IfÂ operators needs to run a task that they normally donâ€™t have permissions to run you can use run as accounts and profiles. I was trying that in Ops Mgr 2007 R2 this week.
In my first scenario I needed operators in the user profile Contoso Operators to run the computer management task against a number of machines. But the operators donâ€™t have permissions enough on the target machines. So I created a account under run as accounts and configure a new run as profile. In the profile I specified the account and target a group. In that group I had added a couple of health service objects, as the computer management task are target to the health service class. This worked, but everything target to health service was affected by the new run as account. The result was a working task but a couple of new â€œrun-as-profile-accountâ€ alerts in the console.
My second idea was to create a new management pack including a new class and discovery rulesÂ for something onÂ all the needed machines.Â I builtÂ thisÂ in the R2 Authoring Console. There are some good info about authorÂ management packsÂ at this page.
When the discovery was working I added a task to run the computer management console.Â I then created a new profile, selected the same account as in the first scenarioÂ but target only my new class. When a operator now runs the task, it is target to the new class, and the profile with a specified account is also target to this new class. The result is that a operator can run the computer management task, with the specified account, even if they dont have enought permissions on their logged on domain account.