Wiki source code of Globale Accounts
                  Last modified by Sabrina V. on 2025/02/19 11:40
              
      Hide last authors
| author | version | line-number | content | 
|---|---|---|---|
|  | 1.1 | 1 | {{aagon.floatingbox/}} | 
| 2 | |||
|  | 2.1 | 3 | = Use of global accounts = | 
|  | 1.1 | 4 | |
|  | 2.1 | 5 | Global accounts allow you to store user data in a central location, which you can access repeatedly. Global accounts can be stored in various places within the ACMP Console, whenever you need to authenticate yourself to a client or the Active Directory, for example. Global accounts have the advantage that the data (domain, username and password) do not have to be changed at every point and they only have to be customised once when a change is made. All the necessary information is stored centrally and is available to you in the respective application areas. | 
|  | 1.1 | 6 | |
|  | 2.1 | 7 | Of course, you can also use specific installation accounts in addition to global accounts. Specific accounts must be set up individually each time and filled with the information. | 
|  | 1.1 | 8 | |
| 9 | {{aagon.warnungsbox}} | ||
|  | 2.1 | 10 | Global accounts are not multi-tenancy capable! This means that the accounts can be seen and used by other users. | 
|  | 1.1 | 11 | {{/aagon.warnungsbox}} | 
| 12 | |||
|  | 2.1 | 13 | == Areas of application == | 
|  | 1.1 | 14 | |
|  | 2.1 | 15 | Below you will find a location for the work within the ACMP Console for the respective application areas, as well as a short description and possible notes. | 
|  | 1.1 | 16 | |
|  | 2.1 | 17 | |(% style="width:416px" %)**ACMP area**|(% style="width:803px" %)**Description**|(% style="width:474px" %)**Note** | 
| 18 | |((( | ||
| 19 | **Distributed File Repositories** | ||
|  | 1.1 | 20 | |
| 21 | |||
|  | 2.1 | 22 | (//System //>// Distributed File Repositories//) | 
| 23 | )))|When a new file repository is created, the ACMP Server accesses the file repository using the authentication of an account (account). This ensures that the stored user account has the required rights.|((( | ||
| 24 | Depending on the selected connection type, the user interface may look slightly different. Choose from the following file repository connection types: | ||
| 25 | |||
| 26 | * Network Share | ||
|  | 1.1 | 27 | * FTP | 
| 28 | * FTPS | ||
| 29 | * WebDAV | ||
| 30 | * SFTP | ||
| 31 | ))) | ||
|  | 2.1 | 32 | |((( | 
| 33 | **Settings for Active Directory** | ||
|  | 1.1 | 34 | |
| 35 | |||
|  | 2.1 | 36 | (//System //>// Settings //>// ACMP Server //>// Active Directory//) | 
| 37 | )))|To read the information from the Active Directory, a user account with read access for all domains is required. If you want to use multiple domains, existing or newly added global accounts can also be used to make continuing domain queries.| | ||
| 38 | |((( | ||
| 39 | **Settings for the agent installation and network discovery account** | ||
|  | 1.1 | 40 | |
|  | 2.1 | 41 | (//System// > //Settings// > //ACMP Agent// > //General//) | 
| 42 | )))|The user account stored here is used to distribute the ACMP Agent to the computers within your network. The account is also used for network detection, which is used in the ACMP Agent Installation. Therefore, give this account sufficient rights for the Remote Procedure Call (RPC), which enables the call of functions for other address spaces.|The //Check rights on target computers //option allows you to ensure that all computers found in the network are first checked to see if the specified account has sufficient rights for installation. Tick the box if you want to use this check. | ||
| 43 | |((( | ||
| 44 | **Use of a global account in the network (install ACMP Agent on selected computers)** | ||
|  | 1.1 | 45 | |
|  | 2.1 | 46 | (//Client Management //>// Agent Distribution //>// Network //>// Push ACMP Agent to selected computers//) | 
| 47 | )))|Using the action //Install ACMP Agent on selected computers //you can select machines or entire domains or workgroups by highlighting them in the console beforehand. Initiate the installation and select a global or specific account that has sufficient rights.|As soon as you open the window, the //Use specific account //option is displayed as the preselected installation account. | ||
| 48 | |((( | ||
| 49 | **Use of a global account on the network (install ACMP Agent on a specific computer)** | ||
|  | 1.1 | 50 | |
|  | 2.1 | 51 | (//Client Management //>// Agent Distribution //>// Network //>// Push ACMP Agent to specific computer//) | 
| 52 | )))|Use //ACMP Agent Install on specific computer //to install the Client on a single machine. To do this, you need to know the network name and enter it manually.|As soon as you open the window, the //Use specific account //option is displayed as the preselected installation account. | ||
| 53 | |((( | ||
| 54 | **Use of a global account in the network (Install in IP range)** | ||
|  | 1.1 | 55 | |
|  | 2.1 | 56 | (//Client Management //>// Agent Distribution //>// Network //>// Push to IP range//) | 
| 57 | )))|If you want to install the ACMP Agent on all devices in a specific IP range, you can enter a valid IPv4 address here (including start and end IP).|As soon as you open the window, the //Use specific account //option is displayed as the preselected installation account. | ||
| 58 | |((( | ||
| 59 | **Display settings for the display in the ACMP Kiosk** | ||
