Password consumers are applications, Windows services, and Windows scheduled tasks that use privileged accounts and service accounts to execute a script, connect to a database, or manage a Windows service, scheduled task, or RunAs command. Password consumers let you remove hard-coded passwords from application scripts and enforce a password policy on service accounts.
There are two groups of password consumers:
Software development kit password consumers get, check out, and check in privileged account passwords. All other types of password consumer get privileged account passwords, but do not check out or check in passwords.
The following process explains the tasks that users in your enterprise must complete to set up password consumers. Users must have the specified role to complete each process step. A user with the System Manager admin role can perform every CA ControlMinder Enterprise Management task in this process.
To set up password consumers, users do the following:
The system administrator enables the SAM Integration feature during the installation process.
Note: You do not need to install CA ControlMinder on the endpoint to use Windows Scheduled Task or Windows Service password consumers.
The endpoints are configured to use password consumers.
Note: If you have already created your endpoints when you set up privileged accounts, do not complete this step.
This user can discover and create privileged accounts in CA ControlMinder Enterprise Management or use the SAM feeder to import privileged accounts.
The System Manager associates database, Windows Run As, and software development kit password consumers with privileged accounts as part of the password consumer creation task.
CA ControlMinder Enterprise Management creates password consumers for each service and scheduled task that it discovers.
Note: CA ControlMinder Enterprise Management discovers only services that are run by accounts for which you can change the password. For example, CA ControlMinder Enterprise Management discovers services that are run by your computer's Administrator account or domain accounts, but does not discover services that are run by the NT AUTHORITY\Local Service account.
Password consumers are now set up for your enterprise.
The following diagram illustrates the privileged access role that performs each process step:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|