Skip to main content

Hi,

we wants to create a dedicated user for commvault for backup the agents.
In every agents i must change the credentials (user, pw).
Is it possible to multiple change the credentials?

Regards
Dennis

HI @Dennis ,

Can you check our documentation: 

https://documentation.commvault.com/11.28/expert/7964_user_account_and_password_management_overview.html

Let me know if you have any questions.

Best Regards,

Sebastien


Thanks… 

But in the document i see only that the account should be admin and you make the adjustments in the agent.


May I ask why you want a dedicated user? It seems like adding a lot of complexity for unknown reasons.


Sure, we were victims of a cyber attack and must now change the accounts and passwords.


I don’t mean to be difficult but this didn’t really answer the question.


At that time, we "abused" our windows domain admin and entered it in the agents. Since we now have to change the password for this user, we want to create a special Commvault user.


Commvault runs as a service by default so what im asking is why go through the trouble of changing it to use a user account?


To authenticate to a client …… AD, SQL, Exchange……..


You specify that at the application level … the 


You can use this to broadly change passwords in the commcell - it works like a find and replace. Find all usernames that are X, and replace the password with Y.

https://documentation.commvault.com/2022e/expert/7965_changing_system_account_name_or_password_used_in_commvault_software.html

However, the new way is to use credential manager going forward:

https://documentation.commvault.com/2022e/essential/119947_credential_manager.html

This way you can create a credential in the commcell and also determine who owns / is allowed to use it. Then you use that credential when entering passwords for agents, and can manage them all from the credential manager interface.


Credential Manger is definitely the recommended approach.  Not all credentials are supported as yet (improving in each release) but it greatly improves your ability to centrally manage credentials and can improve your security posture e.g. makes it more likely you will frequently rotate passwords.  You can even use 3rd party tools to rotate credentials e.g. CyberArk. Keep an eye on the June 2023E LTS release as there will be further enhancements to Credential Manager.


@Damian Andre 
Great 🙂 Thanks……
And if i type there a credential for account type “SQL Server Account” this is for ALL SQL iData agents?
Or can i define this for which client?


Reply