The following table identifies the security principals, sets of rights and privileges and the computers on which the rights and privileges must be granted for Novell Storage Manager for Active Directory to function properly.
|
Right/Privilege |
Applies to |
Security Principle |
|---|---|---|
|
"Access this computer from the network" [SeNetworkLogonRight] |
All systems hosting folder shares that are to be managed by the product; all domain controllers in all managed domains; all systems on which the Engine, Agent or Event Monitor components are installed. |
"ProxyRights" |
|
"Create a token object" [SeCreateTokenPrivilege],"Impersonate a client after authentication"[SeImpersonatePrivilege],"Act as part of the operating system"[SeTcbPrivilege] |
All systems on which the Engine, Agent or Event Monitor components are installed. |
"ProxyRights" |
|
"Back up files and directories"[SeBackupPrivilege],"Bypass traverse checking"[SeChangeNotifyPrivilege],"Manage auditing and security log"[SeSecurityPrivilege],"Restore files and directories"[SeRestorePrivilege],"Take ownership of files or other objects"[SeTakeOwnershipPrivilege] |
All systems hosting folder shares that are to be managed by the product; all domain controllers in all managed domains; all systems on which the Engine, Agent or Event Monitor components are installed. |
"ProxyRights" |
|
"Create symbolic links"[SeCreateSymbolicLinkPrivilege]Only on Vista / Win2K8 & newer. |
All systems hosting folder shares that are to be managed by the product; all domain controllers in all managed domains; all systems on which the Engine, Agent or Event Monitor components are installed. |
"ProxyRights" |
|
"Log on as a batch job"[SeBatchLogonRight] |
The system on which the Engine component is installed. |
The administrative user whose credentials are used to log in to the Setup Wizard during configuration of the NSM Engine. By default, the build-in NSMAdministrators group is granted this right on all domain controllers and member servers. |
|
"Log on as a batch job"[SeBatchLogonRight] |
The system on which the Engine component is installed. |
"Admins", File / Storage Reporting Users |
As indicated in the table above, installing any of the product components grants the appropriate rights and privileges on the server on which the component is installed. However, in certain situations, the security changes that are configured automatically during the installation process are not sufficient to meet all of the security requirements needed to monitor events and manage storage across an entire domain or multiple domains.