How do I disable agent authentication?
Is there a way to have agents use encryption only?
Can I force the agent to only use encrypted communications?
Security Manager 5.X
To disable authentication:
NOTE: ON NEW INSTALLS OF SECURITY MANAGER 5.5 AND ABOVE, AUTHENTICATION IS DISABLED BY DEFAULT.
Start the Monitor Console in the NetIQ Security Manager program group.
In the left pane, expand Configuration > Global Settings.
On the Action menu, click Edit Agent Settings.
On the Communications tab, select Use Secured Port (encryption only).
In the right pane, click Communications.
On the Action menu, click Properties.
Ensure the Communicate with authenticated agents only check box is cleared.
In the left pane, click Configuration.
On the Action menu, click Force Configuration Changes Now. For SM 5.5, skip to step 13. Wait until each agent receives either a 21240 or 21270 event before proceeding.
- Restart NetIQ Security Manager service (formerly called OnePoint for version 5.0) on all agent computers. If you have many agents and want to automate restarting the agent service, see the note below.
In the left pane, expand Monitor > Infrastructure Components > Agents. Wait for the Authentication Status to change to Not Authenticated for all the agents in this view.
Run the following SQL query in Microsoft SQL Query Analyzer to remove any existing keys in the database:
Note: Security Manager version 5.5 agents restart automaticaly.
Delete from ComputerSecurity where status <8000
For SM 5.5, the following information is no longer necessary since the agent will restart itself when receiving this configuration change.
To restart the NetIQ Security Manager Service (formerly called OnePoint for version 5.0) on all agent computers:
On each central computer, navigate to \Program Files\NetIQ Security Manager\OnePoint\InstallService (If you have version 5.0, navigate to Program Files\MCS OnePoint\OnePoint\InstallService ).
Open the InstallService.ini file, scroll to the end of the file and add a semi-colon character (;), and then save the file.
Perform a managed computer scan. The agents will see the InstallService.ini file has a newer timestamp than the one they have and go into a pending installation state. For more information about performing a manager computer scan, see the Help.
In the left pane of the Monitor Console, expand Configuration > Pending Agents > Installation.
Approve and process the pending upgrades. This causes the NetIQ Security Manager (OnePoint for version 5.0) service to bounce on the agent and this forces it to use the new communication setting. For more information, see the User Guide for Security Manager.