Product GuideAdministering CA Access Control for Virtual EnvironmentsPrivileged Account Passwords Discovery › Manually Discover Privileged Account Passwords in VMware vSphere Client

Previous Topic: Privileged Account Passwords Discovery

Next Topic: Windows Agentless Connection Information

Manually Discover Privileged Account Passwords in VMware vSphere Client

To control access to privileged account passwords, first identify the privileged accounts on the managed devices and then store the privileged account passwords in CA Access Control for Virtual Environments.

Follow these steps:

  1. Select a managed device from the left pane, then select the CA Security tab.

    The CA Security tab opens, displaying the content of the summary tab.

  2. From the Services field, select Configure if PUPM is disabled to launch the account discovery wizard.

    The account discovery and vaulting wizard starts.

  3. Complete the following fields in the dialog:
    Name

    Identifies the name of the managed device that you configure.

    Description

    Specifies a description for the endpoint.

    Endpoint Type

    Defines the endpoint type.

    Note: When you select the endpoint type, an additional dialog opens. Use that dialog to supply the credentials required to manage privileged accounts on that type of endpoint. The endpoint type you select affects the connection information you have to supply.

  4. Select Validate.

    CA Access Control for Virtual Environments attempts to validate the endpoint connection settings.

  5. Click Next.
  6. Select an attribute for the search, type in the filter value, and click Search.

    A list of privileged accounts that match the filter criteria appears.

  7. Select the privileged accounts you want to manage and click Next.

    The lockdown properties screen opens.

  8. Complete the fields in the dialog. The following fields are not self-explanatory:
    Disconnected System

    Specifies whether the account originates from a disconnected system.

    If you select this option, PUPM does not manage the account. Instead, it acts only as a password vault for privileged accounts of the disconnected system. Every time you change the password, you also must manually change the account password on the managed endpoint.

    Password Policy

    Specifies the password policy you want to apply to the privileged or service account.

    Check out Expiration

    Defines the duration, in minutes, before the checked out account expires.

    Exclusive Account

    Specifies whether only a single user can use the account at any one time. An exclusive account is a restriction imposed on a privileged account that limits use of the account to a single user at a time.

    Change Password on Check Out

    Specifies whether you want PUPM to change the password of the privileged account every time it is checked out.

    Change Password on Check In

    Specifies whether you want PUPM to change the password of the privileged account every time it is checked in by a user or a program, or when the checkout period expires.

    Note: If the account is not exclusive, PUPM generates a new privileged account password only when all users have checked in the account.

  9. Click Next.

    The Summary screen opens.

  10. Review the details and click Finish.

    CA Access Control for Virtual Environments submit the task and creates the selected privileged accounts if there are no errors.

More information:

Windows Agentless Connection Information

SSH Device Connection Information

VMware ESX/ESXi Connection Information