Intel,Altiris Group

  • 1.  PcAnywhere and AD access

    Posted Feb 21, 2011 11:29 PM

    Hi there,

    Our Altiris Deployment Console (6.9) and Web console (v 7.0.7) are joined to the Active Directory, PcAnywhere (v12.5) is installed in all the users machines

    Problem: some support staff have access to remote user machines using pcA QuickConnect, but other support staff can not, considering that they are in the same groups in AD

    I was viewing the Atiris Webconsole permission too, but I could not pick up where could be the difference...

    By the way, I was told that pcA QuickConnect should not be affected by AD as it is connect direct from pc to pc, but it seem that in our case some how it is affected

    I will appreciate your help or information how to manage permission, under active directory environment and Altris Webconsole environment

    Thanks in advance

    Mark



  • 2.  RE: PcAnywhere and AD access

    Posted Feb 25, 2011 05:26 PM

    Are you using the pcAnywhere box deployed out or the pcAnywhere solution?

    If you are using the box product what caller files have you set up on the host that is installed?  Probably using packager to build and deploy a preconfigured package.

    If you are using pcAnywhere solution what is set up under the pcAnywhere settings policy? If you are using the pcanywhere solution here is a kb that talks about adding users.

    http://www.symantec.com/docs/TECH137456

    cheers.



  • 3.  RE: PcAnywhere and AD access

    Posted Feb 28, 2011 12:01 AM

    We are using the pcAnywhere Solution and authentication is configure for Active Directory (eg.  Active users: pca-support group)

    I will review the the access for these users again to make they have only once authentication enabled as it is mentioned in KB137456

    Thanks for your help ICHCB



  • 4.  RE: PcAnywhere and AD access
    Best Answer

    Posted Feb 28, 2011 04:13 PM

    Make sure you don't have users in more than one group or groups that have the same users.

    For example if you have the following groups pcagroup and admingroup,

    domain\pcagroup has members
    helpdesk a
    helpdesk b
    helpdesk c
    admingroup (admin a, admin b admin c are all members)

    domain\admingroup has members
    admin a
    admin b
    admin c

    My observation is that if you login with admin a because it is a member of the admingoup and a member of the pcagroup it will cause a loop and won't be able to login.  Helpdesk a-c will be fine but none of the admins will work. 

    The way you will know this is happening is because you will only be prompted for credentials once, it will eventually time out and pcA quick connect will close. 

    If your host machine doesn't think the users is in the list of users to connect it will ask 3 times before quick connect closes.

    Hope that helps.



  • 5.  RE: PcAnywhere and AD access

    Posted Mar 01, 2011 11:17 PM

    I update the Group authentication and removed user that appeared in more than one group, that have allowed to remotely logon to workstation in the labs...Thanks for that tip ICHCB

    Thanks for your help

     



  • 6.  RE: PcAnywhere and AD access

    Posted Mar 02, 2011 12:55 AM

    It was something I had recently gotten to the bottom of here so it was very fresh in my memory.   Thanks for reporting back the results and findings.

    Cheers.