What context does the agent run under on Domain Controllers
I am testing scripts on my Domain Controllers and they are not running. So I built a custom inventory rule that just returns "whoami". This obviously returns "nt authority\system" as expected for all non-Domain Controllers. It does not run on the domain controllers, so I do not know what context the agent runs under. A couple other custom inventory rules do run on the DC, so the agent can run some commands.
Thanks for any help.
Answers (2)
Active Directory has introduced new levels to server security management. If you would like to grant a remote administrator the rights to install software or services on a domain controller, that person would have to be a domain administrator.
Comments:
-
That makes sense. But the agent does run on Domain Controllers and does have some level of access as all the hardware/software fields are populated on the appliance. I imagine it is with the System account. I was just wanting to confirm that this context is what it is running under and if that context should have rights to run scripts. If not, is there a non domain admin user setup that will allow running scripts via the appliance through the agent. Thanks. - dimitris 11 years ago
-
You most likely installed the agent as a DA. Once installed it runs a service as system to do tasks. Due to security we do not even put the agent on any of our DC's so I can not help you with a work around, maybe someone else will give you the work around. - SMal.tmcc 11 years ago