Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  CA Control Minder release 12.8 features

    Posted Nov 18, 2014 03:18 PM

    Hi team

    We are working with a client that the client has installed the CA Control Minder release 12.6 and they are using the PUPM feature ( now SAM) , and they want to know if with the upgrade to the CA Control Minder release 12.8, they are going to achieve the next points :

     

    - When the privilege account is "check out", after 24 hours of inactivity, the account it would be check in, close it the session and change the passwords.

     

    -When the privilege account is checked out and if you close the putty or the RDP window, the session still open and is not able to close the user account session.

     

    - For the Break Glass process, the accounts defined with the last process are not exclusive.

     

    I hope you can help me

     

    My Best Regards

     

    Ruber Monterrubio

     

    CA Services Senior Consultant



  • 2.  Re: CA Control Minder release 12.8 features
    Best Answer

    Broadcom Employee
    Posted Nov 18, 2014 03:30 PM

    Team,

     

    Does your client have the automated login scripts enabled?  I get the impression that they do.

     

    Below are my responses:

     

    - When the privilege account is "check out", after 24 hours of inactivity, the account it would be check in, close it the session and change the passwords.

     

    Response:  I do not believe so.  Unless I’m wrong, this is a nice feature to enable.  I do not believe that our current solution looks to see if there is activity or not.  I believe that inactivity sensing may be a feature of the OS, and not necessarily of our solution.

    -When the privilege account is checked out and if you close the putty or the RDP window, the session still open and is not able to close the user account session.

    Response:  If you’re using the automated login scripts, I know that if you close the Window or exit, the solution will prompt you to ask if you will check-it back in.  Is this what you want, or do you want the account to still be checked out?

     

    - For the Break Glass process, the accounts defined with the last process are not exclusive.

     

    Response:  Can you please explain this.  I do not understand what you’re asking for.

     

    Peter Paul M Ifurung

    Work:        +1.650.759.5456

    Personal: +1.510.468.1234



  • 3.  Re: CA Control Minder release 12.8 features

    Posted Nov 18, 2014 04:29 PM

    Hi Paul

     

    Thanks for your feedback .... answering your responses ..

     

    Yes they have the automated login script enable...

     

    -When the privilege account is checked out and if you close the putty or the RDP window, the session still open and is not able to close the user account session.


    Response:  If you’re using the automated login scripts, I know that if you close the Window or exit, the solution will prompt you to ask if you will check-it back in.  Is this what you want, or do you want the account to still be checked out?

     

    Comment: Exactly , when the solution prompts to ask if you check in or not the session , if you chose the option: yes , the solution is not "check in" the account , the privileged account  still have in use to the requester, so,  the client wants to know if the upgrade corrects this behaivor...

     

    - For the Break Glass process, the accounts defined with the last process are not exclusive.

     

    Response:  Can you please explain this.  I do not understand what you’re asking for.

     

    Comment:  Yes sure.. if you are using an account via break glass process , this privilaged account it would be exclusive for who requested it , i mean , nobody can check out this account , meanwhile  the account is "check out"  via the break glass.

     

    My Best Regards

     

    Ruber Monterrubio