以下是有关主帐户和内置管理员帐户之间的区别的一些说明。 

  •  系统会自动将用户添加到具有完全权限的所有新保险箱中,即使不是它创建的保险箱也是如此。它需要特殊的配置才能登录。

  • 管理员 是内置的管理用户,但与  它不会自动分配给其他用户创建的所有新保险箱。

默认配置,如果您尝试通过PrivateArk Client登录  using 主 account, you will get following error:

In certain situation, for example, your administrator account suspended because five times failed authentication. And you do not have second admin account to unlock it. 主 account is your last resort to resolve this kind of DR issue. 


Log in using 主 Account

有两种方法可以做到这一点。

1  Using 主 CD

  • Place 主 CD into server.
  • 双击“私人方舟”图标
  • 输入“ 主”作为用户,然后输入密码。

2  Using 主 Key File

  • 编辑dbparm.ini文件
  • Change RecoveryPrvKey settings to your 主 Key file location
  • 重新启动PrivateArk Server服务
  • Log in using 主 Account

DBPARM.ini文件

[MAIN]
TasksCount=20
DateFormat=DD.MM.YY
TimeFormat=HH:MM:SS
ResidentDelay=10
BasePort=1858
LogRetention=7
LockTimeOut=30
DaysForAutoClear=30
DaysForPicturesDistribution=Never
ClockSyncTolerance=600
TraceArchiveMaxSize=5120
VaultEventNotifications=NotifyOnNewRequest,NotifyOnRejectRequest,NotifyOnConfirmRequestByAll,NotifyOnDeleteRequest
RecoveryPubKey=C:\keys\operator\RecPub.key
ServerKey=C:\keys\operator\Server.key
StagingAreaDirectory=C:\PrivateArk\StagingArea
EntropyFile=C:\PrivateArk\Safes\entropy.rnd
DatabaseConnectionPasswordFile=C:\keys\operator\VaultUser.pass
ServerCertificateFile=C:\keys\operator\Server.pem
ServerPrivateKey=C:\keys\operator\Server.pvk
*AllowedVirusSafeFileTypes=DOC,DOT,XLS,XLT,EPS,BMP,GIF,TGA,TIF,TIFF,LOG,TXT,PAL,,
AutoClearSafeHistory=Yes,1,1,2
AutoClearUserHistory=Yes,1,3,4
AutoSyncExternalObjects=Yes,1,23,24
DebugLevel=PE(1),PERF(1,2)
VaultId=3efd1eb0-7012-11e9-8329-63fd6b776400
DefaultTimeout=30
PooledSocketTimeout=600
RecoveryPrvKey=D:\RecPrv.key
EnablePreDefinedUsers=ALL
AutomaticallyAddBuiltInGroups="Backup Users,DR Users,Operators,Auditors,Notification Engines"
LicenseUsageAlertLevel=85,90,99
MaxTasksAllocation=8(CPM,AIMApp,AppPrv):7-23,16(CPM,AIMApp,AppPrv):23-7,1(PTAApp)
AllowNonStandardFWAddresses=[192.169.1.25],Yes,3389:outbound/udp,3389:inbound/udp
AllowNonStandardFWAddresses=[192.169.1.25],Yes,3389:outbound/tcp,3389:inbound/tcp
AllowNonStandardFWAddresses=[192.169.1.22],Yes,514:outbound/udp,514:inbound/udp
AllowNonStandardFWAddresses=[192.169.1.34],Yes,514:outbound/udp,514:inbound/udp
AllowNonStandardFWAddresses=[192.168.1.146],Yes,25:outbound/tcp
AllowNonStandardFWAddresses=[10.1.4.41],Yes,25:outbound/tcp
ComponentNotificationThreshold=PIMProvider,Yes,30,1440;AppProvider,Yes,30,1440;OPMProvider,Yes,30,1440;CPM,Yes,720,1440;PVWA,Yes,90,1440;PSM,Yes,30,1440;DCAUser,Yes,60,2880;SFE,Yes,10,2880;FTP,Yes,60,2880;ENE,Yes,60,360
UserLockoutPeriodInMinutes=-1
MaskUserIsSuspendedMessage=No
TerminateOnDBErrorCodes=2003
[BACKUP]
BackupKey=C:\keys\operator\Backup.key
[CRYPTO]
SymCipherAlg=AES-256
ASymCipherAlg=RSA-2048
[SYSLOG]
SyslogTranslatorFile=Syslog\ArcSight.xsl
SyslogServerPort=514
*SyslogTranslatorFile=Syslog\ArcSight.xsl,Syslog\PTA.xsl
*SyslogServerPort=514,11514
SyslogServerIP=192.169.1.22,192.169.1.34
*SyslogServerProtocol=TCP,UDP
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=0-999
SyslogSendBOMPrefix=No
UseLegacySyslogFormat=No
SendMonitoringMessage=No

[NTP]
AllowNonStandardFWaddresses=[192.168.1.110],Yes,123:outbound/udp,123:inbound/udp
AllowNonStandardFWaddresses=[192.168.1.111],Yes,123:outbound/udp,123:inbound/udp


来自Blogger //blog.fabiandinkins.com/2020/08/log-in-as-master-from-cyberark.html

通过 约翰

发表评论