Credential Profile Properties
The Credential Profile Properties window allows you to view or modify the properties of a Credential Profile.
Property Pages
Credentials
The Credentials page defines the basic properties of the Credential Profile. A Credential Profile generally represents a Windows user account, but may also represent other kinds of account.
Applies To
If the Credential Profile is not a Windows user account, this label indicates what this profile is used for. For example, for database login credentials, Applies To indicates what database server this profile is defined for.
Domain
For a Windows user account, enter the domain name, if appropriate. If the account is not a domain account, leave this box empty.
User ID
Enter the user ID for the account.
For a group Managed Service Account (gMSA), include the "$" at the end of the account name.
Password
Enter the password for the account.
For a group Managed Service Account (gMSA), leave the password blank.
Comments
Enter comments or notes about the account.
If the password for this account is changed in the target system (Windows, database server, etc.), it must be updated in adTempus as well. If the credentials are covered by an expiration policy that requires the password to be changed frequently, you can configure adTempus to issue a reminder alert when the password is nearing expiration.
To use this option, check the Track password expiration box and the Password expires every __ days box and enter the number of days that a password is valid.
For the initial setup or to resynchronize the expiration date, check the Set expiration date to box and enter the date when the current password expires.
Optionally check the Issue a reminder alert when password is near expiration to have adTempus log an Alert when the password is nearing expiration.
Once you have configured the password expiration days, adTempus will recalculate the expiration date automatically whenever you change the password in adTempus.
Use system context for certain operations
When this option is checked, adTempus will execute some tasks in the system context (i.e., the Windows identity that the adTempus service is running under) rather than the user account context.
For example, some operations (such as starting or stopping a service) can only be performed by a member of the Administrators group on the computer. Therefore to execute a Service Control Task you would have to run the job under an Administrator account. To avoid using an Administrator account for the job, you can use a standard user account instead, and check this option for the Credential Profile. When adTempus executes the Service Control Task, it will do so under its own security context, which has the necessary permissions.
The following tasks operate in the system context when this option is used:
All other tasks performed by the job will operate in the user's security context.
Agent Profiles
This feature is new for adTempus version 4.
The Agent Profiles page appears only if the adTempus server is configured as a Distributed Scheduling Master server. This page allows you to define different credentials for use on different Agents.
This can be necessary if your Agents are not in the same security domain as the Master. For example, the Credential Profile is configured to use the Windows logon account .\bob, which is local to the Master. When a job that uses this Credential Profile is sent to a Remote Agent, these credentials will not be valid on the Agent. In this scenario, you must specify the credentials that will be used for each Remote Agent. When it sends the job to an Agent, adTempus will send the correct set of credentials for that Agent, instead of the master credentials.
The Agent Profiles page lists all Remote Agents defined for the Master. If an override has been defined for that Agent, "(override set)" will appear after the Agent name. Click Edit to create or edit an override for an Agent, or Delete to remove an override for an Agent.
Security
The Security page is used to view or modify the security settings for this object. See the Security Editor topic for more information on editing security settings.
Credential Profiles inherit security settings from the defaults specified in the Credential Profiles window.
Automatic Permission Granting
When a user tries to use an existing Credential Profile (e.g., when configuring a job) but does not have "Use Credentials" permission for that profile, she will be prompted to enter the password associated with the profile. If she enters the correct password, she will automatically be granted "Use Credentials" permission for the profile.
Once this permission is assigned, the user can use the profile in the future without being prompted for the password, even if the password is subsequently changed.
Available Permissions
The following permissions apply to Credential Profiles:
| Permission | Description |
| Full Control | Permission to perform all actions on the profile. |
| Use Credentials | Permission to use the credentials on a job or other object. If a user has Use Credentials permission, she can use the profile without knowing the password for the account. |
| Modify | Permission to modify the properties of the profile. |
| Delete | Permission to delete the profile. |
| Administer security | Permission to change the security settings for the profile. |