Table of Contents
Managing QPM Users
QoS Policy Manager (QPM) controls access to the QoS databases using Windows NT or Windows 2000 user administration services.
These topics describe how to manage user access to QPM:
QPM uses Windows NT or Windows 2000 local user groups to manage authorization. These groups are managed through the Windows NT or Windows 2000 User Manager administrative tool.
Every user who belongs to the QPM Users groups receives the "Log on Locally" privilege automatically. This enables those users to activate a local login on the system where the QPM Manager service runs.
When you install the complete version of QPM, you choose the names of the groups used for QPM authorization. These groups always reside on the machine that is running the QoS Manager service.
||Note During the installation process, permissions for the directory database and the database files within it are set for the QPM service. Only users who belong to the QPM user group have read/write permissions on the files in the directory. The file protection is only relevant to NTFS file systems.
There are two QPM groups:
- User groupThe QPM user group manages read-write access to QoS databases. If you accepted QPM defaults during installation, this group is named QPM_Users, and it contains a default user named QPM_User with no password. To maintain security, you should delete this user account or give it a password, and add user accounts for each person who requires read-write access. Alternatively, during installation you can choose an existing Windows NT or Windows 2000 local group to use for read-write authorization. You can change the user group by rerunning the QPM setup program.
- Guest groupThe QPM guest group manages read-only access to QoS databases. Guest users can do everything in QPM except save databases and apply jobs. If you accepted QPM defaults during installation, this group is named QPM_Guests. QPM does not add any users to this group. During installation, you can choose an existing Windows NT or Windows 2000 local group to use for read-only authorization. You can change the guest group by rerunning the QPM setup program.
You can add users to the QPM user or guest groups to give them access to QPM, and remove users to prevent access.
Click the User Manager button or select Tools>User Manager.
QPM starts the Windows NT or Windows 2000 User Manager program.
Figure 4-1: User Manager Window
Double-click the QPM user or guest group in the groups list. User Manager opens the Local Group Properties dialog box.
Figure 4-2: Local Group Properties Dialog Box
- Select the user group to manage read-write users. This group is called QPM_Users, unless you selected a different user group during QPM installation.
- Select the guest group to manage read-only users. This group is called QPM_Guests, unless you selected a different guest group during QPM installation.
Step 2 Modify the list of members as desired:
- To add a user, click Add. In the resulting window, select the user you want to add and click Add. You can search for users in various domains, and add more than one user at a time. When finished, click OK.
- To remove a user, select the user and click Remove. The user is removed. You can search for users in various domains, and remove more than one user at a time. When finished, click OK. (If you remove a user by accident, click Cancel before clicking OK.)
- User Manager is a Microsoft administrative tool included with Windows NT or Windows 2000. It is not a Cisco Systems program. You can start it directly from your desktop:
- For Windows NT, it can typically be found at
Start>Programs>Administrative Tools>User Manager.
- For Windows 2000, it can typically be found at
Start>Settings>Control Panel>Administration Tools>Computer Management>Local Users and Groups.
- See the User Manager online help for more information on managing Windows NT or Windows 2000 local users and groups.
- To give the default QPM user, QPM_User, a password, double-click QPM_User and enter a password in the resulting window.