CA ControlMinder maintains generic settings it uses under the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\AccessControl
The AccessControl registry key contains the following registry entries:
Defines a list of CA ControlMinder service names and the executable.
Default: "SeOSAgent;SeOS Agent", "SeSudo;SeOS TD", "seoswd;SeOS Watchdog"
Note: The endpoint that is part of the Enterprise Management Server also contains the following default values for this registry entry: "Sepmdd;SeOS Policy Model(DMS__)", "Sepmdd;SeOS Policy Model(DH__)", "Sepmdd;SeOS Policy Model(DH__WRITER)"
Specifies whether CA ControlMinder is denied login access to the CA ControlMinder server, even when the defaccess property for a remote terminal resource is set to all, or access to _default terminal resource is permitted.
Maintained for backward compatibility.
Default: 0 (access is not denied)
Internal use only.
Default: 0
Specifies how a user is authenticated for administration purposes.
Valid values are:
native - for native operating system users, checks the user password against OS.
eTrust - for users that do not exist in the native operating system, checks the user password against CA ControlMinder database.
Default: native
The list of language client modules that are allowed to authenticate outside of native authentication. Client module name is set by the client inside the lca API calls before the authentication. Changing this registry value may affect other clients authenticating in a non native mode.
Default: none
List of target mainframe CPF systems (remote CPF target nodes) that the CPF service communicates with.
Default: ACF2 TOP RACF
A value for part of the pipe name that the new pipe servers and pipe clients will use. If a system has older clients of CA ControlMinder, then this value is obligatory for those clients to work. Otherwise, change this value to a more secure pipe name.
Default: SEOS
Obsolete.
Specifies whether years appear in two-digit (value=no) or four-digit (value=yes) format, when using the secons -tv, seaudit, and dbmgr utilities.
Default: yes
Specifies whether CA ControlMinder creates a memory dump (1) when handling a code exception of a CA ControlMinder service. CA ControlMinder creates the memory dump in ACInstallDir\bin\serviceProcessName.PID.dmp For example, SeOSAgent.5704.dmp
Note: The memory dump is only for user mode and not kernel mode.
Default: 1
The PMDB to which this workstation subscribes in the format of pmdb@host. This is the only policy model that can update the local database.
If you do not specify a value, the workstation does not accept updates from any PMDB. If you set the entry to _NO_MASTER_, then any PMDB can update this workstation
No default.
Example: pmd1@host1;pmd2@host1;pmd3@host2
The target for password replacement on the policy model in the format pmdb@host.
The parent_pmd and passwd_pmd registry values can have the same value. If the parent_pmd and passwd_pmd registry values are not the same, the passwd_pmd database sends its updates to the parent_pmd database for distribution. The parent_pmd database must be a subscriber of the passwd_pmd database.
If you do not set this value, it inherits the value of the parent_pmd registry key.
No default.
Controls the way the client IP address is resolved to determine whether the user is allowed to log in from that terminal.
Valid values are:
yes-looks up the IP address of the open client's socket and logon is permitted accordingly.
no-uses the host name as received from the client and does not resolve any host names. (The same effect can be achieved by disabling class TERMINAL.)
Default: yes
The directory in which CA ControlMinder is installed.
The toggle to enable or disable a protection message during interactive (GINA) login process. This message tells the user that CA ControlMinder protects the computer. A value of 1 indicates the message is enabled; a value is 0 indicates that it is disabled.
Default: 1
The toggle to enable or disable Unicenter integration.
Values: 1—Enable Unicenter integration and create the database with the Unicenter TNG classes, 0—disable Unicenter integration and create the database without the Unicenter TNG classes
Default: 0
List of trusted programs.
No default.
Toggle to enable or disable driver loading.
Values: 1—Enable driver loading, 0—disable driver loading
Default: 1
Copyright © 2013 CA Technologies.
All rights reserved.
|
|