ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Discover windows local Accounts on all remote servers in a domain using a windows domain account

book

Article ID: 238667

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Discussion of a PAM limitation where a windows Domain account cannot be used to discover windows Local accounts on ALL remote servers that are part of the domain.

Cause

Discovery of all windows Local accounts using a windows Domain is not configurable in PAM and hence is a limitation.

Environment

Release : 3.4.x and 4,0.x releases

Component :

Resolution

The two approaches that were validated and found limited are summarized below. 

1. Local Account Discovery Using the Windows Remote connector

Using windows Local accounts to discover windows Local account is configurable and works but NOT windows Domain account to discover the windows local account. Currently, using "Windows Remote" connector in PAM one cannot register windows Domain Account (there is no means to associate a Domain account to a "Windows Remote" Target Application for such a discovery). Therefore, one cannot configure windows Domain account to discover Windows Local accounts.

2. Local Account Discovery Using the Windows Proxy   

Allows Discovery of Local accounts on the same server (using a Domain Account) where Windows Proxy is installed ONLY and  does not allow discovery of Local accounts on ALL remote servers that are also a part of the same domain.

Broadcom Engineering and Product Management is aware of this limitation. No roadmap has been announced as of writing of this knowledge base article.

Additional Information

None.