3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)

Information

The DB2RCMD_LEGACY_MODE registry variable determines whether the Db2 Remote Command Service runs with enhanced security or not. It is recommended that legacy mode not be enabled.

This registry variable only applies to Db2 Servers running on Windows.

Rationale:

Legacy mode requires the Db2 service account to have privileges to impersonate the client account.

Solution

Run the following command to set the DB2RCMD_LEGACY_MODE registry variable to OFF:

db2set DB2RCMD_LEGACY_MODE=OFF

Default Value:

The default value of DB2RCMD_LEGACY_MODE is OFF.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Windows

Control ID: 2ed1615272db4fddc652983e3bd5dc21f59834accfde9e12b50342caf2ddc5af