1. Launch ENTM
2. Create Windows 7 Endpoint
3. Configure a windows service with a native user
4. Run service account discovery wizard
5. Only native user accounts should display

1. install AC endpoint
2. in seos.ini change the tokens as per shown below:
   serevu_use_pam_seos
3. failed_login_file = /opt/CA/AccessControl/log/pam_seos_failed_logins.log
4. use these two tokens and then make failed login 3 times for root.
   And then check /opt/CA/AccessControl/log/pam_seos_failed_logins.log, if root is on the file, then you should get the syslog.
5. Now try to login as root with wrong password.
6. now try to see the syslog file which should contain only 1 warning message for root wrong password.

1. activate HOST class
   AC> so class+(HOST)
2. modify HOST _default for auditing
   AC> er host _default audit(a)
   AC> auth host _default service(*) acc(a)
3. login by ssh
   # ssh 0
4. check audit log
   # seaudit -a -s today
   08 Dec 2010 17:36:03 P HOST ssh 180 3 localhost.localdomain /usr/sbin/sshd
   08 Dec 2010 17:36:04 P LOGIN root 59 2 localhost.localdomain SSH
   both host and login audit logs are recorded. this is expected.
5. stop AC
   # secons -s
6. add HOST filter with <program-path> in audit.cfg
   HOST;*;*;/tmp/aaa;*;P
   * <program-path> can be anything
7. start AC
   # seload
8. repeat step 3 and 4
   08 Dec 2010 17:38:45 P LOGIN root 59 2 localhost.localdomain SSH
   only login audit log is recorded. This is not expected since host audit record filter should not applied for different program path (/tmp/aaa vs /usr/sbin/sshd).

1. Launch AC Runtime SDK install from Product Explorer.
2. Scroll through all the sections providing proper inputs.
3. In Review Settings screen, found caption labels overlap.

Actual Result:
Found caption label overlap in Review Settings screen.

Expected Result:
There should not be any overlap of labels.

1. create a pmdb
   selang
   env pmd
   createpmd pmdb1@localhost
   q
2. create join a native user to a group in the pmdb
   selang
   host pmdb1@
   nu testuser
   ng testgroup
   join testuser group(testgroup)
   q
3. export pmdb
   secons -s
   cd .datapmdb1
   dbmgr -e -l
4. verify multiple join command not appear. Before this fix it was:
   env nat
   join ("testuser") group('testgroup')
   env nat
   join ("testuser") group('testgroup')

1. Prepare Windows box (2003 or 2008)
2. Install AC12.5 SP2, 3rd party products and 12.5SP2 Endpoint Management
3. create new native user from "Users" <- "Users" and Groups" <- "Computer Management" <- "Administrative Tools" as below.
   User name: TEST01
   Full name: TEST01 FULLNAME
   Description: TEST01 DESC
   Password: Password01
   Confirm password: Paaword01
4. Start Internet explorer and connect to Endpoint Management
5. select "Users" tab
6. click "Go"
7. click *TEST01
8. select "Native" tab
9. You can confirm "TEST01" instead of "TEST01 FULLNAME" is displayed in "full name" field.

1. My Privileged Account List
2. sort by Endpoint Name tab and Endpoint
3. sort is not working

1. Enable KBL
2. create AC user audit(A)
3. start AC
4. login as test user, perform some activity
5. Stop AC
6. check kbl.auit saved trace records (seaudit -tr)
7. Clean log directory
8. edit <AC_dir>/etc/kblaudit.cfg like this
   [EXCLUDE]
   TRACE;*;*;*;*;*;*;*seos.ini*
   [INCLUDE]
   TRACE;*;*;*;*;*;*;*uname*
9. Start AC
10. Perform steps 4 - 6
    EXPECT: kbl.audit keeps records accordingly to filter rules

1. install AC and create pmd as pmd1
2. create native user with password in PMDB.
   eu pmdusr01 password(eTrust01)
3. add subscriber with -n option as synchronize mode.
4. check error log on PMDB. And then you can find fail to create the user at OS on subscriber.

Notes:

1. You need to enable bi-directional password encryption to propagate password to new subscribers.
   > so password(rules(bidirectional))
2. In case the target endpoint has native password policy that disallows creating users without password, an error will appear in the PMD error log. It does not mean the password is not propagated successfully

1. Run the er GHNODE command on ENTM setting the criteria
2. on endpoints matching that criteria execute the command
   dmsmgr -config -endpoint
   dmsmgr -config -dhname DH__@entmname
3. start AC on the endpoint
4. Once policyfetcher executes successfully on the endpoint these hosts must appear in the GNODE created with that criteria

1. Set these tokens in Seos.ini
   osuser_enabled = no
   create_user_in_db = no
   Undef_ForPacl = 0
2. Start AC
3. Login to Selang
   AC>env native
   AC(native)>eu user1 password(user1)
   AC>nr file /tmp/filetest defacc(n) audit(all) owner(nobody)
   AC>auth file /tmp/filetest uid(*) via(pgm(/usr/bin/vi))
4. Login as user1 and try opening the file and file opens for read only.
5. Stop AC change the token to Undef_ForPacl = 1 and start again.
6. Now try opening the file "Permission is denied"
   Hence Undef_ForPacl = 0, user1 is allowed with PACL and Undef_ForPacl = 1 UACC denies the file access.

