The Security Operations group has announced that they are making Active Directory changes in the near future to help secure our environment.
These are two of the items they are changing:
1. Disabling basic authentication for Windows Remote Management (WinRM). WinRM is a Windows feature that allows administrators to remotely run management scripts. It supports several methods of authentication with basic being the least secure. Less secure authentication could leave the bank vulnerable to unauthorized access.
2. Restricting anonymous access to named pipes (which provide communication between processes on the same computer and between processes from different computers across the network) to prevent unauthorized activity.
There has been seen pipes on the system with AXC in the name, making you think that CA-AP is using pipes, but it's not know if these are used for anonymous access to a named pipe. This information comes from opening a PowerShell window and typing "get-childitem \\.\pipe\".
The answer to these 2 changes is :
For the first change, CA Automation Point is not using the Windows Remote Management.
For the second change, CA Automation Point never required any special access to anonymous named pipes. All our test system already have the “Restrict anonymous access to Named Pipes and Shares” setting enabled by default and we never experienced any issues. So if you refer to this setting, CA AP isn’t affected by this setting at all.