Security Considerations for the Server Virtualization Management Pack
Operations Manager uses both the Operations Manager service and the agent action account to provide monitoring of agent-managed computers. By default, the agent action account for each Operations Manager 2007 agent uses the Local System account to access providers and run responses. However, you can provide credentials for a domain account or local computer account.
In addition, the Operations Manager agent on the VMM server must have the following rights and permissions:
To enable Operations Manager operators to perform tasks in Virtual Machine Manager from the Operations Console, the agent action account must be a member of the local Virtual Machine Manager Administrators group on the VMM server.
Note
If the agent action account is not a member of that group, operators can specify a different run-as account when they order a task in the Operations Console.
To enable discovery, the agent action account must have access to the VMM database.
Proxying must be enabled for the Operations Manager agent on the VMM server. For more information, see Getting Started.
Low-Privilege Environments
Required permissions for using the Server Virtualization Management Pack in a low-privilege environment have not yet been verified.
Computer Groups
The Server Virtualization Management Pack provides the following computer groups:
Virtual Machine Group
Virtual Server Group
VMM 2007 Library Server Group
VMM 2007 Self-Service Server Group
VMM 2007 Server Group
Using Roles
To enable VMM administrators to view reports in the Operations Console and in the VMM Administrator Console, you must add the VMM administrators to the Report Operator role in Operations Manager 2007.
For information about assigning the Report Operator role, see "How to Add Users or Groups to the Report Operator User Role in Operations Manager 2007" (https://go.microsoft.com/fwlink/?LinkId=98816).