Unconfiguring a service account
Unconfiguring a service account deactivates the policy group in the mangement console and disables console access to the policy file and keystroke logs on the primary policy server.
To unconfigure service account
- Log in as supervisor or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.
- From the top-level Settings menu, navigate to System settings | Privilege Manager.
- Click Unconfigure service account next to the primary policy server listed.
- On the Unconfigure Service Account dialog, enter credentials to log onto the primary policy server and click OK.
Note: This task requires elevated credentials.
- Verify that the Active box is not checked.
Note: When you unconfigure a service account, the mangement console,
- leaves the "questusr" and the corresponding "questgrp" account on the host.
- removes questusr from the pmpolicy and pmlog groups.
- leaves questusr as an implicit member of questgrp.
- removes the policy group SSH key from questusr's authorized_keys, /var/opt/quest/home/questusr/.ssh/authorized_keys.
Activating policy groups
To centrally manage a policy, view events, or reply keystroke logs for a policy group, you must activate it.
To activate policy groups
- Log in as supervisor or an Active Directory account with rights to change System Settings; that is, as an Active Directory account in the Console Administration role.
- From the top-level Settings menu, navigate to System settings | Privilege Manager.
- Select the Active box next to the policy groups you wish to activate and click OK to save the change and return to the mangement console.
Note: If your policy group is not listed, make sure you have added and profiled the host where Privilege Manager software is installed as the primary policy server to the mangement console; then re-profile the host.
Deactivating policy groups
You cannot remove policy groups directly from Privilege Manager system settings. However, if you decide you no longer want to manage the policy file, view events or replay keystroke logs for a particular policy group, you can deactivate it. Deactivating the policy group does not unconfigure the service account; it simply disables console access to the policy and keystroke logs on the primary policy server. See Unconfiguring a service account for details about unconfiguring the Service Account.
To deactivate policy groups
- Log in as supervisor or an Active Directory account with rights to change System Settings; that is, as an Active Directory account in the Console Administration role.
- From the top-level Settings menu, navigate to System settings | Privilege Manager.
- Deselect the Active box to deactivate the policy group and click OK to save the change and return to the mangement console.
Software & Licenses settings
Use the Software & Licenses settings to:
- Set the Privilege Manager software location on the server.
- Check for Privilege Manager licenses.
Note: Centralized policy management and keystroke logging are licensed separately.