.. .. .. .. ..
.. .. . HP TopTools Security Understanding and configuring aspects of TopTools security Preface This paper presumes a general understanding of Microsoft Windows security administration. It is intended to help TopTools users better understand the TopTools security model, and to help advanced users in customizing a TopTools installation to meet specific needs. Most users will not need to modify the default settings that are provided by the TopTools setup wizard.
. Users: users that are allowed “read-only” access to TopTools and to managed devices. Assignment of these user roles is done via Windows group membership, as detailed in Table 1, below: Windows group TopTools user role \Administrators Administrator \TopTools Admins Administrator \TopTools Operators \TopTools Operator User Note that starting with HP TopTools version 5.
.. .. . In addition to any local logon rights that are necessary for the remote access account and the local service account, the setup wizard and SetTTPassword will also grant the “Log on as a service” right to the remote access account on the domain controller, if the remote access account is a domain account. This logon right is necessary to temporarily run a service on a managed device as part of the agent deployment process.
the account that TopTools uses must be a local administrator on the managed device to which an agent is deployed. WMI, which is used both in Discovery and in displaying Windows 2000 Properties pages, is less stringent since all that is required is that the remote access account have WMI read access on managed devices.
.. .. . Making changes after installation After TopTools has been installed, it is possible to change the password and optionally the account name that TopTools uses, either for the remote access account or for the local service account, using the SetTTPassword command-line utility. The syntax for this command is: SetTTPassword {-r|-s} password ["domain\account name"] -r = the account TopTools will use for remote access, e.g. "toptools admin" -s = the account TopTools will use for local services, e.g.
4. Reboot the computer. On restart, the file system will be converted to NTFS. If you convert a partition that is not the active boot partition, then you will not have to restart the computer. Converting to NTFS after TopTools installation is not supported. User role functionality will not work unless the file system is NTFS when TopTools is installed.
