Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

111

112

113

114

115

116

117

118

119

120

Groups

The following table describes security groups created by the Dell Hybrid Cloud System for Microsoft deployment process.

Table 35. Security groups

Group Name Scope Usage Details

Prex

>-Ops-Admin Domain Local

To provide administrators with

access for day-to-day

management operations.

Users and groups can be added

to this group from trusted

domains.

• Local administrator on all infrastructure

VMs.

• Has administrator rights to VMM,

Operations Manager, DPM, and the

Windows Azure Pack management

portal for administrators.

Prex

>-Diag-Admin Domain Local

Provides administrators with

user rights to perform

operations that require access to

physical hosts and to

management SQL Server

databases.

Users and groups can be added

to this group from trusted

domains.

• This group is a member of <

Prex

Ops-Admins.

• Member of the sysadmin role in SQL

Server.

• Member of the local Administrators

group on all physical nodes.

Prex

>-Setup-Admins Global

Provides administrators with

elevated user rights to perform

operations such as patching and

updating of Dell Hybrid Cloud

System for Microsoft, and

password reset.

Users and groups can be added

from the domain in which the

Dell Hybrid Cloud System for

Microsoft stamp is a member.

This group is a member of <

Prex

>-Diag-

Admins. Has elevated permissions within

the Dell Hybrid Cloud System for

Microsoft OU. For example, a member of

this group can run MCPasswordReset to

reset service account passwords for

components in the OU.

Dell recommends that you add users to

this group only for specic, setup-related

operations, and that you revoke access to

added users when setup operations are

nished.

Prex

>-SMA-VMs Global Do not add or remove accounts

from this group.

This is a security group that is needed to

assign access to the group Managed

Service Account (gMSA account) for

SMA. The SMA VM computer account is a

member of this group.

Resetting service account passwords

The following sections describe how you manage service accounts and passwords.

How service accounts are managed

Dell Hybrid Cloud System for Microsoft includes a password reset script that you can use to change passwords for the following service

accounts:

• <Prex>-Fabric

118

Security