Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Dataminer Local Users in a DMS / Local security policy

Solved248 views22nd January 2025dataminer user local user OS policy user account
1
Koen Bouckhout [SLC] [DevOps Advocate]1.29K 21st January 2025 0 Comments

Hello Dojo,

I would like to better understand the dependencies and possible difficulties with local Dataminer users in a DMS consisting of multiple agents.  Through experience every now and then we run into strange user problems.  A user can not login anymore on one agent while he can login on another agent.  Or a user is not able to successfully change his password on initial login after a Dataminer administrator has reset his  account with a new password (change at next logon).  These are just examples of some phenomenon experienced on live systems.   I am talking only about local users (not domain users).  When created on dataminer, these users are created as local users on each of the windows servers hosting the dataminer agent.

I can imagine that a potential cause of such issues could be the local security policy (including password and account lockout policies) on each of the windows servers making up the DMS.

If on one server in the local security policy, the password complexity policy is enforced while on the other it is not

or when

on one server the max password age is different than on another I can image various user problems can occur on DataMiner or DMS level.

Am I correct to say that the password and account lockout policy for local DataMiner users fully relies on the local security policy of the underlying windows servers?

When a password on a server has expired (due to the 90 days password age policy) will the user be warned by Dataminer if he logs in / tries to login?  Will he be offered to change his password?  Or simply denied to login without any explanation?

Are there any guidelines or best practices for the windows security policy to avoid potential problems at dataminer level?

Thanks for sharing your feedback on this topic!

Koen Bouckhout [SLC] [DevOps Advocate] Selected answer as best 22nd January 2025

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
1
Bert Vandenberghe [SLC] [DevOps Enabler]8.12K Posted 21st January 2025 1 Comment

Hi Koen,

Correct, for local users, the password and account lockout policies fully rely on the underlying OS. So, you need to make sure those are consistent across the different DMAs or you might experience unexpected behavior.

If the password of the local user is expired, you should get a possibility to change your password, at least with Cube, not sure about the web apps, those might maybe not support that.

My recommendation would be to avoid local users, and try to reuse existing accounts from a domain, or, and this is the best solution, use a SAML integration with Azure AD (Entra) or OKTA or something like that. Those identity providers are the most modern and most secure way of authenticating. They typically support MFA and have lots of goodies in terms of security and protection. These accounts are the best way forward...

Bert

Koen Bouckhout [SLC] [DevOps Advocate] Selected answer as best 22nd January 2025
Koen Bouckhout [SLC] [DevOps Advocate] commented 22nd January 2025

Thanks Bert. Understood and fully agreed.
For those deployments however that still use local users it is clear now that local security policy must be identical on all servers. A task that is sometimes overlooked …

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Web Applications exception in Cube due to invalid certificate 0 Answers | 0 Votes
Redundancy Groups and Alarming – Duplicate Alarms 0 Answers | 0 Votes
Correlation Engine: “Test rule” doesn’t result in a hit, despite functional rule 1 Answer | 3 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (109) Correlation (69) Correlation rule (52) Cube (151) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin