Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  PAMSC - question on TERMINAL

    Posted May 18, 2023 01:37 AM

    Hi all,
    OS on endpoint: Windows Sever 2019
    PAMSC version: 14.10.0.1265

    Done some test on this endpoint with result as follows.

    Questions:
    - Is there any difference between creating the terminal with FQDN or with a short name?

    nr terminal TEST_PC.localdomain owner(nobody) defacc(r) 

    VS 

    nr terminal TEST_PC owner(nobody) defacc(r)

    - After deleting the resource, why was there no warning when running the same command with a short name?


    Thanks.

    Regards,
    Ain




  • 2.  RE: PAMSC - question on TERMINAL

    Broadcom Employee
    Posted May 18, 2023 02:04 AM

    Hello Ain,

    Can you check the seaudit results from the same time?

    Thanks,
    Reatesh.


    Original Message


  • 3.  RE: PAMSC - question on TERMINAL

    Posted May 19, 2023 02:46 AM

    Hi Reatesh,
    Thanks for responding. Here are the seaudit, after running the same command. 

    The 1st time running nr TERMINAL produced the warning -> 'TEST_PC' is not the TERMINAL's fully qualified name (it is 'TEST_PC.localdomain')
    19 May 2023 10:42:04 S UPDATE       TERMINAL   WIN-xxxx\xxadmin  305  0 TEST_PC    WIN-xxxx nr terminal TEST_PC owner(nobody) defacc(n)
    Event type: Security database administration
    Command type: Add resource
    Status: Successful
    Administrator: WIN-xxxx\xxadmin
    Class: TERMINAL
    Object: TEST_PC
    Terminal: WIN-xxxx
    Date: 19 May 2023
    Time: 10:42
    Details: Command allowed for ADMIN user.
    Command: nr terminal TEST_PC owner(nobody) defacc(n)
    Audit flags: AC database user

    Run rr TERMINAL
    19 May 2023 10:43:07 S UPDATE       TERMINAL   WIN-xxxx\xxadmin  305  0 TEST_PC    WIN-xxxx rr terminal TEST_PC
    Event type: Security database administration
    Command type: Remove resource
    Status: Successful
    Administrator: WIN-xxxx\xxadmin
    Class: TERMINAL
    Object: TEST_PC
    Terminal: WIN-xxxx
    Date: 19 May 2023
    Time: 10:43
    Details: Command allowed for ADMIN user.
    Command: rr terminal TEST_PC
    Audit flags: AC database user

    Run nr TERMINAL the 2nd time
    19 May 2023 10:43:23 S UPDATE       TERMINAL   WIN-xxxx\xxadmin  305  0 TEST_PC.localdomain WIN-xxxx nr terminal TEST_PC owner(nobody) defacc(n)
    Event type: Security database administration
    Command type: Add resource
    Status: Successful
    Administrator: WIN-xxxx\xxadmin
    Class: TERMINAL
    Object: TEST_PC.localdomain
    Terminal: WIN-xxxx
    Date: 19 May 2023
    Time: 10:43
    Details: Command allowed for ADMIN user.
    Command: nr terminal TEST_PC owner(nobody) defacc(n)
    Audit flags: AC database user

    Thanks again.

    Regards,
    Ain


    Original Message