1 Reply Latest reply on Nov 20, 2014 12:57 PM by Lawrence Garvin

    Apply user to Non Domain computers.


      I have created a group under Microsoft networks and I have added my non domain computers to this group.  Under Securty and user managment, i have created a new worgroup/admin user that has local admin rights on the non Domain computers.  when I try to push an update or run detect now, I get an error showing the account being used is the Domain account and not the new workgroup security ring.   Where can I change the user that has access to this group.

        • Re: Apply user to Non Domain computers.
          Lawrence Garvin

          To get connected via WMI (to deploy an update; run detectnow; use Computer Explorer), requires a *credential* to be defined in the Credential Ring that has local administrator permissions on the target system. If this is what you did (in Security and User Management -> Credential Rings), then great, but creating a *user* under Security and User Management -> User Profiles merely authorizes somebody to use the Patch Manager console and gives you the ability to customize their console experience. It will not grant any rights on target systems.


          Credential Rules are evaluated in order from most specific to least specific. So, for a domain-based computer, the credential assigned to a domain rule will be used, unless an OrgRule exists and matches, or a Computer rule exists and matches. if the target system is not a domain member and Patch Manager is unable to determine the WORKGROUP of the machine, in most cases, the Default Rule will be applied (unless a Computer rule exists). For a WORKGROUP-based computer, you'll need to [a] have a common account/password used across all systems, and [2] create a WORKGROUP credential rule, and [3] be sure to specify the WORKGROUP field on the Computer Selection dialogs when creating a task ... -OR- create individual Computer rules with the appropriate credential(s), which can be matched by computer name only.


          In addition, only one Credential Ring is active at a time for a console user. The mapping between LogonUser and CredentialRing is done in the profile. If no profile exists for the console user, the Default User profile is used, which maps to the Default Ring credential ring. (This mapping should NOT be changed!) Both DOMAIN and WORKGROUP-based credentials can coexist in the same Credential Ring.