Symantec Privileged Access Management

Hello,

I would like to confirm the relationship between PAMSC and Windows Local Security Policy.

[Question background]
A problem occurred in Windows Server where PAMSC is currently installed,
I plan to execute a command that initializes all audit policy settings from the Windows command prompt.

command:
auditpol / clear / y

[Question]
Does executing the above command affect the functionality of PAMSC?
PAMSC is installed and logs are acquired in the relevant environment.

■ Windows version
Windows Server 2016 (Active Directory)


Regards.
Thank you.

The PAMSC client stores its audit logs in a separate location - and thus your commands will not affect it.

In addition, the "active" audit log (aka "seos.audit" file) cannot be deleted or cleared.  The backup audit logs can be deleted.  Please refer to the following link for additional information:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/administrating/endpoint-administration-for-windows/the-audit-log-windows.html

I hope this helps.
Original Message:
Sent: 05-25-2020 03:36 AM
From: Haruka Murata
Subject: Relationship between PAMSC and Local Security Policy

Hello,

I would like to confirm the relationship between PAMSC and Windows Local Security Policy.

[Question background]
A problem occurred in Windows Server where PAMSC is currently installed,
I plan to execute a command that initializes all audit policy settings from the Windows command prompt.

command:
auditpol / clear / y

[Question]
Does executing the above command affect the functionality of PAMSC?
PAMSC is installed and logs are acquired in the relevant environment.

■ Windows version
Windows Server 2016 (Active Directory)


Regards.
Thank you.

Hello Paul,
Thank you for your reply.

I understanded that commands will not affect it.


Regards.

Original Message:
Sent: 05-26-2020 11:19 AM
From: Peter Paul IFURUNG
Subject: Relationship between PAMSC and Local Security Policy

The PAMSC client stores its audit logs in a separate location - and thus your commands will not affect it.

In addition, the "active" audit log (aka "seos.audit" file) cannot be deleted or cleared.  The backup audit logs can be deleted.  Please refer to the following link for additional information:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/administrating/endpoint-administration-for-windows/the-audit-log-windows.html

I hope this helps.
Original Message:
Sent: 05-25-2020 03:36 AM
From: Haruka Murata
Subject: Relationship between PAMSC and Local Security Policy

Hello,

I would like to confirm the relationship between PAMSC and Windows Local Security Policy.

[Question background]
A problem occurred in Windows Server where PAMSC is currently installed,
I plan to execute a command that initializes all audit policy settings from the Windows command prompt.

command:
auditpol / clear / y

[Question]
Does executing the above command affect the functionality of PAMSC?
PAMSC is installed and logs are acquired in the relevant environment.

■ Windows version
Windows Server 2016 (Active Directory)


Regards.
Thank you.