14.4 Enabling the Key Checkout for Shared Key

You can create a rule to enable key checkout for privileged users. This rule enables the privileged users to checkout the available key simultaneously till the key usage exceeds the user limit. You can use the policy templates such as, SSH Key CheckIn-CheckOut, Windows Key CheckIn-CheckOut, and VMWare Key CheckIn-CheckOut for key checkout then, customize it as per the requirement. For more information about adding a policy template refer, Adding a Policy Template.

To enable key checkout, perform the following:

  1. Configure the shared Key.

    For information about configuring a shared key, refer Configuring Shared Keys.

  2. In the navigation bar, click Consoles > Command Control.

  3. Create a rule at a required level. For more information about rules, refer Rules.

    You can also use the default policy template instead of creating a new rule.

  4. Create a new command by using the Key_<domain type> command. Where, domain type is the name that you specify for the type of the shared key domain.


    use any of the following default commands and modify the fields as per the requirement:

    • SSH Key Check Out

    • Windows Key Check Out

    • VMWare Key Check Out

    If you selected Create Command for Custom Key while configuring shared key, the command is created with the same name as the domain type.

  5. Modify the created rule with the required details.

    Account Domain: Leave this field blank.

    Credentials: Leave this field blank.

    Run User: If you want users to use only a specific key, specify the shared key name. If you want different users to use the different keys available in a domain, specify the asterisk (*) symbol.

    Run Host: Specify the shared key domain.

    If the key domain has the Multiuser option enabled in Shared Key Domain of Enterprise Credential Vault, different users can simultaneously check out the same key that is specified in the domain.

    Risk Level: Set a Risk Level of 0 to 99. This option allows you to set a value representing the relative risk of a rule with the session auditing option (see cpcksh). When viewing a Command Control Keystroke Report, you see commands controlled by rules with different risk values represented in different colors.

    Audit Group: Define an Audit Group. This setting is for use in Compliance Auditor reports.

    NOTE:To configure video capturing refer section Video Capture