How to Enable RepCLI Authentication on Existing Sensors
Article ID: 291759
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Enable RepCLI Authentication on Sensors that are already deployed
- RepCLI authentication can also be enabled at the time of install with the CLI_USERS option
Environment
- Carbon Black Cloud (Formerly CB Defense) Sensor: 3.3.x.x and Higher
- Microsoft Windows: All Supported Versions
Resolution
- Enable bypass mode on the sensor from the Carbon Black Cloud Console
- Open the cfg.ini file with Notepad (Notepad++.exe with Admin privilege is recommended)
- Location of cfg.ini file can be found using this KB - Where is the cfg.ini file located for Windows Sensor?
- Add the following line (replace <DesiredSID> with actual AD Group or User SID)
- Warning: Authenticated users will be able to run any repcli command on the device, please ensure SID only applies to a specific user or group trusted to execute repcli commands
- Note: Only one SID can be specified
-
AuthenticatedCLIUsers=<DesiredSID>
- Save changes to cfg.ini with "Save As" option; maintain the same file name and select a destination outside of the cfg.ini directory
- Move the old cfg.ini file out of it's file path and keep as a backup
- Move the new cfg.ini file with the SID entry back into the specified file path
- Run the following repcli command. Review the following KB if needed: How to Access RepCLI Utility
"c:\program files\confer\repcli" updateconfig
- Run the following RepCLI command to disable Bypass
"c:\program files\confer\repcli" bypass 0
- If the "repcli bypass" command is successful, then this confirms that SID Authentication is now enabled
Additional Information
Additional Troubleshooting:
- If the "repcli bypass 0" command does not initially work, repeat step 7
- Open the cfg.ini file to ensure that the "AuthenticatedCLIUsers" value was saved
- In some instances restarting the Sensor services may be required in order for the Sensor to reload the cfg.ini file
- Due to protection settings, it may not be possible to stop the sensor services without rebooting the machine
- Sometimes a reboot may be required to force the Sensor to reload the cfg.ini file
- Closing and opening the command prompt as administrator may be required in step 7
Feedback
Yes
No
Powered by
