Symantec Privileged Access Management

Expand all | Collapse all

AD Account Manage Local Windows Credential

Jump to Best Answer
  • 1.  AD Account Manage Local Windows Credential

    Posted 12-16-2019 06:36 AM
    CA PAM v3.2.6

    Is it possible to use Active Directory credential that is part of Administrators local group in Windows to manage password of other local credential?
    I'm using "Active Directory" for parent account called bastion and "Windows Remote" for Administrator local credential.

    ------------------------------
    Regards,
    Jorghy
    ------------------------------


  • 2.  RE: AD Account Manage Local Windows Credential
    Best Answer

    Posted 03-25-2020 12:09 PM
    It is possible:

    The issue is that PAM wants both Parent (Management) and Child (Managed) Accounts to by of the same "TYPE"

    You can accomplish this using Windows Proxy type of accounts.

    you'll need a windows Proxy, at least 1 in each domain for testing purposes, more for scalability, load balance and fault tolerance.

    Create a Proxy Application for each domain.
    Onboard each AD Account as a Proxy Account linked to respective Proxy Application

    Create a proxy application for each target member server/device
    Onboard each Local Account as a Proxy Account linked to its respective Proxy Application
    Set the Local Account to be Managed by the appropriate AD Account (of Type Windows Proxy)


    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------