The Run As User Library is used to create and manage user profile information for use in Run As or Connect As actions. This enables actions to be performed using different user credentials. For example, a user may require mapping to a network drive or the ability to launch an application using different credentials.
The users defined in the library are available from the Friendly Name drop-down in the Run As or Connect As tabs in many of the action dialog boxes for user triggers.
As well as being accessed from the Manage tab, the Run As User Library is available by selecting the ellipsis in the Friendly Name field. This allows new users to be added to the library whilst creating actions.
The method used to encrypt and decrypt credentials for Run As User Library profiles uses a public key and private key pair:
- The public key and private key are used on the Environment Manager console to encrypt the password
- The private key is required by the agent to decrypt the password. The private key must be applied to the Environment Manager console and distributed to every endpoint, installed in the Certificates - Local Computer\Personal\Certificates folder.
Security certificates must be added to the Certificates - Local Computer\Personal\Certificates folder on the Environment Manager console and verified that they are installed correctly. Certificates added to this console location are displayed in the Security Certificates list.
The selected certificate is used to encrypt Run As credentials. The encrypted data is saved to the AEMP configuration file. The configuration and certificate containing the private key must be distributed to every endpoint being managed. If the private key is not installed on every endpoint the user action will fail.
The agent will only decrypt credentials when authentication is required. Decrypted credentials are not stored.
For more information about security certificates and how to deploy them, refer to DOC-71205
If the deployed security certificate expires user actions will fail. If the deployed certificate is changed, then the passwords will need updating.
Add a User to the Run As Library
- Select the Policy Configuration navigation button.
From the Manage ribbon, select Run As User Library.
The Run As User Library dialog displays.
- In the Select Certificatelist, click the encryption certificate required.
Details of the selected certificate are displayed.
The Expiry Date is validated and an icon warns when expiry is imminent:
Green tick icon indicates expiry date is greater than 60 days
Amber warning icon indicates expiry date is less than 60 days
Red cross icon indicates the certificate has expired
- Click Add.
- Enter a Friendly Name which displays in the drop-down list on the action Run As tab.
- Complete the user name, password and re-enter the password to confirm.
- Add further users by repeating steps 4 to 6.
- Select OK to save the entry and close the Run As User Library dialog box.