During the LoadRunner controller and LG agent installation, Is there a way to block IUSR_METRO from being added to the admin user group?

  • Questions
  • During the LoadRunner controller and LG agent installation, Is there a way to block IUSR_METRO from being added to the admin user group?
Question ID: 105657
0
0

This is a big security violation. We are about move to new hardware (OS will be WinServer2008) and our security team will not let us proceed without a workaround. Our current version is 11.52, we plan to move to 12.01 during the new install.

Marked as spam
Posted by (Questions: 218, Answers: 15)
Asked on October 27, 2014 5:44 pm
20 views
Answers (1)
1
Private answer

For LoadRunner 12.01 ''full setup'' (controller) and Standalone VuGen, installations; **IUSR_METRO is NOT installed.**

The IUSER_USER account is ONLY in ALM-Performance Center (PC) on of the PC servers, The Host and LG's (agent) installation and operations.

**No, you cannot block the IUSER_METRO Account from being installed.** The IUSER_USER account is only in ALM-Performance Center (PC) on of the PC servers, The Host and LG's (agent) installation and operations. During installation of the Performance Center Server and hosts, a default Performance Center system user, IUSR_METRO (default password ), is created in the Administrators user group of the server/host machines.

The IUSR_METRO Must be a Local Admin with Full permission on ALL PC server PC host (controller) and PC-LGs without it ALM-Performance will NOT work .

**HOWEVER:**

The Performance Center Server is installed with a System Identity Utility that enables you to manage the Performance Center system user on the Performance Center Server and hosts from one centralized location. To prevent security breaches, you can replace the Performance Center's default system user (IUSER_METRO) by creating a different local system user, or by using a domain user.

For stronger security, you can create a non-administrator Performance Center system user in a local group under the Users group. This system user has the permissions granted to any user in the Users group with extended rights to Web services and the HP file system and registry.

With these limited permissions, such a system user cannot perform all administrative system tasks. You need to specify a configuration user (a user with administrative privileges that is defined on the Performance Center Server and hosts) that Performance Center uses when administrative tasks are required on the system. After the tasks are complete, the system user reverts back to itself, with its limited Performance Center user permissions.

Note: The configuration user is saved in the database so that whenever an administrative-level system user is required to perform a task, the system automatically uses the configuration user, without asking for its credentials.

The Performance Center Server is installed with a System Identity Utility that enables you to manage the Performance Center system user on the Performance Center Server and hosts from one centralized location.

Using this utility, you can periodically update the Performance Center system user name and password. For more information:

- For ALM-PC 11.52x see ''How to Change the System User'' on page 458 of the ''HP ALM Performance Center V11.52 User and Administrator Guide'' Chapter 34: Performance Center System Administration (attached to this case).
- For ALM-PC 12.01 see ''How to Change the System User'' on page 501. of the ''HP ALM Performance Center v12.01 User and Administrator Guide'' Chapter 38: Performance Center System Administration.

We recommend only changing the password for the IUSR_METRO account.

**Note:**

- Additional information about Configuring Security Settings is available in chapter 35, 36 (for ALM-PC11.52) and chapter 39 (for ALM-PC 12.01)
- LoadRunner outside of Performance center does not use IUSR_METRO account, however, the end user(you) must be an admin to install AND use LR 11.52

Marked as spam
Posted by (Questions: 12, Answers: 363)
Answered on October 27, 2014 5:56 pm