Skip to main content

Deleting a managed system

Deleted managed systems are removed from all managed systems policies and are not placed in the HISTORICAL_DATA_GRP policy. Their passwords are no longer accessible through the GUI, but are still accessible by using KMKeyGetByAccount and RecoverKeyByAccount API functions.

Warning

Ensure that you note the password for each managed system before removing the managed system. Deleted managed systems are not placed in the HISTORICAL_DATA_GRP policy.

You cannot delete any managed system that has checked-out passwords.

To remove a managed system :

  1. Click Manage the system > Privileged access > Managed systems.

  2. Check the boxes for the managed systems you want to remove, and then click Delete.

  3. Click OK to confirm your action.

If you delete a local service mode managed system, the automatically discovered object corresponding to the managed system will also be deleted.

To re-manage a push mode deleted system, the automatically discovered object corresponding to the managed system also needs to be deleted by Removing managed systems from the target system menu .

Removing managed systems from managed system policies

A managed system can also be removed or unbound from a managed system policy. In this case, if the managed system does not belong to any policy, it will be moved into the HISTORICAL_DATA_GRP policy where its passwords are stored. In this state, the passwords are still accessible, but no longer randomized.

To unbind a managed system from a managed system policy:

  1. Click Manage the system > Privileged access > Managed system policies.

  2. Select the managed system policy of the managed systems you want to remove.

  3. Click Member systems.

  4. Check the boxes for the managed systems you want to remove, and then click Delete.

  5. Click OK to confirm your action.

Removing managed systems via the target system menu

An alternative method for deleting a managed system is through the target system menu.

Warning

Deleted managed systems are removed from all managed system policies and are not placed in the HISTORICAL_DATA_GRP policy. Their passwords are no longer accessible through the GUI.

Warning

It is strongly recommended that you back up all passwords and their password histories before deleting a target system that is a managed system.

To delete a managed system that is configured as a target system:

  1. Click Manage the System > Resources > Target systems .

  2. Depending on how the managed system was added, click either Manually defined or Automatically discovered.

  3. Delete the target system by checking the boxes for systems you want to remove, then click Delete. Confirm your action.

    Alternatively, unmanage the target system. Deselect the Automatically create a Privileged Access Manager managed system box for the systems you want to remove, then click Update.

If you added managed systems on an Active Directory domain automatically via auto discovery , and you removed a computer from the domain, the managed system associated is not removed during the next update, but is instead flagged as deleted. Import rules should be configured for system resolution and HISTORICAL_DATA_GRP policy assignment.

In this section: