In Essentials 2007, Run As Profiles and Run As Accounts are used to select users with the privileges needed for running rules, tasks, and monitors.
Management Pack authors create a rule, task, or monitor, and then associate it with a Run As Profile. The named Run As Profile is imported along with the Management Pack into Essentials 2007.
|Tasks, rules, and monitors consist of modules that receive credentials or secured data, such as user names and passwords. An administrator must understand the functionality of the modules and use appropriate precautions when sending such data to them.|
The Essentials 2007 administrator creates a named Run As Account and specifies users and groups. The administrator then adds the Run As Account to the Run As Profile and specifies the target computers that the account should run on.
|The credentials you select for the Run As Account must have logon locally rights. Otherwise, the module will fail.|
An administrator can associate multiple Run As Accounts with a Run As Profile. This functionality is useful in cases where the Run As Profile is used on different computers and each computer requires a different credential.
For example, Jane has the user rights that enable her to run the task on the first computer running SQL Server. Fred has the user rights that enable him to run the task on the second computer running SQL Server. A separate Run As Account is created for Jane and Fred, and both are associated with the single Run As Profile. The task and the appropriate credentials are pushed to the target computer so that the task can run with either Jane's or Fred's credentials. Account information sent between the Management Server and the target computer is encrypted.
To specify an appropriate account (for example, a least privileged account), you can associate the rules in an unsealed Management Pack with a Run As Profile by editing the properties for the rule. For more information, see How to Edit Properties of a Rule in System Center Essentials.