如何建立執行身分帳戶並與執行身分設定檔產生關聯How to create a Run As account and associate with a Run As profile

重要

已不再支援此版本的 Operations Manager,建議升級至 Operations Manager 2019This version of Operations Manager has reached the end of support, we recommend you to upgrade to Operations Manager 2019.

此程序描述如何使用一組 Windows 認證做為範例,建立執行身分帳戶。This procedure describes how you create a Run As Account by using a set of Windows credentials as an example. 接著,它會說明如何編輯執行身分帳戶的內容,以修改認證的安全性層級和散發。Then it shows you how to edit the properties of the Run As Account to modify the security level and distribution of the credentials. 您可以對其他所有帳戶類型,使用這個相同的程序。You use this same procedure for all other account types. 一旦您完成建立執行身分帳戶之後,您會將其與執行身分設定檔產生關聯。Once you are completed creating the Run As account, you will associate it with a Run As Profile.

您在執行身分帳戶中提供的認證會用來執行認證所在管理組件中所定義的工作、規則、監視和探索。The credentials that you provide in a Run As Account are used to run tasks, rules, monitors and discoveries as defined by the management pack that they are in. 管理組件指南具備設定執行身分帳戶與執行身分設定檔所需的設定。The management pack guide has the settings that you need for configuring the Run As Account and the Run As Profile. 當您建立執行身分帳戶時,會警告您必須將執行身分帳戶與執行身分設定檔產生關聯,而且您不會看到設定執行身分帳戶認證散發的選項。When you create a Run As Account you are warned that you must associate the Run As Account with a Run As profile, and you are not presented with the option to configure Run As Account credential distribution. 這兩個活動都可以在 [執行身分設定檔精靈] 中完成。Both of these activities can be accomplished in the Run As Profile wizard. 或者,您可以編輯執行身分帳戶的內容,以設定執行身分帳戶認證散發,如下所示。Alternately, you can configure Run As Account credential distribution by editing the properties of the Run As Account as shown below.

您必須正確設定執行身分帳戶的散發和目標,執行身分設定檔才能正確運作。Both distribution and targeting of Run As accounts must be correctly configured for the Run As profile to work properly.

建立執行身分帳戶Create a Run As account

  1. 使用屬於 Operations Manager 系統管理員角色成員的帳戶登入 Operations 主控台。Log on to the Operations console with an account that is a member of the Operations Manager Administrators role.

  2. 在 Operations 主控台中,按一下 [系統管理] 。In the Operations console, click Administration.

  3. 在 [系統管理] 工作區中,以滑鼠右鍵按一下 [帳戶] ,然後按一下 [建立執行身分帳戶] 。In the Administration workspace, right-click Accounts, and then click Create Run As Account.

  4. 在 [建立執行身分帳戶精靈] 的 [簡介] 頁面上,按一下 [下一步] 。In the Create Run As Account Wizard, on the Introduction page click Next.

  5. 在 [一般內容] 頁面上,進行下列動作:On the General Properties page, do the following:

    a.a. 在 [執行身分帳戶類型] 清單中選取 [Windows]。Select Windows in the Run As Account type: list.

    b.b. 在 [顯示名稱] 文字方塊中,輸入一個顯示名稱。Type a display name in the Display Name text box.

    c.c. 選擇性地在 [描述] 方塊中輸入描述。Optionally, type a description in the Description box.

    d.d. 按一下 {3}[下一步]{4}來建立應用程式和部署類型。Click Next.

  6. 在 [認證] 頁面上,輸入使用者名稱及其密碼,然後針對您要設定為此執行身分帳戶成員的帳戶選取網域。On the Credentials page, type a user name, and its password, and then select the domain for the account that you want to make a member of this Run As account.

  7. 按一下 {3}[下一步]{4}來建立應用程式和部署類型。Click Next.

  8. 在 [散發安全性] 頁面上,適當地選取 [較不安全] 或 [較安全] 選項。On the Distribution Security page, select the Less secure or More secure option as appropriate. 如需詳細資訊,請參閱執行身分帳戶和設定檔的散發與目標For more information, see Distribution and Targeting for Run As Accounts and Profiles.

