Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  Privileged Accounts and Automatic Password Reset

    Broadcom Employee
    Posted Jul 10, 2015 04:57 AM

    Automatic resetting of shared account passwords (on the schedule defined in the password policy) seems to be working only if the account is checked out / checked in previously.

     

    Recently I've imported a set of endpoints and noticed the passwords are not being changed automatically. The event *does* fire and the task runs, but skips the accounts if they never have been checked out/in. On the ACCOUNT_PASSWORD table, I've observed that various fields are NULL, including:

     

    PASSWORD_LAST_MODIFIED_BY

    PASSWORD_LAST_MODIFIED_DATE

    PWDCHG_INIT_BY_TASK_ID

     

    This is for the accounts I've mentioned, those never been checked out/in. For other accounts these fields have values and their passwords are being changed on the schedule defined in their policy. Using the "Automatic Password Reset" task should work, but it does not allow if there's multiple accounts chosen. Gives the error:

     

    "The endpoint administrative account ***** cannot be selected with other accounts for this task. Please deselect it."

     

    However, it's fine if you select only one. So is this an expected behaviour, or am I missing something? I've not been able to find detailed information about the process.



  • 2.  Re: Privileged Accounts and Automatic Password Reset
    Best Answer

    Broadcom Employee
    Posted Jul 11, 2015 12:18 PM

    Hi Ozgun,

     

    Here we are discussing two different things.

     

    The first part :: Password of the accounts that are not checked-in/checked-out even once, the password reset does not happen as per the password policy schedule, this is as per design. The application does not capture the password of such accounts and hence the firelds the DB also have the NULL value and this can't be modified. Currently this is as per design.

     

    You can post this as an idea in here.

     

    The second part needs to be investigated further.

     

    Thanks and Regards,

    Reatesh.



  • 3.  Re: Privileged Accounts and Automatic Password Reset

    Broadcom Employee
    Posted Jul 13, 2015 04:52 AM

    Hi Ozgun

     

    Please open a support ticket if you need the issue to be investigated further as suggested by Reatesh.

     

    Regards,

    Mohammed Mustansir



  • 4.  Re: Privileged Accounts and Automatic Password Reset

    Broadcom Employee
    Posted Jul 21, 2015 03:20 AM

    Sorry for dropping late: Thank you Reatesh, this is a really descriptive and precise answer. What I was really concerned was the first part, so for the second I'll try to do more analysis.