We have just implemented safeboot encryption and upon using the mini-admin tool, it was found that users can create a new database. We wanted helpdesk users to use tool. Is there a way to turn off or disable this feature?
sorry no - the whole point of the administration system is to allow people to manage and create EEPC infrastructures. If you don't trust them to be administrators...?!?!
Maybe you could do something file file permissions? Lock sdmcfg.ini for example, but in reality miniadmin is an unsupported hack to start with.
Thanks for the fast response. We were told that the mini-admin tool would be useful for helpdesk people, who might reset passwords or assist with remote people. Giving them a tool where they might make a mistake and create a database on the server would not be something I trust them with.
Thanks again! Nice meeting you in Vegas!
they can only create a database on a file path they have write access to, and they don't need file access to the server folders to use EEM - in fact it's almost essential that they connect to an EEM server, NOT to the actual files of the database.
The worst they can do is create their own local environment - they can't mess up the main one any more than the permissions you give them.
The EE Manager has very fine-grained user Admin Rights control. For example, I've created a group of admin users who only have rights to export machine configurations -- they can't delete, rename, etc. etc. Create Database is a specific option in Admin Rights under Database.
By using the admin level and the specific Admin Rights options, you should be able to limit what your helpdesk can do to what they need. You likely will have to experiment somewhat -- I certainly did -- since I found the documentation terse/vague; for example, an ID must have Admin Rights Users Allow Administration in order to login to the Manager (obvious once stated but not documented that I could find).