Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Enable Authentication for RepCLI Utility During Sensor Install

Carbon Black Cloud: How to Enable Authentication for RepCLI Utility During Sensor Install

Environment

  • Carbon Black Cloud (formerly Cb Defense) Sensor: 3.3.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

Enable authentication for the RepCLI utility during unattended sensor install

Resolution

  1. Add the following value to the msiexec command line string
  2. Replace SID with the actual SID of an AD group or user.
    • Warning: Authenticated users will be able to run any repcli command on the device, please ensure SID only applies to a specific user or group trusted to execute repcli commands
    • Note: Only one SID can be specified
    • CLI_USERS=<DesiredSID>
  3. Complete install with the above value as part of the msiexec command line string.

Additional Notes

  • The CLI_USERS option will only be honored at the time of sensor install (this option will not be honored during Sensor upgrade)
  • RepCLI authentication/authorization is not tied to any OS-side permissions, the SID could be that of a normal user with no admin permissions and they would still be able to use RepCLI functions requiring authentication
  • If an AD group SID is specified, users can be added/removed as needed to allow/deny RepCLI Authentication
  • A specific user account for RepCLI use can also be designated
  • The user or group SID will be authenticated as a RepCLI user

Related Content


Was this article helpful? Yes No
100% helpful (3/3)
Article Information
Author:
Creation Date:
‎11-27-2018
Views:
22359
Contributors