The SCM Multi-user mode agent allows any user with permission to login to the agent machine the ability to use the agent software to access the file system or remotely run scripts with hexecp. If it is preferred to only allow a single user the ability to connect to the SCM Agent, but this needs to run as a service so that it is "always on", how can this be accomplished?
Harvest Software Change Manager all versions
With CA Harvest SCM, the agent component lets you access the file system of a remote computer for purposes of checking files in and out and running remote scripts. The agent can run in “Single-User” mode or in “Multi-User” mode.
Single User Agent |
Multi User Agent |
Only the user who logs in to the remote agent computer and executes the agntd.exe program from a command prompt window on that machine has permission to connect to that agent to manage files or run remote scripts. |
Any user who has permission to login to the agent computer has permission to connect to that agent to manage files or run remote scripts. |
Executes in foreground from a command prompt window on the agent computer. |
Executes in background as a Windows Service. |
The agent activity log is routed to the command prompt window rather than to a log file. |
Log files will be found in the %CA_SCM_HOME%\log folder on the agent machine. |
When starting the agntd.exe program from the command prompt window, the user can choose the password that will be used for connection.
|
When the agntd.exe program starts as a service, it will rely on the Windows system for authentication of user credentials. |
When connecting to the Single User Agent, the user must use the password that was specified when the agntd.exe program was started. |
When connecting to the multi-user agent, the user must use the Windows login credentials they would normally use to login to the agent computer. |
Agent’s port number is specified when starting the agntd.exe program using the “-port=” option. |
Agent’s port number is specified in the HAgent.arg file using the “-port=” option. |
What if access to the remote agent process must be restricted to one user, but it is not possible or convenient to login to the remote agent computer and start the agntd.exe program from a command prompt before every deployment? To accomplish this it is necessary to configure the Single User Agent to run in background and to automatically restart it when the computer is restarted.
The following suggested solution is offered only as an example and is not directly supported by the Broadcom Support Team. You can use this as a starting point from which to develop your own custom solution for this use case.
On the Windows platform the steps involve:
Here is an example batch script that might be used:
setlocal ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION
@echo off
for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a"
set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%"
set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%"
set "datestamp=%YYYY%%MM%%DD%" & set "timestamp=%HH%%Min%%Sec%"
agntd -eh=agent.dfo -port=6005 > "%CA_SCM_HOME%\log\%datestamp%_%timestamp%HAgent_6005.log"