Previous Topic: Advanced LoginNext Topic: How Terminal Integration Works


Terminal Integration

Terminal integration lets you integrate your CA ControlMinder endpoints with SAM to track the activities of users who use privileged accounts. Terminal integration works only when a user checks out a privileged account password and uses automatic login to log in to the CA ControlMinder endpoint.

Terminal integration lets you increase security and accountability, as follows:

If you specify that CA ControlMinder uses the original user name when it writes audit records and makes authorization decision, CA ControlMinder accumulates the audit mode for the login session. The accumulated audit mode uses the audit mode for the original user and the audit mode for the privileged account. If the original user is not defined in the CA ControlMinder database, CA ControlMinder accumulates the audit mode for the default user and the audit mode for the privileged account.

For example, you configure terminal integration for an endpoint. On the endpoint, the audit mode for user1 (the original user) is Failure and the audit mode for a privileged account named privileged_user is Success. When user1 uses automatic login to log in to the endpoint as privileged_user, CA ControlMinder sets the audit mode for the login session to Failure, Success.

You can use terminal integration only on Windows Agentless and SSH Device endpoints on which CA ControlMinder is installed. In addition, the user must use automatic login to check out the privileged account password.

Terminal integration is enabled by default when you install CA ControlMinder with the SAM integration feature enabled. After you install CA ControlMinder, you use CA ControlMinder Endpoint Management to configure terminal integration on the endpoint.

Example: A Login Event Audit Record

The following example shows a login event audit record for an account for which you configured terminal integration. You specified that a user must use SAM automatic login to log in to the endpoint.

Event type: Login attempt
Status: Denied
User name: example1\administrator
Terminal: example1.domain.com
Program: Terminal services
Date: 27 May 2010
Time: 17:35
Details: Automatic login is required for this account
User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341
Audit flags: OS user

Example: A Resource Access Audit Record

The following example shows a resource access audit record for an account for which you configured terminal integration. You specified that CA ControlMinder uses the original user name, not the privileged account user name, when it writes audit records and makes authorization decisions. The original user name (user1) is listed in the user name field and the privileged account (administrator) is listed in the effective user name field.

Event type: Resource access
Status: Denied
Class: FILE
Resource: C:\tmp\core.txt
Access: Exec
User name: domain\user1
Terminal: example1.domain.com
Program: C:\WINDOWS\system32\cmd.exe
Date: 02 Feb 2010
Time: 14:20
Details: No Step that allowed access
User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341
Audit flags: OS user
Effective user name: example1\administrator.

More information:

Implementation Considerations for Terminal Integration