Imprivata Privileged Access Management Product Update 2.3.202102150012

February 15, 2021

PAM Update: Added account management for NetApp and Cisco Nexus devices, added the option to launch remote MMC snap-in controls

This update adds account management for NetApp and Cisco Nexus devices added the option to launch remote MMC snap-in controls and manage accounts in Active Directory Domain Controllers operating on non-standard ports.

Added account management for NetApp and Cisco Nexus devices

The update adds Check Status and Password Reset scripts for NetApp and Cisco Nexus network devices.

The option improves privileged access management coverage for network infrastructure.

System administrators can add Check Status Remote NetApp and Password Reset Remote NetApp, or Check Status Remote Cisco Nexus and Password Reset Remote Cisco Nexus scripts to the regular Unix Host record to enable account management for the corresponding network device or extend a Unix Host record type for the broad application of account management policies for multiple devices.

Added the option to launch remote MMC snap-in controls

The update adds the option to launch MMC snap-ins using Remote Application technology on the remote RDS server. The option enables system owners to delegate selected aspects of system management without exposing unnecessary broader functionality.

The option is enabled by using RemoteApp field of Windows Host record that contains the name of MMC snap-in including full path and msc extension like in the example: C:\Windows\system32\lusrmgr.msc

The new function requires mmc.exe application published on the RDS host. The function enables the following String fields to customize behavior of the launch of the remote applications:

RemoteApp – the name of the remote application to start

RemoteAppArgs – optional parameters of the remote application

RemoteAppDir – initial folder to launch the remote application in

Added support for Active Directory servers operating on a non-standard port

The update added support for Active Directory servers operating on a non-standard port including the integration option as well as the option to manage accounts in the Active Directory using LDAP Server / LDAP User records.

The option allows system owners to integrate and manage active directories accessed in the isolated networks through the port translation.

Added the option to change the location of intermediate mapped drive file transfer storage for WEB RDP sessions

The update added the option to define the custom location of the intermediate storage of files transferred to a remote WEB RDP sessions.

The option allows to offload intermediate storage from PAM hosts to external network drives.

To enable the option use system parameter xtam.session.web.rdp.tmp in $PAM_HOME/web/conf/catalina.properties file.

The parameter defines the full path on the Linux server or the path on the Windows server using the format /cygdrive/x/folder where x is a drive letter and folder is a folder path. Default folder is located in $PAM_HOME/guac/tmp on Linux hosts and $PAM_HOME/guacd/tmp on Windows hosts.

Added the option to override global Exclusive Session configuration on a record or record type level

The update added Added the option to override global Exclusive Session configuration on a record or record type level.

The option allows designating certain records for exclusive access instead of enforcing exclusive access globally.

To enable the option use the record level Choice field ExclusiveSession (Display name Exclusive Session, Values: Enabled, Disabled, Use Global) to override or inherit the global setting.