1. install AC12.5 SP3 x64 version on RHEL
2. create PMDB0 as parent pmd
3. set parent_pmd token as PMDB0@^=host name=^
4. subscribe AC endpoint to PMDB0 # sepmd -s PMDB0 ^=host name=^
5. start selang and connect to PMDB0 # selang AC=^ host PMDB0@ AC=^ eu TEST owner(testuser) (PMDB0@localhost) ERROR: Failed to fetch data for USER/GROUP testuser AC=^ exit *note: testuser is not existed on AC/PMDB to get above error purposely
6. check PMDB0 error information as below # cd /^=AC-install-dir=^/policies/PMDB0 # ls -l ERR* -rw- 1 root root 235 May 10 11:11 ERROR_LOG * looks some data are written, but # sepmd -e PMDB0 CA Access Control sepmd v12.53.0.1517 - Policy Model management Copyright (c) 2010 CA. All rights reserved. * not shown any error

1. enable KBL
2. create user user01 both AC and native from selang with audit(logins, loginf, f, interact)
3. login TEST user
4. enter command "mkdir /tmp/TESUTO # TESUTO: Japanese Kana characters
5. enter command "mkdir /tmp/TESUTO/aaa" Confirm KBL output by "seaudit -kill -sid ^=nnn=^ -cmd".
   The output shows as below. 14 Sep 2010 11:29:38 P TRACE user01 4c8edc26:0000014e konsh01 KBL input rhel54-54 3337 XX: SessionCmd: mkdir /tmp/ 14 Sep 2010 11:30:00 P TRACE user01 4c8edc26:0000014e user01 KBL input rhel54-54 3337 XX: SessionCmd: mkdir /tmp//aaa XX: Kanji characters that stand for information.

1. set up a new AD user who is allowed to log in by UNAB.
2. try to log in via ssh
3. logon fails and depending on whether NIS is used one can or cannot log in via ssh later on (with NIS used, /etc./security/lastlog is not updated)

AC 12.5 SP4 / W2K8

1. try to kill lsass.exe =^ taskkill /im lsass.exe -=^ this is denied as expected
2. see audit log 20 May 2011 17:39:34 D PROCESS W2K8-X64Administrator Kill 601 10 c:w Windowssystem32lsass.exe C:Windowssystem32taskkill.exe
3. stop AC and add following filter in audit.cfg and restart AC PROCESS;c:windowssystem32lsass.exe;*;*;Kill;D
4. step 1-2 again [expected result] audit log of kill is filtered. [actual result] audit log of kill is not filtered. The audit log can be filtered if access type is changed to '*'. PROCESS;c:windowssystem32lsass.exe;*;*;*;D The access type of 'Kill' is described in Reference Guide.

1. Create PMDB.
2. Create "hostname_updates" file in PMDB directory. eg) [ACDir]/policies/PMDB/aaa_updates ==^ This file can be a dummy.
3. Run install_base. ==^ This is aborted with below message(=expected).
   
   -- You are still updating this subscriber: aaa. You must finish updating this subscriber before upgrading, or you will lose this update. Note: You can use the -force flag to upgrade anyway.
4. Cannot start AC by seload. # seload CA Access Control seload v12.53.0.1517 - Loader Utility Copyright (c) 2010 CA. All rights reserved. The token SEOS_syscall.LINUX_SeOS_Syscall_number, now set to '300'. CA Access Control system call is not loaded. ERROR: Timeout waiting for CA Access Control daemon. CA Access Control system call is not loaded

1. Install UNAB in default location.
2. Run uxpreinstall, Register and activate.
3. Now go to the following location /opt/CA/AccessControlShared/lbin, and configure the report agent as shown below:
   ./report_agent.sh config -server 10.130.229.26 -proto ssl -port 7243 -queue queue/snapshot -audit
4. Now confirm the settings and restart the UNAB daemons.
   NOTE: As the report agent is configured restarting UNAB will also start Report Agent.
5. Kill the report agent
6. cd /opt/CA/AccessControlShared/bin
7. Set the Acuxch key
8. ./ReportAgent -debug 0 -now

