Auto-Detection

These parameters configure CPM auto-detection processes.

The new configuration will be updated the next time that the CPM configuration is updated. These parameters are stored in the ADConfiguration.xml file in the Root folder of the <CPM username> Safe.

Auto-detection Configuration - Defines general configuration parameters for auto-detection.
ADReloadInterval
Description How frequently, in minutes, the Central Policy Manager Automatic Detection manager reads its configuration files, in order to handle new processes or remove deleted ones.
Acceptable Values Number
Default Value 60
ADPerformAutomaticDetectionTask
Description Whether or not automatic detection is enabled.
Acceptable Values Yes/No
Default Value No
Auto-detection Processes - Defines auto-detection processes.
Auto-detection Process - Defines an individual auto-detection process.
ADProcessName
Description The display name of the process.
Acceptable Values String
Default Value  
ADProcessID
Description The unique ID of the process.
Acceptable Values String
Default Value  
ADProcessActive
Description Whether or not the process is active.
Acceptable Values Yes/No
Default Value No
Machine Detection - Defines machine detection configuration.
ADMachineDetectionMethod
Description Defines the method that will be used in this auto-detection process to detect machines.
Acceptable Values LDAP/Policy/VMWare/Custom
Default Value LDAP
LDAP Detection - Configures LDAP machine detection.
Note: These parameters are relevant when the ADMachine DetectionMethod parameter is set to LDAP.
ADLDAPDebug
Description Whether or not the process will run in LDAP debug mode.
Acceptable Values Yes/No
Default Value No
LDAP Connection Details - Defines details of the account that will be used to connect to the LDAP directory to detect machines.
ADLDAPConnectionAccountSafe
Description The name of the Safe where the account that contains credentials and information required to connect to the LDAP directory is stored.
Acceptable Values String
Default Value  
ADLDAPConnectionAccountObject
Description The name of the account that contains credentials and information required to connect to the LDAP directory.
Acceptable Values String
Default Value  
ADLDAPConnectionTimeout
Description The number of seconds that the CPM will try to communicate with the LDAP directory.
Acceptable Values Number
Default Value 30
Machine Sets - Defines a list of machine sets to search during this auto-detection process. Each machine set represents an OU for machine detection.
ADDefaultBaseContext
Description The default base context where the search in the directory will begin.
Acceptable Values String
Default Value  
ADDefaultQueryFilter
Description An default Active Directory query filter that defines the search inside each container.
Acceptable Values String
Default Value  
ADDefaultContainerQueryFilter
Description The default Active Directory query that defines the containers search for the current mapping node.
Acceptable Values String
Default Value  
ADDefaultIsQueryFilterRecursive
Description Whether the search scope is one level beneath the container or in every level beneath it. To specify a search scope that is just one level beneath the container, select No. To specify a search scope that includes every level the container, select Yes.
Acceptable Values Yes/No
Default Value  
ADDefaultMachineWorkspaceSafe
Description The name of the default Safe where new local accounts will be created.
Acceptable Values String
Default Value  
Machine Set - Defines individual machine sets.
ADMachineWorkspaceSafe
Description The name of the Safe where new local accounts will be created in this machine set.
Acceptable Values String
Default Value  
ADBaseContext
Description The starting point of the search in the directory for this machine set.
Acceptable Values String
Default Value  
ADQueryFilter
Description The Active Directory query filter that defines the search inside each container for this machine set.
Acceptable Values String
Default Value  
ADContainerQueryFilter
Description An Active Directory query that defines the containers search for the current mapping node in this machine set.
Acceptable Values String
Default Value  
ADIsQueryFilterRecursive
Description Whether the search scope is one level beneath the container or in every level beneath it in this machine set.
Acceptable Values Yes/No
Default Value  
Directory Properties - Defines properties in the external directory that will be used in this auto-detection process.
ADPlatformAddressField
Description The name of the field in the external directory that contains machine addresses.
Acceptable Values String
Default Value DNSHostName
ADPlatformUniqueIDField
Description The unique identifier of the machine record in the external directory. This identifier must be a Sid in order to produce the machine name.
Acceptable Values String
Default Value objectSid
ADUserAccountControlField
Description The name of the field that determines whether a machine in the external directory is enabled or disabled. Disabled machines will not be added automatically and their passwords in the external directory will be removed if they already exist.
