When you unjoin a host from a policy group, the host will no longer check for privileges against the policy in the policy group.
To unjoin hosts from the policy group
Note: This task requires elevated credentials.
The primary policy server is always the first server configured in the policy server group; secondary servers are subsequent policy servers set up in the policy server group to help with load balancing. The "master" copy of the policy is kept on the primary policy server.
All policy servers (primary and secondary) maintain a working copy of the security policy stored locally. The initial working copy is initialized by means of a checkout from the repository when you configure the policy server. Following this, the policy servers automatically retrieve updates as required.
After you install and configure a primary policy server, you are ready to configure additional policy servers for load balancing purposes.
To configure a secondary policy server
Check the Policy Server for configuration readiness.
See Checking policy server readiness for details.
Install the Privilege Manager Policy Server package on the secondary server host.
See Installing the Privilege Manager packages for details.
From the All Hosts view, open the Join or Configure toolbar menu and navigate to Configure Policy Server | As Secondary Policy Server.
On the Configure Secondary Policy Server dialog,
Choose the policy group you want to associate with the secondary policy server.
Enter the pmpolicy service account password in the Join password box.
Note: The Join password is the password for the pmpolicy service account that was set when the primary policy server was configured. See Configuring the primary policy server for details.
Select the Join agent or plugin to policy group option, if you want to join the secondary policy server to the policy group at this time.
When you join a policy server to a policy group, you are indicating which policy group you want to use for policy verification. That is, you are enabling that host to validate security privileges against a single common policy file located on the primary policy server, instead of a policy file located on the local host.
Note: Policy servers can only be joined to policy groups they host (that is, manage). You cannot join a Sudo Plugin host to a pmpolicy server group or the PM Agent host to a sudo policy server group.
You can join the server to the policy group later. See Joining the host to a policy group for details.
On the Log on to Host dialog, enter the user credentials to access the selected host and click OK.
This information is pre-populated if you saved the credentials for the host.
Once you have installed and configured the primary policy server, you are ready to install a PM Agent or Sudo Plugin on a remote host.