Security issues in Console Jobs/Tasks
search cancel

Security issues in Console Jobs/Tasks

book

Article ID: 159240

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Some users appear to be accessing the console with the Application Identity service account, they are able to edit jobs and tasks despite their account not having permissions to do so, and when they schedule jobs the application identity shows in the started by column. This appears to only happen on the jobs/tasks pane when users do not have access to more areas of the console, nor are they able to edit other objects like filters or policies.

"Unable to retrieve ItemAction. Guid:{5ab243ee-443c-4034-a3e8-1d6f0c46ee2a} Exception:Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item '5ab243ee-443c-4034-a3e8-1d6f0c46ee2a'.

   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
   at Altiris.Resource.ResourceItem.GetItemActionsForResourceItem(Guid resourceTypeGuid)
**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=7.1.8400.0&language=en&module=pJtGZTBkUFAvFVI8VYOzkkOXsRYT+R0lcx6IfgGzzwG4ZXL0j7PEovqAR1U08g/G&error=-1681233315&build=**CEDUrlEnd**",
"Altiris.Resource.ResourceItem.GetItemActionsForResourceItem","w3wp.exe","471","Errors"
 
"The owner of Item '3aed9524-0f5c-4d79-acff-3edce6d0aa93' is invalid, it does not map to a valid trustee.","Altiris.NS.Security.SecurityHierarchyManager.GetEntitySecurityDescriptor","w3wp","3"

Environment

ITMS (IT Management Suite) 7.x and 8.x.

Cause

 http://<Notification Server>/Altiris/TaskManagement/ had "Anonymous Authentication" enabled within IIS.

Resolution

 Disable "Anonymous Authentication" at http://<Notification Server>/Altiris/TaskManagement/ within IIS.

Powered by Wolken Software