Steps to change PAM Session Recording Service Account Password
search cancel

Steps to change PAM Session Recording Service Account Password

book

Article ID: 373588

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Is there a step by step guide to change the Symantec PAM Session recording service account password? There is a file share mount to a remote server and it is using that remote server's service account to operate. If I change the service account password, it will break the PAM because the Access Policy is set to "Security Safe" mode instead of "Operationally Safe" and users would not be able to log in.

Environment

Privilege Access Manager all versions

Resolution

Provided the new Service Account works and has the same privileges to read/write access the External Storage, the change will only affect very momentarily. And this External Storage settings is local to each PAM node. So the ideal way to do this change is to

 1. Evict/log out users
          Sessions >> Manage Sessions
 2. Set PAM node to Maintenance mode
          Configuration >> Diagnostics >> System >> Maintenance Mode
 3. Unmounted the External Storage, do the Service Account changes, re-mount (make sure the External Storage is mounted and available)
          Configuration >> Logs >> Session Recording >> External Storage
 4. Turn off Maintenance mode
 5. Then you can let the users to access the PAM node again.

You can do the above steps to one PAM node at a time. Other PAM nodes are still accessible as per normal

Powered by Wolken Software