| Report | Description |
|---|---|
| AD Group Conflicts |
Lists all Active Directory groups with Unix Group ID (GID) numbers assigned to other Unix-enabled groups. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select the base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
| Local Unix Groups |
Identifies the hosts where a specific group exists in /etc/group. This report includes the following information:
If you do not specify a group, it includes all local groups on each profiled host in the report. To locate a specific group, use the following report parameters:
NOTE: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering:
NOTE: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group. In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option. NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. |
| Unix-Enabled AD Groups |
Lists all Active Directory groups that have Unix group attributes. NOTE: A Group object is considered "Unix-enabled" if it has a value for the GID Number. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is only available if you have configured the mangement console to recognize Active Directory objects (see Configuring the console to recognize Unix attributes in AD), and you are logged on as an Active Directory account in the Manage Hosts role. |
One Identity Privileged Access Suite for Unix
Introducing One Identity Management Console for Unix
What's new in Management Console for Unix 2.5
What are the core features of the console
How Management Console for Unix works
Installing Management Console for Unix
System requirements
Before installing the Management Console
Installing the Management Console
Preparing Unix hosts
Installing and uninstalling the console on Windows
Installing the console from the Windows command line
Installing and uninstalling the console on Unix and Linux
Launching the Management Console
Setting up Management Console for Unix
Configure console for Active Directory logon
Set up console access by role
Identify console
Set Supervisor Password dialog
Summary dialog
Management Console for Unix Log On page
Getting Started Tab
Upgrade Quest Identity Manager for Unix
Upgrade Management Console for Unix
Adding hosts to the Management Console
Renaming hosts
Profiling hosts
Working with host systems
Automatically profiling hosts
Viewing the auto-profile status
Viewing the auto-profile heartbeat errors
Checking readiness
Install software on hosts
Using the console search options
Managing local groups
Performing a basic search
Using the advanced search options
Saving search criteria
Removing saved searches
Filtering All Hosts view content
Reviewing host properties
Removing hosts from Management Console
Importing SSH host key
Adding a local group
Searching for groups
Modifying a local group's properties
Adding users to a local group
Removing user from local group
Deleting local group
Reviewing the Local Unix Groups report
Managing local users
Adding a local user
Searching for users
Modifying user properties
Modifying multiple user's properties
Resetting local user's password
System Users
Deleting a local user
Reviewing the Local Unix Users report
Active Directory integration
Enabling Active Directory features
Adding an Active Directory group account
Adding an Active Directory user account
Searching for Active Directory objects
Viewing or modifying Active Directory user properties
Viewing or modifying Active Directory group properties
Authentication Services integration
Installing Authentication Services
Configure Active Directory for Authentication Services
Displaying Authentication Services agent information
Setting Authentication Services software path
Checking host for AD readiness
Installing Authentication Services software packages
Joining host to Active Directory
Configuring host access control
Check QAS Agent Status
Privilege Manager integration
Manually checking QAS agent status
Automatically checking QAS agent status
Viewing the QAS status errors
Viewing the QAS status heartbeat errors
Adding AD user to a local group
Mapping local users to Active Directory users
Testing the mapped user login
Configuring the console to recognize Unix attributes in AD
Unix-enable an Active Directory group
Unix-Enable an Active Directory User
Testing the Active Directory user login
Getting started
Configure a primary policy server
Reporting
Setting preferences
Checking policy server readiness
Installing the Privilege Manager packages
Configuring the primary policy server
Joining the host to a policy group
Configure a secondary policy server
Install PM agent or Sudo plugin on a remote host
Security policy management
Opening a policy file
Edit panel commands
Editing PM policy files
Event logs and keystroke logging
Default roles (or profiles)
Modifying Privilege Manager role properties
Adding a Privilege Manager role
Add a Privilege Manager restricted shell role
Adding Privilege Manager role based on an existing role
Saving policy files
Deleting Privilege Manager role
Changing policy version
Reviewing policy changes
Managing role defaults
Modifying PM policy files with the text editor
Reviewing the Access and Privileges by User report
Reviewing the Access and Privileges by Host report
User preferences
System preferences
Security
General system settings
Duplicate SSH Host Keys
Setting session timeout
Automatically marking host system users
Console Information settings
Changing supervisor account password
Setting custom privilege elevation commands
Console Roles and Permissions system settings
Active Directory system settings
Privilege Manager system settings
Configuring a service account
Unconfiguring a service account
Activating policy groups
Deactivating policy groups
Software & Licenses settings
Authentication Services system settings
Management Console for Unix server and console
Troubleshooting tips
Authenticating the supervisor user
Authenticating Active Directory users using Windows Integrated Authentication
Authenticating Active Directory users using a username and password
Installing a production certificate
Active Directory
Managed Unix Hosts
Generating a custom SSL/TLS certificate and key pair for Management Console for Unix
Importing certificate to trusted domains on Windows
Importing certificate to trusted domains on Unix or Linux
Disabling SSL/TLS encryption
Customizing HTTP and SSL/TLS ports
Changing allowed ciphers
Managing SSH host keys
Known_hosts file format
Handling changes to SSH host keys
Detecting multiple hosts with the same key
