App Control: How to Enable or Disable Per-Agent CLI Password
App Control Console: 8.1.4 and Higher
App Control Agents: 8.1.4 And Higher
To disable or enable the use of per-agent CLI passwords
Warning: VMware Carbon Black now recommends using User or Group permission to manage the agent or to use the Global password and use a high entropy password. By design the per-agent CLI password is low entropy.
In browser URL, navigate to https://SERVERNAME/shepherd_config.php
Find defined property "ShowDascliPasswordInConsole"
Set Property Value to True or False
Setting to true will show the cli password in the console
Setting to false will hide the cli password in the console
In browser URL, navigate to https://SERVERNAME/Agent_Config.php
Create or edit configuration with value:
Find (or create) configuration that contains the value "accept_cli_password"
Change value to:
accept_cli_password=1 --To tell agents to accept per-agent CLI password:
accept_cli_password=0 --To tell agents to not accept per-agent CLI password:
New installations of 8.1.4 or Higher will have ShowDascliPasswordInConsole set to false by default
New installations of 8.1.4 or Higher will have accept_cli_password=0 set by default
Upgrades to 8.1.4 or Higher from a previous version will have ShowDascliPasswordInConsole set to false by default
Upgrades to 8.1.4 or Higher from a previous version will retain accept_cli_password=1 until manually changed.
The agent_config "accept_cli_password=0" is only understood by agents 8.1.4 and Higher and will not disable the per-agent cli password on older agents.