Monday, February 04, 2013 1:18 PM
I'm a novice to SCOM. We have an issue with agent installation. In SCOM there are 2 accounts mentioned as Action Account. One is Local System and another is domain user account. With the discovery wizard it's failing to install the agent and showing the domain user account instead of System account. If we add the domain user account as local system admin on new servers then the installation succeeds. So does this mean the agent installation always take the domain user account for agent installation? Also with "Profiles / Default Action Account" all other managed servers are showing Local System Action account except one server with domain user account, this makes us confused with Action Account. can someone clarify this
Thanks in Advance
Monday, February 04, 2013 2:34 PM
Pls refer to the following bog
Monday, February 04, 2013 3:42 PM
When you are pushing the SCOM agent from the console, then it uses the Scom Action Account which has to be a local admin on the agent managed server. Once the agent is installed, it will show as Local System, unless you select the "Other user Account" and discover and install the agent using that account.
If you are installing the agent manually (not from the SCOM console), then you can use Local System to install the agent manually.
Note: when you are installing agent manually, you need to change the security setting "to review manually installed agents" in the Administration Tab.
Also please check the link above by Microsoft Hopeless Guy to get a better under standing
Hope this answers your question.
Abdul Karim. (http://sites.google.com/site/scomblogs Twitter:@Abdul_SCOM)
- Marked As Answer by Laljeev Madanamma Tuesday, February 05, 2013 6:16 AM
Monday, February 04, 2013 3:47 PM
Based on the agent you trying to discover the account differs. Its all about the permission of the particular account configured for. Check whether your action account has admin access to the concern server, based on that you can choose the Action account or Specific account which have admin access.
- Proposed As Answer by Sandoss Kumar Tuesday, February 05, 2013 10:31 AM
Tuesday, February 05, 2013 6:31 AM
Thanks All for replying. So what I understood is as follows
a) While installing the agent add the Action Account to local admin group of that particular server
b) Then the service will run with Local System privilages on that server and also with Profiles / Default action account it will show Local System Action Account and as you mentioned we can change that to the other Action account
c) Now after instaling the agent we can remove the Action Account from local system Administrators group and provide only required permissions (Member of the local Users group, Member of the local Performance Users group, Allow Log On Locally)
So we can make sure that the account has only a limited set of permissions on those servers.
Please let me know whether my understanding is right.