Application logs (Application Logging on page 26)

User and role associations (User Security on page 271)

User preferences (Users on page 276)

Role permissions (Roles on page 273)

Credentials (Add Credentials for Devices on page 107)

Device groups (Groups on page 109)

Tasks (throughout HP Web Jetadmin)

Templates (throughout HP Web Jetadmin)

Devices and supported device objects (Device Lists on page 91)

Data collections (Data Collection on page 209)

Low-privilege Service Account

The HPWJA Service and Microsoft SQL Server (HPWJA) service run under the NT AUTHORITY\Network Service account, which is a low-privilege account on the local system. Using this account for both of these services is a critical security feature for HP Web Jetadmin. The NT AUTHORITY\Network Service account must have access to the following locations.

Location

Rights required

 

 

C:\Program Files\Hewlett-Packard\Web Jetadmin 10

Read & execute, List folder contents, and Read access

(including all subdirectories and files in the directory structure)

 

 

 

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-

Full control and Read access

Packard\HPWebJetadmin\wjaservice

 

(including all subkeys)

 

 

 

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-

Full control and Read access

Packard\WJAUpdateService

 

(including all subkeys)

 

NOTE: This registry key applies only to HP Web Jetadmin 10.2

 

(10.2.59093) and later. Previous versions do not use this registry

 

key.

 

 

 

Microsoft SQL directory and file structure

Full control and Read access

 

 

C:\Windows\ServiceProfiles\NetworkService

Full control and Read access

(including all subdirectories and files in the directory structure)

 

 

 

Although you can run both of the HPWJA services under a different account, HP does not provide support to assist with this configuration. Changing the Microsoft Windows account that the HPWJA Service or SQL Server (HPWJA) service runs under might cause unexpected behavior in HP Web Jetadmin or cause both of these services to not start. In this case, HP Web Jetadmin will not run at all.

CAUTION: If you run HP Web Jetadmin under any account other than the NT AUTHORITY\Network Service account, you do so at your own risk.

To verify which account a service is running under, perform the following steps:

1.Use one of the following methods to open the Microsoft Windows Services window:

34 Chapter 2 Introduction to HP Web Jetadmin

ENWW

Page 62
Image 62
HP Web Jetadmin Software manual Low-privilege Service Account, Application logs Application Logging on