Steps to enable or disable the use of per-Agent CLI Passwords.

• App Control Agents: All Supported Versions
• App Control Console: All Supported Versions

1. Log in to the Console and navigate to https://ServerAddress/agent_config.php
2. Add a filter for Value > begins with > accept_cli
3. Edit (pencil icon) the relevant Agent Config and set the value accordingly:
   • Accept per-Agent CLI Password:

     accept_cli_password=1

   • Do not accept per-Agent CLI Password:

     accept_cli_password=0

1. Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
2. Find defined property "ShowDascliPasswordInConsole"
3. Set the Property Value accordingly:
   • Show the per-Agent Password in Console:

     true

   • Hide the per-Agent Password in Console:

     false

Obtaining the per-Agent CLI:

If the Agent is still shown in Assets > Computers:

1. Log in to the Console and navigate to Assets > Computers > relevant Computer > Carbon Black App Control Agent tab.
2. Click the hyperlink, "Click to Show" to reveal the CLI Password of the Agent.

If the Agent has already been deleted from Assets > Computers:

1. Run SQL Server Management Studio as the Carbon Black Service Account
2. Connect to the App Control Database and execute the following query:

   USE das;
   SELECT host_id, hostname, cli_code from dbo.hostmain (NOLOCK) WHERE hostname like '%HOSTNAMEHERE%';

• Existing Agents must be in a Connected state to receive the necessary changes.
• This feature was disabled by default beginning with the release of both Server and Agent version 8.1.4.
• If the Agent has been deleted from the das database, there will be no way to recover the Local CLI password.