Acceptable Values String
Default Value userAccountControl
ADSSL
Description Whether or not an SSL connection will be used to connect to the external directory.
Acceptable Values Yes/No
Default Value No
ADAlternativeAddress
Description An additional host for the external directory. The main host, the user DN and the password will be taken from the properties specified in the ADPlatformsSource DetailsObject parameter.
This is relevant for high availability implementations.
Acceptable Values String
Default Value  
Machine Detection Interval - Defines the intervals between occurrences of detection in this auto-detection process.
ADMachineDetectionInterval
Description How frequently, in minutes, the CPM will run this auto-detection process.
Acceptable Values Number
Default Value 10080
ADMachineDetectionFromHour
Description The time when the CPM will start running this auto-detection process. The default value is -1, indicating that the CPM will run these processes continuously.
Acceptable Values 0-23
Default Value -1
ADMachineDetectionToHour
Description The time until when the CPM will start running this auto-detection process. The default value is -1, indicating that the CPM will run these processes continuously.
Acceptable Values 0-23
Default Value -1
ADMachineDetectionExecutionDays
Description The days of the week when the CPM will run this auto-detection process.
Acceptable Values String
Default Value Sun,Mon,Tue,Wed,Thu,Fri,Sat
Policy Detection - Defines the platform (policy) that will be used in this auto-detection process to detect machines.
Note: These parameters are relevant when the ADMachine DetectionMethod parameter is set to Policy.
ADPolicyName
Description The name of the policy that will be detected during this machine detection process.
Acceptable Values Yes/No
Default Value No
Account Management - Parameters for accounts management.
ADProvisionMachineLocalAccount
Description Whether or not a local account will be created for each machine discovered in LDAP machine detection.
Acceptable Values Yes/No/Report Local Administrators Members
Default Value Yes
ADProvisionNewDetectedUnmanagedAccounts
Description Whether or not accounts will be created automatically for unmanaged accounts that are detected during a machine scan.
Acceptable Values Yes/No
Default Value Yes
ADManagedAccountsSafes
Description The names of Safes where master accounts of service accounts are defined and new service accounts for these accounts will be created. Multiple Safe names must be separated by commas.
Acceptable Values String
Default Value  
ADNewDetectedAccountsSafe
Description The name of the Safe where detected master accounts and their service accounts will be created as a result of a service account scanning process. The name of the Safe specified in this parameter must be listed in the ADManagedAccountsSafes parameter.
Acceptable Values String
Default Value  
ADResetImmediately
Description Whether or not the CPM will reset the password in the account immediately after it is created.
Acceptable Values Yes/No
Default Value No
ADDelay
Description The minimum time in minutes that will elapse between the detection of new account and the time that the CPM will start managing it. The default value is -1 which indicates that there is no delay and an account will be created and managed as soon as it is detected.
Acceptable Values Number
Default Value -1
ADArchiveFolder
Description The name of the folder where archived accounts will be stored. The default folder is Root\Archive in the Safe specified in the ADNewDetectedAccountsSafe parameter.
Acceptable Values  
Default Value Root\Archive
ADDeleteOnArchive
Description Whether or not accounts will be deleted after being moved to an archive folder.
Acceptable Values Yes/No
Default Value Yes
ADUpdateDefaultPropertiesOnExistingObjects
Description Whether or not the CPM will override current details of the account with default account details specified in the account template.
Acceptable Values Yes/No
Default Value Yes
New Accounts - Defines the templates to apply when provisioning new accounts in the Vault.
Local Account Template - Defines the template account to use for new local accounts that have been detected.
ADLocalAccountTemplateSafe
Description The name of the Safe where the template account for local accounts is stored.
Acceptable Values String
Default Value  
ADLocalAccountTemplateFolder
Description The name of the folder where the template account for local accounts is stored.
Acceptable Values String
Default Value Root
ADLocalAccountTemplateObject
Description The name of the template account to use for detected local accounts.
Acceptable Values String
Default Value  
Domain Account Template - Defines the template account to use for new domain accounts that have been detected.
ADDomainAccountTemplateSafe
Description The name of the Safe where the template account for domain accounts is stored.
Acceptable Values String
Default Value  
ADDomainAccountTemplateFolder
Description The name of the folder where the template account for domain accounts is stored.
Acceptable Values String
Default Value Root
ADDomainAccountTemplateObject
Description The name of the template account to use for detected domain accounts.
Acceptable Values String
Default Value  
Machine Scan - Define the CPM auto-detection processes for scanning machines.
ADScanMachines
Description Whether or not the CPM auto-detection will scan machines for service accounts.
Acceptable Values Yes/No
Default Value No
Machine Scan Interval - Defines the intervals between occurrences of machine scanning in this auto-detection process.
ADMachineScanInterval
Description How frequently, in minutes, the CPM will run this auto-detection process.
Acceptable Values Number
Default Value 20160
ADMachineScanFromHour
Description The time when the CPM will start running this auto-detection process. The default value is -1, indicating that the CPM will run these processes continuously.
Acceptable Values Number
Default Value -1
ADMachineScanToHour
Description The time until when the CPM will run this auto-detection process. The default value is -1, indicating that the CPM will run these processes continuously.
Acceptable Values Number
Default Value -1
ADMachineScanExecutionDays
Description The days of the week when the CPM will run this auto-detection process.
Acceptable Values String
Default Value Sun,Mon,Tue,Wed,Thu,Fri,Sat
ADImmediatelyScanMachineUponDetection
Description Whether or not a machine will be scanned for service accounts as soon as it is detected.
Acceptable Values Yes/No
Default Value Yes
Machine Connection Details - Defines the account that will be used to connect to the machine to scan for this process.
Machine Connection Details - Defines the account that will be used to connect to the machine to scan for this process.
ADMachineConnectionAccountSafe
Description The name of the Safe where the account that contains credentials and information required to connect to the remote machine to scan is stored.
Acceptable Values String
Default Value  
ADMachineConnectionAccountFolder
Description The folder where the account that contains credentials and information required to connect to the remote machine to scan is stored.
Acceptable Values String
Default Value  
ADMachineConnectionAccountObject
Description The name of the account that contains credentials and information required to connect to the remote machine to scan.
Acceptable Values String
Default Value  
Usage Types - Define the service accounts (usages) that will be scanned by this auto-detection process.
Usage - Define individual service accounts that will be scanned by this auto-detection process.
ADScanUsage
Description Whether or not the auto-detection process for scanning service accounts is active.
Acceptable Values Yes/No
Default Value No
ADUsageDetectionDLLName
Description The DLL file name used to connect to service accounts on a remote machine.
Acceptable Values String
Default Value  
ADUsageDetectionDLLTimeout
Description The maximum time, in seconds, for a service account detection process to run. When this timeout expires, auto-detection will terminate the current detection process that has stopped responding.
Acceptable Values Number
Default Value 300
ADUsageDisabled
Description Whether the auto-detection process will upload usages associated to domain accounts as disabled for automatic CPM Management.
Acceptable Values Yes/No
Default Value For Clean installation the default is Yes. For upgrade the default value is No.
ADUsageNameProperty
Description The name of the file category applied to service accounts in the Vault.
Acceptable Values String
Default Value  
ADUsagePolicyID
Description The name of the platform  that will be applied to this type of usage. If a template account is defined for this usage, the platform name will be taken from the template.
Acceptable Values String
Default Value  
Usage Template
Description Defines an account template that will be applied to detected service accounts.
Acceptable Values String
Default Value  
ADUsageTemplateSafe
Description The name of the Safe where the template account for the service account is stored.
Acceptable Values String
Default Value  
ADUsageTemplateFolder
Description The name of the folder where the template account for the service account is stored.
Acceptable Values String
Default Value  
ADUsageTemplateObject
Description The name of the template account to use for the detected usage.
Acceptable Values  
Default Value  
Usage Parameters - Defines details of the extra generic service account parameter.
ADUsageParameterName
Description The name of the extra generic service account parameter.
Acceptable Values String
Default Value  
ADUsageParameterValue
Description The value of the extra generic service account parameter.
Acceptable Values String
Default Value  
Account Types - Defines the list of accounts that will be scanned by this auto-detection process.
Bios Accounts - Defines the parameters for Bios Accounts.
Account Parameters - Defines extra generic parameters for the account’s DLL.
ADAccountParameterName
Description The name of the BIOS account parameter.
Acceptable Values String
Default Value  
ADAccountParameterValue
Description The value of the BIOS account parameter.
Acceptable Values String
Default Value  
Account Template - The account template that will be applied to detected accounts.
ADAccountTemplateSafe
Description The name of the Safe where the template account is stored.
Acceptable Values String
Default Value  
ADAccountTemplateSafe
Description The name of the Safe where the template account is stored.
Acceptable Values String
Default Value  
ADAccountTemplateFolder
Description The name of the folder where the template account is stored.
Acceptable Values String
Default Value Root
ADAccountTemplateObject
Description The name of the template account to use for detected accounts.
Acceptable Values String
Default Value  
Notifications - Defines notifications that will be issued during this process.
NFNotifyOnErrors
Description Whether or not a notification will be sent if a process fails.
Acceptable Values Yes/No
Default Value No
NFNotifyOnErrorsRecipients
Description Lists one or more email addresses for recipients. Multiple addresses are separated by a comma. The addresses specified here replace the default recipients list specified in the ENE.
Acceptable Values String
Default Value  
NFNotifyOnSuccess
Description Whether or not notifications will be sent after a process has run successfully.
Acceptable Values Yes/No
Default Value No
NFNotifyOnSuccessRecipients
Description Lists one or more email addresses for recipients. Multiple addresses are separated by a comma. The addresses specified here replace the default recipients list specified in the ENE.
Acceptable Values String
Default Value  
NFNotifyOnNewDiscoveredAccounts
Description Whether or not notifications will be sent when new accounts are created after being detected in an auto-detection process.
Acceptable Values Yes/No
Default Value No
NFOnNewDiscoveredAccountsRecipients
Description Lists one or more email addresses for recipients. Multiple addresses are separated by a comma. The addresses specified here replace the default recipients list specified in the ENE.
Acceptable Values String
Default Value  
NFNotifyOnAccountWithoutUsages
Description Whether or not notifications will be sent to inform users about accounts that do not have service accounts.
Acceptable Values Yes/No
Default Value No
NFOnAccountWithoutUsagesRecipients
Description Lists one or more email addresses for recipients. Multiple addresses are separated by a comma. The addresses specified here replace the default recipients list specified in the ENE.
Acceptable Values String
Default Value  
NFOnAccountWithoutUsagesRecipients
Description Lists one or more email addresses for recipients. Multiple addresses are separated by a comma. The addresses specified here replace the default recipients list specified in the ENE.
Acceptable Values String
Default Value  
VMWare vCenter Detection - Configures VMWare vCenter machine detection.
Note: These parameters are relevant when the ADMachine DetectionMethod parameter is set to VMWare.
ADMachineDetectionDebug
Description Whether or not the process will run in debug mode. The CPM will wirte extra information is a third party log file.
Acceptable Values Yes/No
Default Value No
ADMachineDetectionDLL
Description The DLL file name used to detect machines.
Acceptable Values String
Default Value PMVMWare Detection.dll
ADMachineDetectionConnectionDetails
Description Defines the details of the account used to perform machine detection.
Acceptable Values  
Default Value  
ADConnectionAccountSafe
Description The name of the Safe where the account that contains credentials and information that is required to perform machine detection is stored.
Acceptable Values String
Default Value  
ADConnectionAccountSafe
Description The name of the Safe where the account that contains credentials and information that is required to perform machine detection is stored.
Acceptable Values String
Default Value  
ADConnectionAccountFolder
Description The folder where the account that contains credentials and information that is required to perform machine detection is stored.
Acceptable Values String
Default Value  
ADConnectionAccountObject
Description The name of the account that contains credentials and information that is required to perform machine detection.
Acceptable Values String
Default Value  
ADMachine DetectionTarget Address
Description The address of the detection source that will be used for machine detection. If this attribute is empty, the address of the connection account object will be used.
Acceptable Values String
Default Value  
Machine Sets - Defines a list of machine sets to search during this auto-detection process. Each machine set represents a collection of machines on the detection source.
ADDefaultVMWareDetectionType
Description Defines the machine types that will be detected in the VMWare environment. Options are ESX / ESXi hosts or virtual guest machines.
Acceptable Values Host/Virtual Machine
Default Value Virtual Machine
ADDefaultBasePath
Description The starting point for the search in the inventory tree of the VMWare environment.