1. Create PMDB
2. Add the subscriber =^ subs pmdb subs(subscriber)
3. Check pmd.audit =^ seaudit -a -fn pmd.audit 4. You will see code 338 is garbled.
   It doesn't happen in English seos.msg. 24 May 2011 17:00:10 S UPDATE PMD SECV6Administrator 338 10 pmd1 secv6 host pmd1 ??TuXNCu??B

1. NETLOGON folder |_defenc.dll (Renamed the one from "Encryption Package" in the registry) |_SegraceW.exe |_batch script to run "segracew -s DC_host"
2. Configure the logon script for the domain user to run the batch script. - Member(x86) Logon by the domain user. ==^ "ERROR: can not connect to AC database." Until SP3, it works with above configuration.. step: 1.install AC on DC 2.copy egraceW.exe and encryption package to NETLOGON shared folder on DC. default encryption package is aes256enc.dll
3. rename the encryption package to defenc.dll
4. open the NETLOGON from a workstation
5. run egraceW.exe -s ^=DC hostname=^
6. verify you don't get "ERROR: can not connect to AC database."

1. Defined tokens ldap_xxx in seos section
2. Upgrade AC
3. tokens ldap_xxx in seos.ini are not inherited

In the Endpoint Manager UI.

1. Create a file rule for '/home/d000623s.*'
2. Create a file rule for '/home/d000623*' and you will receive the error:
   Error: There is already a FILE entity with the name: /home/d000623*

1. Test on AIX 6.1
2. Stop AC (secons -s)
3. useradd test01
4. rm -f /etc/security/*.tmp
5. Run 'selang -l': AC=^ env Unix Unix=^ ru test01
6. ls -qal /etc/security/*.tmp -=^ You should NOT see any files created during the test

1. Create SSH PUPM end point
2. Discover the end point
3. Enter to the SSH account at Modify Privileged Account screen when the endpoint is down
4. The shown container is wrong

1. Crate endpoint that contains back slash () or double quotes (") at the password
2. Assigned to this endpoint Login application (RDP)
3. Try to perform Automatic Login for this account , the operation failed

1. create password policy with Mind length 16 and max length 19
2. assigned this policy to an account
3. try to check out this account, the operation fails

1. create a privileged account "demouser"
2. duplicate Role PUPM USER to SamplePUPMUser and modify Membership to "user=jdoe" scope "accountname=*demo*" If you login with jdoe you will see the demouser pupm account in his priv accounts.
3. disabled the OOTB "breaking glass" role (which should not have any effect) Login with jdoe again and no accounts are shown now.

1. Crate endpoint that contains dollar sign ($) at the password
2. Assigned to this endpoint Login application (RDP)
3. Try to perform Automatic Login for this account , the operation

1. Install endpoint management on a machine with Japanese local
2. Set the browser local to be Ja
3. Open endpoint management login screen and without typing anything press login
   The message that you see is not clear

1. Install AC on Windows 2008 system
2. Reboot and define blocking rule in build-in windows firewall
3. Test the firewall rule - check that it's not working.
4. Unload AC ( secons -s, net stop seosdrv, net stop drveng - order is IMPORTANT ).
5. Test the firewall rule again - now it's working
6. Restart AC( net start drveng, seosd -start, order IMPORTANT)
7. Test AC network interception - it's not working.

1. install AC 12.5SP2 on Windows 64 bit box
2. verify the value of ApplyOnProcess has no consent.exe. This is ok for SP2 HKLMSOFTWAREComputerAssociatesAccessControlInstrumentationPlugInsRunAsPlg ApplyOnProcess=runas.exe explorer.exe
3. upgrade AC 12.5SP4
4. verify consent.exe is added to ApplyOnProcess. SP4 does not add it.

1. Create or modify password policy without week day checked for scheduling
2. Error message appears ParseException:unexpeted end of expression error

1.install AC

2.create PMDB selang =^env pmd =^create pmdb1

3.upgrade AC

4.verify crypto key files protection records does not exist in the pmdb selang =^host pmdb1@ =^find file

1. create PUPM account

2. try to Reset Manually the password with semicolon char (;) getting a message The Password allowed characters does not comply with the password policy settings.

Change the password or use the recommended password

1. Test on Linux AS4.

2. Modify /etc/pam.d/system-auth so 'auth optional pam_seos.so' will

be placed one line BEFORE 'auth sufficient /lib/security/$ISA/pam_unix.so

likeauth nullok'

3. Start AC (seload).

4. AC> eu test01 password(123)

5. telnet localhost (login as user test01)

Before this fix telnet got hung right after providing user name

1. Create User in AC

2. Authorize the user to connect from terminal A.

3. Unauthorize the user to connect from terminal B.

4. Connect from terminal A using RDP.

5. Disconnect the RDP session.

6. Connect from terminal B using RDP.

7. The user will be logged off from both sessions.

1. user log in GUI and change password with Ctrl+Alt+Del

2. Password change request send to local AC db and passwd_pmd to deliver it.

3. password change by service user such like NT AUTHORITYSYSTEM on PMD

4. deliver password by the user who is pwmanager.

