Why does my CA PAM Client not start when I install it in C:\Program Files ?

Document ID : KB000116315
Last Modified Date : 28/09/2018
Show Technical Document Details
Question:
I have used the Administrator account to install the CA PAM Client under C:\Program Files
However, any user other than Administrator tries to run the CA PAM Client in that location, it never starts and no message is shown on the screen. Why is this so and what can I do to solve it ?
Environment:
CA PAM 2.6 and above
Answer:
The CA PAM Client process requires access to the folders in the location it is installed to be able to start. In particular, it needs access to write the logs as well as the files tracking the ports used, the upgrades of versions, etc.

For C:\Program Files, the usual permissions for this folder and subfolders is for only the Domain or Local Administrator group to be able to write and change files therein. The rest of the users have only read and execute permissions by default

When the CA PAM client runs, it does so as the user that started it. If the user is a non-Administrator, the process will try to write to the directories without the adequate permissions, which will in turn result in access  being denied. This will cause the CA PAM Client process to be terminated and it will look like the client is not starting.

To work around this program, make sure that the Domain Users, or the group of users which should be able to run the client, to have enough permissions on the installation folder. You could for instance give full control of the CA PAM Client folder and subfolders to that group and that will allow client to start.