You can administer CA ControlMinder policy from a central place using CA ControlMinder Endpoint Management and CA ControlMinder Enterprise Management, or by connecting to the computer with command line (selang) and updating the access rules directly on the computer.
To update the computer's access rules directly, you need write access on the terminal you are managing from and the admin attribute on the computer policy in the CA ControlMinder database.
By default, CA ControlMinder installation sets up terminal authority only for the local computer terminal. You can change that by either disabling this option from a local terminal or adding more terminals that can manage remotely.
To add the administration option for the terminal my_terminal to the computer my_machine using the user my_user, write the following selang rules:
er terminal my_terminal owner(nobody) defaccess(r) auth terminal my_terminal xuid(my_user) access(all)
These rules let everyone log in to this terminal (regular login, not CA ControlMinder management), and let enterprise user my_uid log in to the computer and use CA ControlMinder management tools (selang, CA ControlMinder Endpoint Management, and so on).
Note: If the administrators are using CA ControlMinder Endpoint Management to administer CA ControlMinder, you only need to define the computer where CA ControlMinder Endpoint Management is installed. You do not need to define the computer where the administrator opens the browser.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|