Configuring Agent Management via User / Group or Global CLI Password
search cancel

Configuring Agent Management via User / Group or Global CLI Password

book

Article ID: 286739

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps for configuring Agent Management which allows for authentication with the Agent.

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

  1. Log in to the Console using an an account with administrative privileges.
  2. Navigate to Settings > System Configuration > General > Edit.
    • When choosing a user or group to manage Agents:
      • This option allows administrators to assign elevated dascli/b9cli privileges to a specific User or Group.
      • When a command prompt is ran as the related User, that session is automatically authenticated.
      • Any User or Group specified will need to exist on the endpoint.
      • On Windows, a Predefined Group can be used (ex: Local Administrator) or a specific Group (ex: DOMAIN\b9Admins) can be specified by name or SID.
      • Use of a centrally managed Group is the recommended primary authentication method.
    • When choosing to use a Global Password:
      • The Global CLI Password can be changed, but cannot be viewed.
      • Password length must be fewer than 64 characters, and be in the ASCII character set due to Microsoft Windows command line limitations.
      • Password should not contain the following DOS special characters as some older Microsoft Windows versions may not support them: 
        |><&%()@.[]{}:;^=!'"`~,
      • If both a password and a User or Group are specified, only one is needed for access.
      • Specifying a Global Password is a recommended secondary authentication method, and routine password rotation is recommended.
  2. Save any changes
  3. Verify Agents show as Connected & Up to Date before attempting to test the updated authentication method.

Additional Information

  • Both a Global Password and User/Group could be configured for use (allows for either option to be used, does not require both).
  • Agents must be Connected in order to receive changes.
  • Agent Management settings are built into the Policy Installers when changed.
  • If Agent Management settings are not configured/not known and an Agent is offline there will be no way to authenticate with an Agent for removal or other modification.
Powered by Wolken Software