HCP System Management Help
To grant the HCP computer account HCP management permissions, you need to assign the necessary permissions either to the AD group you created or to the Domain Computers group.
HCP management permissions allow the HCP computer account to create computer accounts and manage computer account properties for each node in the system.
To assign permissions to the AD group or to the Domain Computers group:
1.In the left panel of the Active Director Users and Computers window, right-click on the OU or CN in which you want HCP computer accounts to be created and select Properties from the dropdown menu.
The Properties window opens.
2.Click on the Security tab.
3.On the Security tab, click on the Advanced button.
The Advanced Security Settings window opens.
4.Click on the Add button.
The Permission Entry for HCP window opens.
5.Click on the Select a Principle link.
The Select User, Computer, Service Account, or Group window opens.
6.In the Enter object name to select field, type the name of the AD group you created in the previous step, or type Domain Computers if you decided not to create an AD group for HCP management in the previous step. Then click on the OK button.
The Permission Entry window opens.
7.In the Permission Entry window:
oIn the Apply to field, select Descendant Computer objects.
oUnder Permissions, select the boxes in the Allow column for:
Read all properties
Write all properties
Delete
Change password
Reset password
Then click on the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
8.In the Advanced Settings window, click on the Add button again.
The Select User, Computer, Service Account, or Group window opens.
9.In the Enter object name to select field, type the name of your AD group, or type Domain Computers if you decided not to create an AD group for HCP management in the previous step. Then click the OK button.
The Permission Entry window opens.
10.In the Permission Entry window:
oIn the Apply to field, select This object and all descendant objects.
oUnder Permissions, select the boxes in the Allow column for:
Create Computer objects
Delete Computer objects
Then click on the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
11.In the Advanced Security Settings window, click on the OK button to close the window.
12.In the Properties window, click on the OK button to close the window.
Trademarks and Legal Disclaimer
© 2017 Hitachi Vantara Corporation. All rights reserved.