Previous Topic: Discover Privileged AccountsNext Topic: Install CA ControlMinder RPM Packages


Create a Password Consumer

Password consumers are applications, Windows services, and Windows scheduled tasks that use privileged accounts and service accounts to execute a script, connect to a database, or manage a Windows service, scheduled task, or RunAs command.

There are two groups of password consumers:

You provide different information to create password consumers from each group. By default, you must have the System Manager role to create a password consumer.

Note: Complete this task if you create a password consumer of types software development kit, database, and Windows Run As. We recommend that you use the Discover Service Accounts Wizard to create Windows Scheduled Task or Windows Service password consumers.

Follow these steps:

  1. In CA ControlMinder Enterprise Management, click Privileged Accounts, Password Consumers, Create Password Consumer.

    The Create Password Consumer: Password Consumer Search screen page appears.

  2. (Optional) Select an existing password consumer to create the password consumer as a copy of it, as follows:
    1. Select Create a copy of an object of type Password Consumer.
    2. Select an attribute for the search, type in the filter value, and click Search.

      A list of password consumers that match the filter criteria appears.

    3. Select the object you want to use as a basis for the new password consumer.
  3. Click OK.

    The Create Password Consumer task page appears. If you created the password consumer from an existing object, the dialog fields are pre-populated with the values from the existing object.

  4. Complete the following fields in the General tab:
    Name

    Defines the name you want to refer to this password consumer by.

    Description

    (Optional) Defines the information you want to record for this password consumer (free text).

    Consumer Type

    Specifies the type of the password consumer.

    Application Path

    (Software development kit, database, Windows Run As, Windows Scheduled Task) Defines the full pathname of the password consumer on the endpoint.

    • For software development kit password consumers, specify the pathname of the application that performs the password request.
    • For database password consumers, specify the pathname of the application that connects to the database.
    • For Windows Run As password consumers, specify the pathname of the application that the user executes.
    • For Windows Scheduled Task password consumers, specify the pathname of the scheduled task.

    Note: You can use wildcards (*) and CA ControlMinder variables in the pathname, for example, <!AC_ROOT_PATH>\bin\acpwd.exe.

    Service Name

    (Windows Service) Defines the pathname of the Windows service. Specify the pathname exactly as it appears in the Windows service properties page.

    Enabled

    Specifies that the password consumer is enabled, that is, that SAM accepts requests from this consumer or enforces password change on this consumer.

    Status

    (Windows Scheduled Task or Windows Service) Indicates whether the last password change succeeded or failed.

    Last Synchronized Date

    (Windows Scheduled Task or Windows Service) Displays the last successful password synchronization.

    Restart

    (Windows Service) Specifies whether to restart the Windows service after a password change.

  5. Click the Privileged Accounts tab and specify the privileged accounts that are associated with the password consumer.

    If you create a software development kit, database, or Windows Run As password consumer, the password consumer can get the passwords for the privileged accounts that you specify.

    If you create a Windows Scheduled Task or Windows Service password consumer, SAM forces a password change for the password consumer when the passwords for these privileged accounts are changed.

  6. Specify the entities that can use the password consumer. Do one of the following:
  7. Click Submit.

    CA ControlMinder Enterprise Management creates the password consumer.

More information:

Types of Password Consumers