Adding Local Windows Servers

If you have Windows servers with local users and groups, you can add those servers to EmpowerID as managed account stores. This allows you to inventory local users and groups and manage those objects from EmpowerID, providing you with automated role-based access control, delegated permissions administration, and provisioning policy capabilities with a full audit trail of any actions involving those objects.

EmpowerID uses WinNT directory entry calls to get the objects on local Windows servers and WMI to get the group membership. As WMI is used, the Remote Procedure Call (RPC) Service on the local server must be enabled. For information on configuring WMI, see Configuring WMl and Using the EmpowerID Connectivity Tester. You should ensure WMI is configured correctly before proceeding to add your local Windows servers to EmpowerID.

To create a Local Windows Users account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.

     

  3. Under System Types, search for Local Windows Users.

  4. Click Local Windows Users to select the type and then click Submit.

     

  5. On the Local Windows Server Settings page, fill in the following information:

    • Name — Enter a name for the account store.

    • Display Name — Enter a display name for the account store.

    • Fully Qualified Name — Enter a display name for the account store.

    • Computer is Member of Domain — Select this option if your server belongs to a domain that is already inventoried in EmpowerID. If selected, EmpowerID links the computer to an already-inventoried domain computer. If this option is left cleared, EmpowerID creates a new computer object for the server.

    • Is Remote (Requires Cloud Gateway) — This setting appears for account stores with local directories, such as Active Directory, LDAP, SAP, local Windows servers, etc. When enabled, this tells EmpowerID to use the Cloud Gateway Connection for that account store. This option requires the Cloud Gateway Connection to be installed on an on-premise machine. For installation information, please see Installing the EmpowerID Cloud Gateway Client.

  6. When ready, click Submit.

     

  7. If you selected Is Remote (Requires Cloud Gateway), search for and select one or more cloud gateway servers and then click Submit. You will not see this screen if you did not select Is Remote (Requires Cloud Gateway).

     

  8. EmpowerID creates the account store and the associated resource system. The next step is to configure the account store settings.

To configure account store settings

  1. From the Account Stores tab of the Account Stores and Systems page, search for the account store you just created and click the Account Store link for it.

     

  2. On the Account Store Details page, click the pencil icon to put the account store in edit mode.


    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Windows server as well as how you want EmpowerID to handle the user information it discovers there during inventory. Settings that can be edited are described in the table below the image.


  3. Edit the account store as needed and then click Save to save your changes.

    Now that everything is configured, you can enable the Account Inbox Permanent Workflow and monitor inventory. Be sure inventory is enabled on the account store settings page.