1 Reply Latest reply on Dec 15, 2014 7:13 AM by LANDnate

    User Management in LDMS 9.5/9.6 on Windows Domain

    kdavies Apprentice

      We are running an LDMS 9.5 core server on our Windows domain. I am attempting to redefine the roles for our various teams to meet our current departmental roles and responsibilities, and I have questions regarding the authentication sources that appear in the user management tool.

       

      Essentially, I see two authentication sources, the LDMS core server and our domain controller, and both sources have users and groups defined. However, the lists of users and groups defined on the two sources do not exactly match. I understand that the System account, "LANDesk Administrators" group, "LANDesk Management Suite" group, and "LANDEsk Script Writers" group would only be defined under the core server authentication source as these are groups and accounts defined only on the core server. But I do not understand why I see domain accounts and groups defined under both the core server authentication source and the domain controller authentication source. and the two lists of defined domain accounts and groups do not match between the authentication sources. As well, only the domain controller authentication source assigns roles to the defined domain accounts and groups.

       

      So, here are my questions:

       

      1. Should the core server authentication source only include the System account, "LANDesk Administrators" group, "LANDesk Management Suite" group, and "LANDesk Script Writers" group? Or should any of these entries be defined? Should the core server authentication source even exist if the server is on a domain?

       

      2. Should domain groups only be defined under the domain controller authentication source? Should the domain groups be removed from the core server authentication source completely?

       

      Thank you for your assistance.

        • 1. Re: User Management in LDMS 9.5/9.6 on Windows Domain
          SupportEmployee

          kdavies,

           

          1. Yes, those local groups on the core need to exist.  If the users that need to use a remote console do not have access to these groups then they will not be allowed to login.  So you should see domain users and/or groups in there.  You can define their rights, but it isn't necessary if you would rather do it from the domain source.

           

          2.  This comes down to preference. Some manage it that way, while others manage it through adding their domain users and groups to the local groups on the core. 

           

          Let me know if you have any further questions.

          1 of 1 people found this helpful