chankendrick Absent Member.
Absent Member.
713 views

Windows Command Risk

Im trying to setup a Command Risk that whenever an AD User or Local Account logins to a Windows Server and tries to initiate a Restart/Shutdown on the server the command will not execute and the user will be disconnected.

Can someone teach me how to do this or post the Step-by-Step on how to do it? Thanks.
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Windows Command Risk

So auto-disconnect based on some configured command risk is possible, but it won't block the command from being executed. If every command went from Windows to be authorized by CmdCtrl, then the user's session would be slow and I'm not sure it would be an acceptable user experience. There may be other protocol / dll limitation here that I'm unaware of though.

So the feature for Windows Command Risk & Automatic Session Disconnect is possible. I have found the best way to identify the proper command that is executed is to examine the Keystroke Report for the Standard Inputs and create some regex to use as you enter something in the Command Risk fields in PAM cmdctrl. For more details regarding Setting the Command Risk, please refer to documentation:
https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/bjfzqbk.html#cc_command_risk

Regarding the blocking of the command, while this is possible in Linux / Unix with the Enhanced Access Control (EAC) feature and pcksh shell, the same does not exist for Windows yet. Essentially, this is an ask for Windows Enhanced Access Control (EAC). I recommend creating an enhancement / idea in the PAM Idea Portal for Management to consider in a future release of PAM. Please write up an enhancement for this feature as you see it as it will help expand the product:
https://ideas.microfocus.com/MFI/pam
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.