ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Security issues in Console Jobs/Tasks


Article ID: 159240


Updated On:


Management Platform (Formerly known as Notification Server)


Some users appear to be accessing the console with the Application Identity service account: they are able to edit jobs and tasks despite their account not having permissions to do so, and when they schedule jobs the application identity shows in the started by column. This appears to only happen on the jobs/tasks pane: users do not have access to more areas of the console, nor are they able to edit other objects like filters or policies.

"Unable to retrieve ItemAction. Guid:{5ab243ee-443c-4034-a3e8-1d6f0c46ee2a} Exception:Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item '5ab243ee-443c-4034-a3e8-1d6f0c46ee2a'.

   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
   at Altiris.Resource.ResourceItem.GetItemActionsForResourceItem(Guid resourceTypeGuid)
**CEDUrlStart** :**CEDUrlEnd**",
"The owner of Item '3aed9524-0f5c-4d79-acff-3edce6d0aa93' is invalid, it does not map to a valid trustee.","Altiris.NS.Security.SecurityHierarchyManager.GetEntitySecurityDescriptor","w3wp","3"


 http://<Notification Server>/Altiris/TaskManagement/ had "Anonymous Authentication" enabled within IIS.


ITMS (IT Management Suite) 7.x and 8.x.


 Disable "Anonymous Authentication" at http://<Notification Server>/Altiris/TaskManagement/ within IIS.