Specify element credentials in SCM
Server Configuration Monitor (SCM) elements, including SQL queries, scripts, registries, and files, can be executed using custom credentials. Credentials can be added to both custom and out-of-the-box profiles (although out-of-the-box profiles cannot be edited otherwise). When creating or editing an element, you can decide what credentials can be used during polling. SCM defaults to Use Orion default credentials if you don't specify credentials. This default also applies to elements that were created in previous versions of SCM. This setting means that everything is polled exactly the same as before using LOCAL_SYSTEM user on the Windows Agent and swiagent user on the Linux Agent. However, some elements, such as Database elements, require credentials, as Windows Authentication is not supported.
Adding credentials can be useful in a variety of situations. For instance, if you're searching for a particular configuration file, and previously, the agent did not have the permissions needed to access those files, you can now change the credentials so that you can access the files you're looking for. Similarly, if there is a PowerShell script you are trying to run, and previously, it did not have adequate permissions, you can now add credentials to that and run the script as desired.
There are a few limitations to custom credentials you should be aware of:
- Only username-password credentials are supported.
- Username length is limited to 255 characters.
- Passwords cannot be empty.
To specify credentials for a newly created element:
- Add a configuration element for monitoring.
- Under Access Authentication, select Add new credentials from the drop-down menu.
- Enter the desired credentials, and click Add.
To set credentials for elements that have already been assigned:
- From Server Configuration Monitor Settings, click the Assigned Elements tab, and select the elements for which you'd like to set credentials.
- Click Set Credentials.
- Select Connection string and Credentials for each element type (as applicable), and then click Set.
A list of all credentials that are currently in use as well as inactive credentials in your instance of SCM is available when you click the Credentials tab. From here, you may edit or delete credentials, but you can add them only using the process described above.
SCM also makes it possible to add or edit multiple elements of a specific profile at the same time. This allows you to change a credential directly rather than changing each affected element for routine password updates if you make them every 90 days. It also enables you to make a mass change on a profile to a different set of credentials. When you make this change, it updates all elements on the profile to the new credential at once. To add or edit multiple elements at the same time:
- From the Edit configuration profile screen, select multiple configuration elements, and click Edit.
- Select Access authentication, and use the drop-down menu to specify credentials for all selected elements. Then click Save.