How do I add users from non-trusted domains to the GPA repository?
The Add Repository User menu option allows you to create a SQL login for the repository database. This allows you to use SQL authentication to connect to the repository server and also provides a mechanism to add users from untrusted domains. This is detailed further in chapter 3 of the Group Policy Administrator User Guide:
When adding new GPA users, you can specify whether the new user will use Windows credentials or SQL credentials to connect to the GP Repository. Using Windows credentials gives you the advantage of a single sign-on. You connect to the GP Repository using the same credentials you used to log on to the GPA Console computer. If your Microsoft SQL Server does not accept your Windows credentials as valid or if you are connecting to a GP Repository from a GPA Console in an untrusted domain, you have the option to use SQL credentials to connect to the GP Repository. If you add a new user with SQL credentials, this creates a new SQL login on the Microsoft SQL Server.
To add a new user to the GP Repository:
- Log on to a GPA Console computer with an account that has Manage GPR Security permissions or is a member of the GPA_REPOSITORY_MANAGEMENT group.
- Start the GPA Console in the NetIQ Group Policy Administrator program group.
- In the left pane, expand GP Repository and select the GP Repository to which you want to add a user.
- On the Action menu, click Add Repository User. GPA displays a window that contains the list of current GP Repository users. (Note: You can also use this window to remove GP Repository user or group accounts. Do not delete the default accounts, such as the Administrator account or the account used to install the GP Repository.)
- If you want to add a Windows user account to the GP Repository server, click Windows User and then click Add.
- Type or find the user account or group you want to add. You can add the user or a domain group from the current domain or from the list of trusted domains. You can only add Domain, Local, or Global groups. You cannot add Universal groups.
- Click OK.
- If you want to create a new SQL user account, click SQL User and then click Add.
- Specify the user name and password for a new SQL user account.
- Click OK.
- Click Close.