Previous Topic: Using a Warning PeriodNext Topic: Implementation Tips


CA ControlMinder Backdoor

When you first install CA ControlMinder, for example in an evaluation deployment, you may incorrectly define rules in the CA ControlMinder database. Incorrectly defined rules can prevent users from logging in or executing commands. For example, you may mistakenly define a rule that denies access to the system directory or to vital parts of the Windows registry.

Because it is difficult to stop CA ControlMinder and fix these mistakes, CA ControlMinder comes with a backdoor that lets you fix these types of problems. Because backdoors can be maliciously exploited, CA ControlMinder also lets you disable this backdoor once your system is set up and stable.

To access this backdoor, when you start the computer, select the Windows Safe Mode or Safe Mode with Networking from the boot menu. When you select one of these options the system starts without automatically starting the CA ControlMinder services.

To disable this backdoor, define the registry value 'LockEE' of data type reg_dword under the registry key HKEY_LOCAL_MACHINE\Software\ComputerAssociates\ AccessControl\AccessControl\ and set it to 1.

Note: This registry value does not exist by default.

Now when you start the system with LockEE set to 1 in:

On UNIX you can work with CA ControlMinder in single user mode. When you work in single user mode, the following limitations apply: