Use this Knowledge Script to remotely update the agent security level on the managed Windows computers in your site. When configuring the security level for the agent, keep in mind that all managed Windows clients and management server computers in an AppManager site must be configured to use the same security level. For more information about implementing AppManager secure communication, see the Administrator Guide for AppManager.
Use this script to change the security level on the managed Windows clients in your AppManager site either before or after you change the security level on the repository database. The new security level takes effect on the agent as soon as the script completes.
If your repository database is configured to use Encryption or Encryption and Authentication, and you change the security level on the agent to Cleartext, this script will not immediately raise a successful event. In this case, the agent cannot communicate with the management server until you change the security level on the repository database and restart the management server.
The following security levels are available:
0 - Cleartext -- no security indicates that all communication between the agent and the management server is in cleartext and is not encrypted. This option is available for all supported versions of the AppManager agent.
1 - Encryption -- medium security indicates that all communication between the agent and the management server is encrypted but the agent does not authenticate the identity of the management server. This option is available for all supported versions of the AppManager agent.
2 - Encryption and authentication -- highest security indicates that the agent will attempt to authenticate the identity of the management server before sending and receiving encrypted communication. This option is available for versionĀ 7.0 (or later) of the AppManager agent.
To use the AgentConfigSecurityLevel script to increase the security level on your Windows agents (for example, from Cleartext to Encryption and Authentication):
Use the NQKeyGenWindows.exe utility to generate an encryption key file and insert it into the repository database. You can find this utility in the Program Files\NetIQ\AppManager\bin directory.
NOTE:The same key file can be used for both encrypted and encrypted and authenticated communication.
If you have not done so already, use the AgentConfigSecurityKey script to distribute the agent portion of the key file to all of your Windows agents, including the agent on the management server computers within your site.
Use the NQKeyGenWindows.exe utility to change the security level on the repository database.
Use the AgentConfigSecurityLevel script to change the security level on the agents, including the agent on the management server computers within your site.
Stop and restart the NetIQ AppManager management server service (NetIQms) to communicate at the specified security level.
Windows 2003 Server or later
The default interval for this script is Run once.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Security level |
Select the security level you want the managed Windows computer to use:
Keep in mind that, for a single repository, all managed Windows clients must use the same security level setting. Any time you update security, you must do so for all of your Windows agents. If you cannot update all of your WIndows agents at once, the management server will not be able to communicate with those agents and the interruption in communication may result in missing critical events or data. Therefore, you should plan any change to the security level carefully to minimize the chance of communication failures. The default is 0 - Clear text. |
|
Raise event when update succeeds? |
Set to y to raise an event when the security level is successfully updated. This script always raises an event if the job does not run successfully. If enabled, you can configure the severity level of the event. The default is y. |
|
Event severity when the update... |
Set the event severity level, from 1 to 40, to reflect the importance when the job:
|