Configuring Non-Administrative Windows Accounts - Adaptive Applications - BlueCat Gateway - 21.1

BlueCat Overlay for Microsoft
Locale
English
Product name
BlueCat Gateway
Version
21.1

Windows Permissions

The non-administrative accounts must have access to DNS and DHCP services to read service data for synchronizing with BlueCat Overlay for Microsoft. You can configure these roles based on the requirements of your organization and how you are using BlueCat Overlay for Microsoft. Non-administrative accounts can be members of the following groups:
  • Remote Management User
  • Member of DNS user group
  • Member of DHCP user group

This list of users groups is not exhaustive. You can configure user permissions using Built-In user groups or custom groups that allows the users to perform the necessary tasks.

Configuring Negotiate Authentication

Microsoft Overlay uses Negotiate Authentication as the default method of authenticating users.

  1. As an Administrator of the Windows server, navigate to Computer > Policies > Administrative Templates > Windows Components > Windows Remote Management > WinRM Service.
  2. Set the Disallow Negotiate Authentication value to Disable for WinRM Service.
  3. Click OK on all open dialogue boxes.
  4. Navigate to Server Manager > Tools > Computer Management.
  5. Expand Local Users and Groups.
  6. Expand Groups.
  7. Double-click the Remote Management Users group.
  8. Click Add.
  9. Enter the name of the user to be added to the Remote Management Users group.
  10. Click OK on all open dialogue boxes.

Configuring Windows Management Interface (WMI) namespace access for non-administrative users

  1. As an Administrator of the Windows server, navigate to Server Manager > Tools > Computer Management.
  2. Expand Services and Applications, right-click WMI Control and select Properties. A new Window opens.
  3. Click the Security tab.
  4. Select Root and click the Security button. A new window opens.
  5. Click the Advanced button. A new window opens.
  6. Click the Add button under the Permission tab. A new window opens.
  7. Click select a principal and search for the user account that caused the error.
  8. Within applies to, select this namespace and subnamespace.
  9. For the permission, check the Execute Methods, Enable Accounts, and Remote Enable fields.
  10. Click Accept on all open dialogue boxes.
  11. Restart WMI services by performing the following:
    1. As an Administrator of the Windows server, navigate to Server Manager > Tools > Computer Management.
    2. Expand Services and Applications and click Services.
    3. Navigate to and right-click Windows Management Instrumentation.
    4. Click Restart.

For a list of additional errors that might be encountered while using BlueCat Overlay for Microsoft, refer to Troubleshooting.