If you have Windows servers with local users and groups, you can add those servers to EmpowerID as managed account stores. This allows you to inventory local users and groups and manage those objects from EmpowerID, providing you with automated role-based access control, delegated permissions administration, and provisioning policy capabilities with a full audit trail of any actions involving those objects.
EmpowerID uses WinNT directory entry calls to get the objects on local Windows servers and WMI to get the group membership. As WMI is used, the Remote Procedure Call (RPC) Service on the local server must be enabled. For information on configuring WMI, see Configuring WMI. You should ensure WMI is configured correctly before proceeding to add your local Windows servers to EmpowerID. |
Adding Windows Local Servers to EmpowerID involves the following tasks:
Computer is Member of Domain - Select only if your server belongs to a domain that is already inventoried by EmpowerID.
Selecting this option tells EmpowerID not to create a new computer object for the server and to link it to the already-inventoried domain computer. Leaving it cleared tells EmpowerID to create a new computer object for the server so that the server is visible in EmpowerID. |
To configure the connection on the webIn the Management Console, you configured the settings in the Account Store Details, but on the web, these settings are found on the associated Resource System.
|
If the server is a member of a domain to which EmpowerID has inventoried, select Computer is Member of a Domain. This tells EmpowerID to not create a new computer object for the local users server, but to link it to the inventoried domain computer.
If the server does not belong to an inventoried domain, leave Computer is Member of a Domain deselected. This tells EmpowerID to create a new computer object for the server, which allows the server to be visible in the EmpowerID user interfaces. |
Before configuring EmpowerID to manage the account store, you should determine whether you want to apply any provisioning policies to be applied to the local users inventoried from the server. If you do, as a best practice you should create those policies before inventorying the server. For more information on provisioning policies, see Overview of Resource Entitlements. |
If you selected Computer is Member of Domain when you created the connection earlier, you will see a field for Active Directory Computer. If this is the case, click the Edit button to the right of Active Directory Computer.
If the computer does not belong to an inventoried domain, skip to step 5. |
In the Select a Computer window that appears, search for and select the appropriate domain computer and then click OK. This tells EmpowerID that the domain computer has local users and groups that need to be inventoried as well as the domain users and groups.
Please note that the selected computer must belong to an Active Directory domain that EmpowerID is already inventorying or an error will occur when you turn on inventory. For information on connecting to Active Directory, see Connecting EmpowerID to Active Directory. |
|