Creating a Custom SMP Role for Password Disclosure - v. 7.0 SP1 and above

Owned by Anonymous
Last updated: Mar 15, 2011 by AnonymousVersion comment
1 min read

Content

Steps to create a Customer SMP Security Role which has access to disclose passwords on defined resources for LSS v. 7.0 SP1 and above

Steps

  1. Create role in the SMP console and give privileges.
    1. Right Click:  Show Managed password
    2. Right Click Menu - Local Security:  Show Managed User Passwords
  2. Associate Role to the Organizational Views or Groups which have the computer resources to which this Role should have access to view passwords.  At a minimum this role will need read permission to the Organizational Views and Groups.
  3. Add read permissions on the "All resources/Security Principle/Local Users OG or add the specific Account to the OG the role already has permissions to.
  4. Add Read/write Resource data access to these data classes:
    1. GlobalWindowsUser (under Inventory, User Data)
    2. User Account Password Disclosure
  5. Read Resource Data access to these data classes:
    1. User Account Password
    2. User Account Password Change
    3. User Account Password Change Request
    4. Based on what is required for this Role, ie. if they don't need to be able to change the password then the "Change" data classes won't be needed.