Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Unjoining host from policy group

When you unjoin a host from a policy group, the host will no longer check for privileges against the policy in the policy group.

To unjoin hosts from the policy group

  1. Select one or more hosts that are joined to a policy group from the list on the All Hosts view.
  2. Open the Unjoin toolbar menu and choose Unjoin from Policy Group.
  3. On the Unjoin host from policy group dialog, enter your credentials to log on to the host and click OK.

    Note: This task requires elevated credentials.

Configure a secondary policy server

The primary policy server is always the first server configured in the policy server group; secondary servers are subsequent policy servers set up in the policy server group to help with load balancing. The "master" copy of the policy is kept on the primary policy server.

All policy servers (primary and secondary) maintain a working copy of the security policy stored locally. The initial working copy is initialized by means of a checkout from the repository when you configure the policy server. Following this, the policy servers automatically retrieve updates as required.

Configuring a secondary policy server

After you install and configure a primary policy server, you are ready to configure additional policy servers for load balancing purposes.

To configure a secondary policy server

  1. Check the Policy Server for configuration readiness.

    See Checking policy server readiness for details.

  2. Install the Privilege Manager Policy Server package on the secondary server host.

    See Installing the Privilege Manager packages for details.

  3. From the All Hosts view, open the Join or Configure toolbar menu and navigate to Configure Policy Server | As Secondary Policy Server.

  4. On the Configure Secondary Policy Server dialog,

    1. Choose the policy group you want to associate with the secondary policy server.

    2. Enter the pmpolicy service account password in the Join password box.

      Note: The Join password is the password for the pmpolicy service account that was set when the primary policy server was configured. See Configuring the primary policy server for details.

    3. Select the Join agent or plugin to policy group option, if you want to join the secondary policy server to the policy group at this time.

      When you join a policy server to a policy group, you are indicating which policy group you want to use for policy verification. That is, you are enabling that host to validate security privileges against a single common policy file located on the primary policy server, instead of a policy file located on the local host.

      Note: Policy servers can only be joined to policy groups they host (that is, manage). You cannot join a Sudo Plugin host to a pmpolicy server group or the PM Agent host to a sudo policy server group.

      You can join the server to the policy group later. See Joining the host to a policy group for details.

  5. On the Log on to Host dialog, enter the user credentials to access the selected host and click OK.

    This information is pre-populated if you saved the credentials for the host.

Install PM agent or Sudo plugin on a remote host

Once you have installed and configured the primary policy server, you are ready to install a PM Agent or Sudo Plugin on a remote host.

Related Topics

Checking client for policy readiness

Installing Privilege Manager agent or plugin software

Related Documents