How to Prevent a Distribution Server From Handling Certain SAM Endpoint Types

book

Article ID: 224120

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Because of firewall rules or OS limitations, it may be desired to prevent a PIM distribution server from handling SAM/PUPM requests for particular endpoint types. For example, it may be desired to have only Windows distribution servers handle Active Directory endpoints or Linux distribution servers handle SSH endpoints.

Environment

Shared Account Manager 12.8, 12.9, 14.0

Resolution

To restrict particular SAM endpoint types on the distribution server, modify exclude_endpoint_types and add the endpoint type. To modify it, follow the steps below.

On Windows:
1- Open the command prompt and stop endpoint services with `secons -s`.
2- Open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\common\AgentManager\Plugins\AccountManager.
3- Modify exclude_endpoint_types and add the endpoint type as it is in the GUI.
4- In the command prompt, start endpoint services with the command `seosd -start`.

On Linux:
1- Stop the endpoint daemons.
2- Open accommon.ini and search for exclude_endpoint_types.
3- Update the token and add the desired endpoint type.
4- Save the file, then start the endpoint daemons.