How to utilize PAM's Windows Remote Target Connector to discover local Services and Scheduled Tasks

book

Article ID: 106123

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

The new Windows Remote Target Connector (supported since PAM 3.1) can be used as an alternative to the Windows Proxy. The Windows Remote Target Connector functions much like the Windows Proxy, but does not require installation (agent-less) on each target server.

I have created Target Account with Windows Remote Connector as the application type, the account belongs to local Administrators group and password can be verified, but Services or Scheduled Tasks tabs are empty. How should I configure so that I can discover local Services and Scheduled Tasks on target Windows server, so I can manage the account's password used by them?
 

Environment

PAM 3.1 or later
Windows 2008, 2012, 2016 servers

Resolution

To be able to discover local Services or Scheduled Tasks you have to use the first Windows Remote Account to do account discovery. Once you discovered new local accounts, manage them and local Services or Scheduled Tasks belong to the accounts will be appeared on the accounts' Services and Scheduled Tasks tab.

Follow the following steps.
1. On the target Windows Server, change logon account of the Service or create Scheduled Task for the account you want to manage.
    For example, I have seng user account and I change SNMP Trap service logon account to this account.
   

<Please see attached file for image>

Local Service
   
    This account has also a scheduled task, named MySengTask.
   

<Please see attached file for image>

Local Scheduled Task

2. Create Windows Remote Target Application and select both Discover Services and Discover Tasks boxed in Account Discovery tab.
  

<Please see attached file for image>

Windows Remote Target Application
  

<Please see attached file for image>

Windows Remote Target Application - Account Discovery
   In Windows Remote tab, you can either select Local Account or Domain Account. If you select Domain Account you need to fill in additional parameter related to the Domain.
  

<Please see attached file for image>

Windows Remote Target Application - Windows Remote

3. Create the first Windows Remote Account (which has enough privilege to discover local Services and Scheduled Tasks). Check the Discovery Allowed box in Password tab and make sure Password can be verified.
  

<Please see attached file for image>

1st Windows Remote Account
  

<Please see attached file for image>

1st Windows Remote Account - Password

4. Go to Credentials > Discovery and create Scan Profile and select the target Windows server.
  

<Please see attached file for image>

Account Discovery - Scan Profile

5. Run the Scan Profile and once completed, select Discovered Account tab
  

<Please see attached file for image>

Discovered Accounts

6. Select the account who owns the local Service and Scheduled Task and click Manage button. Select Update both the Password Authority Server and the target system and key in the correct password and click OK button. When "Do you want to manage this account?" prompt appear, click Yes.
  

<Please see attached file for image>

Manage Account

7. Now open the newly created Target Account and you will see you discovered local Service in Services tab and Scheduled Task in Scheduled Tasks tab.
  

<Please see attached file for image>

Discovered Service
  

<Please see attached file for image>

Discovered Scheduled Task
 

Additional Information

Please refer Online Documentation about Windows Remote Target Connector for more details.

Attachments

1558699553275000106123_sktwi1f5rjvs16js4.png get_app
1558699551595000106123_sktwi1f5rjvs16js3.png get_app
1558699550048000106123_sktwi1f5rjvs16js2.png get_app
1558699548319000106123_sktwi1f5rjvs16js1.png get_app
1558699546609000106123_sktwi1f5rjvs16js0.png get_app
1558699544906000106123_sktwi1f5rjvs16jrz.png get_app
1558699543062000106123_sktwi1f5rjvs16jry.png get_app
1558699541385000106123_sktwi1f5rjvs16jrx.png get_app
1558699539647000106123_sktwi1f5rjvs16jrw.png get_app
1558699537742000106123_sktwi1f5rjvs16jrv.png get_app
1558699536057000106123_sktwi1f5rjvs16jru.png get_app
1558699533889000106123_sktwi1f5rjvs16jrt.png get_app