  9. 按一下 [建立] 。Click Create.

  10. 在 [執行身分帳戶建立進度] 頁面上,按一下 [關閉] 。On the Run As Account Creation Progress page, click Close.

修改執行身分帳戶內容Modify Run As account properties

  1. 在 Operations 主控台中,按一下 [系統管理] 。In the Operations console, click Administration.

  2. 在 [系統管理] 工作區中,按一下 [帳戶] 。In the Administration workspace, click Accounts.

  3. 在結果窗格中,按兩下您想要編輯的執行身分帳戶,以開啟其內容。In the results pane, double-click the Run As account that you want to edit to open its properties.

  4. 在 [執行身分帳戶內容] 頁面上,您可以編輯 [一般內容] 、[認證] 或 [發佈] 索引標籤上的值。On the Run As Account Properties page, you can edit values on the General Properties, Credentials, or the Distribution tabs. 在此案例中,選取 [發佈] 索引標籤。In this case, select the Distribution tab.

  5. 在 [發佈] 索引標籤的 [選取的電腦] 區域中,按一下 [新增] ,以開啟 [電腦搜尋] 工具。On the Distribution tab, in the Selected computers: area, click Add to open the Computer Search tool.

  6. 在 [電腦搜尋] 頁面上,按一下 [選項] 清單,然後選取下列其中一個選項︰On the Computer Search page, click the Option: list and select one of the following options:

    a.a. 依電腦名稱搜尋 (預設) :接著,在 [篩選依據: (選用)] 方塊中輸入電腦名稱。Search by computer name (Default), then type in the computer name in the Filter by: (Optional) box.

    b.b. 顯示建議的電腦:如果您已經將執行身分帳戶物件與執行身分設定檔產生關聯,這裡就會顯示一份已探索到且裝載受監視服務之電腦的清單。Show suggested computers, if you have already associated the Run As Account object with a Run As profile, a list of discovered computers that host the monitored service are presented here.

    c.c. 顯示管理伺服器:在某些情況下 (例如跨平台監視),所有監視都是由管理伺服器執行,因此認證會散發到執行監視的管理伺服器。Show management servers, in some cases, for example cross platform monitoring, all monitoring is performed by a management server and therefore the credentials have be distributed to the management servers that is performing the monitoring.

  7. 選擇性地在 [篩選依據: (選用)] 方塊中輸入一個值,以縮小搜尋結果集的範圍,然後按一下 [搜尋] 。Optionally, type in a value in the Filter by: (Optional) box to narrow the search result set and click Search. 符合搜尋準則之電腦的清單會顯示在 [可用的項目] 方塊中。A list of computers that match the search criteria is displayed in the Available items box.

  8. 選取您想要在其中散發認證的電腦,然後按一下 [新增] 。Select the computers that you want to distribute the credentials to, and click Add. 電腦隨即出現在 [選取的項目] 方塊中。The computers appear in the Selected Items box.

  9. 按一下 [確定] 。Click OK. 這會讓您返回 [散發] 索引標籤,並顯示電腦。This returns you to the Distribution tab and the computers are displayed.

  10. 按一下 [確定] 。Click OK.

將執行身分帳戶與執行身分設定檔產生關聯Associate a Run As account to a Run As profile

此程序可用來建立及設定新的執行身分設定檔,或者您可以使用 [設定] 區段修改或設定管理群組中已存在的執行身分設定檔。This procedure can be used for creating and configuring a new Run As profile, or you can use the configuring section to modify or configure Run As profiles that are pre-existing in your management group. 此程序假設您先前還未建立執行身分帳戶。This procedure assumes that you have not previously created a Run As account.

  1. 使用屬於 Operations Manager 系統管理員角色成員的帳戶登入 Operations 主控台。Log on to the Operations console with an account that is a member of the Operations Manager Administrators role.

  2. 在 Operations 主控台中,按一下 [系統管理] 。In the Operations console, click Administration.

  3. 在 [系統管理] 工作區中,按一下 [設定檔] 。In the Administration workspace, click Profiles.

