Users Guide
Configuring Security Features 201
NOTICE: These features severely limit the ability of the local user to configure the
DRAC 5 from the local system, including performing a reset to default of the
configuration. Dell recommends that you use these features with discretion and
should disable only one interface at a time to help avoid losing login privileges
altogether.
NOTE: See the white paper on Disabling Local Configuration and Remote Virtual
KVM in the DRAC on the Dell Support site at support.dell.com for more information.
Although administrators can set the local configuration options using local
racadm commands, for security reasons they can reset them only from an
out-of-band DRAC 5 GUI or command-line interface. The
cfgRacTuneLocalConfigDisable option applies once the system
power-on self-test is complete and the system has booted into an operating
system environment. The operating system could be one such as Microsoft
®
Windows Server
®
or Enterprise Linux operating systems that can run local
racadm commands, or a limited-use operating system such as Microsoft
Windows
®
Preinstallation Environment or vmlinux used to run Dell
OpenManage Deployment Toolkit local racadm commands.
Several situations might call for administrators to disable local configuration.
For example, in a data center with multiple administrators for servers and
remote access devices, those responsible for maintaining server software
stacks may not require administrative access to remote access devices.
Similarly, technicians may have physical access to servers during routine
systems maintenance—during which they can reboot the systems and access
password-protected BIOS—but should not be able to configure remote access
devices. In such situations, remote access device administrators may want to
disable local configuration.
Administrators should keep in mind that because disabling local
configuration severely limits local configuration privileges—including the
ability to reset the DRAC 5 to its default configuration—they should only use
these options when necessary, and typically should disable only one interface
at a time to help avoid losing login privileges altogether. For example, if
administrators have disabled all local DRAC 5 users and allow only Microsoft
Active Directory
®
directory service users to log in to the DRAC 5, and the
Active Directory authentication infrastructure subsequently fails, the
administrators may be unable to log in. Similarly, if administrators have
disabled all local configuration and place a DRAC 5 with a static IP address
on a network that already includes a Dynamic Host Configuration Protocol
(DHCP) server, and the DHCP server subsequently assigns the DRAC 5