Enabling or disabling the SYSTEM User Only Mapping

If your organization-wide security policy prohibits user impersonation, you cannot use the Windows User Mapping or User Privilege Mapping (UPM) techniques to enable a user to assume an effective user identity and a set of user permissions on remote servers. In such cases, use the SYSTEM User Only mapping.

To enable or disable the SYSTEM Only User mapping, you can use either the chapw command or the agentctl utility:

  • The chapw command enables you to enable or disable the mapping while the agent is running.
  • The agentctl utility can also be used to enable or disable the mapping. To use the agentctl utility, the RSCD agent must be shut down.

Using chapw to enable or disable the mapping

To enable the mapping

Run the chapw -s command as follows:
chapw -s 1 <hostname>
See the following example:
image-2023-8-10_15-28-10.png
After you enable this user mapping, you will see the user as SYSTEM. See the following example:
image-2023-8-10_15-28-39.png

To disable the mapping

Run the chapw -s command as follows:
chapw -s 0 <hostname>
After you disable this user mapping, you will see the user as BladeLogicRSCD. See the following example:
image-2023-8-10_15-31-8.png

Using the agentctl utility to enable or disable the mapping

To enable the mapping

Run the agentctl utility as follows:
agentctl.exe maptosystemuseronly 1After you enable this user mapping, you will see the user as SYSTEM. See the following example:
image-2023-8-10_15-28-39.png

To disable the mapping

Run the agentctl utility as follows:
agentctl.exe maptosystemuseronly 0After you disable this user mapping, you will see the user as BladeLogicRSCD. See the following example:
image-2023-8-16_11-37-54.png


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*