search cancel

How to Prevent a Distribution Server From Handling Certain SAM Endpoint Types


Article ID: 224120


Updated On:


CA Privileged Access Manager (PAM)


Because of firewall rules or OS limitations, it may be desired to prevent a PIM distribution server from handling SAM/PUPM requests for particular endpoint types. For example, it may be desired to have only Windows distribution servers handle Active Directory endpoints or Linux distribution servers handle SSH endpoints.


Shared Account Manager 12.8, 12.9, 14.0


To restrict particular SAM endpoint types on the distribution server, modify exclude_endpoint_types and add the endpoint type. To modify it, follow the steps below.

On Windows:
1- Open the command prompt and stop endpoint services with `secons -s`.
2- Open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\common\AgentManager\Plugins\AccountManager.
3- Modify exclude_endpoint_types and add the endpoint type as it is in the GUI.
4- In the command prompt, start endpoint services with the command `seosd -start`.

On Linux:
1- Stop the endpoint daemons.
2- Open accommon.ini and search for exclude_endpoint_types.
3- Update the token and add the desired endpoint type.
4- Save the file, then start the endpoint daemons.