Add-SCOMRunAsAccount
Adds a Run As account to a management group.
Add-SCOMRunAsAccount
[-Windows]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-CommunityString]
[-Name] <String>
[-Description <String>]
[-String] <SecureString>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-Basic]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-Digest]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-Simple]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-ActionAccount]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-Binary]
[-Name] <String>
[-Description <String>]
[-Path] <String>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SnmpV3]
[-Name] <String>
[-Description <String>]
[-UserName] <String>
[-AuthProtocolAndKey <PSCredential>]
[-PrivacyProtocolAndKey <PSCredential>]
[-Context <String>]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMonitoring]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-Sudo]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-Su]
-SuPassword <SecureString>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-Sudo]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-RunAsCredential] <PSCredential>
[-Privileged]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-Path] <String>
[-UserName] <String>
[-Passphrase <SecureString>]
[-Su]
-SuPassword <SecureString>
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-Path] <String>
[-UserName] <String>
[-Passphrase <SecureString>]
[-Sudo]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-SCOMRunAsAccount
[-SCXMaintenance]
[-Name] <String>
[-Description <String>]
[-Path] <String>
[-UserName] <String>
[-Passphrase <SecureString>]
[-Privileged]
[-SCSession <Connection[]>]
[-ComputerName <String[]>]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]The Add-SCOMRunAsAccount cmdlet adds a Run As account to a management group. A Run As account enables users to specify the necessary permissions for use with rules, tasks, monitors, and discoveries targeted to specific computers on an as-needed basis.
System Center - Operations Manager distributes the Run As account credentials to either all agent-managed computers (the less secure option) or only to computers that you specify (the more secure option). By default, all new accounts have the more secure distribution option. To modify the account distribution policy, use the Set-SCOMRunAsDistribution cmdlet.
PS C:\>Add-SCOMRunAsAccount -Windows -Name "Contoso.Windows -Description "Account used for monitoring the Contoso domain" -RunAsCredential (Get-Credential)This command adds a Run As account that uses Windows authentication.
PS C:\>$CommunityString = Read-Host -AsSecureString
PS C:\> Add-SCOMRunAsAccount -CommunityString -Name "Contoso.CommStr" -String $CommunityStringThis example adds a Run As account that uses Community String authentication.
The first command prompts the user to enter the community string for the account and stores the input as a secure string in the variable named $CommunityString.
The second account creates the account and specifies the string stored in $CommunityString as the community string for the account.
PS C:\>Add-SCOMRunAsAccount -Basic -Name "Contoso.Basic" -RunAsCredential (Get-Credential)This command adds a Run As account that uses basic web authentication.
PS C:\>Add-SCOMRunAsAccount -Simple -Name "Contoso.Simple" -RunAsCredential (Get-Credential)This command adds a Run As account that uses simple authentication.
PS C:\>Add-SCOMRunAsAccount -Digest -Name "Contoso.Digest" -RunAsCredential (Get-Credential)This command adds a Run As account that uses standard digest web authentication.
PS C:\>Add-SCOMRunAsAccount -Binary -Name "Contoso.Binary" -Path "C:\accountfile.bin"This command adds a Run As account that uses binary authentication.
PS C:\>Add-SCOMRunAsAccount -ActionAccount -Name "Contoso.Action" -RunAsCredential (Get-Credential)This command adds an action account.
PS C:\>Add-SCOMRunAsAccount -Snmpv3 -Name "Contoso.Snmp1" -UserName "snmpuser"This command adds an SNMP version 3 account that has no context, authentication protocol, or privacy protocol.
PS C:\>$Auth = Get-Credential
PS C:\>$Privacy = Get-Credential
PS C:\>Add-SCOMRunAsAccount -Snmpv3 -Name "Contoso.Snmp2" -UserName "snmpuser" -Context "snmp context" -AuthProtocolAndKey $Auth -PrivacyProtocolAndKey $PrivacyThis example adds an SNMP version 3 account that specifies context, authentication protocol, and privacy protocol.
The first command gets the SNMP version 3 privacy protocol and key for the account and assigns them to the variable named $Auth.
The second command gets the SNMP version 3 privacy protocol and key for the account and assigns them to the variable named $Privacy.
The third command creates the account, uses the credentials stored in $Auth for the authoring protocol and key, and uses the credentials stored in $Privacy for the privacy protocol and key.
PS C:\>Add-SCOMRunAsAccount -SCXMonitoring -Name "Contoso.SCXMon" -RunAsCredential (Get-Credential) -SudoThis command adds an SCX monitoring account that uses sudo elevation.