|  | 1.1 | 60 | |
|  | 2.1 | 61 | (//Client Management //>// ACMP Kiosk //>// Add //> //Content selection for Kiosk Select entry > Wizard Page „Visibility“// | 
| 62 | )))|When adding a new Kiosk entry, you can define the environment settings for displaying an entry and thus determine its visibility. The global account is only available for selected options.|((( | ||
| 63 | You can also access a global account based on the following criteria: | ||
|  | 1.1 | 64 | |
|  | 2.1 | 65 | * Active Directory user | 
| 66 | * Active Directory user OU | ||
|  | 1.1 | 67 | * Active Directory Client OU | 
|  | 2.1 | 68 | * Active Directory Group of the user | 
| 69 | * Active Directory Group of the Client | ||
|  | 1.1 | 70 | ))) | 
|  | 2.1 | 71 | |((( | 
| 72 | **Adding a new product in Licence Management** | ||
|  | 1.1 | 73 | |
|  | 2.1 | 74 | (//Licence Management //>// Products //>// Add //>// Wizard page Product metric „Metric type: User CAL/ Device CAL //>// Next //>// Automatic consumers //>// Add a LDAP Query (Computer) or (ACMP Query (Clients)//) | 
| 75 | )))|Add a user-based LDAP Query for the new product in the Licence Management. This stores the account for searching the Active Directory, which you can then access.|The assignment of consumers is done via the product metric. To assign a global account, you must select either User CAL or Device CAL. | ||
| 76 | |((( | ||
|  | 1.1 | 77 | **Client Command //UI Interaction //(UI Automation) oder Client Command //Shell execute Command//** | 
| 78 | |||
|  | 2.1 | 79 | (//Client Commands// > //Create// > //UI Automation// > //UI Interaction// >** **//Tab „Run as“)// | 
|  | 1.1 | 80 | |
|  | 2.1 | 81 | and | 
|  | 1.1 | 82 | |
|  | 2.1 | 83 | (//Client Commands// > //Create// > Processes and Shell > //Shell execute command// >** **//Tabs „Connection“ a//nd// „Run as“)// | 
|  | 1.1 | 84 | |
|  | 2.1 | 85 | and | 
|  | 1.1 | 86 | |
|  | 2.1 | 87 | (//Client Commands// > //Create //> //Execute// //PowerShell script// > „Run as“) | 
| 88 | )))|The commands can be used to automatically store global accounts that are taken into account when Client Commands are executed.| | ||
|  | 1.1 | 89 | |
|  | 2.1 | 90 | == Manage global accounts == | 
|  | 1.1 | 91 | |
|  | 2.1 | 92 | To use a global account, you must be in one of the areas of the ACMP Console described above. It is not possible to access the global accounts from anywhere else. Depending on the user interface you are using, you can either use an existing global account or add a new account. Access partially determines which options are available. For example, the Active Directory allows you to use multiple domains. These are managed by global accounts so that multiple domains can be queried. | 
|  | 1.1 | 93 | |
|  | 2.1 | 94 | == Add global accounts == | 
|  | 1.1 | 95 | |
| 96 | {{aagon.infobox}} | ||
|  | 2.1 | 97 | You can add a global account in the areas using the Add button. | 
|  | 1.1 | 98 | {{/aagon.infobox}} | 
| 99 | |||
|  | 2.1 | 100 | If you want to access an account via the Active Directory (//System //>// Settings //>// ACMP Server //>// Active Directory//), the action field is called //Link//. Click //Add//. A new window opens with the properties of the login information. Enter the domain, username and password that you want to use. Then decide whether you want to use encryption for the global account. You can only choose from the two options //None //and //SSL/TLS//. If you select the latter, the transmitted data will be encrypted. Additional information can be stored under the description. For example, you can use a short sentence to describe which special rights or access the domain should have (e.g. it is an account with reading rights). Tick the box under //Use static IPs //if you want to enable this option. This activates the section below: The //domain controller// and //global catalog IPs//. | 
|  | 1.1 | 101 | |
|  | 2.1 | 102 | The main purpose of the two IP types is to exclude a level in the network communication, since otherwise the IP would be found and addressed on a machine. By storing the IP address, the domain controller or global catalog is addressed directly: | 
|  | 1.1 | 103 | |
|  | 2.1 | 104 | * Domain Controller IP: If it is not possible for the ACMP Server to reach the domain controller by name, you can store the static IP address here. | 
| 105 | * Global Catalog IP: If the ACMP Server cannot access the Global Catalog by name, you can enter the static IP address here. | ||
|  | 1.1 | 106 | |
|  | 2.1 | 107 | With the activation of the option ‘Use static IPs’, the DNS queries are not used for communication, but the configured static IPs. It makes sense to use a static IP (Domain Controller IP or Global Catalog IP) if, for example, the domain controller cannot be resolved by Windows' own mechanisms. Otherwise, you can leave the field disabled. | 
|  | 1.1 | 108 | |
|  | 2.1 | 109 | [[Properties of the credentials>>image:67_Globale Accounts_Eigenschaften der Anmeldeinformationen_337.png]] | 
|  | 1.1 | 110 | |
| 111 | {{aagon.infobox}} | ||
|  | 2.1 | 112 | Please note that you can only use LDAPS in ACMP if both the server and the console are in the same domain, otherwise the certificates will not be transferred. If you are in a workgroup, LDAP may work, but not the encrypted variant (LDAPS), because a domain is required for this. | 
|  | 1.1 | 113 | {{/aagon.infobox}} | 
 
  
