Users Guide
Table Of Contents
- Dell Update Packages User's Guide
- Getting Started
- What’s new in this release
- DUP event viewer
- Zip pack elimination
- Slot information for hard drive
- Dependency
- Supported Operating Systems
- Prerequisites
- Prerequisites And Features For Systems Running Linux
- Prerequisites and Features for Systems Running Windows
- Downloading DUPs
- Downloading DUPs through Repository Manager
- Installing Device Drivers
- Installation Order of DUPs
- Best practices for using DUPs
- Other Documents You May Need
- Contacting Dell
- Using Dell Update Packages
- Update and Rollback in Lifecycle Controller Enabled Server
- Command Line Interface Reference
- Linux Troubleshooting
- Known Issues
- Diagnostic Tasks Will Not Run While a DUP Reboot is Pending
- Abnormal Termination of a DUP
- Error While Loading Shared Libraries
- Insufficient Free Physical Memory to Load the BIOS Image
- Kernel Panic While Running Storage Controller Firmware Update Packages
- Loss of Functionality While Renaming Linux DUPs
- DUPs Fail on 64-bit Red Hat Enterprise Linux Operating System
- DUP Update of Firmware Might Fail While Running in the UEFI Mode
- Messages
- DUP Message Logs
- Known Issues
- Troubleshooting for Systems Running Windows
- Trusted Platform Module and BitLocker Support
- Microsoft Windows Server 2008 User Account Control
- Frequently Asked Questions
Microsoft Windows Server 2008 User Account
Control
In Microsoft Windows Server 2008 and earlier, user accounts were often members of the local Administrators group and had access to
administrator privileges. Members of the local Administrators group install, update, and run software since an Administrator account has
system-wide access. When a user is added to the local Administrators group, that user is automatically granted Windows privileges. These
privileges provides access to all operating system resources. Hence, user accounts with Administrator privileges posses a security risk by
providing access to operating system resources that would be exploited by malicious software (or malware).
User Account Control (UAC) is a new security feature in the Windows Server 2008 operating system. When enabled, it restricts access to
critical system resources for all users except the built-in local Administrator.
The three types of user accounts in the Windows Server 2008 operating system are:
• Domain Administrator Account, user account with administrator privileges.
• Standard User Account, allows the user to install software and change system settings that do not affect other users or the security
of the computer.
• Local Administrator Account, is the default super user of the operating system.
The user experience for a Domain Administrator Account differs from a Local Administrator Account when UAC is enabled. When a
Domain Administrator Account requires access to critical system resources, the Windows Server 2008 operating system prompts for one
of the following before launching a program or task that requires full administrator access:
• Permission to elevate privileges (in the case of a user in the Domain Administrators group)
• Domain administrator credentials to elevate privileges (in the case of standard users)
UAC prompts users in the Domain Administrators group (except the Administrator account) to click Continue, if they need to elevate
privileges, or to click Cancel when performing functions that may entail a security risk. With UAC, users have to upgrade to an
Administrator account before running DUPs.
NOTE:
Since the user experience is configurable with the Security Policy Manager snap-in (secpol.msc) and with Group
Policy, there are multiple UAC user experiences. The configuration choices made in environment will affect the prompts
and dialogs seen by standard users, administrators, or both. UAC can be disabled by disabling the User Account Control:
Run Administrators in Admin Approval Mode setting and requires a system reboot.
If a DUP is run in the GUI mode, the Windows Server 2008 operating system needs the user to permit the operation. But if a DUP is run in
unattended mode, the user can bypass the pop-up window for permission by performing any of the following actions:
• Change the group security policy, User Account Control: Behavior of the elevation prompt for
administrators in Admin Approval Mode, to No Prompt to disable the pop-up window or elevate privileges without
prompting for the Administrators group.
• Disable UAC.
• Use scripts to run the DUP and impersonate yourself as a local administrator at runtime.
• Dell DUP HDD firmware update utility related to system memory utilization requires minimum of 8 GB to 16 GB RAM in the server.
Topics:
• UAC Restrictions When Running DUPs Remotely
UAC Restrictions When Running DUPs Remotely
By default, after UAC starts, all Administrator Account users login as Standard Users. Thus, rights to access critical system resources are
not available until the user confirms the privilege elevation request. This restriction disables the option to remotely deploy DUPs. UAC
returns an Access Denied error if the management node agent runs on these login credentials.
You can bypass the UAC restrictions by:
• Enabling remote agent use of the Local System Account to perform a DUP update. The Local System Account is not protected by
UAC (recommended option).
8
Microsoft Windows Server 2008 User Account Control 37