Previous Topic: Cannot Add User as Password Manager to Only One GroupNext Topic: Global Password Policies Lock Users Out of Protected Systems


Windows Administrators Can Change CA ControlMinder Passwords

Valid on Windows

Symptom:

Windows administrators can change CA ControlMinder passwords in my CA ControlMinder-protected Windows environment.

Solution:

To help ensure that only users that you specify in CA ControlMinder can change CA ControlMinder passwords, set the value of the EnforceViaeTrust registry entry to 1 in the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\passwd

This registry entry specifies to enforce that you can update or create user passwords through CA ControlMinder only. The default value of the registry entry is 0, meaning that you do not have to use CA ControlMinder to update or change a user password.