by dusted » Wed May 29, 2013 1:11 pm people like this post
First post - be gentle...
I have given some support staff access to the read-only view of Veeam ONE Monitor client for our vSphere environment. I achieved this by adding them to the Users group on the Veeam ONE server. Everything works as expected and is proving to be very useful however there is one piece which does not see to function as expected.
We are using the product in Infrastructure View to check on machines in error (e.g.Windows 7 running high VM CPU usage). If a machine is experiencing an issue in this area then the support staff member uses the Process option to use guest OS authentication to view the processes, this works as expected. The problem arises when the user wishes to kill an errant process (say AcroRd.EXE at 100% or something like that) On highlighting the required process then clicking the Kill Process button an Access Denied message is displayed.
If I add the user to the Administrators group on the Veeam ONE Server then try exactly the same process (including the exact same Guest OS credentials) then the process *can* be terminated.
by dusted » Wed May 29, 2013 4:07 pm people like this post
I have established that the Kill Process button uses the users AD logged on context - not the guest OS credentials as supplied when viewing the process. This can be worked around by ensuring the users logged on AD account has local administration rights to the managed VM's - not ideal but it works.