System Administrators may need to change the global ESAM policy to strengthen system-wide enforcement of OpenEdge installation validation. For example, switching from a permissive default, which allows unregistered installations to run, to a stricter policy, that blocks them, can help prevent unauthorized or misconfigured environments from executing.

  1. Locate the global policy file.
    • On Windows:
      C:\Windows\System32\openedge.d\conf\oesec.pol
    • On Linux:
      /etc/openedge.d/conf/oesec.pol
  2. Modify the policy setting by find the line that defines the root install path validation policy.
    • Change the value from: 
      POLICY=OESEC_POL_NO_ACTION
      to:
      OESEC_POL_QUALIFIED_BLOCK_ACCESS
  3. Save and close the file.
    Note: Root or System Administrator privileges required to save changes, all users can view the policy file.
  4. Restart any OpenEdge services or processes that rely on ESAM to ensure the new policy is applied.
  5. Check the ESAM audit log (oesec.log) to confirm that the new policy is being enforced and that no unauthorized installations are running.