«
»

HSLockDown.exe needed to get agent working on DC’s in low privelige environments

To get Agents working on DC’s you need to run some rules under the Priveliged Monitoring Account which is LocalSystem by default.  When you deploy the agent if your default action account is localsystem this will/should work okay.  But if your action account is a low privelige account then HSLockDown.exe will disable localsystem from running responses.

The HSLockDown.exe utility is in the MOM 2007 folder on all agents (System Center Operations Manager 2007 folder) and the syntax is

HSLockdown.exe /switch MGName Group

where switch is to add, remove, list the accounts etc and MGName is the Management Group Name, and Group is the NT group you are adding or removing. 

You will see that the NT Authority\System is disallowed by default on these systems.  You need to enable is by using HSLockDown.exe with the /A (for Add) switch to enable it.  then your monitoirng should resume correctly.

About these ads

This entry was posted on July 11, 2007 at 12:26 pm and is filed under OpsMgr 2007. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: