![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Base User's Guide
User mapping is functionality that associates JP1 users with OS users. In Windows, before setting user mapping, you need to assign certain Windows user rights to the OS users who set the mapping and those who are mapped.
You can use the OS functionality to assign these rights to OS users. In a domain environment using an Active Directory, the procedure differs for a host with a domain controller and for a host within a domain. The following describes the rights required by OS users, and how to set user rights in an Active Directory environment.
- Organization of this subsection
- (1) Rights required by OS users who set the user mapping
- (2) User rights required by mapped OS users
- (3) Assigning a user right to an OS user in an Active Directory environment
(1) Rights required by OS users who set the user mapping
OS users who set the user mapping include the following:
- Users who set the user mapping in the User Mapping page of the JP1/Base Environment Settings dialog box
- Users who execute the jbsmkpass command
- Users who execute the jbsmkumap command
- Users who execute the jbspassmgr command
- Users who execute the jbssetumap command
- Users who execute the jbsumappass command
Usually, you need to assign the user right Act as a part of the operating system to the OS users who perform the above operations. However, in the Windows versions that are supported in this manual, you do not have to assign this user right. Instead, you can set the user mapping without having that user right.
- Notes
- If you assign the user right Act as a part of the operating system to the OS user who set the user mapping, log off from the OS one time. If you do not log off the OS, the new user right might not be applied, and the setting of user mapping might not be performed correctly.
- If the check box The logon check is not done to Windows, when OS user is set is selected in the User Mapping page, user mapping becomes available even if the user right is not assigned to the user. In this case, however, note that the mappings for the OS users below are also successful. If the mapped JP1 user tries to execute a job or remote command, an insufficient rights error occurs:
- OS users who are not registered in the system (Windows)
- OS users who have invalid password
- OS users who do not have the right Log on locally
(2) User rights required by mapped OS users
Mapped OS users require the following user rights.
- To execute remote commands or automated actions from JP1/IM - Manager:
- Log on locally
- Log on as a service
- To execute jobs in JP1/AJS:
- Log on locally
To assign a user right, use Local Security Policy in Administrative Tools on each local host. Administrative Tools are located in the Control Panel.
(3) Assigning a user right to an OS user in an Active Directory environment
This subsection describes how to assign a user right to an OS user in an Active Directory environment. While you just set user rights on a local host in a conventional environment, the procedure to set them differs between a host with a domain controller and a local host within a domain in an Active Directory environment. The following shows how to set user rights for each host.
- In Active Directory environments, all OS users default to have the right Log on locally. When you use the default user rights, do not specify a new set of Log on locally rights.
- The following setup procedure applies to an environment that deploys multiple local hosts immediately under a single host with a domain controller. If you use complex settings such as building a site or organization unit (OU) or stopping policy inheritance, you might not be able to assign user rights in this procedure. For details, contact your Active Directory administrator.
- Setting a user right on a host with a domain controller
- To set a user right on a host with a domain controller:
- Select your desired right and add a domain user in the Domain Controller Security Policy dialog box on the host that is the domain controller.
- Use commands to apply the security policy update.
Execute the following command:
gpupdate /target:user
gpupdate /target:computer
You can use the event viewer to confirm that the settings are in effect.
- Make sure that Effective policy setting is selected in the Local Security Policy Setting dialog box on the host that is the domain controller.
The policy settings are inherited and overwritten in order of the local, site group, domain group, and organization unit (OU) group policies. You can also specify a setting to stop inheritance at some point in these levels. This setting might disable a user right given at a higher level, or might result in the disabling of a user right given during the inheritance. You must make sure that Effective policy setting is selected.
- Setting a user right on a local host within a domain:
- To set a user right on a local host within a domain:
- Select your desired user right and add a domain user or group in the Domain Security Policy Setting dialog box on the host that is the domain controller.
You cannot add a local user on the local host.
- Select your desired user right and add a domain user or group in the Local Security Policy Setting dialog box on the local host (this step can be omitted).
- Use the commands to reflect the policy update on the host that is the domain controller.
Execute the following command:
gpupdate /target:user
gpupdate /target:computer
You can use the event viewer to confirm that the settings are in effect.
To ensure the update, you should also execute the commands on the local host.
- Make sure that Effective policy setting is selected in the Local Security Policy Setting dialog box on the local host.
The policy settings are inherited and overwritten in order of the local, site group, domain group, and organization unit (OU) group policies. You can also specify a setting to stop inheritance at some point in these levels. This setting might disable a user right given at a higher level, or might result in the disabling of a user right given during the inheritance. You must make sure that Effective policy setting is selected.
A user right might not be assigned even when Effective policy setting is selected in the Local Security Policy Setting dialog box. This sometimes occurs if a DNS or IP address setting is wrong. For details, see the online help or related documentation for your OS.
All Rights Reserved. Copyright (C) 2009, Hitachi, Ltd.