Manualshelf

HP Web Jetadmin - Security and HP Web Jetadmin

ManualsBrandsHP ManualsSoftwareHP Web Jetadmin Software
12345678910
5
Figure 4Group restrictions
Alternate log-in prompt
In some cases, the client host and the server hosting
HP Web Jetadmin may not reside on the same or
any Windows security domain. An alternate log-in
prompt (see Figure 3) is provided so that users can
enter log-in credentials other than those used by the
current Windows session. Single sign-on is normally
used to pass the identity of a user logged into the
local desktop Windows session onto HP Web
Jetadmin. When HP Web Jetadmin fails to
authenticate this identity (for any reason) it displays
the alternate log-in prompt.
An alternate log-in prompt is useful in a variety of
situations:
An HP Web Jetadmin-authorized user is
accessing software from another unauthorized
person’s desktop
The HP Web Jetadmin server is on a secured
domain while the end-user desktops are not, but
the end users have log-in identities within this domain that have been given access rights in HP
Web Jetadmin user/roles
Windows users are being managed locally at the HP Web Jetadmin server and have been given
access in HP Web Jetadmin user/roles
NOTE HP Web Jetadmin running on Windows XP Professional and other operating systems may
continue to display, “not authorized” messages, even though the user has been authorized
within user/roles features. If these messages continue to display, check the Local Security
Settings on the Windows host running HP Web Jetadmin. Under Local Policies
> Security
Options find the policy labeled Network Security: Sharing and security model for local
accounts. Be sure this policy is set to Classic, local users authenticate as themselves. Always
review Microsoft documentation when adjusting security policies on Windows hosts.
Device group restriction type
A role can be created that has a Restriction
Type of Group. These roles provide feature
access based on both user account and device
group details. The Create Role wizard has
feature permissions limited to device
management items when the Restriction Type is
set to Group (see Figure 4). Once the role is
named and settings are confirmed, this role is
assigned to both users and device groups.
Figure 3—Alternate log-in prompt