I have an environment with 1 W2K8R2 Master server and 4 Windows Media Servers. I have just enabled NBAC, which I note has changed in the way it is setup from 7.0 to 7.1.
With 7.1 I simply ran the bpnbaz -setupmaster command (no parameters), and this completed. I then restarted the NBU services on the Master Server. Next, I ran the bpnbaz -setupmedia -all, which completed.
I created a number of AD Windows Groups and added these as users to the NBAC groups. The user I was logged onto when I ran the bpnbaz commands was added to each of the groups in NBAC automatically.
All appears to be working OK excepting that everyone has access to the Security commands in the GUI !! Where I have added the Windows group to for example the operators group, they can do everything they should be able to do as an operator - cannot do the things they shouldn't be able to do - but can also access the security functions from the GUI and add/remove users and groups to NBAC. This obviously defeates the purpose........
This is the result when the users RDP to the master server and logon as themselves. If they use the Remote Admin Console then they get an error relating to an expired certificate if they try and access the Access Control tab of the GUI.
Compared to when I setup NBAC in V7 (where I has to setup Authenication and Authorization), there appears very little to do here. Although I have the fear I have missed something !!
The Master has AUTOMATIC set as the authentication, the media server the same. I have not run the bpnbaz -clientsetup yet - do I need to ?
I have not 'linked' a windows domain or anything as of yet - and am finding the instructions in the Security and Encryption Guide not very clear.
Have I missed something here ?
I am currently running 7.1.0.2
Any help appreciated.
AJ.
