rbaacct

User Accounts

Set up user accounts and assign a particular role to each user. The user role determines the web console menu items a user can view or configure.

During OfficeScan server installation, Setup automatically creates a built-in account called "root". Users who log on using the root account can access all menu items. You cannot delete the root account but you can modify account details, such as the password and full name or the account description. If you forget the root account password, contact your support provider for help in resetting the password.

Add custom accounts or Active Directory accounts. All user accounts display on the User Accounts list on the web console.

OfficeScan user accounts can be used to perform "single sign-on". Single sign-on allows users to access the OfficeScan web console from the Trend Micro Control Manager console. For details, see the procedure below.

To add a custom account:

• Administration > User Accounts

1. Click Add.

2. Select Custom Account.

3. Type the user name, full name, and password and then confirm the password.

4. Type an email address for the account.

OfficeScan sends notifications to this email address. Notifications inform the recipient about security risk detections and digital asset transmissions. For details about notifications, see Security Risk Notifications for Administrators and Digital Asset Control Notifications for Administrators.

5. Select a role for the account.

6. Click Save.

7. Send the account details to the user.

To modify a custom account:

• Administration > User Accounts

1. Click the user account.

2. Enable or disable the account using the check box provided.

3. Modify the following:

• Full name

• Password

• Email address

• Role

4. Click Save.

5. Send the new account details to the user.

To add an Active Directory account or group:

• Administration > User Accounts

1. Click Add.

2. Select Active Directory User or group.

3. Specify the account name (user name or group) and the domain to which the account belongs.

Include the complete account and domain names. OfficeScan will not return a result for incomplete account and domain names or if the default group "Domain Users" is used.

All members belonging to a group get the same role. If a particular account belongs to at least two groups and the role for both groups are different:

• The permissions for both roles are merged. If a user configures a particular setting and there is a conflict between permissions for the setting, the higher permission applies.

• All user roles display in the System Event logs. For example, "User John Doe logged on with the following roles: Administrator, Guest User".

4. Select a role for the account.

5. Click Save.

6. Inform the user to log on to the web console using his or her domain account and password.

To add several Active Directory accounts or groups:

• Administration > User Accounts

1. Click Add from Active Directory.

2. Search for an account (user name or group) by specifying the user name and domain to which the account belongs.

Use the character (*) to search for multiple accounts. If you do not specify the wildcard character, include the complete account name. OfficeScan will not return a result for incomplete account names or if the default group "Domain Users" is used.

3. When OfficeScan finds a valid account, it displays the account name under User and Groups. Click the forward icon (>) to move the account under Selected Users and Groups.

If you specify an Active Directory group, all members belonging to a group get the same role. If a particular account belongs to at least two groups and the role for both groups are different:

• The permissions for both roles are merged. If a user configures a particular setting and there is a conflict between permissions for the setting, the higher permission applies.

• All user roles display in the System Event logs. For example, "User John Doe logged on with the following roles: Administrator, Power User".

4. Add more accounts or groups.

5. Select a role for the accounts or groups.

6. Click Save.

7. Inform users to log on to the web console using their domain names and passwords.

To change a custom or Active Directory account’s role:

• Administration > User Accounts

1. Select one or several custom or Active Directory accounts.

2. Click Change Role.

3. On the screen that displays, select the new role and click Save.

To enable or disable a custom or Active Directory account:

• Administration > User Accounts

1. Click the icon under Enable.

• The root account cannot be disabled.

To delete a custom or Active Directory account:

• Administration > User Accounts

1. Select one or several custom or Active Directory accounts.

2. Click Delete.

To use OfficeScan user accounts in Control Manager:

Refer to the Control Manager documentation for the detailed steps.

1. Create a new user account in Control Manager. When specifying the user name, type the account name that appears on the OfficeScan web console.

2. Assign the new account "access" and "configure" rights to the OfficeScan server.

• If a Control Manager user has "access" and "configure" rights to OfficeScan but does not have an OfficeScan account, the user cannot access OfficeScan. The user sees a message with a link that opens the OfficeScan web console’s logon screen.

See also:

• Role-based Administration

• User Roles