DCOM runs on a variety of network protocols and, by default, attempts to make
connections on all installed protocols. After connecting to the network, DCOM
uses Windows NT authentication to verify the necessary access rights. For example,
an administrator with the appropriate access rights can perform management
tasks on a locked pcAnywhere host from any location.
To ensure that NT authentication is used for pcAnywhere DCOM management
tasks, pcAnywhere connection items should be configured to use the same domain
or a trusted domain.
Implementing DCOM in Windows 2000/2003 Server/XP/Vista
To remotely configure and control pcAnywhere on Windows 2000/2003
Server/XP/Vista using a centralized management tool, you must meet the following
system requirements:
■
The administrator must be logged on as a domain administrator.
■
The administrator's computer and the client's computer must be in the same
domain.
Modifying DCOM settings
Symantec pcAnywhere configures DCOM during the installation process. The
default settings should be sufficient for pcAnywhere management applications
to function normally and maintain a sufficient level of security. However,
administrators can modify the default security settings in DCOM to allow or deny
access to a system.
Modifying DCOM security settings on a managed computer might require
adjustments to the DCOM settings on the administrator computer. Ensure that
all managed computers are authenticating on the same Windows NT domain or
on trusted domains.
When an administrator connection is made to a remote computer, the centralized
management software attempts to impersonate the user who is making the
connection. If the user is not logged on with administrator privileges, this
impersonation fails.
To further ensure security, callers who do not have administrator privileges cannot
perform administrator functions or have access beyond what they would normally
have when logged on to the computer directly.
To avoid connection problems because of access denied errors, run the
dcomcnfg.exe utility to check the security settings for the client. Edit the default
security and add only the domain users or administrators who are allowed to
access the host.
Performing centralized management
About the Microsoft Distributed Component Object Model (DCOM)
70
Содержание pcAnywhere
Страница 1: ...Symantec pcAnywhere Administrator s Guide ...
Страница 6: ......
Страница 10: ...Contents 10 ...
Страница 74: ...Performing centralized management About centralized logging 74 ...
Страница 102: ...Managing security in Symantec pcAnywhere Implementing policy based administration 102 ...