Previous Topic: General Security FeaturesNext Topic: Bypass Drivers


Maintenance Mode Protection (Silent Mode)

CA ControlMinder has a maintenance mode, also known as silent mode, for protection when the CA ControlMinder services are down for maintenance. In this mode, CA ControlMinder denies events while these services are down.

When CA ControlMinder is running, it intercepts security sensitive events and checks whether the event is allowed. Without activating maintenance mode, all events are permitted when CA ControlMinder services are down. With active maintenance mode, events are denied when CA ControlMinder services are down, stopping user activity while the system is maintained.

Maintenance mode can be tuned, and it is disabled by default.

When the CA ControlMinder security services are down:

When maintenance mode is activated and security is down, the prevented events are not logged in the audit log file.

To enable maintenance mode, follow these steps:

  1. Make sure the CA ControlMinder services are down.
  2. Using a registry editor, navigate to registry key
    \HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\FsiDrv
    

    and change the following values:

  3. Start CA ControlMinder services with “seosd -start” command from the command shell, or using an option from Windows Start menu.

Now, if CA ControlMinder services are down, only users that are listed under SilentModeAdmins registry key will have access to the computer, and all other users will receive a deny to any attempt of activity.