What account privileges will a Notification Server Agent task run under if it is initiated via the GUI or via the Administrator SDK "RunAdvertisement" method? What privileges are required to initiate a task from via script remotely?
The privileges required to initiated a task (either programmatically or via the UI) are distinctly separate and can be different to those under which the task executes.
The privilege under which a Notification Server Agent task will execute is pre-defined by an Altiris administrator within the Program definition of a Package. These pre-defined credentials will be used whenever a Task execution is initiated either via the Agent UI or via the Administrator SDK "RunAdvertisement" method.
A task can be initiated programmatically via the Altiris Agent DCOM+ object. The account used to access the DCOM+ object must have the Launch and Activation privileges.
You can check the DCOM+ privileges for the Altiris Agent object by:
Opening the Component Services plug-in.
- Expand the tree: Component Services > Computers > My Computer > DCOM Config > Altiris Agent.
- Right-click on the Altiris Agent object and select Properties.
- Click on the Security tab.
- Check the Permissions under the Launch and Activation Permissions.
The default permissions are:
|Account/Group Name||Local Launch||Remote Launch||Local Activation||Remote Activation|
|Administrators (local group)||Yes||Yes||Yes||Yes|