Chat now with support
Chat mit Support

Safeguard Privilege Manager for Windows 4.5 - Administration Guide

About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

Using the Scheduled Reports Details Wizard

After you create a shared filter set to modify your report criteria, you can select a report and set its schedule and delivery. You can configure it to go to multiple recipients, including you, your manager, and/or the help desk. In addition, you can set the subject line to meet the requirements of your help desk. You can also specify network and file share locations to send it to.

To use the Scheduled Reports Details Wizard to generate a scheduled report

  1. Configure the Server.

    1. Use the Privilege Manager Server Setup Wizard to configure the Server Email Notification Configuration settings on the first screen of the wizard.

    2. If you previously completed the wizard, the remaining screens are automatically populated.

    3. Refer to the Safeguard Privilege Manager for Windows Quick Start Guide for step-by-step instructions.

  2. Create shared filter sets to modify your report criteria. You must create at least one shared filter set to generate a scheduled report. Scheduled reports work only for shared filter sets configured in the Reporting tab (except for the built-in Local Filters), not in Discovery & Remediation. For more information, see Using the Applied Filters Wizard.

  3. In the Reporting section of the navigation pane, select Scheduled Reports. The Scheduled Reports section appears on the top of the screen.

  4. Complete the following steps:

    1. Click Refresh to refresh the screen and update the last run time.

  5. Use the toolbar to add, edit, copy, or delete a report.

  6. The Scheduled Reports Details Wizard will open when you add a report.

  7. Complete the Type tab and click Next.

  8. Complete the Schedule tab.

    1. Select the Start time.

    2. Select the Cycle for how often the report will run. Changes to scheduled reports may take up to 10 minutes to take effect.

    3. Click Next.

  9. Complete one of the sub-tabs under the Delivery tab.

    1. Complete the Email sub-tab.

Or,

  1. Use the button to add email addresses and the button to remove them.

  2. Enter a subject.

  3. Select the report format.

  4. Complete the File share sub-tab.

    1. Type the folder path in the following format: \\ComputerName\SharedFolder

    2. Use the Browse button to locate the folder.

  5. Use the button to add folder paths and the button to remove them.

  6. Select the report format.

  7. Click Finish.

  8. After the report is created, check your email or file share to confirm receipt.

Using the Resultant Set of Policy Wizard

The Resultant Set of Policy (RSoP) Wizard is a built-in MMC snap in. It helps you view policy settings applied to selected computers and users (in the logging mode) or simulate a policy implementation to plan changes to your network (in the planning mode). On Windows 10 machines .Net 4.0 needs to be enabled or the PM Console installed in order to view the values from the RSoP Wizard.

To use the Resultant Set of Policy Wizard to report on policies you have applied

  1. Install the Client on the computer for which you are viewing or simulating a policy.

  2. Open the MMC. On the Start menu, click Run, type MMC, and then click OK.

  3. From the File menu, select Add/Remove Snap-in. The Add or Remove Snap-ins dialog appears.

    1. Select Resultant Set of Policy under the list of snap-ins.

    2. Click Add.

    3. Click OK.

  4. The Console Root window now has a snap-in, Resultant Set of Policy, rooted at the Console Root folder.

  5. Under the Name column, click Resultant Set of Policy.

  6. Complete one of the following steps:

    1. Right-click Resultant Set of Policy and select Generate RSoP Data.

    2. Under the Resultant Set of Policy pane in the Actions column, click More Actions and select Generate RSoP Data.

      The Resultant Set of Policy Wizard appears.

  7. Complete the following steps:

    1. Choose the Logging mode to review policy settings or the Planning mode to simulate a policy implementation.

    2. Specify the data requested in each tab and click Next.

    3. Click Finish to quit the wizard.

      The Console Root window now has Privilege Manager for Windows nodes, rooted at the Console Root folder under Computer Configuration and User Configuration. Privilege Manager for Windows Details appears on the right, showing the rules and advanced policy settings that are applied.

Client-side UI customization

Topics:

Safeguard Privilege Manager for Windows supports the text customization of all user-facing dialogs on client computers. In addition to the ability to change the default English dialog text, admins can also create client-side UI customization files for any non-English client language locale.

Language translation files

To customize the language used in the client-side UI, one or more translation files must be located in the same folder where the client files are installed, by default: C:\Program Files (x86)\Common Files\One Identity\Safeguard Privilege Manager for Windows\Client.

A language-specific translation file must be named as follows: <two_letter_language_code>-pmlang.ini

Example:

  • Spanish translation language file name: es-pmlang.ini

  • English translation language file name: en-pmlang.ini (used to customize client computers with English locale)

  • French translation language file name: fr-pmlang.ini

NOTE: The en-pmlang.ini file is used. For information on language translation files currently available for download, as well as configuration and troubleshooting tips, see Knowledge Base Article Safeguard Privilege Manager for Windows User Interface Language Translation (4228235).

Safeguard Privilege Manager for Windows automatically searches for the language translation file corresponding to the language local setting on a client computer. If no translation file is found, default English client-side text strings are used.

A specific language translation file can be used regardless of the Window's local settings with the use of a registry setting.

  • Hive: HKCU\Software\Scriptlogic Corporation\Privilege Authority

  • Key: Preferred Language

  • Type: REG_SZ

  • Value: name of language file, for example, es-pmlang.ini

    The corresponding translation file must exist as described above.

In addition to checking locally on the client computer for language translation files, the Safeguard Privilege Manager for Windows Client automatically copies (and overwrites older, already existing) language files found on the NETLOGON share.

NOTE: NETLOGON is checked for updated language files every time a user logs on to a computer.

Additionally, Administrators can configure the Safeguard Privilege Manager for Windows Client to check an alternate location for updated language translation files. This can be done by updating the TranslationFilesFolder value in HKLM\Software\Scriptlogic Corporation\Privilege Authority.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen