Merce_Salmeron

CA Security Tuesday Tip: Privileged Identity Manager: How to force deletion of policies deployed

Discussion created by Merce_Salmeron Employee on May 5, 2015

All versions Windows and unix

 

The procedure below can be used to manually remove policies from endpoints:

  

 

1) On the endpoint do the following via selang;

   'find POLICY' and identify the policy that needs removing

2) undeploy POLICY ( policyName )

3) rr RULESET ("policyName#01") noexit

4) rr POLICY ("policyName#01") noexit

5) rr GPOLICY ("policyName")

 

Note that the policy version number from steps 1-2 may be different

 

6) run 'find DEPLOYMENT' and 'find GDEPLOYMENT' on both endpoint and DMS,

   any objects that exist on the endpoint but NOT on the DMS need to be

   removed from the ENDPOINT with:

   rr DEPLOYMENT deploymentName

   rr GDEPLOYMENT deploymentName

 

Outcomes