3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The DB2RCMD_LEGACY_MODE registry variable determines whether the Db2 Remote Command Service runs with enhanced security or not. It is recommended that legacy mode not be enabled.

This registry variable only applies to Db2 Servers running on Windows.

Rationale:

Legacy mode requires the Db2 service account to have privileges to impersonate the client account.

Solution

Run the following command to set the DB2RCMD_LEGACY_MODE registry variable to OFF:

db2set DB2RCMD_LEGACY_MODE=OFF

Default Value:

The default value of DB2RCMD_LEGACY_MODE is OFF.

See Also

https://workbench.cisecurity.org/files/4033