CA ControlMinder has a maintenance mode, also known as silent mode, for protection when the CA ControlMinder services are down for maintenance. In this mode, CA ControlMinder denies events while these services are down.
When CA ControlMinder is running, it intercepts security sensitive events and checks whether the event is allowed. Without activating maintenance mode, all events are permitted when CA ControlMinder services are down. With active maintenance mode, events are denied when CA ControlMinder services are down, stopping user activity while the system is maintained.
Maintenance mode can be tuned, and it is disabled by default.
When the CA ControlMinder security services are down:
When maintenance mode is activated and security is down, the prevented events are not logged in the audit log file.
To enable maintenance mode, follow these steps:
\HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\FsiDrv
and change the following values:
The special_admins variable defines a list of user names that are allowed to access the computer while CA ControlMinder services are down.
Use a new line for each user. Whether specified or not, SYSTEM is always a maintenance mode user.
Note: On Windows 2000 and Windows NT you cannot use regedit to edit the SilentModeAdmins key; use Regedt32.exe instead.
Now, if CA ControlMinder services are down, only users that are listed under SilentModeAdmins registry key will have access to the computer, and all other users will receive a deny to any attempt of activity.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|