5. set grace(1) since the change is update by Administrative user and not by original user

1. go to My Privileged Accounts

2. ect account with Auto Login Application setting

3. commit Auto login

4. the Status was not changed to Check out

1. Install AC

2. Selang

eu longnameuser02 password(123) audit(a)

3.Try Logging in with the user

4. Check the Seaudit -a

1. Test on Linux.

2. Start AC.

3. AC> nf /usr/bin/df owner(nobody) audit(all) defacc(all)

4. AC> nu test01 password(123) grace-

5. ssh-l test01 0 df -h

6. See the host name in FILE audit for /usr/bin/df and see that it is not 0.0.0.0.

1.Install AC

2.ps -ef | grep defunct

No Defunct process to begin with (if there is already a defunct process no more defunct process should be started by SEOSWD)

3. vi seos.ini

kill_ignore = no

4. start up AccessControl.

5. issec to find out the seosd pid.

6. kill [pid of seosd]

7. ps -ef | grep defunct

8.No Additional Defunct processes should appear.

check -cmd on AIX:

1. install AC, enable KBL, start AC

2. create interactive user

3. set tcsh as login shell for the user (in /etc/passwd).

4. login to the system as interactive user

5. do several Unix commands, among them passwd (password change)

6. exit session

7. print -cmd for this session, there is no commands

AC> host pmdb1@

AC> nu test01 password(xxx)

4. enabled "User must change password at next logon" for native test01

On Unix:

1. define password pmdb

token : passwd_pmd = pmdb1@widnows host

2. create test user

AC> nu test01 password(xxx)

3. login by test01

4. change own password by sepass

sepass

Enter test01's old password:

Enter new password:

Verify new password:

logon windows:

user must change password as "User must change password at next logon" is still enabled.

With AD user store only

1. Create a schedule password policy

2. Assign it to account

3. Change the user's who creates the password policy OU

4. The change password event failed

1. Fully migrated user 'u1' is member of AD group w/o UNIX attributes 'g1'.

2. Login rule (local or enterprise) for group 'g'.

3. Run uxconsole and login in on-line mode

4. use FW to block tcp:389

5. Run xconsole and login in off-line mode

1. Under AC LOG folder create file seos1.audit.bak

2. Add AC rule with defacc(r) for the file full path wildmask at the end, i.e. ^=full path=^seos1.audit.bak*

3. Try to read the file - it should pass.

4. Try to delete the file via command line - it should be denied, if the issue is fixed).

1. log into EntM server via RDP.

2. open EntM WebUI (http://localhost:18080/iam/ac) and login as

superadmin/superadmin

3. navigate to [home] - [[My Accounts] - [My Privileged Accounts]

4. select "putty_oit" from [action] drop down list of test01@vmrh51x64-2

5. you can see putty window with test01 login and message box showing

sessionID.

6. close message box and logout from rhel via putty.

7. click yes to check-in test01.

8. navigate to [Privileged Accounts] - [Audit] - [Audit Privileged Accounts]

9. click search to show audit

10. click recording icon to show slide viewer.

-> you can see the session recording without any problems.

11. log into EntM server via another RDP session.

* leave the first RDP session as login; do not logout from the server.

12. do step 2-10 on the second RDP session.

-> you can see the sessionID in message box as comma separated multiple

value on step 5.

-> you will get an error in slide viewer

1. Install AC on 64bit system(X64 IA64)verify eACSyncLockout.exe is installed on <AC home>bin
2. run eACSyncLockout.exe -startverify the service is startedenable Audit account management in local Auditing Policyenable Account lockout threshold in Account Lockout Policycreate PMDB and subscribe local hostset PMDB@local host to registry
   passwd_pmd/parent_pmdcreate testuser in AC/Nativeenable password class in ACperform failed login attempts by testuser till locked out in nativeverify testuser in AC is locked out

1. Create 2 AD endpoints
2. Try service discovery for one of the AD endpoints.
3. Try service discovery for another AD endpoint.
4. Validate that display is correctly and you don't see endpoint from the first try

1. Set kbl_enabled = yes PamPassUserInfo = 1
2. Create user with uid=0 Define the user as interactive in selang Login via ssh as created user
3. Check sewhoami -a shows correct user nameCheck KBL records for this session