Caching Unix host credentials
Database Security
Summary of Security Recommendations
Auto profiling issues
Active Directory Issues
System maintenance
Command line utilities
Active Directory connectivity issues
Unable to configure Active Directory
Active Directory is disabled
Active Directory tasks are disabled
Auditing and compliance
Cannot create a service connection point
Check Authentication Services agent status commands not available
CSV or PDF reports do not open
Database port number is already in use
Elevation is not working
Hosts do not display
Import file lists fakepath
Information does not display in the console
License information in report is not accurate
Out of memory error
Post install configuration fails on Unix or Mac
Privilege Manager feature issues
Join to policy group failed
Join to policy group option is not available
Preflight fails because the policy server port is unavailable
Policy Change report reports newlines
Profile task never completes
questusr account was deleted
Readiness check failed
Recovering from a failed upgrade
Reports are slow
Reset the supervisor password
Running on a Windows 2008 R2 domain controller
Service account login fails
Setting custom configuration settings
Single Sign-on (SSO) issues
Configure a Firefox web browser for SSO
Configure an IE web browser for SSO
Disable Single Sign-on (SPNEGO/HTTP negotiation)
Disable SSPI for Single Sign-on
Enable SSO for remote browser clients
JVM memory tuning suggestions
Start/stop/restart Management Console for Unix service
Toolbar buttons are not enabled
UID or GID conflicts
MCU PowerShell cmdlets and Unix CLI commands
MCU PowerShell cmdlets
Unix CLI commands
Mac CLI Commands
Examples of Using Command Line Utilities
Web services
Database maintenance
Connect to the console
Add host to the console
Create local group across all managed hosts
Add a local user to a group on each managed host
Add localuser to a group on all Linux machines
Get a user on a specific computer
Find a UID on a computer
Remove all credentials stored in the console for a specific host
Set a local user's password
View a group’s membership
Group reports
Access & Privileges reports
Note: The Access & Privileges reports do not report on users and groups from a NIS domain.
| Report | Description |
|---|---|
| Access & Privileges by Host |
Identifies all users with log-on access to hosts and the commands the users can run on the hosts. This report includes the following information:
Browse to select a host. Optionally, select the Show detailed report option. NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
| Access & Privileges by User |
Identifies the users with log on access to hosts, the commands that user can run on each host, and the "runas aliases" information for that user. This report includes the following information:
Use the following report parameters to specify the user to include in the report:
Browse to select a user. Optionally select the Show detailed report option. NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
| Commands Executed |
Provides details about the commands executed by users on hosts joined to a policy group, based on their privileges and recorded as events or captured in keystroke logs by Privilege Manager. This report allows you to search for commands that have been recorded as part of events or keystroke logs for a policy group and includes the following information:
Use the following report parameters to define details in the report:
NOTE: You can use wildcards in the text string you enter in the Command box, such as * and ?.
NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
| Console Access and Permissions |
Lists users who have access to the mangement console based on membership in a console role and the permissions assigned to that role. This report includes the following information:
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Console Access role. However, when you access this report as supervisor, the mangement console requires that you authenticate to Active Directory. |
| Logon Policy for AD User |
Identifies the hosts where Active Directory users have been granted log on permission. This report includes the following information for hosts joined to an Active Directory domain:
Specify the Active Directory users to include in the report:
Browse to search Active Directory to locate and select an Active Directory user. NOTE: The report might show both the Active Directory login name and local user names in the Login Name column for a selected AD user account because an Active Directory user account can have one or more local user accounts mapped to it.
NOTE: Only hosts joined to an Active Directory domain with a Authentication Services 4.x agent are included in this report.
NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
| Logon Policy for Unix Host |
Identifies the Active Directory users that have been explicitly granted log on permissions for one or more Unix computers. This report includes the following information for hosts joined to an Active Directory domain:
Specify the managed hosts to include in the report:
Browse to locate and select a managed host that is joined to Active Directory. NOTE: This report only includes hosts joined to an Active Directory domain with a Authentication Services 4.x agent.
NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
| Policy Changes |
Provides details of changes made to a policy for a Privilege Manager policy group. This report includes the following information:
Select a policy group. Select either to:
NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
Product Licenses Usage reports
| Report | Description |
|---|---|
| Product License Usage |
Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:
|
Setting preferences
You can set both User and console System preferences. User preferences are settings that only apply to the user that is currently logged on to the mangement console. Whereas, System preferences are global settings that apply to all users using the mangement console.
You access User preferences from the top-level User menu represented by the authenticated user's login name. Its menu also has options for sign in/sign out. You access System settings from the top-level Settings menu represented by the gear icon, 
While you can change User Preferences using any log on account; to change console System Settings you must log onto the mangement console using the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.