Filter
Top Products
Configuring Security Features 347
CAUTION: These features severely limit the ability of the local user to
configure the iDRAC6 from the local system, including performing a reset to default
of the configuration. It is recommended that you use these features with
discretion. Disable only one interface at a time to help avoid losing login
privileges altogether.
NOTE: See the white paper on
Disabling Local Configuration and Remote Virtual
KVM in the DRAC
on the Dell Support site at support.dell.com for more information.
Although administrators can set the local configuration options using local
RACADM commands, for security reasons they can reset them only from an
out-of-band iDRAC6 Web-based interface or command line interface.
The cfgRacTuneLocalConfigDisable option applies once the system
power-on self-test is complete and the system has booted into an operating
system environment. The operating system could be one such as Microsoft
Windows Server or Enterprise Linux operating systems that can run local
RACADM commands, or a limited-use operating system such as Microsoft
Windows Preinstallation Environment or vmlinux used to run Dell
OpenManage Deployment Toolkit local RACADM commands.
Several situations might call for administrators to disable local configuration.
For example, in a data center with multiple administrators for servers and
remote access devices, those responsible for maintaining server software
stacks may not require administrative access to remote access devices.
Similarly, technicians may have physical access to servers during routine
systems maintenance—during which they can reboot the systems and access
password-protected BIOS—but should not be able to configure remote access
devices. In such situations, remote access device administrators may want to
disable local configuration.
Administrators should keep in mind that because disabling local
configuration severely limits local configuration privileges—including the
ability to reset the iDRAC6 to its default configuration—they should only use
these options when necessary, and typically should disable only one interface
at a time to help avoid losing login privileges altogether. For example, if
administrators have disabled all local iDRAC6 users and allow only Microsoft
Active Directory directory service users to log in to the iDRAC6, and the
Active Directory authentication infrastructure subsequently fails, the
administrators may be unable to log in. Similarly, if administrators have
disabled all local configuration and place an iDRAC6 with a static IP address
on a network that already includes a Dynamic Host Configuration Protocol
(DHCP) server, and the DHCP server subsequently assigns the iDRAC6