Potential Issues When Using Multiple Administrators
You must take a few common sense precautions when using multiple administrators. Even though Security Controls contains a number of built-in safety checks, it cannot guard against all possibilities. The program may act in unpredictable ways if the following occur:
•If two administrators try to scan the same machine group
The machines will be scanned twice, causing potential performance issues. In addition, there may be administrative rights errors due to the multiple connections.
•If two or more administrators try to deploy patches
The most likely result is that one deployment task will succeed and the other will fail. But because the deployment that succeeds will likely perform a restart of the target machines, the machines may be in an unknown state when the other deployment fails.
If You Choose Not to Use Shared Credentials
When you create credentials and assign them to machines, those credentials belong to your administrator account. If a different administrator (Administrator B) logs on and uses Security Controls, they will not have access to the machine credentials you provided. The second administrator must provide their own machine credentials.
One of the ways this can be confusing is if Administrator B fails to provide their own machine credentials and tries to schedule a patch deployment from a scan that was performed by Administrator A. The deployment can be successfully scheduled if default credentials are available, but the actual patch deployment will likely fail because the patch deployment requires machine credentials -- credentials that were provided by Administrator A but that are not available to Administrator B.
•Each administrator should create their own credentials and assign them to machines
•Each administrator should define default credentials that are the same as their logon credentials. This will eliminate some of the problems that may occur if the administrator forgets to assign machine credentials.
If You Choose to Use Shared Credentials
Much of the pain described above can be eliminated by using shared credentials. Sharing a credential enables other users to use the credential without knowing the secure details about the credential. For complete details, see Shared Credentials.