Managing PAM360 Agents

Once you have installed the PAM360 agent with the respective usage and modules, you can proceed with the further operations related to the PAM360 agents that follow.

Discovering Local Accounts using the PAM360 Agent
Finding Tasks Awaiting Execution by the PAM360 Agent
Associating and Dissociating PAM360 Agents
Editing PAM360 Agent Settings
Deleting a PAM360 Agent
Remapping a PAM360 Agent
Frequently Asked Questions

1. Discovering Local Accounts using PAM360 Agent

When the agent is started for the first time on the target machine, it will automatically add the machine as a resource in PAM360 and discover all the local accounts. After discovery, you can reset the passwords of the local accounts. To learn more about resetting passwords using the PAM360 agent, click here.

2. Tasks Awaiting Execution by the PAM360 Agent

Follow the below steps to find the tasks that have been triggered by the PAM360 user but awaiting execution by the PAM360 agent.

Click the bell icon in the top panel of the interface to view Notifications.
Under Agent Alerts, you will find the agent-related statuses:
- The number of password reset and password verify actions triggered.
- Status of password reset actions triggered earlier.
- Status of password verification actions triggered earlier.
The notifications are user-specific i.e., users will be notified of only those tasks that they have triggered.

3. Associating and Dissociating PAM360 Agents

Applicable from build 5710 for Windows, Windows Domain and Linux Agents

PAM360 allows users to associate and dissociate agents to/from their resources/users. Associating an agent will allow the agent to perform remote operations on the resource or to fetch data from the user device while dissociating the agent will pause all the operations performed by it.

Navigate to Admin >> Agents >> Manage Agents. Here, you will be able to view a list of agents mapped with the resources/users.
To Dissociate a resource/user from an agent,

Click the agent action icon beside the desired resource/user name and click Dissociate.
In the popup that appears, mention the time interval (in minutes) between which the agent should check its status.
Click Dissociate to dissociate the selected agent. You have successfully dissociated the resource/user from the agent.

To Associate a resource/user with an agent, click the agent action icon beside the desired resource/user name and click Associate. You have successfully associated the resource/user with the agent.

4. Editing PAM360 Agent Settings

Navigate to Admin >> Agents >> Manage Agents.
In the Manage Agents window that appears, you will see a list of agents deployed in your environment along with relevant details such as the resource on which the agent is deployed, its DNS name or IP address, resource type, agent owner, status, and the last operated time.
To edit the agent settings, click the Agent Action icon beside the agent-deployed resource and select Edit from the displayed options. A sliding window appears from the right, which is organized into three tabs: Details, Configurations, and Modules.
On the Details tab, you can view the deployed agent details such as the deployed resource type, agent version, server name, port number, etc.
Switch to the Configurations tab to modify the following agent settings:
- Contact Interval - Specify the time interval (in seconds) at which the agent should contact the PAM360 server to exchange job status and details.
- Account Discovery Schedule Interval - Specify the time interval (in hours) at which the agent should execute the account discovery schedule task.
- Account Filter - Specify the conditions as a regular expression to filter the accounts that the agent should include during discovery.
- Listener Timeout - Specify the duration (in seconds) after which the agent listener should time out if no response is received.
- Fetch Disabled Accounts - Enable this option if you want the selected agents to fetch the details of disabled accounts during account discovery.
- Server Certificate Installed - Use this option to confirm whether the PAM360 server certificate is added to the agent-deployed machine to ensure secure communication over SSL between the agent and the server.
Switch to the Modules tab to enable the agent for the following modules:
- Password Management: Enable this option to allow the agent to verify and reset account passwords on the target resource.
- Self-Service Privilege Elevation: Enable this option to utilize the agent to support Self-Service Privilege Elevation, enabling users to request and obtain elevated privileges on the remote resource.
- Zero Trust: Enable this option to allow the agent to periodically collect system and resource data required for Zero Trust evaluations and validation.
- SSL Management: Enable this option to allow the agent to perform SSL certificates management operations, including certificate discovery, deployment, and signing, on the target machine.
- System Event Logging: Enable this option to allow the agent to monitor and collect system event from the target machine for auditing, compliance, and review purposes.
- Keystroke Logging: Enable this option to allow the agent to record user keystrokes on the target machine for monitoring and auditing activities.
After configuring the required details, click Save.

