Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Configuring Run As Accounts in VMM

Updated: November 1, 2013

Applies To: System Center 2012 - Virtual Machine Manager, System Center 2012 R2 Virtual Machine Manager, System Center 2012 SP1 - Virtual Machine Manager

In System Center 2012 – Virtual Machine Manager, the credentials that a user enters for any process can be provided by a Run As account. A Run As account is a container for a set of stored credentials.

Only administrators and delegated administrators can create and manage Run As accounts. Read-only administrators can see the account names associated with Run As accounts that are in the scope of their user role.

The same restrictions on creating, managing, and viewing Run As accounts are in effect in both the VMM console and the VMM command shell. Delegated administrators and self-service users can only get objects that are in the scope of their user role and can only perform the actions that their user role allows.

Security for Run As accounts in VMM

System Center 2012 – Virtual Machine Manager uses the Windows Data Protection API (DPAPI) to provide operating system level data protection services during storage and retrieval of the Run As account credentials. DPAPI is a password-based data protection service that uses cryptographic routines (the strong Triple-DES algorithm, with strong keys) to offset the risk posed by password-based data protection. For more information about DPAPI architecture and security, see Windows Data Protection.

During the installation of a VMM management server, you can configure System Center 2012 – Virtual Machine Manager to use Distributed Key Management to store encryption keys in Active Directory Domain Services (AD DS). For more information, see Configuring Distributed Key Management in VMM.

In This Section

Use the procedures in this section to perform the following tasks.

 

Procedure Task

How to Create a Run As Account in VMM

Describes how to create Run As accounts

How to Disable and Enable Run As Accounts in VMM

Describes how to disable and enable a Run As account to temporarily prevent its use.

How to Delete a Run As Account in VMM

Describes how to delete a Run As account.

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.