App Control: How to Enable or Disable Per-Agent CLI Password

App Control: How to Enable or Disable Per-Agent CLI Password

Environment

  • App Control Console: 8.1.4 and Higher
  • App Control Agents: 8.1.4 And Higher

Objective

To disable or enable the use of per-agent CLI passwords

Resolution

Warning: VMware Carbon Black now recommends using User or Group permission to manage the agent or to use the Global password and use a high entropy password. By design the per-agent CLI password is low entropy.
  1. In browser URL, navigate to https://SERVERNAME/shepherd_config.php
  2. Find defined property "ShowDascliPasswordInConsole"
  3. Set Property Value to True or False
    • Setting to true will show the cli password in the console
    • Setting to false will hide the cli password in the console
  4. In browser URL, navigate to https://SERVERNAME/Agent_Config.php
  5. Create or edit configuration with value:
  6. Find (or create) configuration that contains the value "accept_cli_password"
  7. Change value to:
    • accept_cli_password=1  --To tell agents to accept per-agent CLI password: 
    • accept_cli_password=0  --To tell agents to not accept per-agent CLI password:

Additional Notes

  • New installations of 8.1.4 or Higher will have ShowDascliPasswordInConsole set to false by default
  • New installations of 8.1.4 or Higher will have accept_cli_password=0 set by default
  • Upgrades to 8.1.4 or Higher from a previous version will have ShowDascliPasswordInConsole set to false by default
  • Upgrades to 8.1.4 or Higher from a previous version will retain accept_cli_password=1 until manually changed.
  • The agent_config "accept_cli_password=0" is only understood by agents 8.1.4 and Higher and will not disable the per-agent cli password on older agents.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-08-2020
Views:
1841
Contributors