Here’s an example on how to change the ISVA/ISAM admin@local password using BeyondTrust’s BeyondInsight PAM (Privileged Access Manager) tool:
Import the ISAM9.xml custom platform file in the Custom Platform screen (under Configuration/Custom Platforms)
Note that this file is an example only , because it misses robust error handling !
This creates a custom platform , that will use the
management pdadmin command to change the administrator password.
The custom platform’s Change password command is modified to perform the pdadmin steps using the old and new password.
You can then assign the Custom Platform to your Managed Systems. Click on “Create new custom platform” to see the “Import Platform (XML)” option.
The next step is creating a managed account. The username must be
admin (not admin@local). It’s not necessary to enable the system for automatic password management, although that’s an option.
This result it that you’ll have the “Test Password” and “Change Password” actions on the managed accounts.
Make sure that BeyondTrust saves the password !
Warning Make sure you’ve configured a separate user in ISVA (under Management Authorization) that has enough rights to reset the admin@local password ! It has happened to me that the password change succeeded on the ISVA appliance but was not stored in BeyondTrust because an error occured after the actual password change.
At this moment, I don’t have a way to change/manage the other passwords in ISVA, like the
sec_master password or the passwords for the Federation/AAC User registry.