Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Marking multiple system users

To mark multiple system users

  1. Open the User drop-down menu on either the Users view of a host's properties or from the All Local Users tab, and choose Mark system users.

    Note: To unmark multiple system users, choose Unmark system users.

  2. On the Mark System Users dialog, enter a UID number or range of numbers to mark.

    Use a colon (:) to signify a range of numbers; comma delimit multiple numbers or ranges. For example,

    0:499,501,555:600

    Note: Do not add extra spaces.

  3. Enter specific account names you want to mark. For example,
    root,web*,*nobody,ma?k

    Note: Comma delimit multiple names; do not add extra spaces. You can use wildcards in the text string, such as * and ?.

    The status column icon changes to , the system user icon. It reverts to , the regular user icon, when you unmark system users.

Note: You can enable the mangement console to mark local user accounts as "system users" when it profiles hosts.

See Automatically marking host system users for details.

Deleting a local user

When you delete a local user, all files or processes owned by the user will no longer have an owner.

To delete a local user

  1. Select one or more users from the Users tab of a host's properties and click Delete User.
  2. Confirm that you want to delete the selected users.
  3. On the Log on to Host dialog, enter the user credentials and click OK.

    Note: This task requires elevated credentials.

    The Users view is automatically refreshed and no longer lists the deleted users.

Note: When you delete a local user, the mangement console does not delete the user's home directory.

Reviewing the Local Unix Users report

The Local Unix Users report lists all users on all hosts.

Note: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

To create the Local Unix Users report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Local Unix Users report name.

    The report opens a new Local Unix Users tab on the Reporting view.

  3. To locate a specific user, use a combination of the following report parameters:
    • User Name contains
    • UID Number is
    • Primary GID Number is
    • Comment (GECOS) contains
    • Home Directory contains
    • Login Shell contains

    Note: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account.

    If you do not define a specific user, it includes all local users on each profiled host in the report.

Active Directory integration

You can configure mangement console for Active Directory so that you can perform basic Active Directory operations, such as searching for Active Directory users, groups, or computers. With Active Directory credentials that have proper permissions, you can also modify specific properties of these Active Directory objects.

Note: Management Console for Unix is limited to managing users, security groups, and computers. Other Active Directory object types (such as distribution groups and contacts) are not displayed by the console.

The topics in this section explain how to search for and locate Active Directory users, groups and computers, and how to manage the Active Directory users who are permitted to authenticate to your non-Windows systems. For a detailed description of these tasks, please refer to the online help.

Documents connexes