Global Settings Properties: Security

Configure security settings for the entire management group.

This tab contains the following options:

Mutual authentication required
Mutual authentication requires the MOM Management Server and the agent to authenticate each other using the Kerberos V5 protocol before they can communicate. This setting is applied to the management group, and cannot be overridden on the Management Server or agent. If you select this option, MOM SP1 agents cannot authenticate with the Management Servers and the Block MOM 2000 and MOM 2000 SP1 agents from connecting to the Management Serversetting is automatically enabled. You must have an Active Directory┬« trust relationship between the Management Server domain and the agent domain.

Mutual authentication prevents a malicious attacker from posing as a Management Server or an agent, as well as communicating with, and performing actions on, the other computer. This setting is enabled by default if you are running Active Directory in your network.

Note  Note   

If you are upgrading to MOM 2005, this setting is disabled by default. If you are installing MOM 2005 for the first time, this setting is enabled by default.

Block MOM 2000 and MOM 2000 SP1 agents from connecting to the Management Server
If you select this option, only MOM 2005 agents can communicate with the Management Servers in this management group. This setting is applied to the management group, and cannot be overridden on the Management Server or agent. You can use this feature even if Mutual authentication is disabled. However, this feature is always enabled if Mutual Authentication is enabled. Blocking legacy agents helps to maintain a greater security level in your MOM environment.
Note  Note   

If you are upgrading to MOM 2005, this setting is disabled by default. If you are installing MOM 2005 for the first time, this setting is enabled by default.

Disable execution of custom responses on Management Servers
Custom responses are scripts that run on the Management Server in response to specific data gathered from one or more managed computers. This setting is applied to the management group, and cannot be overridden on the Management Server.

The following types of responses are affected by this setting:

  • Script responses configured to be launched on the Management Server
  • Notification responses when a command is specified
  • Command/batch file responses configured to be executed from the Management Server

The following responses are not affected by this setting and will always be executed:

  • Any response configured to be executed locally on the managed computer
  • Notification responses that use e-mail or page notifications
  • Update state variable responses
  • SNMP trap responses