Product GuideAdministering CA Access Control for Virtual EnvironmentsPrivileged Account Passwords Management › Configure Account Passwords Lockdown Policy

Previous Topic: How CA Access Control for Virtual Environments Create Endpoints and Accounts

Next Topic: Network Segregation

Configure Account Passwords Lockdown Policy

You configure the account passwords lockdown policy for each security group that CA Access Control for Virtual Environments manages. CA Access Control for Virtual Environments enforces the privileged password lockdown policy on each managed device that you add to the group.

Important! Before you complete this procedure, create a privileged account with administrative privileges for each endpoint type you want CA Access Control for Virtual Environments to create and manage.

Follow these steps:

  1. Go to World View, Security Groups, Security Groups Management.

    The Security Groups Management page appears displaying the security groups on the VMware vCenter and the CA Access Control Server details.

  2. Select a security group.

    CA Access Control Enterprise Management displays the security group details and members.

  3. Select Add Account Password Policy from the Actions menu.

    The manage password lockdown: host name window opens.

  4. Select an operating system profile from the drop-down menu. Options:

    You can configure a specific password lockdown policy for each operating system profile.

  5. Complete the following fields:
    Description

    Specify a description for the password lockdown policy

    Operating System Profile

    Displays the operating system profile you previously selected

    Connection Account

    Defines an administrator user account that CA Access Control for Virtual Environments uses to connect to each managed device. Select Create Account to create an administrator account.

    Lockdown Connection Account

    Specifies that the connection account is a connected account.

    Managed Account

    Defines the privileged accounts that CA Access Control for Virtual Environments creates on each managed device.

    Password Policy

    Specifies the password policy you want to apply to the privileged or service account. Select Create Password Policy to create a password policy.

    Check out Expiration

    Defines the duration, in minutes, before the checked out account expires.

    Exclusive Account

    Specifies whether only a single user can use the account at any one time. An exclusive account is a restriction imposed on a privileged account that limits use of the account to a single user at a time.

    Change Password on Check Out

    Specifies whether you want CA Access Control Enterprise Management to change the password of the privileged account every time it is checked out.

    Change Password on Check In

    Specifies whether you want CA Access Control Enterprise Management to change the password of the privileged account every time it is checked in by a user or a program, or when the checkout period expires.

    Note: If the account is not exclusive, CA Access Control Enterprise Management generates a new privileged account password only when all users have checked in the account.

    Note: This option does not apply to service accounts.

    Login Applications

    Specifies the login applications to assign to this endpoint.

    Note: Create a login application before you can assign it to an endpoint. You can assign multiple login applications to the same endpoint.

  6. Click Submit.

    CA Access Control Enterprise Management submits the privileged account passwords lockdown policy to the group.

More information:

Create a Password Policy