Previous Topic: <Build_Number>Next Topic: Agent


AccessControl

CA ControlMinder maintains generic settings it uses under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\AccessControl

The AccessControl registry key contains the following registry entries:

AccessControl Services

Defines a list of CA ControlMinder service names and the executable.

Default: "SeOSAgent;SeOS Agent", "SeSudo;SeOS TD", "seoswd;SeOS Watchdog"

Note: The endpoint that is part of the Enterprise Management Server also contains the following default values for this registry entry: "Sepmdd;SeOS Policy Model(DMS__)", "Sepmdd;SeOS Policy Model(DH__)", "Sepmdd;SeOS Policy Model(DH__WRITER)"

admin_default_check

Specifies whether CA ControlMinder is denied login access to the CA ControlMinder server, even when the defaccess property for a remote terminal resource is set to all, or access to _default terminal resource is permitted.

Maintained for backward compatibility.

Default: 0 (access is not denied)

AdminInst

Internal use only.

Default: 0

auth_login

Specifies how a user is authenticated for administration purposes.

Valid values are:

native - for native operating system users, checks the user password against OS.

eTrust - for users that do not exist in the native operating system, checks the user password against CA ControlMinder database.

Default: native

auth_module_names

The list of language client modules that are allowed to authenticate outside of native authentication. Client module name is set by the client inside the lca API calls before the authentication. Changing this registry value may affect other clients authenticating in a non native mode.

Default: none

CPF_TARGETS

List of target mainframe CPF systems (remote CPF target nodes) that the CPF service communicates with.

Default: ACF2 TOP RACF

eACPipePrefix

A value for part of the pipe name that the new pipe servers and pipe clients will use. If a system has older clients of CA ControlMinder, then this value is obligatory for those clients to work. Otherwise, change this value to a more secure pipe name.

Default: SEOS

eACPipeTranslator

Obsolete.

full_year

Specifies whether years appear in two-digit (value=no) or four-digit (value=yes) format, when using the secons -tv, seaudit, and dbmgr utilities.

Default: yes

GenerateMemDump

Specifies whether CA ControlMinder creates a memory dump (1) when handling a code exception of a CA ControlMinder service. CA ControlMinder creates the memory dump in ACInstallDir\bin\serviceProcessName.PID.dmp For example, SeOSAgent.5704.dmp

Note: The memory dump is only for user mode and not kernel mode.

Default: 1

parent_pmd

The PMDB to which this workstation subscribes in the format of pmdb@host. This is the only policy model that can update the local database.

If you do not specify a value, the workstation does not accept updates from any PMDB. If you set the entry to _NO_MASTER_, then any PMDB can update this workstation

No default.

Example: pmd1@host1;pmd2@host1;pmd3@host2

passwd_pmd

The target for password replacement on the policy model in the format pmdb@host.

The parent_pmd and passwd_pmd registry values can have the same value. If the parent_pmd and passwd_pmd registry values are not the same, the passwd_pmd database sends its updates to the parent_pmd database for distribution. The parent_pmd database must be a subscriber of the passwd_pmd database.

If you do not set this value, it inherits the value of the parent_pmd registry key.

No default.

ReverseIpLookup

Controls the way the client IP address is resolved to determine whether the user is allowed to log in from that terminal.

Valid values are:

yes-looks up the IP address of the open client's socket and logon is permitted accordingly.

no-uses the host name as received from the client and does not resolve any host names. (The same effect can be achieved by disabling class TERMINAL.)

Default: yes

SeOSPath

The directory in which CA ControlMinder is installed.

SplashEnable

The toggle to enable or disable a protection message during interactive (GINA) login process. This message tells the user that CA ControlMinder protects the computer. A value of 1 indicates the message is enabled; a value is 0 indicates that it is disabled.

Default: 1

TNG_Environment

The toggle to enable or disable Unicenter integration.

Values: 1—Enable Unicenter integration and create the database with the Unicenter TNG classes, 0—disable Unicenter integration and create the database without the Unicenter TNG classes

Default: 0

TrustedServices

List of trusted programs.

No default.

UseFsiDrv

Toggle to enable or disable driver loading.

Values: 1—Enable driver loading, 0—disable driver loading

Default: 1