Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Backup procedure

It is necessary to perform a backup when the service is not running. You can use normal backup methods, such as archiving the files in a compressed bundle.

To backup the Management Console for Unix program files

  1. Shutdown the service.
  2. Copy the application data directory to a backup location.

    By default, the application data directory is:

    • On Windows:
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix
    • On Unix/Linux:
      /var/opt/quest/mcu
  3. Restart the service.

    Note: For more information on stopping and restarting the service, see Start/stop/restart Management Console for Unix service.

Restore procedure

It is necessary to restore your files when the service is not running.

To restore the Management Console for Unix program files

  1. Shutdown the service.
  2. Replace the application data directory files with the ones you previously backed up.

    By default, the application data directory is:

    • On Windows:
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix
    • On Unix/Linux:
      /var/opt/quest/mcu
  3. Once you have replaced the files, restart the service.

    Note: For more information on stopping and restarting the service, see Start/stop/restart Management Console for Unix service.

Command line utilities

Management Console for Unix provides Unix command line utilities and Windows Powershell cmdlets that enable you to script common local Unix user and group management tasks. For example, you can write a script to reset a local Unix user's password across multiple Unix systems.

MCU PowerShell cmdlets and Unix CLI commands

PowerShell modules provide a "scriptable" interface to many mangement console tasks. Using Management Console for Unix PowerShell commands, you can manage group membership, change user passwords, or connect to the Management Console for Unix Web service.

Management Console for Unix provides the following PowerShell cmdlets and Unix CLI commands, grouped according to service:

Table 84: PowerShell cmdlets and Unix CLI commands
PowerShell cmdlet Unix CLI command Description
Administrative Services
Connect-QmcuService connect-qmcuservice Connect to the Management Console for Unix Web Service specified by DNS name or IP address.
Disconnect-QmcuService disconnect-qmcuservice Disconnects from the Management Console for Unix Web Service.
Get-QmcuConnection get-qmcuconnection Lists the computer connection information.
Remove-QmcuComputerCredential remove-qmcucomputercredential Removes specified host credentials from the mangement console cache.
Set-QmcuComputerCredential set-qmcucomputercredential Caches specified host credentials on the management console.
Computer Services
Find-QmcuComputer find-qmcucomputer Finds hosts managed by the console matching a specified search criteria.
Find-QmcuGroup find-qmcugroup Finds local group information matching specified search criteria.
Find-QmcuUser find-qmcuuser Finds local user information matching specified search criteria.
Get-QmcuComputer get-qmcucomputer Lists hosts managed by the mangement console.
Get-QmcuGroup get-qmcugroup Lists local group information for the specified host.
Get-QmcuUser get-qmcuuser Lists local user information for the specified host.
New-QmcuComputer new-qmcucomputer Adds a host to the mangement console.
New-QmcuGroup new-qmcugroup Creates a new local group on the specified host.
New-QmcuUser new-qmcuuser Creates a new local user on the specified host.
Remove-QmcuComputer remove-qmcucomputer Removes a host from the mangement console.
Remove-QmcuGroup remove-qmcugroup Removes a local group from the specified host.
Remove-QmcuUser remove-qmcuuser Removes a local user from the specified host.
Update-QmcuComputer update-qmcucomputer Updates a specified host's profile.
Group Services
Add-QmcuGroupMember add-qmcugroupmember Adds local users to the specified local group.
Get-QmcuGroupMember get-qmcugroupmember Lists all local users in a specified group.
Remove-QmcuGroupMember remove-qmcugroupmember Removes specified local users from specified local group.
User Services
Add-QmcuGroupMembership add-qmcugroupmembership Adds the specified local user to the specified groups.
Get-QmcuGroupMembership get-qmcugroupmembership Lists all local groups of which the specified local user is a member.
Remove-QmcuGroupMembership remove-qmcugroupmembership Removes the specified local user from the specified groups.
Set-QmcuUserPassword set-qmcuuserpassword Sets the password for the specified local user.
Functions
Get-QmcuBanner   Displays the MCU powershell console "Welcome" banner which gives basic instructions for viewing the Management Shell cmdlets.
Import-QmcuModule   Updates the Powershell module path and imports the MCU module.
Related Documents