What is CyberArk Remote Control Client (PARClient)?

The Remote Control Client is a command line utility that allows administrators to monitor the CyberArk vault remotely and execute some commands remotely/

How to allow CyberArk Remote Control Client (PARClient) to connect with the CyberArk vault?

During the CyberArk vault server installation, the “PrivateArk Remote Control Agent” is also installed. This start a service that allows remote connections on port 9022 (by default)

If this service is running, then the remote control client can connect to the vault and run the relevant commands.

How to Reset the Password of the ParAgent user?

ParAgent user is the user that is used by the CyberArk Remote Control client to authenticate from a remote station that is in the allowed authorized list.

We can reset the password of the ParAgent user by following below steps:

• On the Vault server open a command line window as Administrator and navigate to the “%Program Files%\PrivateArk\Server” folder
  

• Run the command “PARagent.exe setpassword” and specify the new password

• Restart the “PrivateArk Remote Control Agent” service using the Windows service interface to allow connection using the new password

What is ParAgent.ini?

ParAgent.ini contains the configuration properties for the PrivateArk Remote control agent. We can define various properties, such as the default properties below:

RemoteStationIPAddress=10.0.0.5
UserCredentialsPath="C:\Program Files (x86)\PrivateArk\Server\Conf\ParAgent.pass"
RemoteAdminPort=9022
ExtensionComponentList="C:\Program Files (x86)\PrivateArk\Server\PARVaultAgent.dll,C:\Program Files (x86)\PrivateArk\Server\PARENEAgent.dll"
AllowedMonitoredServices="PrivateArk Database,CyberArk Logic Container"
SNMPTrapsThresholdCPU=200,90,3,30,YES
SNMPTrapsThresholdPhysicalMemory=200,90,3,30,YES
SNMPTrapsThresholdSwapMemory=200,90,3,30,YES
SNMPTrapsThresholdDiskUsage=200,85,3,30,YES
SNMPTrapsThresholdServiceStatus=200,3,30,YES
LogMessagesFilterRegexp=.*
ExcludedLogMessagesFilterRegexp=(ITA|PARE|PADR|CAS).*I

How to use Remote Control Client?

Launch the Remote Control Client from a machine that is defined in the ParAgent.ini under “RemoteStationIPAddress”.

Note: There is no installation involved with the Remote Control Client. You simply need to copy the Remote Control Client folder to the machine that is allowed to connect to the Vault as defined in the RemoteStationIPAddress of the ParAgent.ini file.

Remote Control Client requires Microsoft Visual C++ 2013 as a pre-requisite.

Once the Remote Control Client files are copied to the desired directory, launch the command line as admin and navigate to the directory that contains the Remote Control Client files.

Testing the Remote Control Client

Launch command prompt as administrator and navigate to the folder containing the Remote Control Agent files.

Find the Status of the Vault

parclient vaultIP/ParAgentPassword /c “status vault”

The output will show if the Vault is running or stopped.

Find the Status of the CPU on Vault Server

parclient vaultIP/ParAgentPassword /c getcpu

Find Free Disk Space on Vault

parclient vaultIP/ParAgentPassword /c GetDiskUsage