locked
AD MP run as RRS feed

  • Question

  • Did I miss something or is the run as account not needed and you can use local system? No mention of this in the guide. Also, how do you set the thing up, no mention in the guide of how to do this either

    Thursday, January 14, 2010 9:55 PM

Answers

  • If it helps, I have done several AD MP implementations and have never yet needed to use the AD MP runas profile.

    (when using LocalSystem agent action accounts)

    Matt
    Matt White
    ( http://systemcenterblog.hardac.co.uk/ )
    • Marked as answer by Graham Davies Saturday, January 16, 2010 10:19 AM
    Friday, January 15, 2010 4:59 PM
  • Local system works fine and is the easiest. It depends if it is acceptable for your organisation to use local system. Like Matt and Anders, I haven't encountered any push back from this. If you do use local system be aware that you might have to run HSLockdown on each domain controller once the agent is installed:
    http://thoughtsonopsmgr.blogspot.com/2009/09/hslockdown-explained.html

    As we seem to have answered your question, I'll close the thread for the moment. Please reopen if you need further assistance.

    Good Luck

    Graham

    PS With regard to the OpsMgr Latency counters - they should be created automatically if you use localsystem


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    • Marked as answer by Graham Davies Saturday, January 16, 2010 10:19 AM
    Saturday, January 16, 2010 10:19 AM

All replies

  • Hello,

    If your agent action accout is LocalSystem, then no, you don't need the AD MP RunAs profile configured.

    Now, without a system nor docs in front of me I can't be 100%, but I think you must still create the OpsMgrLatencyMonitors container and make sure that the DC computer accounts can create subcontainers and read/write the adminDescription.  In the domain partition the permissions are already present, but I think you need to configure it in others.

    Matt
    Matt White
    ( http://systemcenterblog.hardac.co.uk/ )
    Thursday, January 14, 2010 11:44 PM
  • Thanks Matt. There seems to be a differing of opinion on this so I thought I'd ask. The containers are already created so that's not the problem at the moment, just that some scripts fail (client side, even thought the client management pack wasn't implemented) and I've seen some posts about needing the run as. I don't see why a domain user would be needed instead of local system as it has the rights the management pack mentions.
    Friday, January 15, 2010 1:40 AM
  • Matt is correct and you need to create the Latency container on your own.
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    Friday, January 15, 2010 6:51 AM
  • Hi Anders,

    I'm more interested in knowing whether or not you have to use a domain user or if just using local system is sufficient. The guide doesn't say but on page 61 is a section that shows scripts and required permissions. Some are local admin the others domain user which is leading me to believe domain user is required.

    Friday, January 15, 2010 3:24 PM
  • If it helps, I have done several AD MP implementations and have never yet needed to use the AD MP runas profile.

    (when using LocalSystem agent action accounts)

    Matt
    Matt White
    ( http://systemcenterblog.hardac.co.uk/ )
    • Marked as answer by Graham Davies Saturday, January 16, 2010 10:19 AM
    Friday, January 15, 2010 4:59 PM
  • Local system works fine and is the easiest. It depends if it is acceptable for your organisation to use local system. Like Matt and Anders, I haven't encountered any push back from this. If you do use local system be aware that you might have to run HSLockdown on each domain controller once the agent is installed:
    http://thoughtsonopsmgr.blogspot.com/2009/09/hslockdown-explained.html

    As we seem to have answered your question, I'll close the thread for the moment. Please reopen if you need further assistance.

    Good Luck

    Graham

    PS With regard to the OpsMgr Latency counters - they should be created automatically if you use localsystem


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    • Marked as answer by Graham Davies Saturday, January 16, 2010 10:19 AM
    Saturday, January 16, 2010 10:19 AM