Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 22

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents

Scope

  • The Universal Agent is frequently running in the system account or a service account and will execute jobs within the context and permission of this account.
  • Running a job as a different user includes to login as that user, optionally load the user profile and execute commands in this context.
  • User switching applies to
    • All job types (standalone jobs and job chain jobs)
    • Shell Jobs
    • API jobs in any of the supported languages
    • Pre-processing and post-processing Monitors
  • This article applies to the Universal Agent for Windows only. For Unix environments there is no need for scheduler based user switching as the built-in sudo and su capabilities provide this functionality.

...

  • Use the following commands to add credentials for a target user:

    Code Block
    titleAdding credentials with the cmdkey.exe utility
    # Add credentials for a local user
cmdkey /generic:run_as_jobuser /user:jobuser /pass:password
 
# Add credentials for a domain user
cmdkey /generic:run_as_jobuser /user:jobuser@DOMAIN /pass:password
 
# Show all credentials
cmdkey /list 

Permissions

Permissions are required for the JobScheduler Agent account and for the target user of a job.

...

Restart the JobScheduler Agent Windows Service in order to apply changes to roles and permissions.

Permissions for the Target User

Assign the following permissions for the target user of the job:

...

Credential Manager

Error Code: WINDOWS-1168

  • Code Block
    languagejava
    titleEnglish: WINDOWS-1168
    Windows Credential Manager does not return an entry named 'MyCredentialsKey': WINDOWS-1168 (CredRead) Element not found.
  • Code Block
    languagejava
    titleGerman: WINDOWS-1168
    collapsetrue
    Windows Credential Manager does not return an entry named 'MyCredentialsKey': WINDOWS-1168 (CredRead) Element nicht gefunden.

 

This error message tells you that the credentials key that you added to the job configuration does not match to a respective entry with the Crendential Manager. Possible reasons include wrong spelling or the fact that the credentials have not been added by the Agent account but some different account.

...