Acceptable Values String 
Default Value /
ADDefaultIsQueryFilterRecursive
Description Whether, by default, the search scope is one level beneath the container or in every level beneath it.
Acceptable Values Yes/No
Default Value Yes
ADDefaultIsQueryFilterRecursive
Description Whether, by default, the search scope is one level beneath the container or in every level beneath it.
Acceptable Values Yes/No
Default Value Yes
ADDefaultOSTypeFilter
Description Defines the filter of OS family types.
Acceptable Values Number
Default Value  
ADDefaultVirtualMachineNameFilter
Description Defines the filter of virtual machines based on their name in the VMWare environment. This parameter only applies to Machine Sets if the ADDefault VMWareDetectionType parameter is set to VirtualMachine.
Acceptable Values String
Default Value .*
ADDefaultVirtualMachineNetworkNameFilter
Description Defines filter of virtual machines based on their DNS address. This parameter only applies to Machine Sets if the ADDefault VMWareDetectionType parameter is set to VirtualMachine.
Acceptable Values String
Default Value .*
ADDefaultIncludeIncompleteObjects
Description Whether or not the CPM will create accounts that cannot be managed by the CPM, such as accounts that do not have a network address. If this parameter is set to Yes, the CPM will create disabled accounts in the workspace Safe. Disabled accounts will be marked with (CPM)AD IncompleteObject.
Acceptable Values Yes/No
Default Value No
Machine Set - Defines individual machine sets.
ADMachineWorkspaceSafe
Description The name of the Safe where new local accounts will be created.
Acceptable Values String
Default Value  
ADVMWareDetectionType
Description Defines the machine types that will be detected in the VMWare environment. Options are ESX / ESXi hosts or virtual guest machines.
Acceptable Values Host/Virtual Machine
Default Value  
ADBasePath
Description The starting point of the search in the inventory tree of the VMWare environment.
Acceptable Values String
Default Value  
ADIsQueryFilterRecursive
Description Whether the search scope is one level beneath the container or in every level beneath it in this machine set.
Acceptable Values Yes/No
Default Value  
ADOSTypeFilter
Description Defines the filter of OS family types.
Acceptable Values Number
Default Value  
ADVirtualMachineNameFilter
Description Defines the filter of virtual machines based on their name in the VMWare environment. This parameter only applies to Machine Sets if the ADDefault VMWareDetectionType parameter is set to Virtual Machine.
Acceptable Values String
Default Value  
ADVirtualMachineNetworkNameFilter
Description Define filter of virtual machines based on their DNS address. This parameter only applies to Machine Sets if the ADDefault VMWareDetectionType parameter is set to Virtual Machine.
Acceptable Values String
Default Value  
ADIncludeIncompleteObjects
Description Whether or not the CPM will create accounts that cannot be managed by the CPM, such as accounts that do not have a network address. If this parameter is set to Yes, the CPM will create disabled accounts in the workspace Safe. Disabled accounts will be marked with (CPM)ADIncompleteObject.
Acceptable Values String
Default Value  
ADMachineSetParameter
Description Defines details of a generic machine set parameter.
Acceptable Values  
Default Value  
ADMachineSetParameterName
Description The name of the extra generic machine set parameter.
Acceptable Values String
Default Value  
ADMachine Detection Properties - Defines machine detection properties for the remote target that will be used in this auto-detection process.
ADSSL
Description Whether or not an SSL connection will be used to connect to the remote target.
Acceptable Values Yes/Ignore Untrusted Certificate/No
Default Value Yes
ADPlatformAddressField
Description ADPlatform AddressField
Acceptable Values String
Default Value Hostname
ADMachineDetectionInterval - Defines the intervals between occurrences of detection in this auto-detection process.
ADMachineDetectionInterval
Description How frequently, in minutes, the CPM will run this automatic machine detection process.
Acceptable Values Number
Default Value 10080
ADMachineDetectionFromHour
Description The time frames in hours during which this auto-detection process will start detecting machines.
Acceptable Values Number
Default Value -1
ADMachineDetectionToHour
Description The time frames in hours during which this auto-detection process will start detecting machines.
Acceptable Values Number
Default Value -1
ADMachineDetectionExecutionDays
Description The days of the week when the CPM will run this auto-detection process.
