Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 2

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Scope

  • The Universal Agent is frequently running in the system account or a service account and will execute jobs within the context and permission of this account.
  • Running a job as a different user includes to login as that user, optionally load the user profile and execute commands in this context.
  • This article applies to the Universal Agent for Windows only. For Unix environments there is no need for scheduler based user switching as the built-in sudo and su capabilities provide this functionality.

Introduction

  • For user switching the Agent has to be operated for a user account or service account, not for the system account.
  • The credentials of the target user for which a job should be executed are not stored with JobScheduler configuration data. Instead the user account that runs the JobScheduler Windows Service stores credentials with the Windows Credential Manager. When a job should be executed then the JobScheduler Agent reads the credentials from the Windows Credential Manager. Reading credentials that have previously been stored using the same user account works without the need to specify a password. Therefore the solution is free from use of passwords.
  • A login is performed with the target user credentials and the user's environment is active when executing the job.

 

  • User switching applies to
    • All job types (standalone jobs and job chain jobs)
    • Shell Jobs
    • API jobs in any of the supported languages
    • Pre-processing and post-processing Monitors

 

Credential Manager

The Windows Credential Manager is accessible via its

  • Graphical User Interface  
  • Command Line Interface: cmdkey
  • API: the API is used by the JobScheduler Agent

Manage credentials with the Graphical User Interface

  • Open the Credential Manager GUI from the JobScheduler Agent account.
    • English: Control Panel -> Credential Manager
    • German: Systemsteuerung -> Anmeldeinformationsverwaltung
  • Select the Credential Type Windows Authentication -> Generic
    • Add credential information to the following input fields: 
      • Intenet or Netzwerkaddress
        • For use with JobScheduler this field holds the "target name" of the crendentials. 
        • You are free to use any characters to specify a unique identifier for the credentials.
    • User name
      • The account to be used can be specified by Unicode characters and digits including space, comma ańd _, -, \ und @
      • For 
      • For domain users specify the user principal name (UPN) in the format username@DOMAIN
        • The formatDOMAIN\username is not supported
    • Kennwort

Manage credentials with the Command Line Interface

  • CMD unter der Agent-User Kennung starten.

 

# Eintrag mit einem lokalen Benutzer hinzufügen
cmdkey /generic:test-target /user:JOBUSER /pass:PASSWORD
 
# Eintrag mit einem Domain Benutzer hinzufügen
cmdkey /generic:test-target /user:JOBUSER@DOMAIN /pass:PASSWORD
 
 
# Alle Einträge anzeigen
cmdkey /list

 

Prerequisites