In my previous post i addressed the Data Reader account provided is not same as that in the management group error. To be able to use that solution you have to set Less secure or More secure Run As Accounts.
When in the Run As Profile Wizard you can click an account to set their properties. Here you need to choose Less secure or More Secure Run As Account. The first will let your credentials be distributed automatically to all managed computers. The latter will need you to manually select the computers to which the credentials will be distributed.
On this page the following can be read:
Operations Manager distributes the Run As account credentials to either all agent-managed computers (the less secure option) or only to computers that you specify (the more secure option). If Operations Manager automatically distributed the Runs As account according to discovery a security risk would be introduced into your environment as illustrated in the following example. This is why an automatic distribution option was not included in Operations Manager.
For example, Operations Manager identifies a computer as hosting SQL Server 2005 based on the presence of a registry key. It is possible to create that same registry key on a computer that is not actually running an instance of SQL Server 2005. If Operations Manager were to automatically distribute the credentials to all agent managed computers that have been identified as SQL Server 2005 computers, then the credentials would be sent to the imposter SQL Server and they would be available to someone with administrator rights on that server.
When you create a Run As account, you are prompted to choose whether the Run As account should be treated in a Less secure or More secure fashion. More secure means that when you associate the Run As account with a Run As Profile, you have to provide the specific computer names that you want the Run As credentials distributed to. By positively identifying the destination computers, you can prevent the spoofing scenario that was described before. If you choose the less secure option, you will not have to provide any specific computers and the credentials will be distributed to all agent-managed computers.
So i chose the More Secure Run As Account option and all agent managed clients. This way no imposter should get his or her hands on my credentials used for the System Center Operations Manager 2012 (SCOM 2012) Run As accounts.
I hope this was informative for you.
If you like this post please support phits.nl. Thanks!
Pingback: Data Reader account provided not same as in management group - Peter Heijkamp IT Services