Supplying Scan Credentials for Target Machines

Note: Browse credentials are slightly different from the scan credentials described in this section. Browse credentials are used by servers, domains, and organizational units to enumerate machines but do not actually authenticate to the individual machines. See Adding Virtual Machines Hosted by a Server and Machine Group Dialog: Bottom Section for information on specifying browse credentials.

This section provides information on how to define new scan credentials and how to assign the credentials to target machines. Credentials consist of a user name and password pair used to authenticate the program to specified target machines. One credential can be associated with any number of operations or entities. The credentials are stored with strong encryption techniques and are not available to anyone except the user who provided them.

The scan credentials you supply will be used to access remote machines, perform any scans, and push any necessary files. The supplied credentials will NOT be used to:

Rather, the program uses the credentials of the currently logged on user to authenticate to resources on the local machine. Therefore, in order to perform tasks on the local machine, make sure you log on using an account that has administrator and local machine access rights.

The machine credentials that you supply are used to provide access to the remote machine and to push the necessary patch deployment files. The actual deployment, however, will be run under the remote machine's Local System account.

You use a machine group to initially assign scan credentials to target machines. You can assign credentials to individual machines, to all machines in a machine group, or both. After a machine has been scanned and is contained in Shavlik Protect 's database of managed machines, you can use the Machine Properties dialog to assign different credentials if desired.

Important! If there are two or more administrators using Shavlik Protect, each administrator should provide their own machine credentials. For details see Potential Issues When Using Multiple Admins.

Assigning Credentials to Individual Machines in a Machine Group

To assign credentials to one or more machines in a machine group, in the bottom pane select the machines and then select Credentials > Set Admin Credentials.

On the Assign Credentials dialog, select from the list of available credentials or click New to define new credentials.

When credentials are applied to the selected machines, the icon in the Admin Credentials column will become active ( ). In addition, the name of the assigned credential is displayed next to the icon.

Assigning Credentials to All Machines in a Machine Group

To assign credentials to all machines in a machine group, in the top pane select Credentials > Set Credentials.

On the Assign Credentials dialog, select from the list of available credentials or click New to define new credentials.

When credentials are assigned the icon will contain a check mark (). In addition, the button name will change to the name of the assigned credential.

Assigning Credentials to Virtual Machines

There are several different tabs that can be used to add virtual machines to a machine group. The credentials that will be used to scan and/or deploy patches to these machines depends on how the machines are defined to the group and on the current power state of each machine.

Assigning New Credentials to Machines After They Have Been Scanned

After one or more machines have been scanned and are contained in Shavlik Protect 's database of managed machines, you can use the Machine Properties dialog to assign different credentials or to remove credentials.

There may be several reasons for providing different credentials to machines after a scan has been performed. If you have multiple administrators in your organization and each is responsible for a different domain, they will need to set their own credentials before performing an action. Or, your organization's policy may be to separate scan (assessment) duties from deployment duties, in which case different credentials are probably required.

 

See also:

Credential Precedence for Physical Machines and Online VMs

Credential Precedence for Offline Hosted VMs

Deploying Patches to Virtual Machines