Chat now with support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Deactivating policy groups

You cannot remove policy groups directly from Privilege Manager system settings. However, if you decide you no longer want to manage the policy file, view events or replay keystroke logs for a particular policy group, you can deactivate it. Deactivating the policy group does not unconfigure the service account; it simply disables console access to the policy and keystroke logs on the primary policy server. See Unconfiguring a service account for details about unconfiguring the Service Account.

To deactivate policy groups

  1. Log in as supervisor or an Active Directory account with rights to change System Settings; that is, as an Active Directory account in the Console Administration role.
  2. From the top-level Settings menu, navigate to System settings | Privilege Manager.
  3. Deselect the Active box to deactivate the policy group and click OK to save the change and return to the mangement console.

Software & Licenses settings

Use the Software & Licenses settings to:

  • Set the Privilege Manager software location on the server.
  • Check for Privilege Manager licenses.

Note: Centralized policy management and keystroke logging are licensed separately.

Setting the Privilege Manager software path

When you install from the product ISO, the setup wizard copies available software packages to a default location on the local computer.

The default directories are:

  • On Windows platforms: %SystemDrive%:\Program Files\Quest Software\Management Console for Unix\software\qpm\default
  • On Unix and Linux platforms: /opt/quest/mcu/software/qpm/default

Note: If you install Management Console for Unix from the Privilege Manager for Unix ISO, the "default" directory is replaced with the product version number.

If you plan to install Privilege Manager software onto your hosts from the console, you must ensure the path to the packages is correctly set in System Settings.

To ensure the path to the Privilege Manager software packages is correctly set

  1. Make note of where your Privilege Manager software packages are located.

  2. Log into the mangement console with the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role. See Console Roles and Permissions system settings for details.
  3. From the top-level Settings menu, navigate to System settings | Privilege Manager | Software & Licenses.

  4. In the Path box, enter the path to where the Privilege Manager software packages are located on the server and click OK.

Notes:

  • The path to the software packages must point to the folder containing the agent, server, and sudo_plugin directories. It is typically the version number of Privilege Manager for Unix.
  • When running Management Console for Unix on Windows, the location of the Privilege Manager software packages must be accessible to the mangement console service which runs as 'NT AUTHORITY\NetworkService.

Checking for Privilege Manager licenses

You cannot add Privilege Manager licenses to the primary server by means of the mangement console. You must install the One Identity license files using the pmlicense command. See the Privilege Manager for Unix Administration Guide for details.

Note: You must have a Privilege Manager Policy Server configured in order to update licensing.

To refresh Privilege Manager license information in the console

  1. Log onto the mangement console using the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.
  2. From the top-level Settings menu, navigate to System settings | Privilege Manager | Software and Licenses.
  3. Click Check for licenses.
  4. Click OK to save the System Settings and return to the mangement console.

Note: The mangement console automatically updates the license information each time you login.

Documents connexes