  4. 在結果窗格中,按兩下您想要設定的執行身分設定檔。In the results pane, double-click the Run As profile that you want to configure. [執行身份設定檔精靈] 隨即開啟。The Run As Profile Wizard opens.

  5. 在左窗格中,按一下 [執行身分帳戶] 。In the left pane, click Run As Accounts.

  6. 在 [執行身分帳戶] 頁面上,按一下 [新增] 。On the Run As Accounts page, click Add.

  7. 在 [加入執行身分帳戶] 視窗的 [執行身分帳戶] 欄位中,從下拉式功能表選取現有的執行身分帳戶。In the Add a Run As Account window, in the Run As account field, select an existing Run As account from the dropdown menu. 您也可以按一下 [新增] ,並遵循以上的建立執行身分帳戶步驟,建立帳戶。You can also create an account by clicking New and following Create a Run As Account steps above.

  8. 選取 [所有目標物件] 或 [選取的類別、群組或物件] 。Select All targeted objects or A selected class, group, or object. 如果您選取 [選取的類別、群組或物件] ,按一下 [選取] ,然後找出並選取您希望用於執行身分帳戶的類別、群組或物件。If you select A selected class, group, or object, click Select, and then locate and select the class, group, or object that you want the Run As account to be used for. 如需詳細資訊,請參閱執行身分帳戶和設定檔的散發與目標For more information, see Distribution and Targeting for Run As Accounts and Profiles.

  9. 按一下 [確定] ,關閉 [加入執行身分帳戶] 方塊。Click OK to close the Add a Run As Account window.

  10. 在 [執行身分帳戶] 頁面上,按一下 [儲存] 。On the Run As Accounts page, click Save.

  11. 在 [執行身分設定檔精靈完成] 頁面上,如果您產生關聯的每個帳戶是針對 [較不安全散發] 而設定,按一下 [關閉] 。On the Run As Profile Wizard Completion page, if every account you associated is configured for Less Secure distribution, click Close. 如果您產生關聯的執行身分帳戶是針對 [較安全散發] 而設定,您將會看到該執行身分帳戶以連結的方式列出。If you associated a Run As account that is configured for More Secure distribution, you will see the Run As account listed as a link. 按一下連結,使用下列程序設定認證散發。Click the link to configure credential distribution, using the following procedure.

設定執行身分帳戶的散發Configure distribution of a Run As account

  1. 使用下列其中一種方法,開啟執行身分帳戶的內容︰Open the properties for the Run As account using one of the following methods:

    • 在 [執行身分設定檔精靈完成] 頁面上,按一下帳戶連結。On the Run As Profile Wizard Completion page, click the account link.
    • 在 Operations 主控台的 [系統管理] 工作區中,按一下 [執行身分設定] 底下的 [帳戶] ,然後在結果窗格中,按兩下您想要設定的帳戶。In the Operations console, in the Administration workspace, under Run As Configuration, click Accounts, and then in the results pane, double-click the account you want to configure.
  2. 在 [發佈] 索引標籤上,按一下 [為選取的電腦新增] 方塊,然後執行下列動作︰On the Distribution tab, click Add for the Selected computers box and do the following:

    a.a. 選取 [依電腦名稱搜尋 (預設)] 、[顯示建議的電腦] ,或 [顯示管理伺服器] 。Select Search by computer name (Default) or Show suggested computers, or Show management servers.

    b.b. 選擇性地在 [篩選依據: (選用)] 方塊中輸入一個值。Optionally type in a value in the Filter by: (Optional) box.

    c.c. 按一下 [搜尋] 。Click Search. 結果集便會在 [可用的項目] 方塊中傳回。The result set is returned in the Available items box.

    d.d. 從結果集中選取您想要的電腦,然後按一下 [新增] 。Select the computers you want from the result set, and click Add. 如此會將選取的電腦新增至 [選取的物件] 方塊中。This adds the selected computers to the Selected objects box.

    e.e. 按一下 [確定] 。Click OK.

  3. 按一下 [確定] 。Click OK.

後續步驟Next steps