I have a requirement to restrict the WSADMIN locally to the server where the WAS server process is running.
We create and use windows services with -stopArgs -uname - password options for our WAS servers. But when the admin creds are changed the windows services are behaving odd, leaving the server process in intermittent state while starting and stopping.
As an alternate to this I have recreated the windows services without the stop Args and encrypted the new pwd and declared the creds in soap.client.props
But this opened up a security hole that the wsadmin can be invoked from any machine in the same internal network.
I don't want this behavior. The user who tries to use wsadmin for a server from a remote machine he should be challenged. But since I am using the soap client properties this is not happening.
Can anyone explain me how to best address this problem(restricting wsadmin to local) or I request anyone in EE to provide the best approach for wsadmin secutiry.