Acceptable Values String
Default Value Sun,Mon,Tue, Wed,Thu,Fri, Sat
ADCustomDetection - Defines a custom method used in this auto-detection process to detect machines.
ADCustomDetection
Description Defines a custom method used in this auto-detection process to detect machines.
Acceptable Values  
Default Value  
ADMachineDetectionDLL
Description The DLL file name used to detect machines in the targeted environment.
Acceptable Values String
Default Value  
ADMachineDetectionDebug
Description Whether or not the process will run in machine detection debug mode. This option will write extra information created by the machine detection in a log file.
Acceptable Values Yes/No
Default Value No
ADMachineDetectionConnectionDetails
Description Defines details of the account used to perform machine detection on the target.
Acceptable Values  
Default Value  
ADConnectionAccountSafe
Description The name of the Safe where the account that contains credentials and information that is required to perform machine detection is stored.
Acceptable Values String
Default Value  
ADConnectionAccountFolder
Description The folder where the account that contains credentials and information that is required to perform machine detection is stored.
Acceptable Values String
Default Value  
ADConnectionAccountObject
Description The name of the account that contains credentials and information that is required to perform machine detection.
Acceptable Values Number
Default Value  
ADConnectionTimeout
Description The number of seconds that the CPM will try to communicate with the VMWare vCenter.
Acceptable Values String
Default Value  
ADMachineDetectionTargetAddress
Description The address of the detection source that will be used for machine detection. If this attribute is empty, the address of the connection account object will be used.
Acceptable Values String
Default Value  
ADMachineSets - Defines a list of machine sets to search during this auto-detection process. Each machine set represents a collection of machines on the detection source.
ADMachineSet - Defines parameters for a machine set.
ADMachineSetParameter - Defines details of a generic machine set parameter.
ADMachineSetParameterName
Description The name of the extra generic machine set parameter.
Acceptable Values String
Default Value  
ADMachineSet ParameterValue
Description The value of the extra generic machine set parameter.
Acceptable Values String
Default Value  
ADMachine DetectionProperties
ADSSL
Description Whether or not an SSL connection will be used to connect to the external directory.
Acceptable Values Yes/No
Default Value No
ADPlatform AddressField
Description The name of the field in the external directory that contains the machine’s address.
Acceptable Values Text
Default Value  
ADMachineDetection Interval
ADMachineDetectionInterval
Description How frequently, in minutes, the CPM will run this automatic machine detection process.
Acceptable Values Number
Default Value 10080
ADMachineDetectionFrom Hour
Description The time frames in hours during which this auto-detection process will start detecting machines.
Acceptable Values Number
Default Value -1
ADMachineDetectionToHour
Description The time frames in hours during which this auto-detection process will stop detecting machines.
Acceptable Values Number
Default Value -1
ADMachineDetectionExecutionDays
Description The days of the week when the CPM will run this auto-detection process.
Acceptable Values String
Default Value Sun,Mon,Tue, Wed,Thu,Fri, Sat
Domains properties
Domains - List of domains to be used whenever automatic translation of the NETBIOS name to a DNS name cannot be performed. This translation is necessary when the auto-detection finds an account or a service account which is defined on the remote machine with its NETBIOS name.
Note: When using the LDAP machine detection method, this list is optional.
ADDomain - Domain definition to be used for translating NETBIOS name to DNS name when creating accounts and service accounts.
ADDomainNetbios
Description Short NETBIOS name of the domain.
Acceptable Values String
Default Value  
ADDomainDNS
Description Full qualified domain name as it appears in the DNS.
Acceptable Values String
Default Value  
Account name pattern properties
Account Name Pattern - Defines properties that will be used to generate an account’s name when it is created in the Vault.
Separator
Description The separator that will be used between the different parts of the account name.
Acceptable Values String
Default Value - (dash)
Pattern
Description Defines an account property that comprises part of the account name.
Acceptable Values String
Default Value  
Name
Description The name of the pattern.
Acceptable Values String
Default Value  
Usage name pattern properties
Usage Name Pattern - Defines properties that will be used to generate a usage’s name when it is created in the Vault.
Separator
Description The separator that will be used between the different parts of the service account name.
Acceptable Values String
Default Value - (dash)
Pattern
Description Defines an account property that comprises part of the service account name.
Acceptable Values String
Default Value  
Name
Description The name of the pattern.
Acceptable Values String
Default Value