Veritas Enterprise Administrator (VEA) and Command Line Interface (CLI) Authentication for Storage Foundation for Windows and InfoScale: User Privileges / Active Directory Authentication Requirements

book

Article ID: 100045177

calendar_today

Updated On:

Description

Description

To access and perform operations within the Veritas Enterprise Administrator (VEA) console, or the Command Line Interface (CLI) for the Storage Foundation for Windows (SFW) / InfoScale products, the user must have Local Administrator rights on the system being accessed. If the user is not a Local Administrator on the system, or is not a Domain User with Local Administrator permissions (i.e. added to the Local Administrator's Group on the server), the user will only be granted "Guest" access where they can view the configuration but will not be able to make any changes.

User Access Control:

  • If User Access Control (UAC) is enabled on the server, it may be necessary to run the VEA console or the Command Prompt in "Run as Administrator" mode, even if the logged-on user belongs to the Local Administrator's Group. Alternatively, log on to the server as the Local Administrator (default Administrator account) to perform the tasks.
  • If User Access Control (UAC) is enabled on the server, users may not be able to login to the VEA GUI with an account that is not a member of the Local Administrator's Group. This can occur because the logged on user does not have "Write" permissions to the "Veritas" folder in the installation directory (typically, C:\Program Files\Veritas). As a workaround, an OS administrator user can set the "Write" permission for the user via the Security tab of the Veritas folder's properties (in Windows Explorer)

Active Directory:
If a Domain User logs into a server or launches VEA and provides Domain User credentials, the only action performed in relation to Active Directory is to query the Domain User's name to perform a single task:

Does this Domain User belong to the Local Administrator's Group on the server?

- If yes, that user is granted full access to the VEA console (and CLI) to view and manage the configuration.

- If no, that user is granted "Guest" access and will be able to view the configuration in VEA/CLI, but will be unable to make any configuration changes.

Note: This applies to the SFW/InfoScale 'Volume Management' portion of the software. The Veritas Cluster Server uses its own methods of Authentication which can be viewed in the Veritas Cluster Server Administrator's Guide.

Issue/Introduction

To access and perform operations within the Veritas Enterprise Administrator (VEA) console, or the Command Line Interface (CLI) for the Storage Foundation for Windows (SFW) / InfoScale products, the user must have Local Administrator rights on the system being accessed. If the user is not a Local Administrator on the system, or is not a Domain User with Local Administrator permissions (i.e. added to the Local Administrator's Group on the server), the user will only be granted "Guest" access where they can view the configuration but will not be able to make any changes.
Powered by Wolken Software