13.25 SetAllowMS

Use this Knowledge Script in sites with multiple management servers or multiple repositories to restrict the management servers that can control the agent.

This script sets a registry entry on the agent computer to explicitly allow a managed client to communicate with specified management servers from other management sites. The list of management servers with which the agent communicates is stored in the following registry key:

\HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\4.0\NetIQMC\Security\AllowMS

An asterisk (*) as a value for the AllowMS registry key authorizes all management servers to communicate with the agent. With this setting, “anonymous” management servers, servers with which the agent has not explicitly authorized communication, can communicate with the agent. This represents the lowest-security setting. It is the default if you do not choose to designate a primary management server during agent installation.

This script should not be used to enforce security or control communication between the management server and the managed client within a single site. Within a site, you should designate a primary and, if desired, a secondary management server for each agent. A separate registry key is involved in those designations; you can use the SetPrimaryMS Knowledge Script to identify the primary and secondary management server for each managed client within sites where more than one management server is installed.

You can specify the hostnames of allowed management servers for the New hostname(s) for AllowMS parameter. The computers you specify here will not become the agent’s primary or secondary management server, but those computers can communicate with the agent and instruct it to run monitoring jobs.