search cancel

Change Protection Engine authentication from Active Directory based authentication to SPE Based authentication without uninstallation

book

Article ID: 163151

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS

Issue/Introduction

There is a need to change "SPE Based Authentication" in Symantec Protection Engine (SPE) with Active Directory Based Authentication without an uninstallation and reinstallation in a Windows environment.

Environment

SPE 8.0.x installed on Microsoft Windows

 

Resolution

There are three attributes that must be changed in the configuration.xml; password value, ADAuthenticationMode and ActiveDirectoryDetails. This section of the document looks like this before the change:

  <admin>
                <port value="8004"/>
                <sslport value="8005"/>
                <ip value=""/>
                <timeout value="300"/>
                <password value=""/>
                <emailid value=""/>
                <!-- ADAuthenticationMode option is applicable to Windows only -->
                <ADAuthenticationMode value="true">
                    <ActiveDirectoryDetails groupname="YourDomain\YourGroupName"/>
                </ADAuthenticationMode>
            </admin>

Note: As always, when working with the Protection Engine XML files, stop the Symantec Protection Engine Service. Please stop scanning within your connector before stopping Symantec Protection Engine Service due to potential negative impact to your scanning resource. See vendor documentation for best practices in disabling scanning.

In order to change the ADAuthenticationMode value ="true" to "false" you will use the command: 

C:\Program Files\Symantec\Scan Engine>xmlmodifier.exe -s //configuration/resources/system/admin/ADAuthenticationMode/@value false configuration.xml

To change the ActiveDirectoryDetails groupname="YourGroupName" to "" you will use the command: 

C:\Program Files\Symantec\Scan Engine>xmlmodifier.exe -s //configuration/resources/system/admin/ADAuthenticationMode/ActiveDirectoryDetails/@groupname "" configuration.xml

Then you need to set the password you would like to use for logging into the console as Administrator using the following command:

C:\Program Files\Symantec\Scan Engine>xmlmodifier.exe -p YourPassword configuration.xml

After you have successfully made this change, this section should now look like:    

<admin>
                <port value="8004"/>
                <sslport value="8005"/>
                <ip value=""/>
                <timeout value="300"/>
                <password value="56F0A6345BBA1DA2E00CCA22DB61AD9491C0AF0C52C30CF6FF31887931A3CA7A68C8BD5FD34E17B4E817E9B1138EC64C18CE72D4C14BAFBD7324802287AC13BD1935E95BDF67462F5CA9166FAF49C291"/>
                <emailid value=""/>
                <!-- ADAuthenticationMode option is applicable to Windows only -->
                <ADAuthenticationMode value="false">
                    <ActiveDirectoryDetails groupname=""/>
                </ADAuthenticationMode>
            </admin>        

Once you confirm the changes are within configuration.xml, you should be able to start the Symantec Protection Engine service and log into the console with newly created local credentials.        

Note: Do not edit the Protection Engine XML files with anything but the XMLModifier