Symantec Privileged Access Management

 View Only
Expand all | Collapse all

CA ControlMinder Password for multiple Users

  • 1.  CA ControlMinder Password for multiple Users

    Posted Sep 08, 2015 12:42 PM

    Hi All,

     

    We are currently implementing CA ControlMinder 12.8 version. In our environment we have multiple types of servers on which we provisioned  a backup account for emergency conditions . As per the Client's requirement, the password for this account should be automatically changed after every 30 days and should be same across all servers, ether windows or Linux . Need some help, how can we set a single password for multiple accounts created for different endpoints. ControlMinder will run the automatic rest task and will generate random password for all the accounts. Any help on this.  Thanks in Advance.

     

    Regards,

    Vasu



  • 2.  Re: CA ControlMinder Password for multiple Users

    Posted Sep 09, 2015 02:21 AM

    Hi Vasudev,

     

    Good Day!!

     

    Yes, ControlMinder has the ability to run a automatic reset task ( Based on the password policy), but assigns a random password.

    I think ControlMinder cannot use a same password for different accounts.


    --

    Vinay Reddy



  • 3.  Re: CA ControlMinder Password for multiple Users

    Broadcom Employee
    Posted Sep 17, 2015 04:13 AM

    Hi Vasudev.verma,

     

    Does the reply from Vinay answer your question? If yes, can you please mark it as correct answer?

     

    Thanks,

    Lluis Domenech



  • 4.  Re: CA ControlMinder Password for multiple Users

    Posted Sep 17, 2015 10:05 AM

    Hi Lluis,

     

    As per our requirement, CA ControlMinder should set the one password for all users, but as per Vinay, ControlMinder would generate a new password for every user, which does not meets our requirement .

     

    Thanks,

    Vasu.



  • 5.  Re: CA ControlMinder Password for multiple Users

    Posted Sep 17, 2015 04:49 PM

    Vasu,

     

    As Vinay said our tool doesn't have the ability to set the SAME generated password for all those accounts. We have the ability to set each account differently. I would suggest creating an Idea to have this feature added to future releases of Privileged Identity Manager.

     

    Thanks,

     

    Aaron



  • 6.  Re: CA ControlMinder Password for multiple Users

    Posted Sep 18, 2015 03:43 AM

    Hi Aaron,

     

    Thanks for considering this. The idea is to set one password for accounts, in case ETNM is unavailable, an account (e.g. BACKUPUSER)  which  will be provisioned on all servers, will act as an emergency account , and provide backdoor entry to servers. So End User will user this account  to login to the servers directly. The password for this emergency account (BACKUPUSER) should be same on all the servers . Other PIM tools do provide this functionality , but this seems to be missing in ControlMinder.

     

     

    Thanks,

    Vasu



  • 7.  Re: CA ControlMinder Password for multiple Users

    Posted Sep 28, 2015 07:34 AM

    Any help on this, how can we achieve this in ControlMinder ?

     

    Thanks,

    Vasu



  • 8.  Re: CA ControlMinder Password for multiple Users

    Broadcom Employee
    Posted Oct 07, 2015 02:35 PM

    Hello, So from what I understand you want to make a user named "backupuser" on every endpoint, have its password change every 30 days, but be the same on every endpoint.

     

    This can be done with PMDB's. You would need to create a PMDB containing the user and its password, then subscribe all of the endpoints (including its self) to this PMDB. This will make every endpoint subscribed have the same username and password. When the password is changed on the parent PMDB the new password will be sent to all of the other endpoints and they will all then have the same password for that account again. If you are not familiar with PMDBs you can find info on them in the reference guide.

     

    Basic steps on this process can be found at the very bottom of this page:

    https://support.ca.com/cadocs/0/CA%20ControlMinder%2012%208-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?1357799.html

     

    PIM/ControlMinder Reference guide:

    https://support.ca.com/cadocs/0/CA%20ControlMinder%2012%208-ENU/Bookshelf_Files/HTML/idocs/2149610.html

     

    hope this helps.

    -C.L.



  • 9.  Re: CA ControlMinder Password for multiple Users

    Broadcom Employee
    Posted Oct 09, 2015 08:27 AM

    Hi Vasu,

     

    Apart from what has been suggested, in case you need to access the user in case of emergency, you can as well extract the password using the password extraction utility that is shipped along with the product.

     

    Having the same password for the same account across the environment, I would consider this is a security threat rather than an feature. This would expose all your servers simultaneously at the same time to the user of this account.

     

    Do let us know if you have any further queries regarding this.

     

    Thanks and Regards,

    Reatesh.



  • 10.  Re: CA ControlMinder Password for multiple Users

    Posted Oct 19, 2015 03:54 AM

    Hi Reatesh ,

    The idea of provisioning this account on all servers and having a common password is when in case the server on which ENTM is hosted is down, this account will be used to login to the servers. The password for this account will not be shared with every one but will be limited to few.

     

    Thanks,

    Vasu



  • 11.  Re: CA ControlMinder Password for multiple Users

    Posted Oct 19, 2015 06:59 AM

    Hi lutch01,

     

    Thanks for providing the info, but this seems to be applicable on Unix servers. What about Windows Local Accounts ?

     

    Thanks,

    Vasu



  • 12.  Re: CA ControlMinder Password for multiple Users

    Posted Oct 21, 2015 03:45 PM

    This would be a good feature for any endpoint type.  



  • 13.  Re: CA ControlMinder Password for multiple Users

    Posted Dec 28, 2015 08:56 AM

    Hi

    I am having the same request (to unify the password on local windows box for amount of time to preform a security test)

    but the cannot find similar to sepass command on windows platform ...

     

    and as Integrated HTML Documents  sepass Utility—Set or Replace a Password ,,, as this command is valid only for unix.

     

    thanks



  • 14.  Re: CA ControlMinder Password for multiple Users

    Posted Jan 24, 2016 02:34 PM

    Hello,

       you can try manual password reset. It will let you specify the password, but it must conform to the account password policy.