PAM360 Agent-Based Operations

Once you have installed the PAM360 agent with the respective usage and modules, you can proceed with the further operations related to the PAM360 agents that follow.

Discovering Local Accounts using the PAM360 Agent
Finding Tasks Awaiting Execution by the PAM360 Agent
Associating and Disassociating PAM360 Agents
Deleting a PAM360 Agent
Remapping a PAM360 Agent
Frequently Asked Questions

1. Discovering Local Accounts using the PAM360 Agent

When the agent is started for the first time on the target machine, it will automatically add the machine as a resource in PAM360 and discover the local accounts. After discovery, you can reset the passwords of the local accounts. To learn more about resetting passwords using the PAM360 agent, click here.

2. Finding Tasks Awaiting Execution by the PAM360 Agent

Follow the below steps to find the tasks have been triggered by the user but awaiting execution by the PAM360 agent.

Click the bell icon in the top panel of the interface for viewing Notifications.
Under Agent Alerts, you will find the agent related statuses:
- The number of password reset and password verify actions triggered.
- Status of password reset actions triggered earlier.
- Status of password verify actions triggered earlier.
The notifications are user-specific i.e., users will be notified of only those tasks that they have triggered.

3. Associating and Disassociating PAM360 Agents
(This feature is available from PAM360 build 5710 for C# and Go Agents only)

PAM360 allows users to associate and disassociate agents to/from their resources/users. Associating an agent will allow the agent to perform remote operations on the resource or to fetch data from user device, while disassociating the agent will pause all the operations performed by it.

Navigate to Admin >> PAM360 Agents >> Manage Agents. Here, you will be able to view a list of agents mapped with the resources/users.
To Disassociate a resource/user from an agent,

Click the agent action icon beside the desired resource/user name and click Disassociate.
In the popup that appears, mention the time interval (in minutes) between which the agent should check its status.
Click Disassociate to disassociate the selected agent. You have successfully disassociated the resource/user from the agent.

To Disassociate agents in bulk,

Select the required resources/users to be disassociated and click the Disassociate button from the top pane.
Mention the time interval (in minutes) between which the agent should check the status
Click Disassociate to disassociate the selected agent. You have successfully disassociated the resource/user from the agent.

To Associate a resource/user with an agent,

Click the agent action icon beside the desired resource/user name and click Associate. You have successfully associated the resource/user with the agent.

4. Deleting a PAM360 Agent
(This feature is available from PAM360 build 5710)

Navigate to the Resources/ Users tab and delete the resource/user whose agent you wish to delete.
Now, navigate to Admin >> PAM360 Agents >> Manage Agents.

Note: The 'Resource Name/User Name' for the agent whose resource/user got deleted will be displayed as 'N/A'.
Click the agent action icon beside the agent whose resource/user you deleted and click Delete Agent.
In the pop-up that appears, click Delete.

You have successfully deleted the agent.

Notes:

The resource gets deleted along with the agent, so it is recommended for the resource owner to take a copy of the resource before deleting the agent.

This operation will only remove the agent from the PAM360 server and will not uninstall the agent from the resource.

To add a deleted agent to the PAM360 server, reinstall the agent in the target machine.

5. Remapping a PAM360 Agent
(This feature is available from PAM360 build 5710 for C# and Go Agents only)

The Remap Agent option is used when the resource of an agent is accidentally deleted. Administrators will be able to remap the agent to its resource using the following steps:

Navigate to the Resources tab and add a resource with the same DNS name as the agent.
Now, navigate to Admin >> PAM360 Agents >> Manage Agents >> Resource.
Click the resource action icon beside the agent belonging to the added resource and click Remap Agent.
In the pop-up that appears, select the resource with which you want to remap the agent and click Remap Agent.

You have successfully remapped the agent to the resource.

6. Frequently Asked Questions

How to create a custom role to manage agents?
To manage agents, the user must have Add and Edit permission to the Resources and permission to Download PAM360 Agents. Follow the below steps:
1. Navigate to Admin >> Customization >> Roles.
2. Click Add Roles. In the pop-up that appears,
  1. Mention the Name and Description.
  2. Click Password.
    1. Click Resource tab and enable Add and Edit.
    2. Click Password Reset tab and enable Password Reset.
  3. Click Custom Settings and enable Download PAM360 Agents.
3. You have successfully created a role to manage agents.
Are there any reports for Manage Agents?
Navigate to Reports >> Query Reports >> Resources and search for 'Agents Installed'. This report will contain a list of agents installed in their respective resources.

What will happen to the existing agents & what functionalities are applicable after upgrading to 5710?

When PAM360 is upgraded to build 5710, all the existing agents from the older build will be added to Admin >> PAM360 Agent >> Manage Agent.
You will only be able to view and Delete the old agents from the Manage Agents window.
It is recommended that you reinstall the latest agent in the target machine to use other functionalities such as Associate, Disassociate and Remap.

What will happen in the Manage Agents window if the agent is removed/uninstalled from the target machine?
The status of the agent is updated once every 30 min by default. If the agent is inactive for that period of time, the status of that agent will be marked as inactive.
If a resource is shared with an admin with full access, will the agent be displayed under the Manage Agents window?
No, the agent details will be displayed under the Manage Agents page only when the resource ownership is transferred to a different admin-privileged user.
What will happen when the ownership of the agent-installed resource is transferred to a different admin-privileged user?
The agent installed in the resource will be displayed in the Manage Agents window to the user to whom the ownership of the resource is transferred.


