase quotas
■ Replace a process level token
■ Log on as a service
The service’s log on account must be a member of the Local Administrative Group.
On Windows 2000, the Act as part of operating user privilege is granted to the account.
3- logon as user=Y , owner is used, but to work you must create account with CTMPWD utility.
That solution need to record user in a docmentation in case of crash.
And if you mutiply user and need to change password you need to come back with CTMPWD to change it on each server.
My advice will be to use second solution with all correct rights, available to a Control-M Agent service and Tracker.
The last solution could be applied on a stand alone server behind a firewall for example.
You must run the agent service as a user that has the rights to the network path, and also have right on the local machine to run jobs (local admin).
Or in your scritp add a line like this:
net use X: RemotePath Password :User
(see the syntax on windows help)
so you can use the remote path as local and then at the end of the process disconnect it.
With "net use" you pass the right for that path so you can access to it without changing nothing in the agent machine.
Or in your scritp add a line like this:
net use X: RemotePath Password :User
(see the syntax on windows help)
so you can use the remote path as local and then at the end of the process disconnect it.
With "net use" you pass the right for that path so you can access to it without changing nothing in the agent machine.
-
Yves31
Bonjour et merci pour vos réponses.
Je ne veux pas utiliser le net use pour une raison de sécurité (car le mot de passe est visible).
J'ai utilisé la solution 2 de Franck mais après les tests, j'ai constaté qu'il faut mettre Logon as User=Y pour que cela marche et les traitements déjà définis avec un OWNER banalisé ne passent plus.
Avez-vous une autre idée.
Merci d'avance.
*********************************************************************
Hello and thank you for your responses.
I do not want to use the net use for a security reason (because the password is visible).
I used a solution of 2 Franck but after testing, I found it necessary to put as Logon User = Y so that it works and treatments already defined with a OWNER no longer commonplace.
Do you have another idea.
Thank you.
Je ne veux pas utiliser le net use pour une raison de sécurité (car le mot de passe est visible).
J'ai utilisé la solution 2 de Franck mais après les tests, j'ai constaté qu'il faut mettre Logon as User=Y pour que cela marche et les traitements déjà définis avec un OWNER banalisé ne passent plus.
Avez-vous une autre idée.
Merci d'avance.
*********************************************************************
Hello and thank you for your responses.
I do not want to use the net use for a security reason (because the password is visible).
I used a solution of 2 Franck but after testing, I found it necessary to put as Logon User = Y so that it works and treatments already defined with a OWNER no longer commonplace.
Do you have another idea.
Thank you.