setoptions Command Set CA Privileged Access Manager Server Control Windows Options

The setoptions command dynamically sets system-wide options related to the Windows operating system.
capamsc141
The setoptions command dynamically sets system-wide
PAM Server Control
options related to the Windows operating system.
This command also exists in the AC environment, but operates differently there.
You need ADMIN attribute to use the setoptions command, with the exception that you need only AUDITOR or OPERATOR attribute to use the command setoptions list.
This command has the following format:
setoptions|so \
[audit_policy( \ [success(system|logon|access|rights \ |process|security|manage)] \[failure(system|logon|access|rights \ |process|security|manage)] \ )] [password([history(number-stored-passwords)][interval(nDays)][min_life(NDays)] )]
[audit_policy( \
[success(system|logon|access|rights \ |process|security|manage)] \ [failure(system|logon|access|rights \ |process|security|manage)] \
  • audit_policy{+|-}
    Specifies whether auditing is enabled (+) or disabled (-).
  • audit_policy(success(system|logon|access|rights|process|security|manage))
    Specifies which detected authorized access events are logged. The types of access are:
    • system
      -attempts to shutdown or restart the computer.
    • logon
      -attempts to log on to or log off from the system.
    • access
      -attempts to access securable objects, such as files.
    • rights
      -attempts to use Windows Server privileges.
    • process
      -events such as program activation, some forms of handle duplication, indirect access to an object, and process exit.
    • security
      -attempts to change Policy object rules.
    • manage
      -attempts to create, delete, or change user or group accounts. Also, password changes.
  • audit_policy(failure(system|logon|access|rights|process|security|manage))
    Specifies which detected unauthorized access events are logged. The types of access are:
    • system
      -attempts to shutdown or restart the computer.
    • logon
      -attempts to log on to or log off from the system.
    • access
      -attempts to access securable objects, such as files.
    • rights
      -attempts to use Windows Server privileges.
    • process
      -events such as program activation, some forms of handle duplication, indirect access to an object, and process exit.
    • security
      -attempts to change Policy object rules.
    • manage
      -attempts to create, delete, or change user or group accounts. Also, password changes.
  • history(
    number-stored-passwords
    )
    Specifies the number of previous passwords that are stored in the database. When supplying a new password, the user cannot specify any of the passwords stored in the history list.
    NStoredPasswords
    is an integer between 1 and 24. If you specify zero, no passwords are saved.
  • interval(
    nDays
    )
    Sets the number of days that must pass after passwords are set or changed before the system prompts users for a new password.
    The value of
    nDays
    must be a positive integer or zero. An interval of zero disables password interval checking for users. Set the interval to zero if you do not want passwords to expire.
  • min_life(
    NDays
    )
    Sets the minimum number of days between password changes.
    NDays
    must be a positive integer.