NTCMD Protocol

Parameter

Description

Connection Timeout

Time-out in milliseconds after which the Probe stops trying to connect to the NTCMD server.

Username

The name of the user needed to connect to the host as an administrator.

Password

The password of the user needed to connect to the host as an administrator.

Note The password cannot contain the following special characters: ^&

Windows Domain

The Windows domain in which the credentials are defined. If this field is left empty or is not a valid domain, the NTCMD protocol assumes the user is defined locally on the host.

Run remote commands impersonated

If selected, the discovery commands are executed remotely under the User Name of this credential.

If not selected, the discovery commands are, instead, executed remotely under the LocalService account.

Remote Share Path Used where Admin$ does not exist on the Windows machine being connected to. Type here the name of the SHARE concatenated with full path to the Windows directory of the machine being connected to. For example: Share$\Windows
Share Local Path The full path to the Windows directory of the machine being connected to. For example: C:\Windows

See also: Extended Shell Interface.

Note  

  • This protocol supports IPv6, with the following limitations:

    • Windows XP: Does not work over IPv6
    • Windows Server 2003/2003 R2: Registry on the target system being discovered needs to be modified as described in this Microsoft support article: http://support.microsoft.com/kb/281308
  • You can use the HPCmd Utility to establish shell connection to remote Windows machines in order to execute commands for extracting important configuration information for population in the UCMDB. For details about this utility, see HPCmd - Security Analysis.

  • This protocol uses the DCOM protocol for connecting to remote machines. The DCOM protocol requires that the following ports are open: 135, 137, 138, and 139. In addition the DCOM protocol uses arbitrary ports between 1024 and 65535, but there are ways to restrict the port range used by WMI/DCOM/RPC. In addition, for information about for configuring DCOM to work with firewalls, see http://support.microsoft.com/kb/154596/en-us. For all versions of Windows after NT, port 445 (name: microsoft-ds) is the preferred port for resource sharing, including Windows file sharing and other services. It uses the TCP Protocol and replaces ports 137-139.

Note When the CyberArk integration is enabled, two radio buttons (Regular Credential and External Vault) are enabled. The existing Username and Password parameters are grouped under the Regular Credential radio button, and CyberArk integration specific parameters Type and Reference are enabled and grouped under the External Vault radio button, as described in the table below.

CyberArk-related Parameters

Parameter

Description

Regular Credential

Enabled when CyberArk integration is enabled. Select this radio button to use regular credential as before.

  • Username. See description above.
  • Password. See description above.

External Vault

Enabled when CyberArk integration is enabled. Select this radio button to use an external credential vault.

  • Type. The external vault type. Currently only CyberArk is supported.
  • Reference. Click to open the Configure dialog box.

    • Reference. Select this option to configure the Reference ID that will be used by UCMDB/UD to retrieve the passwords from the CyberArk Enterprise Password Vault when they are needed.

      Set the reference ID in the CyberArk Enterprise Password Vault in the following format: <Safe Name>\<Folder Path>\<Reference ID>.

      Where <Safe Name> is the Safe value in CyberArk, <Folder Path> is the folder where the Safe belongs to, and <Reference ID> is the name of the CyberArk account you specified or auto-generated in CyberArk.

      For example, NancySafe\Root\nancy-cyberark-testing-refid.

    • Parameter. Select this option to enable configuring a list of editable CyberArk properties as a query string for UCMDB/UD to retrieve passwords from the CyberArk Enterprise Password Vault.

      To configure a CyberArk property value, click in the Value column for the property, and specify the value in string.

      The CyberArk properties values must not contain any of the following characters: \/:*?"<>|'.;

      The out-of-the-box list of CyberArk properties displayed in the Configure dialog box is editable. You can set selected CyberArk properties as the default list using JMX method setGlobalSettingVaule. For instructions, see "How to Set a Default List of CyberArk Properties Using JMX" in the Data Flow Management section of the UCMDB Help.

      • Regex. Enables configuring CyberArk properties values in regular expressions.

        For examples of how to use regular expression syntax, see "Regular Expression Examples" in the Modeling section of the UCMDB Help.

        The CyberArk properties values in regular expression must not contain any of the following characters: : ;