Blog Viewer

App Control: How to Enable or Disable Per-Agent CLI Password

By CB_Support posted Sep 08, 2020 01:30 PM

  

Environment

  • App Control Agents: All Supported Versions
  • App Control Console: All Supported Versions

Objective

To disable or enable the use of per-Agent CLI Passwords.

Resolution

Warning: Carbon Black now recommends using the options in Agent Management instead, as per-Agent CLI Passwords are low entropy.
 
  1. Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
  2. Find defined property "ShowDascliPasswordInConsole"
  3. Set Property Value accordingly:
    • Show the per-Agent Password in Console: true
    • Hide the per-Agent Password in Console: false
  4. Navigate to https://ServerAddress/agent_config.php
  5. Add a filter for Value > begins with > accept_cli
  6. Edit (pencil icon) the relevant Agent Config accordingly:
    • Accept per-Agent CLI Password: accept_cli_password=1
    • Do not accept per-Agent CLI Password: accept_cli_password=0

Additional Notes

  • Existing Agents must be in a Connected state to receive the necessary changes.
  • This feature was disabled by default beginning with the release of both Server and Agent version 8.1.4.

Related Content



#AppControl
0 comments
0 views

Permalink