PAM360 Agent-Based Operations Once you have installed the PAM360 agent with the respective usage and modules, you can proceed with the further operations related to the PAM360 agents that follow. Discovering Local Accounts using the PAM360 Agent Finding Tasks Awaiting Execution by the PAM360 Agent Associating and Disassociating PAM360 Agents Deleting a PAM360 Agent Remapping a PAM360 Agent Frequently Asked Questions 1. Discovering Local Accounts using the PAM360 Agent When the agent is started for the first time on the target machine, it will automatically add the machine as a resource in PAM360 and discover the local accounts. After discovery, you can reset the passwords of the local accounts. To learn more about resetting passwords using the PAM360 agent, click here. 2. Finding Tasks Awaiting Execution by the PAM360 Agent Follow the below steps to find the tasks have been triggered by the user but awaiting execution by the PAM360 agent. Click the bell icon in the top panel of the interface for viewing Notifications. Under Agent Alerts, you will find the agent related statuses: The number of password reset and password verify actions triggered. Status of password reset actions triggered earlier. Status of password verify actions triggered earlier. The notifications are user-specific i.e., users will be notified of only those tasks that they have triggered. 3. Associating and Disassociating PAM360 Agents (This feature is available from PAM360 build 5710 for C# and Go Agents only) PAM360 allows users to associate and disassociate agents to/from their resources/users. Associating an agent will allow the agent to perform remote operations on the resource or to fetch data from user device, while disassociating the agent will pause all the operations performed by it. Navigate to Admin >> PAM360 Agents >> Manage Agents. Here, you will be able to view a list of agents mapped with the resources/users. To Disassociate a resource/user from an agent, Click the agent action icon beside the desired resource/user name and click Disassociate. In the popup that appears, mention the time interval (in minutes) between which the agent should check its status. Click Disassociate to disassociate the selected agent. You have successfully disassociated the resource/user from the agent. To Disassociate agents in bulk, Select the required resources/users to be disassociated and click the Disassociate button from the top pane. Mention the time interval (in minutes) between which the agent should check the status Click Disassociate to disassociate the selected agent. You have successfully disassociated the resource/user from the agent. To Associate a resource/user with an agent, Click the agent action icon beside the desired resource/user name and click Associate. You have successfully associated the resource/user with the agent. 4. Deleting a PAM360 Agent (This feature is available from PAM360 build 5710) Navigate to the Resources/ Users tab and delete the resource/user whose agent you wish to delete. Now, navigate to Admin >> PAM360 Agents >> Manage Agents. Note: The 'Resource Name/User Name' for the agent whose resource/user got deleted will be displayed as 'N/A'. Click the agent action icon beside the agent whose resource/user you deleted and click Delete Agent. In the pop-up that appears, click Delete. You have successfully deleted the agent. Notes: The resource gets deleted along with the agent, so it is recommended for the resource owner to take a copy of the resource before deleting the agent. This operation will only remove the agent from the PAM360 server and will not uninstall the agent from the resource. To add a deleted agent to the PAM360 server, reinstall the agent in the target machine. 5. Remapping a PAM360 Agent (This feature is available from PAM360 build 5710 for C# and Go Agents only) The Remap Agent option is used when the resource of an agent is accidentally deleted. Administrators will be able to remap the agent to its resource using the following steps: Navigate to the Resources tab and add a resource with the same DNS name as the agent. Now, navigate to Admin >> PAM360 Agents >> Manage Agents >> Resource. Click the resource action icon beside the agent belonging to the added resource and click Remap Agent. In the pop-up that appears, select the resource with which you want to remap the agent and click Remap Agent. You have successfully remapped the agent to the resource. 6. Frequently Asked Questions How to create a custom role to manage agents? To manage agents, the user must have Add and Edit permission to the Resources and permission to Download PAM360 Agents. Follow the below steps: Navigate to Admin >> Customization >> Roles. Click Add Roles. In the pop-up that appears, Mention the Name and Description. Click Password. Click Resource tab and enable Add and Edit. Click Password Reset tab and enable Password Reset. Click Custom Settings and enable Download PAM360 Agents. You have successfully created a role to manage agents. Note: The user will have to be the owner of the resource in which the agent is installed. Are there any reports for Manage Agents? Navigate to Reports >> Query Reports >> Resources and search for 'Agents Installed'. This report will contain a list of agents installed in their respective resources. What will happen to the existing agents & what functionalities are applicable after upgrading to 5710? When PAM360 is upgraded to build 5710, all the existing agents from the older build will be added to Admin >> PAM360 Agent >> Manage Agent. You will only be able to view and Delete the old agents from the Manage Agents window. It is recommended that you reinstall the latest agent in the target machine to use other functionalities such as Associate, Disassociate and Remap. What will happen in the Manage Agents window if the agent is removed/uninstalled from the target machine? The status of the agent is updated once every 30 min by default. If the agent is inactive for that period of time, the status of that agent will be marked as inactive. If a resource is shared with an admin with full access, will the agent be displayed under the Manage Agents window? No, the agent details will be displayed under the Manage Agents page only when the resource ownership is transferred to a different admin-privileged user. What will happen when the ownership of the agent-installed resource is transferred to a different admin-privileged user? The agent installed in the resource will be displayed in the Manage Agents window to the user to whom the ownership of the resource is transferred.