Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Robert Ehrlich

Saved on

compared with

New Version 52

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Various minor changes.

...

The user account that is used by a Universal Agent can be set during the installation of the Agent. If an account is not specified here the Agent will run under the system account.

The Windows Services (German: Dienste) application shows the account an Agent is running under in the Log On As (German: Anmelden als) column.

To change the account right-click the Agent in the Windows Services application and select Properties. (German: Eigenschaften). Then select the Log On (German: Anmelden) tab and This Account (German: Dieses Konto) and then enter the account name and password.

Credential Manager

The There are three possibilities for accessing the Windows Credential Manager is accessible via its:

  • Graphical User Interface  
  • Command Line Interface: cmdkey
  • API: the API is used by the JobScheduler Agent

Manage credentials with the Graphical User Interface

  • Log onto the operating system with the user account that is to be added to the Credential Manager.
  • Open the Credential Manager GUI from the JobScheduler Agent account.:
    • English: Control Panel -> Credential Manager
    • German: Systemsteuerung -> Anmeldeinformationsverwaltung
  • Select the Credential Type Windows Authentication -> Generic
    • Add a generic credential information for a target user with the following input fields: 
      • Intenet or network address
        • For use with JobScheduler this field holds the "target name" of the credentials. 
        • You are free to use any characters to specify a unique identifier for the credentials.
      • User name
        • The account for the target user can be specified by Unicode characters and digits including space, comma,  _, - and @
        • For domain users specify the user principal name (UPN) in the format username@DOMAIN
          • The formatDOMAIN\username is not supported
      • Password
    • Your input screen should look like this:

...

  • To manage permissions switch to 
    • English: Control panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment
    • German: Systemsteuerung -> Verwaltung -> Lokale Sicherheitsrichlinie -> Lokale Richtlinien -> Zuweisen von BenutzerrechtenBenutzerrechten
  • Just in case that you want to dig into the details find , the following references about describe the constants that are used for privileges from the following links:

Permissions for the Agent Account

Hint:

To add a permission, right-click the permission and use the Properties -> Add user or group action in the User Rights Assignment (German: Zuweisen von Benutzerrechten) application opened above.

Apply the following permissions for the account that the Agent is running forto use:

  • Permission: SE_ASSIGNPRIMARYTOKEN_NAME (SeAssignPrimaryTokenPrivilege)
    • English: Replace a process-level token
    • German: Ersetzen eines Tokens auf Prozessebene
    • French: Remplacer un jeton de niveau processus
    • Japanese: プロセス レベル トークンを置き換え
  • Permission: SE_INCREASE_QUOTA_NAME (SeIncreaseQuotaPrivilege)
    • English: Adjust memory quotas for a process
    • German: Anpassen von Speicherkontingenten für einen Prozess
    • French: Ajuster les quotas de mémoire pour un processus
    • Japanese: プロセスのメモリ クォータの増加

...

  • Permission: SE_BACKUP_NAME (SeBackupPrivilege)
    • English: Back up files and directories 
    • German: Sichern von Dateien und Verzeichnissen
    • French: Sauvegarder des fichiers et des répertoires
    • Japanese: ファイルとディレクトリのバックアップ
  • Permission: SE_RESTORE_NAME (SeRestorePrivilege)
    • English: Restore files and directories
    • German: Wiederherstellen von Dateien und Verzeichnissen
    • French: Restaurer des fichiers et des répertoires
    • Japanese: ファイルとディレクトリの復元

...

Hint

Right-click the permission and use the Properties -> Add user or group action to add the respective Agent account as explained for the above permissions.

Important:

Restart the JobScheduler Agent Windows Service in order to apply changes to roles and permissions.

...

  • Permission: SE_BATCH_LOGON_NAME (SeBatchLogonRight)
    • English: Log on as a batch job
    • German: Anmelden als Stapelverarbeitungsauftrag
    • French: Ouvrir une session en tant que tâche
    • Japanese: バッチ ジョブとしてログオン

Hints

Right-click the permission and use the Properties -> Add user or group action to add the respective target user as explained for the above permissions.

Job Configuration

Jobs that should be executed for a target user have to be assigned the credentials key that has previously been stored with the Credential Manager for the Agent account. A resulting job could look like this: 

...

When using the JOE job editor the settings for the credentials key and loading of user profile are available from in the "Options" tab.

Error Messages

This chapter section is intended to explain common error messages and pitfalls. Find a complete reference from System Error Codes.

...