[ Contents ] [ Index ]

Windows - Creating System Users and Passwords

Administrator (User) Security Levels and Guidelines

SANscape administrative functions require access logins and passwords to prevent the possibility of one administrator reallocating or removing storage resources belonging to other clients and hosts without authorization. You assign separate passwords for the three levels of security for the SANscape program. You do this by setting up three users on the agents that have storage devices that are managed by SANscape.

The SANscape security levels must have these exact names:

ssmon

Represents the monitoring level of the software.

ssadmin

Represents the administration level of the software and provides access to the Rebuild, Parity Check, and Schedule Parity Check functions, as well as monitoring.

ssconfig

Represents the configuration level of the software and gives the installer direct access to the configuration functions and all other related aspects of the program.

These names are required for the three security levels. After installation, you must assign a password to each security name.

ssmon, ssadmin, and ssconfig are logins that correspond only to security levels within SANscape.

SANscape can be set up so that monitoring does not require users to type the ssmon password. This is done by selecting the Auto Discovery option when the servers are added to the Managed Servers List at the SANscape Console. You can set up these three logins and passwords locally on each server. (The accounts can have different passwords on each server, if desired.)

Once you have set up these three logins on the agents to be managed, the system administrator the typically provides user access to SANscape by assigning employees appropriate passwords, which are based on the level of security required to complete tasks. For example, everyone who has administration privileges on a particular server would be assigned the same password that was established for the user ssadmin.

NOTE: To add servers to the Managed Servers List, refer to Adding a Server.

Global Passwords on Multiple Servers

If you have a large network and do not want to set up logins individually, and it is acceptable to have the same passwords on multiple servers, you can establish the three logins on a domain server under Windows. As a result, all other servers within the Windows domain have access to the three logins with their respective passwords.

Creating Windows NT Users

  1. Add users with the NT User Manager program.
  2. Select Policies and then User Rights. Be sure to:

    • Select Show Advanced User Rights.
    • Give the NT User Administrator the rights to Act as a part of the operating system.
    • Under User Properties, select User Cannot Change Password and Password Never Expires.


  3. If you plan to set up the user names on a domain server so that multiple server setups are not required, be sure that the servers you want to manage belong to the domain where you have established the SANscape user account.
  4. Refer to your NT documentation for more information.

Creating Windows 2000 Users

  1. Under Settings > Control Panel > Administrative Tools > Computer Management > System Tools > Local Users and Groups, select Users.
  2. Right-click the Users folder and select New User to add the three users ssmon, ssconfig, and ssadmin.

  3. Add one of the users under User name. Provide a description if desired under Description.
  4. Type a password and if desired, select User cannot change password and Password never expires.

[ Contents ] [ Index ]