Chat now with support
Chat with Support

Enterprise Reporter 3.2.2 - Installation and Deployment Guide

Product Overview Installation Considerations for Enterprise Reporter Installing and Configuring Enterprise Reporter Managing Your Enterprise Reporter Deployment Troubleshooting Issues with Enterprise Reporter Appendix: Database Content Wizard Appendix: Encryption Key Manager Appendix: Log Viewer

Plan Credential Use

There is granular control over the credentials that are used to perform various functions in Enterprise Reporter. For more information, see Role Based Security in Enterprise Reporter and Technical Documentation.

 

Topics:  

Logged In User Details

You can use as many or as few credentials as you need. Many of the credentials used in Enterprise Reporter are stored in the Credential Manager, which makes it easy to replace or update credentials across your environment.

Credentials for the Configuration Manager are stored in a single Credential Manager, shared by all Configuration Manager users. If only certain employees know the passwords or are responsible for certain credentials, such as service credentials, one of those employees can add the credentials to the Credential Manager, and then all Enterprise Reporter administrators can use them.

Credentials in the Credential Manager are used in the following ways in the Configuration Manager:

Each Report Manager user has their own Credential Manager. Credentials in the Credential Manager are used in the following ways in the Report Manager:

The logged in user is used for:

Understanding Credentials Using Scenarios

The following scenarios outline how credentials can be used in different environments:

If you have a simple deployment, you can permission two sets of credentials to perform all functions. In this scenario, you have a single Enterprise Reporter administrator, who manages installation, discoveries, and reporting. The following table outlines the required permissions:

Administrator’s user account

Use these credentials to log in to the computer, and to schedule reports.

Launch consoles

Be a member of Reporter_Discovery_Admins and Reporter_Reporting_Admins groups

Enumerate scopes

Read access to all discovery targets

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

 

 

Service credentials

Use these credentials for the Enterprise Reporter server and all nodes.

Use the shared data location, if configured for a cluster

Read and write access to the share

Writing to the database

Be a member of Reporter_Discovery_Nodes group

Collect data

Be a local administrator on all computer targets, and have read access to targeted domains, SQL servers, NTFS objects

A complex deployment may require some thought to determine what credentials you want to use in different situations. With effort, you can minimize the permissions you must add to accounts to use Enterprise Reporter. Keep in mind that some of the data collected is available only to privileged accounts. In most cases, accounts with inadequate privileges can collect partial data.

For this scenario:

For each domain you need:

Service credential

Use these credentials for the Enterprise Reporter server and all nodes.

Enterprise Reporter server service

 

Node service

Local administrator access to the node host

Shared Data Location for each cluster

Read and write access to the share

Administrator’s user account

Use these credentials to log in to the computer running the Configuration Manager.

Launch console

You also need:

SQL Account

When creating the database or modify using the Database Wizard

Communication between the server and database

Logging in to the Report Manager

Communication between the node and the database

Read and write access to the database

Report Administrator account

Log in to the Report Manager

Must be a member of the Reporter_Reporting_Admins group

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

 

 

For browsing to your discovery targets and collecting the data you can choose the credentials that make sense for your environment. Set these credentials at the discovery level. For example:

For Active Directory® discoveries, you could use a domain admin account that has access to the targeted domain.

Effectively Deploy Remote Nodes

You can deploy nodes from the Configuration Manager or manually. When you are deploying a node to a remote computer, factors such as firewall configuration and network latency can cause problems. In this case, you can deploy a node manually on the host computer. For more information, see Node Deployment Issues .

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating