The Enable DNS Reverse Lookup switch is under Dashboards > Administration > Agents > Agent Properties > FglAM > FglAMadapter.
The Basic authentication mechanism simply provides HTTP headers to the remote machine, to provide the credentials that should be used for authentication. There is no use of a configuration file or a KDC. The mechanism provides no protection for the transmitted credentials, since they are simply encoded in base64 and not encrypted or hashed. To address any security concerns, it is recommended that Basic authentication attempts are made over an HTTPS and not HTTP connection. Since the KDC is not involved in the authentication process, the credentials used for Basic authentication must be local user credentials, such as local user credentials for the remote machine, and not domain user credentials.
The Agent Manager supports Basic and Negotiate WinRM authentication schemes with Windows credentials. The Negotiate authentication scheme is enabled by default in WinRM and is the recommended way to authenticate in most environments.
In order to establish connections over Windows® Remote Management (WinRM), you must provide a Windows credential. For more information, see Configuring credentials.
The Basic authentication scheme requires local Administrator accounts; you cannot use domain accounts. For more information, see Promoting remote users to administrators on local machines through the Domain Controller. Basic authentication is insecure because it transmits user names and passwords in an easily decoded string, and therefore it should not be used on an untrusted network. If Basic authentication is required, and security is a concern, configure the target system to accept only HTTPS traffic. For more information, see Manually configuring WinRM HTTPS access. If Basic authentication is not acceptable in your environment because of some specific security concerns, it can always be disabled.
You can also use Windows Group Policy Objects to automatically configure HTTP or HTTPS listeners in WinRM. For more information, see Using Group Policy Objects to configure WinRM.
You can also use the Enable WinRM authentication based on only Basic or Negotiate type switch in the FglAMAdapter Properties view to decide which WinRM authentication scheme will be used.
• |
False: Negotiate authentication scheme will be attempted at first. If Negotiate fails, then Basic authentication will be attempted. |
• |
Recent versions of Windows® OS include WinRM, but it is disabled by default. There are two ways to configure HTTP or HTTPS: manually or using Group Policy Objects.
The default WinRM settings allow only Negotiate authentication.
3 |
Optional. If Negotiate authentication is enabled, and you want to disable it, type the following: |
TIP: To enable or disable either Basic or Negotiate authentication, use the following command syntax:
winrm set winrm/config/service/auth @{<Basic|Negotiate>="<true|false>"} |
The certificate must be granted by a recognized certificate-granting authority (CA) in order for the Agent Manager to authenticate it. Otherwise you must install the root CA certificate in the Agent Manager’s trusted keystore, as described in Installing HTTPS certificates.
• |
host is a fully qualified host name, as it appears in the certificate. |
• |
thumbprint is the certificate thumbprint, with spaces removed. |
1 |
On the target machine, click Start. |
2 |
3 |
4 |
The Console Root window appears. |
5 |
6 |
In the Add or Remove Snap-ins dialog box that appears, in the Available snap-ins area, select Group Policy Object, and click Add. |
7 |
8 |
9 |
In the Console Root window, in the navigation tree on the left, choose Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service. |
11 |
After you have edited the settings as necessary for your environment, close the Console Root window. |
2 |
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/bin directory. |
If the Agent Manager fails to find a configuration file, it attempts to automatically detect the required settings and writes them to $FGLAM/state/default/config/krb5.config.
You can manually override the location of krb5 file with the following command-line parameter:
-Djava.security.krb5.conf=</path/to/file>
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center