The local groups created by Microsoft® Operations Manager (MOM) are used to manage access to MOM features. The following table lists these groups and describes how they are used.
| Group | Description |
|---|---|
| MOM Administrators | Members of this group have full access to the entire MOM feature set and MOM consoles. They can view and change settings in the MOM Operator console and MOM Administrator console. Members can also view and change settings for all nodes (Operations, Management Packs, Administrator.) |
| MOM Authors | Members of this group have full access to the Operator console and have limited access to nodes in the Administrator console. They can view and change settings for the following nodes: Operations and Management Packs. |
| MOM Users | Members of this group can view and modify settings in the Operator console and in the Operations node of the Administrator console. |
| SC DW DTS | Members of this group can transfer operations data from the MOM Database to the MOM Reporting Database, and modify information in the MOM Reporting Database. The Data Transformation Services (DTS) account is added to this group when MOM Reporting is installed. If you change the account used for the DTS, you must add the new account to this group. |
| SC DW Reader | Members of this group can view information in the Reporting database. |
| MOM Service | Intended solely for use by MOM services and processes. The DAS account is added to this group when the MOM-to-MOM Product Connector is installed. Do not add individuals to this group. |
The type of installation that you choose determines which of the local groups described in the preceding table are created. The MOM setup program creates only the groups that are required for the MOM components that you install on a computer. The following table lists the different types of installation, and the groups that are created by each one.
| Installation type | Local groups created |
|---|---|
| MOM user interface only installation | None |
| MOM Management Server only installation |
|
| MOM Database Server only installation | SC DW DTS |
| MOM Reporting only installation |
|
| MOM agent only installation | None |
MOM uses several user accounts to run the MOM services and processes. The following table lists these accounts and describes how they are used.
| Account | Description |
| Data Access Service (DAS) | The DAS component runs on the Management Server and accesses and updates data in the MOM Database. If the Management Server and MOM database are installed on different computers, the account used for the DAS can be a domain user account. If the Management Server and MOM Database are installed on the same computer, the DAS account can be the LocalService account. Lastly, the DAS account must have “db_owner” access to the MOM database on the MOM Database Server, and be added to the Microsoft® SQL Server™ Security Login with 'Permit' server access. |
| MOM to MOM Product Connector (MMPC) | The MMPC runs as a Microsoft Windows NT® service on the Management Server and uses DAS to access the database on the source management group and the Internet Information Services (IIS) Web service on destination management. The MMPC account should be a member of the MOM Service Windows NT group on both the source and destination management groups. By default, MMPC uses the same account specified during setup for DAS, but the user can change it. |
| Management Server’s Action Account | The Management Server’s Action account is used to gather information about, and run responses on, the Management Server and can be used for installing and uninstalling agents on remote computers and updating settings on agents. |
| Agent’s Action Account | The agent’s Action account is used to gather information about, and run responses on, the managed computer. You can use an account with low permissions for both the agent and the Management Server Action accounts. |
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com.