Security for Manual Agent Deployment in Operations Manager 2007

There may be times when you need to manually install agents. The following sections describe several security-related aspects of manual agent installation to consider before manually installing agents.

Manual Agent Install Setting

This setting causes Management Servers to accept or reject any agents that are manually installed. This setting gives you greater control over your Operations Manager 2007 environment by allowing you to determine when manually installed agents are allowed to communicate with the Management Server. Before manually installing agents, you must first clear the Reject new manual agent installations option. For more information, see How to Configure Security for Manual Agent Installs Setting for an Operations Manager 2007 Management Group

Installation Account

To install an agent manually, you must be logged on to the target computer as a local administrator. For more information about how to manually install agents, see How to Deploy the Operations Manager 2007 Agent for Agent-Management of Computers.

Management Server Port

This setting defines which port the agent will use to initiate communications with the Management Server. The default setting is 5723 on new installations. For more information, see Using Operations Manager 2007 with Firewalls.

Agent Action Account

This account is used to gather information about, and run responses on, the managed computer. For more information about this account, see Operations Manager 2007 Accounts.

Using Management Group Information from Active Directory

This setting causes the Operations Manager agent to query Active Directory for the list of Management Groups for which this agent will participate in monitoring. For more information, see How to Use Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Servers

Accepting the Agent Installation

In the Operations Manager 2007 Administrator console, you can reject or review new manual agent installations. If you select to review new manual agent installations, you are presented with the option to auto-approve the new manual install of the agent. If you elect not to auto-approve the install, the newly installed agent will appear in the Pending Actions folder. You must right-click the managed computer and click Accept for Operations Manager 2007 to begin managing the computer. This adds another level of security to this process, giving you more control over manually installed agents.

Changing Settings on Agents Beyond a Firewall

Agent settings on an agent that is either outside a firewall or in a non-trusted domain or workgroup must be changed manually. The change must be done individually for each agent. For more information, see How to Use the Health Service Lockdown Tool in Operations Manager 2007 and How to Change the Primary Management Server for an Operations Manager 2007 Agent-Managed Computer

See Also

Tasks

How to Change the Primary Management Server for an Operations Manager 2007 Agent-Managed Computer
How to Configure Security for Manual Agent Installs Setting for an Operations Manager 2007 Management Group
How to Override the Manual Agent Installs Setting for an Operations Manager 2007 Management Server
How to Use Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Servers
How to Use the Health Service Lockdown Tool in Operations Manager 2007

Concepts

How to Deploy the Operations Manager 2007 Agent for Agent-Management of Computers
Operations Manager 2007 Accounts
Using Operations Manager 2007 with Firewalls

Other Resources

About Security in Operations Manager 2007
Security Considerations in Operations Manager 2007

Did you find this information useful? Please send your suggestions and comments about the documentation.