Security for Manual Agent Deployment in Operations Manager 2007
There may be times when you need to manually install agents. The following sections describe several security-related aspects of manual agent installation to consider before manually installing agents.
Manual Agent Install Setting
This setting causes Management Servers to accept or reject any agents that are manually installed. This setting gives you greater control over your Operations Manager 2007 environment by allowing you to determine when manually installed agents are allowed to communicate with the Management Server. Before manually installing agents, you must first clear the Reject new manual agent installations option. For more information, see How to Configure Security for Manual Agent Installs Setting for an Operations Manager 2007 Management Group
Installation Account
To install an agent manually, you must be logged on to the target computer as a local administrator. For more information about how to manually install agents, see How to Deploy the Operations Manager 2007 Agent for Agent-Management of Computers.
Management Server Port
This setting defines which port the agent will use to initiate communications with the Management Server. The default setting is 5723 on new installations. For more information, see Using Operations Manager 2007 with Firewalls.
Agent Action Account
This account is used to gather information about, and run responses on, the managed computer. For more information about this account, see Operations Manager 2007 Accounts.
Using Management Group Information from Active Directory
This setting causes the Operations Manager agent to query Active Directory for the list of Management Groups for which this agent will participate in monitoring. For more information, see How to Use Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Servers
Accepting the Agent Installation
In the Operations Manager 2007 Administrator console, you can reject or review new manual agent installations. If you select to review new manual agent installations, you are presented with the option to auto-approve the new manual install of the agent. If you elect not to auto-approve the install, the newly installed agent will appear in the Pending Actions folder. You must right-click the managed computer and click Accept for Operations Manager 2007 to begin managing the computer. This adds another level of security to this process, giving you more control over manually installed agents.
Changing Settings on Agents Beyond a Firewall
Agent settings on an agent that is either outside a firewall or in a non-trusted domain or workgroup must be changed manually. The change must be done individually for each agent. For more information, see How to Use the Health Service Lockdown Tool in Operations Manager 2007 and How to Change the Primary Management Server for an Operations Manager 2007 Agent-Managed Computer
See Also
Tasks
How to Change the Primary Management Server for an Operations Manager 2007 Agent-Managed Computer
How to Configure Security for Manual Agent Installs Setting for an Operations Manager 2007 Management Group
How to Override the Manual Agent Installs Setting for an Operations Manager 2007 Management Server
How to Use Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Servers
How to Use the Health Service Lockdown Tool in Operations Manager 2007
Concepts
How to Deploy the Operations Manager 2007 Agent for Agent-Management of Computers
Operations Manager 2007 Accounts
Using Operations Manager 2007 with Firewalls
Other Resources
About Security in Operations Manager 2007
Security Considerations in Operations Manager 2007