silent installed PAM Client cannot be launched by Domain Users
Article ID: 124793
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Customer has PAM Client registered in their Software Distribution Catalogue for silent installation to Domain member windows machines.
The installation works fine but when a Domain User logon to the Windows machine to launch the PAM Client it does not launch.
Is there any requirement with PAM Client Silent Installation for Domain Users?
Customer has PAM Client registered in their Software Distribution Catalogue for silent installation to Domain member windows machines.
The installation works fine but when a Domain User logon to the Windows machine to launch the PAM Client it does not launch.
Is there any requirement with PAM Client Silent Installation for Domain Users?
The installation works fine but when a Domain User logon to the Windows machine to launch the PAM Client it does not launch.
Is there any requirement with PAM Client Silent Installation for Domain Users?
Customer has PAM Client registered in their Software Distribution Catalogue for silent installation to Domain member windows machines.
The installation works fine but when a Domain User logon to the Windows machine to launch the PAM Client it does not launch.
Is there any requirement with PAM Client Silent Installation for Domain Users?
Environment
Release:
Component: CAPAMX
Component: CAPAMX
Resolution
The installation inherits the parent folder permissions.
Generally you can assign "Everyone" the full permission to that PAM Client home directory would resolve the permission problem.
If you are unable to provider "Everyone" full permission to that folder due to security reasons you can customize your Software Distribution script to assign specific Domain accounts to have full permission to that folder using "icacls".
For example:
icacls %PAM_CLIENT_FOLDER% /remove:d /grant %END_USER_ACCOUNT%:(OI)(CI)F /T
%PAM_CLIENT_FOLDER% is the PAM Client installation folder.
%END_USER_ACCOUNT% is the end user domain account
/remove:d would remove any explicit DENY permission that might have been set which might conflict with the end user permission
(OI)(CI)F would give FULL permission to any new files/folders that might be created in the future
/T applies this to existing files/folders currently exist
Generally you can assign "Everyone" the full permission to that PAM Client home directory would resolve the permission problem.
If you are unable to provider "Everyone" full permission to that folder due to security reasons you can customize your Software Distribution script to assign specific Domain accounts to have full permission to that folder using "icacls".
For example:
icacls %PAM_CLIENT_FOLDER% /remove:d /grant %END_USER_ACCOUNT%:(OI)(CI)F /T
%PAM_CLIENT_FOLDER% is the PAM Client installation folder.
%END_USER_ACCOUNT% is the end user domain account
/remove:d would remove any explicit DENY permission that might have been set which might conflict with the end user permission
(OI)(CI)F would give FULL permission to any new files/folders that might be created in the future
/T applies this to existing files/folders currently exist
Feedback
Yes
No
Powered by
