Symantec Privileged Access Management

  • Private Community

  • 1.  account discovery privilege in windows local

    Posted Jun 13, 2018 03:41 PM

    do we have any documentation or step by step to do account discovery with windows target server. we are using windows remote application. since yesterday, there is no result or account found.



  • 2.  Re: account discovery privilege in windows local

    Broadcom Employee
    Posted Jun 13, 2018 09:33 PM

    Hello, when you say "since yesterday”, does that mean that it used to work but is no longer working, or that you have been trying to get it to work since yesterday, but it's still not working? The documentation we have is on page https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/configure-credential-manager-targets/account-discovery . If you followed all instructions there but no accounts are discovered, please open a support case so that we can investigate in detail.



  • 3.  Re: account discovery privilege in windows local

    Broadcom Employee
    Posted Jun 14, 2018 02:16 AM

    Hi Yosevan

    Windows remote is using wmi to discover accounts remotely. The problem may be there. You can do a very simple test connecting from a windows machine to the remote system using wmi and getting the list of users. So assume you want to use local accountA in machineA to manage the local users there. To see if it is able to discover them you can try, from a Windows machine

     

    wmic --> it will start the wmi client interface, wmic

    wmic>/node:"machineA" /user:accountA useraccount get name

     

    This should return the list of users that may be retrieved by using wmi. You can try it first with a working system to see if it returns the correct information, then with the problematic system. If it does not work, then there is something with the permissions of accountA that does not work right



  • 4.  Re: account discovery privilege in windows local

    Posted Jun 14, 2018 07:19 AM

    hi miquel, 

     

    i still got error Description = User credentials cannot be used for local connections

    any idea ?

     

    thanks



  • 5.  Re: account discovery privilege in windows local
    Best Answer

    Broadcom Employee
    Posted Jun 20, 2018 10:38 AM

    Yosevan

     

    I believe that message means you tried this remote command on the localhost itself. Try entering the IP or FQDN of the host you want but from a remote machine... Windows understands you are trying to connect remotely to itself.

     

    joe