Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to create an Automation Policy to randomize managed user accounts

...

after disclosure

The following steps will enable you to randomize a managed user account password after it has been disclosed for 24 hours or more. The 24 hour window is useful in allowing support staff to utilize the disclosed password for a period of time before it is randomized. If a shorter window of disclosure is required this can be be implemented by changing the report XML.

Configure Randomization task

...

  1. Download the report Current disclosed passwords - Over 1 day.xml
  2. Search the XML for the string ManagedAdmin and replace it with the name of your provisioned account you wish to randomize
  3. In the Arellia Security Manager console navigate to Reports > Local Security > Password Disclosure (a different location can be used if desired)
  4. Right-click on the Password Disclosure folder and select Import
  5. Import the downloaded Current disclosed passwords - Over 1 day.xml file
  6. Navigate to Policies > Automation Policies
  7. Click on "New Policy" and give the automation policy a name, such as "Randomize passwords disclosed in past 24 hours"
  8. Schedule the policy to run every day, at a time when you would not be expecting disclosures to occur (for example 4:00 am)once every hour
  9. Select Report as the Data Source for the policy
  10. Click the pencil icon to select "Current disclosed passwords - Over 1 day" as the report to use
  11. Set the Evaluation Rule to Run for non-empty data
  12. Select the required randomization task
    • If randomizing local administrator account use the Arellia > Client Tasks > Local Security > Randomize Local Administrator User Account Password task
    • Otherwise if using a different account use the randomization task created in the previous section
  13. Click Edit input parameters and for the Selected Devices parameter specify that _ComputerGuid list should be used
  14. Under Completion Requirements set the Fail and Move on value to 30 minutes

You have now successfully created the required Automation Policy. If desired you can click the Test Automation Policy button which will force the policy to evaluate and start the randomization task.

...