When an account is unable to change its own password, how can you ensure that password reset with the reconcile account is performed each time instead of a change?
A.
Set the parameter RCAllowManualReconciliation to Yes.
B.
Set the parameter ChangePasswordinResetMade to Yes.
C.
Set the parameter IgnoreReconcileOnMissingAccount to No.
In CyberArk’s Privileged Access Management (PAM), when an account cannot change its own password, setting the parameter IgnoreReconcileOnMissingAccount to No ensures that the reconcile account is used for password reset. This is because the reconcile account has the necessary permissions to reset the password when the primary account cannot do so. References: The information provided is based on general knowledge of CyberArk PAM best practices and is not taken from any specific CyberArk Defender PAM course or learning resources.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit