Get Live Help
NOTE: The Access & Privileges reports do not report on users and groups from a NIS domain.
|Access & Privileges by Host||
Identifies all users with log-on access to hosts and the commands the users can run on the hosts. This report includes the following information:
Browse to select a host.
Optionally, select the Show detailed report option.
|Access & Privileges by User||
Identifies the users with log-on access to hosts, the commands that user can run on each host, and the "runas aliases" information for that user. This report includes the following information:
Use the following report parameters to specify the user to include in the report:
Browse to select a user.
Optionally select the Show detailed report option.
Provides details about the commands executed by users on hosts joined to a policy group, based on their privileges and recorded as events or captured in keystroke logs by Privilege Manager. This report allows you to search for commands that have been recorded as part of events or keystroke logs for a policy group and includes the following information:
Use the following report parameters to define details in the report:
|Console Access and Permissions||
Lists users who have access to the mangement console based on membership in a console role and the permissions assigned to that role. This report includes the following information:
|Logon Policy for AD User||
Identifies the hosts where Active Directory users have been granted log-on permission. This report includes the following information for hosts joined to an Active Directory domain:
Specify the Active Directory users to include in the report:
Browse to search Active Directory to locate and select an Active Directory user.
|Logon Policy for Unix Host||
Identifies the Active Directory users that have been explicitly granted log-on permissions for one or more Unix computers. This report includes the following information for hosts joined to an Active Directory domain:
Specify the managed hosts to include in the report:
Browse to locate and select a managed host that is joined to Active Directory.
Provides details of changes made to a policy for a Privilege Manager policy group. This report includes the following information:
Select a policy group.
|Product License Usage||
Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:
Authentication Services includes PowerShell modules which provide a "scriptable" interface to many Authentication Services management tasks. You can access a customized PowerShell console from the Control Center Tools navigation link.
You can perform the following tasks using PowerShell cmdlets:
Using the Authentication Services PowerShell modules, it is possible to script the import of Unix account information into Active Directory.
To Unix-Enable a user and user group
Note: The first time you launch the PowerShell Console it asks you if you want to run software from this untrusted publisher. Enter A at the PowerShell prompt to import the digital certificate to your system as a trusted entity. Once you have done this you will never be asked this question again on this machine.
Enable-QasUnixGroup UNIXusers | Set-QasUnixGroup -GidNumber 1234567
Note: You created the UNIXusers group in a previous exercise. (See Add an Active Directory group account.)
Unix attributes are generated automatically based on the Default Unix Attributes settings that were configured earlier and look similar to the following:
ObjectClass : group DistinguishedName : CN=UNIXusers,CN=Users,DC=example,DC=com ObjectGuid : 71aaa88-d164-43e4-a72a-459365e84a25 GroupName : UNIXusers UnixEnabled : True GidNumber : 1234567 AdsPath : LDAP://windows.example.com/CN=UNIXusers,CN=Users, DC=example,DC=com CommonName : UNIXusers
Enable-QasUnixUser ADuser | Seet-QasUnixUser -PrimaryGidNumber 1234567
The Unix properties of the user display:
ObjectClass : user DistinguishedName : CN=ADuser,CN=Users,DC=example,DC=com ObjectGuid : 5f83687c-e29d-448f-9795-54d272cf9f25 UserName : ADuser UnixEnabled : True UidNumber : 80791532 PrimaryGidNumber : 1234567 Gecos : HomeDirectory : /home/ADuser LoginShell : /bin/sh AdsPath : LDAP://windows.example.com/CN=ADuser,CN=Users, DC=example,DC=com CommonName : ADuser
Note: To completely clear all Unix attribute information, enter
Now that you have Unix-disabled the user, that user can no longer log into systems running the Authentication Services agent.
and click Login to log onto the Unix host with your Active Directory user account.
A PuTTY window displays.
Note: PuTTY attempts to log in using Kerberos, but will fail over to password authentication if Kerberos is not enabled or properly configured for the remote SSH service.
You will receive a message that says, "Access denied".