Installation Manual

ManualsBrandsTechMikeNY ManualsComputers & AccessoriesHigh-End Virtualization Server 12-Core 128GB RAM 12TB RAID Dell PowerEdge R710 Bezel and Rails (Certified Refurbished)

341

342

343

344

345

346

347

348

349

350

Configuring Security Features 349

Disabling Local Configuration From Local RACADM

This feature disables the ability of the managed system’s user to configure the

iDRAC6 using the local RACADM or the Dell OpenManage Server

Administrator utilities.

racadm config -g cfgRacTuning -o

cfgRacTuneLocalConfigDisable 1

CAUTION: These features severely limit the ability of the local user to

configure the iDRAC6 from the local system, including performing a reset to default

of the configuration. It is recommended that you use these features with

discretion. Disable only one interface at a time to help avoid losing login

privileges altogether.

NOTE: See the white paper on Disabling Local Configuration and Remote Virtual

KVM in the DRAC on the Dell Support site at support.dell.com for more information.

Although administrators can set the local configuration options using local

RACADM commands, for security reasons they can reset them only from an

out-of-band iDRAC6 Web-based interface or command line interface.

The cfgRacTuneLocalConfigDisable option applies once the system

power-on self-test is complete and the system has booted into an operating

system environment. The operating system could be one such as Microsoft

Windows Server or Enterprise Linux operating systems that can run local

RACADM commands, or a limited-use operating system such as Microsoft

Windows Preinstallation Environment or vmlinux used to run Dell

OpenManage Deployment Toolkit local RACADM commands.

Several situations might call for administrators to disable local configuration.

For example, in a data center with multiple administrators for servers and

remote access devices, those responsible for maintaining server software

stacks may not require administrative access to remote access devices.

Similarly, technicians may have physical access to servers during routine

systems maintenance—during which they can reboot the systems and access

password-protected BIOS—but should not be able to configure remote access

devices. In such situations, remote access device administrators may want to

disable local configuration.

Administrators should keep in mind that because disabling local

configuration severely limits local configuration privileges—including the

ability to reset the iDRAC6 to its default configuration—they should only use

these options when necessary, and typically should disable only one interface

at a time to help avoid losing login privileges altogether. For example, if