|
|
|
hen you first install CA Access Control, for example in an evaluation deployment, you may incorrectly define rules in the CA Access Control database. Incorrectly defined rules can prevent users from logging in or executing commands. For example, you may mistakenly define a rule that denies access to the system directory or to vital parts of the Windows registry.
Because it is difficult to stop CA Access Control and fix these mistakes, CA Access Control comes with a backdoor that lets you fix these types of problems. Because backdoors can be maliciously exploited, CA Access Control also lets you disable this backdoor once your system is set up and stable.
To access this backdoor, when you start the computer, select the Windows Safe Mode or Safe Mode with Networking from the boot menu. When you select one of these options the system starts without automatically starting the CA Access Control services.
To disable this backdoor, define the registry value 'LockEE' of data type reg_dword under the registry key HKEY_LOCAL_MACHINE\Software\ComputerAssociates\ AccessControl\AccessControl\ and set it to 1.
Note: This registry value does not exist by default.
Now when you start the system with LockEE set to 1 in:
The CA Access Control Agent (and any Policy Models), which rely on network services, do not load.
On UNIX you can work with CA Access Control in single user mode. When you work in single user mode, the following limitations apply:
| Copyright © 2012 CA. All rights reserved. |
|