How to run the Software Delivery agent plug-in using other credentials than the ones CAF is running with?

Document ID : KB000053711
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Sometimes the SD Agent plug-in needs to be run with more privileges than the default Local System Account. (CAF is configured to run with the Local System Account by default).

This can be configured using the "CAF SaveCreds" and "CAF LoadCreds" commands.

Solution:

Follow the procedure below if you want to change the credentials the Software Delivery agent plug-in is running with:

  1. Run the following command to create a valid credentials file:

    caf savecreds sdagent user <Domain\ServiceUser> password <TextPasswd>

    where  <Domain\ServiceUser> is the Domain and the user you want the SD agent plugin to run as
    and      <TextPasswd> is the password.

  2. This will create a file named cafcreds.txt in the "bin" folder under the DSM base installation folder.

    (Default location:C:\Program Files\CA\DSM\bin\cafcreds.txt)

    The file contains the following lines:
    "<ComputerName>" "sdagent" "<Domain\UserName>" "<EncryptedPassword>"

    where <ComputerName> is the computer name on which the credentials need to be applied.
               <Domain\UserName> is the Domain and the user you want the SD agent plugin to run as
    and     <EncryptedPassword> is the string corresponding to the encrypted password you initially provided.

  3. Create a .CMD file in the following way:
    ---------------------------------------------------------------------------------------------------------@Echo Off                                                                    Rem ------- Creation of the cafcreds file for each computer -------          Echo "%COMPUTERNAME%" "sdagent" "UserName" "EncryptedPassword" > "C:\Program Files\CA\DSM\bin\cafcreds.txt"                                   Rem ------- Execution of the load creds command ------                       caf loadcreds                                                                ---------------------------------------------------------------------------------------------------------
  4. Create a SD package and deliver this CMD file to a computer and verify it works after recycling CAF or rebooting the computer.

  5. Deliver the package to the computers which need to be configured to run the SD Agent with the new credentials.

    Use the $#bg parameter to run it in the background and optionally the $rf parameter for the job output in the SD job parameters.

  6. The next time CAF is restarted, the SD agent plugin will run with the provided credentials.