Configuration - Access Control


The access control settings define how ServerAssist is configured to listen for remote management requests, the permissions associated with the different authentication methods, and the primary and secondary passwords.

Remote Access

The ServerAssist services can be accessed over the network using either Microsoft networking protocols (named pipe), TCP/IP or indirectly via a gateway. The advantage of using the Microsoft Networking connection method is that it allows connections from the console to authenticate using integrated authentication, and is suitable for all connections within a typical corporate internal network. The TCP/IP connection method is useful when connecting to servers located in a DMZ or other untrusted network, where traffic to the monitored server must pass through a firewall. The gateway can be used when there is no routable connection from the console to a computer running ServerAssist.

Permissions

Each of the authentication methods can have different permissions associated with them. Note that it is not possible to modify the permissions associated with the authentication method that is currently being used.

If a connection is made using a Windows logon or using the integrated authentication method of the console, the permissions granted to that connection will depend on the authority that the supplied credentials (or the user's current credentials in the case of integrated authentication) have on the target computer. If the credentials have administrative authority, the permissions granted will be those set for Windows authentication (administrative authority). If the credentials have access to the computer, but not administrative rights, the permissions will be those set for Windows authentication (user authority). If the credentials are not authorised to access the computer at all, ServerAssist will also deny access.

When connecting using a ServerAssist password, the permissions granted will be those associated with the corresponding password (primary or secondary) supplied. If the primary and secondary password are identical, the permissions granted are those set for the primary password.

Note that the permissions are shared between the different ServerAssist components.

Passwords

Two of the supported authentication methods make use of a ServerAssist password. The passwords page is used to maintain these passwords.

Note that the passwords are shared between the different ServerAssist components.