On the Vault machine, create a new folder and copy the contents of the installation package to it.
There will be three folders. One for Server, one for client, and the third one for high availability DR.
Display the contents of the Server folder, then start the installation procedure:
On systems that are UAC-enabled, right-click Setup.exe, then select Run as Administrator.
The Vault installation wizard appears and displays a list of required features that it will install on your computer before it can install the Digital Vault
Click Install to begin the installation process; the installation process begins and the PrivateArk Server Setup window appears,
Select Installation Locations.
Select Skip Remote Control Agent Configuration to proceed to the next step of the installation procedure without configuring the Remote Control Agent,
If you skipped Remote Contral Agent Configuration here , and later you want it to be enabled, you might need to go through lots of steps to bring t back. Strongly suggest you choose it now
To install RabbitMQ, select the checkbox, then click Next, to proceed to the next step of the installation.
This step of the installation hardens the Vault machine.
Hardening can be done later.
To confirm that the Vault hardening procedure will be run as part of the installation, click Next,
This step of the installation enables you to specify the name of the folder where the Server files will be stored,
The next step of the installation prompts you for passwords for the built-in Master user and Administrator user
Type the Master user’s password, then type it again to confirm.
Type the Administrator user’s password, then type it again to confirm
Select Yes, I want to restart my computer now, then click Finish to restart your computer.
The installation automatically updates your Windows Start menu, places a PrivateArk Server shortcut icon on the desktop, and updates the computer registry information. If you configured the Remote Control Agent during installation, it will start automatically after you restart your computer.
Create a new Local User for the Logic Container Service
CyberArk has created a script that covers all the manual steps described below for all versions.
The LogicContainerUserConfiguration.ps1 script can be downloaded from the CD image.
To run the script, copy it to the Vault server and run it either by double-clicking the script or by opening PowerShell and running the script.
The script creates a log file next to it detailing all the steps done.
After completed Vault Server installation, you will find there are three built-in Safes in the vault and located at c:\PrivateArk folder:
1. Notification Engine
There are 8 built-in users and 6 built-in groups as show below.
1. From a command line, run an elevated cmd.exe prompt and navigate to the
2. Run the following command:
CAVaultHarden.exe StandAloneVault “[Full Path of Current
Directory]” /AllowRDP [RDP Station IP]
For example: CAVaultHarden.exe StandAloneVault “c:\temp” /AllowRDP 192.168.2.71
The usage from CAVaultHarden.exe is complete wrong. Do not follow the usage from exe file.
PrivateArk Remote Control Agent
If PriavateArk Remote Control Agent service has been installed during vault server installation, you will have a problem to start it later.I got following error message and not sure how to resolve it.
Only thing I can think about is to remove Vault installation and reinstall it with enable Remote Control agent during installation. Not sure how I could enable it manually after installed Vault.
Test Remote Control and Admin
The Remote Control Client is a utility that runs from a command line interface and carries out tasks on a Vault component where the Remote Control Agent is installed. It does not require any Vault components to be installed on the same computer, including a PrivateArk Client.
The Remote Control utility can be used for administrative tasks on the Password Vault and the DR Vault. It contains several general commands that are the same for each component. In these commands, use the following names to specify each component:
Disaster Recovery Vault
Event Notification Engine
Cluster Vault Manager
At a command line prompt, access the PARClient folder and do the following:
Access the Vault and find out the current status of the Vault. Specify the password of the Remote Control Agent. In this example, the password is ‘Asdf1234’.
>parclient 10.1.1.250/Asdf1234 /c "status vault"
Find out the current CPU usage on the Vault.
>parclient 10.1.1.250/Asdf1234 /c getcpu
Set the ‘Debug’ parameter in the DBParm.ini file in the Vault.