PS C:\>$Passphrase = Read-Host -AsSecureString
PS C:\> Add-SCOMRunAsAccount -SCXMaintenance -Name "Contoso.SCXMainSSH" -UserName "scxuser" -Path "C:\sshkey.ppk" -Passphrase $Passphrase -PrivilegedThis example adds an SCX maintenance account that has privileged access and uses a passphrase-protected SSH key.
The first command prompts the user to enter the passphrase and stores the passphrase as a secure string in the variable named $Passphrase.
The second command creates the account by using the passphrase stored in $Passphrase.
PS C:\>Add-SCOMRunAsAccount -SCXMaintenance -Name "Contoso.SCXMainUserName" -RunAsCredential (Get-Credential) -SudoThis command adds an SCX maintenance account that does not have privileged access by specifying a user name and password and sudo elevation.
PS C:\>$SuPassword = Read-Host -AsSecureString
PS C:\> Add-SCOMRunAsAccount -SCXMaintenance -Name "Contoso.SCXMainUserName" -RunAsCredential (Get-Credential) -Su -SuPassword $SuPasswordThis example adds an SCX maintenance account that does not have privileged access by specifying a user name and password and a superuser account for elevation.
The first command prompts the user to enter the password, converts the user input to a secure string, and stores the password in the $SuPassword variable.
The second command creates the account by specifying the password that is stored in $SuPassword as the superuser password.
Indicates that the account is an action account. An action account specifies credentials that the MonitoringHost management process uses to perform monitoring activities.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies a PSCredential object that includes the Simple Network Management Protocol (SNMP) authentication protocol and key. To obtain a PSCredential object, use the Get-Credential cmdlet.
If this parameter appears, the cmdlet must also specify the UserName and Passphrase parameters. Specify the protocol name MD5 or SHA for the Username parameter and the key for the Passphrase parameter.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the Run As account is a Basic Authentication account, which uses basic web authentication.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the Run As account is a Binary Authentication account, which uses authentication that the user defines.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the Run As account is a Community String account, which uses community string authentication in Simple Network Management Protocol (SNMP) version 2.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies an array of names of computers. The cmdlet establishes temporary connections with management groups for these computers. You can use NetBIOS names, IP addresses, or fully qualified domain names (FQDNs). To specify the local computer, type the computer name, localhost, or a dot (.).
The System Center Data Access service must be started on the computer. If you do not specify a computer, the cmdlet uses the computer for the current management group connection.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the SNMP version 3 context.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the user account under which the management group connection runs.
Specify a PSCredential object, such as one that the Get-Credential cmdlet returns, for this parameter.
For more information about credential objects, type Get-Help Get-Credential.
If you specify a computer in the ComputerName parameter, use an account that has access to that computer. The default is the current user.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the account description. If this parameter does not appear, the default is the display name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the Run As account is a Digest Authentication account, which uses standard digest web authentication.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the account name.
| Type: | String |
| Aliases: | DisplayName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the Secure Shell (SSH) key passphrase for cross-platform maintenance accounts.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the path to the binary data file or SSH key.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies a PSCredential object that stores the SNMP privacy protocol and key. To obtain a PSCredential object, use the Get-Credential cmdlet.
If you specify this parameter appears, you must also specify the UserName and Passphrase parameters. Specify the protocol name AES or DES for the Username parameter, and the key for the Passphrase parameter.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the cross-platform maintenance account has privileged access.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the credential for the Run As account.
| Type: | PSCredential |
| Aliases: | User |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies an array of Connection objects. To get Connection objects, use the Get-SCOMManagementGroupConnection cmdlet.
If this parameter is not specified, the cmdlet uses the active persistent connection to a management group.
Use the SCSession parameter to specify a different persistent connection.
You can create a temporary connection to a management group by using the ComputerName and Credential parameters.
For more information, type Get-Help about_OpsMgr_Connections.
| Type: | Connection[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Indicates that the account is a cross-platform maintenance Run As account.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the Run As account is a Basic Authentication account, which uses basic web authentication.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the account is a Simple Authentication Run As account.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the account is an SNMP version 3 Run As account.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the account community string.
| Type: | SecureString |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the cross-platform maintenance account uses superuser elevation to perform privileged actions.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Indicates that the cross-platform account uses sudo elevation to perform privileged actions. The sudo program enables users to run programs that have the security permissions of another user account.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the superuser password for a cross-platform maintenance account.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the user name for the account. This parameter is valid only for SNMP version 3 and cross-platform maintenance accounts. Otherwise, use the RunAsCredential parameter.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Indicates that the account is a Run As account for Windows, which uses Windows credentials for authentication. This is the default account type if the cmdlet does not specify a different type.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |