Password consumers are applications, Windows services, and Windows scheduled tasks that use privileged accounts and service accounts to execute a script, connect to a database, or manage a Windows service, scheduled task, or RunAs command.
There are two groups of password consumers:
Note: You must install CA ControlMinder on the SAM endpoint with the SAM Integration feature enabled to use password consumers that get passwords on demand.
You provide different information to create password consumers from each group. By default, you must have the System Manager role to create a password consumer.
Note: Complete this task if you create a password consumer of types software development kit, database, and Windows Run As. We recommend that you use the Discover Service Accounts Wizard to create Windows Scheduled Task or Windows Service password consumers.
Follow these steps:
The Create Password Consumer: Password Consumer Search screen page appears.
A list of password consumers that match the filter criteria appears.
The Create Password Consumer task page appears. If you created the password consumer from an existing object, the dialog fields are pre-populated with the values from the existing object.
Defines the name you want to refer to this password consumer by.
(Optional) Defines the information you want to record for this password consumer (free text).
Specifies the type of the password consumer.
(Software development kit, database, Windows Run As, Windows Scheduled Task) Defines the full pathname of the password consumer on the endpoint.
Note: You can use wildcards (*) and CA ControlMinder variables in the pathname, for example, <!AC_ROOT_PATH>\bin\acpwd.exe.
(Windows Service) Defines the pathname of the Windows service. Specify the pathname exactly as it appears in the Windows service properties page.
Specifies that the password consumer is enabled, that is, that SAM accepts requests from this consumer or enforces password change on this consumer.
(Windows Scheduled Task or Windows Service) Indicates whether the last password change succeeded or failed.
(Windows Scheduled Task or Windows Service) Displays the last successful password synchronization.
(Windows Service) Specifies whether to restart the Windows service after a password change.
If you create a software development kit, database, or Windows Run As password consumer, the password consumer can get the passwords for the privileged accounts that you specify.
If you create a Windows Scheduled Task or Windows Service password consumer, SAM forces a password change for the password consumer when the passwords for these privileged accounts are changed.
Note: You can type the name of the host or host group in the Name field, or click "..." to search for a CA ControlMinder host or host group (HNODE or GHNODE object).
Specify the name of the user or group as it appears on the endpoint, for example, DOMAIN\user1. Do not specify a CA ControlMinder Enterprise Management user or group.
CA ControlMinder Enterprise Management creates the password consumer.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|