IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Tivoli Monitoring Startup Center > Remote Execution and Access

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Disable User Account Control to facilitate RXA

You might have to disable the User Account Control to enable RXA to connect to your Windows operating system.

Windows XP: Windows XP systems must have Simple File Sharing disabled for RXA to work. Simple Networking forces all logins to authenticate as "guest". A guest login does not have the authorizations required for RXA to function.

To disable Simple File Sharing, start Windows Explorer and click Tools → Folder Options. Select the View tab and scroll through the list of settings until you find Use Simple File Sharing. Remove the check mark next to Use Simple File Sharing, and then click Apply and OK.

Windows XP includes a built-in firewall called the Internet Connection Firewall (ICF). By default, ICF is disabled on Windows XP systems. Windows XP Service Pack 2 includes the Windows ICF set to ON by default. If either firewall is enabled on a Windows XP or Vista target, the firewall blocks access by RXA. On XP Service Pack 2, you can select the File and Printer Sharing box in the Exceptions tab of the Windows Firewall configuration to allow access.

Windows 2003: Windows 2003 systems must have Simple File Sharing disabled for RXA to work. Check that the firewall settings are the same as outlined for Windows XP above.

Windows Server 2008: On Windows Server 2008 you might need to disable User Account Control if your account is not a domain user account. See the section on Windows Vista to learn how to disable User Account Control.

Windows Vista: The new User Account Control feature in Windows Vista requires users to perform several steps before RXA applications can communicate with Vista targets. If you have a domain user account, ensure that the local and the target machine are both members of a Windows domain.

If you are a member of a local administrators group and you use a local user account, complete the three steps below to be able to perform administrative tasks on the target machine:

  1. Enable the built-in Administrator account and use it to connect to the target system. To enable the built-in Administrator account, open the Windows Control Panel and click Administrative Tools → Local Security Policy → Security Settings → Local Policies → Security Options. Then double-click Accounts: Administrator account status and select enable.

  2. Disable User Account Control if a different Administrator user account is to be used to connect to the Vista target. To disable User Account Control, open the Windows Control Panel and click Administrative Tools → Local Security Policy → Security Settings → Local Policies → Security Options. Then double-click User Account Control: Run all administrators in Admin Approval Mode and select disable. Changing this setting requires a system restart.

  3. Disable User Account Control when you administer a workstation with a local user account (Security Account Manager user account). Otherwise, you cannot connect as a full administrator and cannot complete administrative tasks. To disable User Account Control, complete the following steps:

    1. Click Start, click Run, type regedit, and then press ENTER.

    2. Locate and then click the following registry subkey: 

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System

    3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:

      1. On the Edit menu, point to New, and then click DWORD Value.

      2. Type LocalAccountTokenFilterPolicy, and then press ENTER.

      3. Right-click LocalAccountTokenFilterPolicy, and then click Modify.

      4. In the Value data box, type 1, and then click OK.

      5. Restart your computer.

    Alternatively, you can modify the registry entry manually by typing the following command at a command prompt: 

      cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Windows 7: On Windows 7, the default startup type for the Remote Registry service is manual. The Remote Registry service must be running to enable RXA.

To check whether the Remote Registry service is enabled and started:

  1. Go to Start.

  2. In the Start Search box, type services.msc. Press ENTER.

  3. When Microsoft Management Console starts, in the console pane, ensure that the service status is: started. If not, right-click Remote Registry, and click Start.

To avoid problems with the manual startup, it is advisable to set the Remote Registry service startup type to automatic. To automatically start the service after the server starts:

  1. Right-click Remote Registry and select Properties.

  2. In the Startup type option, choose Automatic.

  3. Click Apply and OK.

When the system starts up, Remote Registry automatically starts.

Windows Vista FDCC (Federal Desktop Core Configuration): With Windows Vista FDCC custom security settings, it is not possible to connect to this operating system by using RXA.

Complete the following steps on Windows Vista FDCC to enable RXA to connect to the operating system:

  1. Allow File and Printer Sharing with the Firewall by enabling the inbound file and printer exception using the Local Group Policy Editor:

    1. Go to Start.

    2. In the Start Search box, type gpedit.msc. Press ENTER.

    3. Go to: Local Computer Policy → Computer Configuration → Administrative Templates → Network → Network Connections → Windows Firewall → Standard Profile and enable Windows Firewall: Allow inbound file and printer sharing exception

  2. Turn off the User Account Control.

  3. Start the Remote Registry service.


Parent topic:

Remote Execution and Access

+

Search Tips   |   Advanced Search