Access problem - cannot perform restart computer and some other functions on workstations (62206)

Delegated administrators cannot restart (reboot) or manage computers remotely from the ActiveRoles Server Web Interface.

An attempt to restart computer might fail with the following error:

"Administrative Policy returned an error. Attempted to perform an unauthorized operation".

There is a change in the way some access templates work in Active Roles starting with version 6.5 and later.

"Computers - Full Control" Access Template is no longer sufficient to manage computers.

To enable any computer management task except computer restart (reboot):

• Apply one of the Computer Management Access Templates located under ActiveRoles Server | Configuration | Access Templates | Computer Resources, such as "Computer Management - Full Control"

To enable computer restart (reboot) from Web Interface, the Allow write edsaRestartComputer for edsComputerResourceContainer permission is required.

That permission is not included into any of the Computer Management Access Templates.

You can create a custom Access Template to grant that permission as follows:

1. In ARS MMC Console, locate the Computer Management - Full Control Access Template under ActiveRoles Server | Configuration | Access Templates | Computer Resources
2. Right-click the Access Template, select Copy and follow the wizard steps to create a new Access Template
3. Right-click the new Access Template and select Properties
4. Select Permissions tab and click Add
5. Select class named Computer Management Container (edsComputerResourcesContainer)
6. Select Object property access
7. Select Write properties and click Next
8. Select property named edsaRestartComputer, click Finish and then OK to close the Access Template properies
9. Apply the Access Template created in steps 2 - 8 to the container where managed computers reside