You have successfully updated the agent configurations and modules for the desired agent. To update the agent configurations and modules for multiple agents in bulk, follow these steps:

Select the desired agents you wish to modify and click the Bulk Configuration button in the top pane.
In the pop-up window that appears, you can configure the agent configurations and modules for the selected agents.
After configuring the required details, click Save to save the configured changes.

Caution

Changes will be applied only to the respective agent settings you modify. All other settings will remain unchanged on the selected agents.

5. Deleting a PAM360 Agent

Procedure applies to build 5710 and above

Navigate to the Resources/ Users tab and delete the resource/user whose agent you wish to delete.
Now, navigate to Admin >> Agents >> Manage Agents.
Additional Detail
The 'Resource Name/User Name' for the agent whose resource/user got deleted will be displayed as 'N/A'.
Click the agent action icon beside the agent whose resource/user you deleted and click Delete Agent.
In the pop-up that appears, click Delete. You have now successfully deleted the agent.
Caution
1. The resource gets deleted along with the agent, so it is recommended for the resource owner to take a copy of the resource before deleting the agent.
2. This operation will only remove the agent from the PAM360 server and will not uninstall the agent from the resource.
3. To add a deleted agent to the PAM360 server, reinstall the agent in the target machine.

6. Remapping a PAM360 Agent

Applicable from build 5710 for Windows, Windows Domain and Linux Agents

The Remap Agent option is used when the resource of an agent is accidentally deleted. Administrators will be able to remap the agent to its resource using the following steps:

Navigate to the Resources tab and add a resource with the same DNS name as the agent.
Now, navigate to Admin >> Agents >> Manage Agents.
Click the resource action icon beside the agent belonging to the added resource and click Remap Agent.
In the pop-up that appears, select the resource with which you want to remap the agent and click Remap Agent.

You have successfully remapped the agent to the resource.

7. Frequently Asked Questions

1. How to create a custom role to manage agents?

To create a custom role that allows users to manage agents, follow these steps:

Navigate to: Admin >> Customization >> Roles.
Click: Add Roles. In the pop-up, provide a Name and Description for the role.
Click: Password.
Select the Resource tab: Enable Add and Edit permissions.
Go to the Password Reset tab: Enable Password Reset.
Click: Custom Settings and enable Download PAM360 Agents.

Once these steps are completed, you will have successfully created a role to manage agents. Note: Users must own the resource where the agent is installed to manage it.

2. Are there reports available for managing agents?

Yes, you can generate reports for managing agents. To access them, navigate to Reports >> Query Reports >> Resources and search for Agents Installed. This report will provide a comprehensive list of agents installed on their respective resources.

3. What happens to existing agents after upgrading to version 5710?

After upgrading PAM360 to build 5710, all existing agents from the previous version will automatically appear under Admin >> Agents >> Manage Agent. In this section, you will be able to view and delete the old agents. To access additional functionalities such as Associate, Dissociate, and Remap, it is recommended to reinstall the latest agent on the target machine.

4. What occurs in the Manage Agents window if an agent is uninstalled from the target machine?

The agent's status is updated every 30 minutes by default. If the agent remains inactive during this period, its status will be marked as inactive in the Manage Agents window.

5. If a resource is shared with an admin who has full access, will the agent be displayed in the Manage Agents window?

No, the agent details will only be visible in the Manage Agents page if the resource ownership is transferred to another admin-privileged user.

6. What happens when the ownership of an agent-installed resource is transferred to another admin-privileged user?

The agent's status is updated every 30 minutes by default. If the agent remains inactive during this period, its status will be marked as inactive in the Manage Agents window.

Top