IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this community and its apps will no longer be available. More details available on our FAQ.
Topic
  • 2 replies
  • Latest Post - ‏2017-11-29T11:22:36Z by frisalde
frisalde
frisalde
119 Posts

Pinned topic TIM. Winlocal adapter working in agentless mode

‏2017-09-25T11:11:02Z | adapter agentless; isim; local; tim; windows; winlocal;

Dear colleagues,

until now we have been installing local agents for managing Windows Standalone server, ie Windows Local Adapters. After having a look the youtube tutorial https://www.youtube.com/watch?v=v52FPSuavJo&index=40&list=PLFip581NcL2VdLsRsQGqbzEozn2RBHDoc ,we are thinking to change our approach to agentless mode adapter.

 

Could you provide your feedback regarding the agentless mode? As far as we have had a look, there is not limitation versus the local adapter, is there?

 

Thanks in advances for your inputs.

  • frisalde
    frisalde
    119 Posts
    ACCEPTED ANSWER

    Re: TIM. Winlocal adapter working in agentless mode

    ‏2017-11-29T11:22:36Z  
    • franzw
    • ‏2017-09-26T14:00:39Z

    The limitations and consequences of remote/agentless is the same as those of any other Windows based administrative access - think PSEXEC and alike security consequences - although I am not 100% sure I believe the underlying mechanism is the same and uses the same windows protocols.

    If you can live with that it works very well - remember that your access is limited by the circumstances - i.e. if you connect with a domain account (which is normally a good idea - but not with an Domain Admin !!) then the server needs to be member of/trust the owning domain.

    I am using this on a project with servers in the thousands and beside the obvious scaling challenges it works quite well - we had to solve some problems about AD user member of local groups support that adapter also supports.

    But that is fixed in the latest adapter.

    HTH

    Regards

    Franz Wolfhagen

     

     

    Hi Franzw,

    we have realized that the standalone servers aren't member of/trust the owning domain, so it can not be remote managed.

    It could be done if the local user who run the operation could be defined in the service definion as it is done with AIX services where Administrator name and password has to be defined. I'll request an enhacement.

    Thanks for you help.

  • franzw
    franzw
    519 Posts

    Re: TIM. Winlocal adapter working in agentless mode

    ‏2017-09-26T14:00:39Z  

    The limitations and consequences of remote/agentless is the same as those of any other Windows based administrative access - think PSEXEC and alike security consequences - although I am not 100% sure I believe the underlying mechanism is the same and uses the same windows protocols.

    If you can live with that it works very well - remember that your access is limited by the circumstances - i.e. if you connect with a domain account (which is normally a good idea - but not with an Domain Admin !!) then the server needs to be member of/trust the owning domain.

    I am using this on a project with servers in the thousands and beside the obvious scaling challenges it works quite well - we had to solve some problems about AD user member of local groups support that adapter also supports.

    But that is fixed in the latest adapter.

    HTH

    Regards

    Franz Wolfhagen

     

     

  • frisalde
    frisalde
    119 Posts

    Re: TIM. Winlocal adapter working in agentless mode

    ‏2017-11-29T11:22:36Z  
    • franzw
    • ‏2017-09-26T14:00:39Z

    The limitations and consequences of remote/agentless is the same as those of any other Windows based administrative access - think PSEXEC and alike security consequences - although I am not 100% sure I believe the underlying mechanism is the same and uses the same windows protocols.

    If you can live with that it works very well - remember that your access is limited by the circumstances - i.e. if you connect with a domain account (which is normally a good idea - but not with an Domain Admin !!) then the server needs to be member of/trust the owning domain.

    I am using this on a project with servers in the thousands and beside the obvious scaling challenges it works quite well - we had to solve some problems about AD user member of local groups support that adapter also supports.

    But that is fixed in the latest adapter.

    HTH

    Regards

    Franz Wolfhagen

     

     

    Hi Franzw,

    we have realized that the standalone servers aren't member of/trust the owning domain, so it can not be remote managed.

    It could be done if the local user who run the operation could be defined in the service definion as it is done with AIX services where Administrator name and password has to be defined. I'll request an enhacement.

    Thanks for you help.