search cancel

Service Account User Usage

book

Article ID: 215665

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

We have a Windows User/Service account and are unable find how or where this user is used, but we are pretty sure it is used by Nolio/CARA. How can we find out where/how it is being used?

 

Environment

Release : 6.x

Component : CA RELEASE AUTOMATION CORE

Resolution

Nolio does not need any other accounts by default. However, additional accounts are often introduced to use certain features, communicate with other systems and secure the environment. Here are some of the places you can look for that service account:

On the management and execution servers, open services.msc and open the properties for the service named: Nolio Release AutomationServer. Then check the Log On (tab). The two main reasons why this service might be configured to use something other than Local System are:

  1. Security.
  2. Connect to the a database server using integratedSecurity (Mgmt server only). 

On the agent servers, open services.msc and open the properties for the service named: Nolio Agent. Then check the Log On (tab). The three main reasons why this service might be configured to use something other than Local System are:

  1. Security.
  2. An action that runs on this agent machine is configured (via the "Settings" tab of the action) to impersonate another user. The impersonate feature requires an administrative account. 
  3. An action that runs on this agent machine is configured (via the "Inputs" tab of the action) to use integrated or useWindowsAuthentication. For example: these two actions have a useWindowsAuthentication boolean input option - which if set to true will attempt to authenticate using the credentials that the Nolio Agent service is using: 
    • Execute SQL Query on Microsoft(c) SQL Server
    • Run SQL File on Microsoft(c) SQL Server

In the Release Operations Center (ROC) Web User Interface, the username might be used:

  • To connect to an ldap server. To check, navigate to Administration -> User Management -> Directory Servers. Then open the properties for any LDAP servers defined and check the User Name field. 
  • To connect to another application/environment. This can be set in any kind of parameter and cannot easily be found. To look/search you would need to go through each parameter to check the value. If you do find it being used as a value in a parameter you can click on the parameters menu drop down to select "Find Usages" to see what action it is used in. Actions and flows also have "Find Usage" options that can be used to eventually find what process the action is used by, identify the Server Type which you can then use to find out which agents are assigned to that Server Type via the Environments -> Agent Assignment page.