prasenjitmass Respected Contributor.
Respected Contributor.
919 views

Shutdown command not working in command risk

Hi,
Can anyone tell me what is the exact command I have to put if I want to implement command risk for "shutdown" for windows ? Can anyone provide few sample illegal commands for windows please ?
0 Likes
2 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Shutdown command not working in command risk

prasenjitmass,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Shutdown command not working in command risk

Here is a good pattern approach to take to this sort of question. Perform the action in some session that is audited by PAM, view the keystroke report of the audited session in the Reporting Console, select 'Show audited commands' from the bottom-right options. Now the OS calls will be displayed in the keystroke report. Find the 'Standard Input' that is audited that you'd like to take action on in this case, then create a Command Risk filter that would match that input. So the following command should likely catch this input: *Shut Down Windows*

Setting high risk should show the risk color as red in the keystroke report as well in this case.

This is just for marking Command Risk and taking some automated action against user, such as auto disconnecting their session and/or blocking the user from access in the future.
For more details, please feel free to Open a Service Request with us.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.