Symantec Privileged Access Management

Good afternoon everyone,

During the migration of data from version 2.8.4.1 of PAM to 3.3.1 the policy export data regarding the Transparent login doesn't transfer the secondary credentials for RDP transparent login. For the SSH one it is working.

Is it possible to transfer the secondary RDP Transparent login credentials to the policies to the other environments?

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------

Do you still have the 2.8.4.1 environment?  You can use PAM's Command Line Interface(CLI) feature to pull the credentials from a particular account on the old system and then write it to the new system.  You can see the specifics of the CLI feature here:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/programming/credential-manager-remote-cli-and-java-api.html.

------------------------------
Principal Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 05-26-2020 01:10 PM
From: Nikola Milosavljevic
Subject: RDP Transparent Login Secondary Credentials

Good afternoon everyone,

During the migration of data from version 2.8.4.1 of PAM to 3.3.1 the policy export data regarding the Transparent login doesn't transfer the secondary credentials for RDP transparent login. For the SSH one it is working.

Is it possible to transfer the secondary RDP Transparent login credentials to the policies to the other environments?

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------

Hi Edward,

Unfortunately we have transfered accounts using CLI, although credentials for SSH Transparent Login are set properly in the Access Policies, the RDP Application Transparent login secondary credentials are not there, for each Application it has the access credentials in the policy(The one used to RDP into the server where the Application is located) but the credentials that will be used in the application itself are not present. And that is for every policy that has this enabled.

To be more clear where the credentials are missing in the policy, from here: Windows Transparent Login under the Activate Policy numbers 7, 8 and 9.

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------

Original Message:
Sent: 05-29-2020 04:28 PM
From: Edward Vogel
Subject: RDP Transparent Login Secondary Credentials

Do you still have the 2.8.4.1 environment?  You can use PAM's Command Line Interface(CLI) feature to pull the credentials from a particular account on the old system and then write it to the new system.  You can see the specifics of the CLI feature here:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/programming/credential-manager-remote-cli-and-java-api.html.

------------------------------
Principal Support Engineer
Broadcom

Original Message:
Sent: 05-26-2020 01:10 PM
From: Nikola Milosavljevic
Subject: RDP Transparent Login Secondary Credentials

Good afternoon everyone,

During the migration of data from version 2.8.4.1 of PAM to 3.3.1 the policy export data regarding the Transparent login doesn't transfer the secondary credentials for RDP transparent login. For the SSH one it is working.

Is it possible to transfer the secondary RDP Transparent login credentials to the policies to the other environments?

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------