Configure Administrative Access to the ESM Console Using the DB Configuration Tool
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Configure Administrative Access to the ESM Console Using the DB Configuration Tool
When you install the ESM Console, you specify the
administrative account and type of authentication (machine or domain) that
you will use for initial access to the ESM Console. From the ESM
Console, you can then configure role-based access control to define Administrative
Roles to assign to Administrative
Users (and/or groups). This enables you to enforce the separation
of information among functional or regional areas of your organization
to protect the privacy of data on the ESM Console. For more information,
see Manage
Administrator Access to the ESM Console.
If after setting
up role-based access you have difficulty accessing the ESM Console
and need to verify or change administrative account settings, you
can use a command line interface (CLI) called the DB Configuration
Tool. This allows you to manage basic ESM Console settings including
the administrative users that have access to the ESM Console, and
the authentication mode by which to authenticate them. The DB Configuration
Tool does not validate or authenticate the users and only provides
a mechanism for making changes when you cannot do so using the ESM
Console.
To enforce role-based access
control, use the ESM Console to make changes to administrative access,
when possible.
You can access the DB Configuration
Tool using a Microsoft MS-DOS command prompt that you run as an
administrator. The DB Configuration Tool is located in the Server folder
on the ESM Server.
All commands you run using the DB
Configuration Tool are case sensitive.
- Open a command prompt as an administrator in either
of two ways:
- Select StartAll ProgramsAccessories, right-click Command prompt, and then select Run as administrator.
- Select Start and, in the Start Search box, type cmd but do not press Enter, yet. Then, to open the command prompt as an administrator, press Ctrl+Shift+Enter.
- Navigate to the folder that contains the DB Configuration
Tool:
C:\Users\Administrator> cd C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server - (Optional) View the existing administrator settings:
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server> dbconfig usermanagement show AuthMode = Machine AllowedUsers = Administrator AllowedGroups = - (Optional) Specify the authentication mode:
either domain or machine.
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server> dbconfig usermanagement AuthMode [domain|machine] - (Optional) Add an administrative user.
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server> dbconfig usermanagement AllowedUsers <newuser>Repeat this step to add additional administrative users. The DB Configuration Tool appends the usernames to the existing list of administrative users.To remove administrative users, you must use the ESM Console.