Hitachi

JP1 Version 12 JP1/Base User's Guide

8.1.5 Assigning user permissions to OS users before setting user mapping

User mapping is functionality that associates JP1 users with OS users. In Windows, before setting user mapping, you need to assign certain Windows user rights to OS users who are mapped.

You can use the OS functionality to assign these rights to OS users. The setting procedure differs between an Active Directory-based domain environment and a non-domain environment. The following describes the rights required by OS users, and how to assign those rights.

Organization of this subsection

(1) User rights required by mapped OS users

To execute remote commands or automated actions from JP1/IM - Manager:

Log on locally

Log on as a service

To execute jobs in JP1/AJS, or to execute a local action in JP1/Base:

Log on locally

To Page Top

(2) Assigning user rights to an OS user

The procedure for assigning user rights to an OS user differs between an Active Directory domain environment and a non-domain environment. The procedure also differs between a host with a domain controller and a local host within a domain. Note that, depending on settings, assigning a user right to an OS user on a host with a domain controller eliminates the need for configuration on a local host within the domain. The following shows how to set user rights for each host.

Notes

  • In Active Directory environments, by default, the domain controller assigns Log on locally right to all OS users who belong to the Administrators group. Do not re-assign Log on locally user right to OS users who already belong to the Administrators group.

  • The following setup procedure applies to an environment that deploys multiple local hosts immediately under a single host with a domain controller. If you use complex settings such as building a site or organization unit (OU) or stopping policy inheritance, you might not be able to assign user rights in this procedure. For details, contact your Active Directory administrator.

Assigning user rights to an OS user in an Active Directory domain environment

The following describes how to assign user rights to an OS user in an Active Directory domain environment. Specifically, the following describes the respective procedures for setting user rights on a domain controller host, and on a local host within a domain.

Setting user rights on a domain controller host:

The following describes how to set a user right on a domain controller host, where the scope of the user right covers the whole domain:

  1. In the Domain Security Policy dialog box of the domain controller host, select the user rights you want to grant, and then add domain users or domain groups.

  2. On a domain controller host, use the commands to reflect the updated security policy.

    Execute the following commands on a local host:

    gpupdate /target:user

    gpupdate /target:computer

    You can use the event viewer to confirm that the settings are in effect.

    Because the required permissions are set on the domain controller host, you do not need to set a user right on the local host.

The following describes how to set a user right on a domain controller host, where the scope of the user right is limited to the domain controller host:

  1. On a domain controller host, select the desired user right in the Default Domain Controllers Policy dialog box or Local Security Policy dialog box, and then add a domain user or users.

  2. Use the commands to reflect the updated security policy.

    Execute the following commands on the domain controller host:

    gpupdate /target:user

    gpupdate /target:computer

    You can use the event viewer to confirm that the settings are in effect.

Setting user rights on a local host within a domain:

The following describes how to set a user right on a local host within a domain:

  1. On a local host, select a desired user right in the Local Security Policy Setting dialog box, and then use a command for adding a domain user or users to reflect the updated policy.

    Execute the following commands on the local host:

    gpupdate /target:user

    gpupdate /target:computer

    You can use the event viewer to confirm that the settings are in effect.

Setting user rights to an OS user in an non-Active Directory environment

The following describes how to set a user right on a local host.

  1. On a local host, select the desired user right, and then add an OS user or users in the Local Security Policy Setting dialog box.

  2. Use the commands to reflect the updated security policy.

    Execute the following commands on the local host:

    gpupdate /target:user

    gpupdate /target:computer

    You can use the event viewer to confirm that the settings are in effect.

These are representative procedures, and might not apply to your specific environment. In that case, see the online help or related documentation for your OS.

To Page Top

Copyright (C) 2019, 2021, Hitachi, Ltd.

Copyright (C) 2019, 2021, Hitachi Solutions, Ltd.