Chat now with support
Chat mit Support

Safeguard Privilege Manager for Windows 4.5 - Administration Guide

About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

Offline installation

Offline installation of the app is not directly supported. However, you can set up the Console's Server and Data Collection service if you install some dependencies manually beforehand.

To install the app offline

  1. Set up the Console's Server and Data Collection service by installing the following components:

    • Microsoft System CLR Types for Microsoft SQL Server 2014

    • Microsoft SQL Server 2014 Shared Management Objects

    • Microsoft SQL Server 2014 SP2 Express

  2. Set up the SQL Server manually.

    Example command of running the SQL Server installer with some pre-configuration in place:

    SQLEXPR_2014_ENU.exe /IACCEPTSQLSERVERLICENSETERMS /ACTION=Install /FEATURES=SQL /INSTANCENAME=PAReporting /SECURITYMODE=SQL /SAPWD=PrivilegeAuthority1 /SQLSVCACCOUNT="[SQL_SERVICE_ACCOUNT]" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /AGTSVCACCOUNT="[SQL_SERVICE_ACCOUNT]" /TCPENABLED=1 /SQLSVCPASSWORD="[SQL_SERVICE_PASSWORD]" /AGTSVCPASSWORD="[SQL_SERVICE_PASSWORD]"

  3. Once you are done, you can configure the server in the Console using the Use an existing SQL Server instance option during server setup.

Upgrading

Privilege Manager components are only compatible with other components of the same version. Upgrading ensures that all of the GPO rules and reporting configurations you created with earlier versions will still be available.

To upgrade prior versions

  1. Run the Privilege Manager setup file (PAConsole_Pro.msi) and follow the Privilege Manager Console Windows Installer.

    1. If the Some files that need to be updated are currently in use message appears, click OK.

    2. Once you complete the upgrade, exit the installer.

  2. Open the Console and if necessary, apply a license. For more information, see Opening the Console and Applying a license.

  3. If an error message notifies you that the ScriptLogic PA Reporting Service has the wrong manual startup type, complete one of the following steps:

    • Go to the Windows Services Console and set the ScriptLogic PA Reporting Service to start automatically.

    • To reset the service to start automatically, click OK in the message window. If the restart fails, click NO, then restart the Safeguard Privilege Manager for Windows Console.

    NOTE: The automatic Server upgrade may be unavailable if the ScriptLogic PA Reporting Service is not running.

  4. If the Console detects that the Server component is installed on a remote computer, it instruct you to launch it on the remote computer.

  5. If a message prompts you to upgrade your Server and database (installed locally with the reporting functionality of some prior Privilege Manager versions):

    1. Click OK and follow the Privilege Manager Server Configuration Wizard to complete the following steps:

      1. Install missing SQL Server components from the Internet.

      2. Back up your database.

      3. Configure a shared folder for client mass deployment.

    2. Click Finish to save the results and exit the wizard.

    3. If a message displays indicating that the Privilege Manager Host Service that needs to be updated is currently in use, click OK to ignore the message.

    4. To upgrade later, open the Privilege Manager Server Configuration Wizard and confirm that you are running the upgrade process before you configure the Server.

    5. Until you have upgraded the Server and database, you will have problems installing the Server locally.

    6. For more information, see Configuring the Server.

  6. Re-configure your Client data collection settings, if necessary.

    1. Select a GPO from the Group Policy Settings section.

    2. Switch to the Advanced Policy Settings tab.

    3. Double-click Client Data Collection Settings to configure settings using the Client Data Collection Settings Wizard. For more information, see Configuring Client data collection.

  7. After you upgrade, By Digital Certificate rules will be saved as By Path to the Executable rules.

  8. To upgrade Clients, install the newer version over the older one. For more information, see Installing the Client.

To upgrade Safeguard Privilege Manager for Windows to version 4.5

  1. Enter your password for the database.

  2. Open Safeguard Privilege Manager for Windows once the installation is complete.

  3. Follow the on-screen help to finish upgrading the product.

  4. If you are not prompted with the on-screen help:

    1. Open Safeguard Privilege Manager for Windows.

    2. Navigate to Configure a Server > Setup.

    3. Click Next.

    4. Choose Existing SQL Server Instance.

    5. Enter your password, click OK.

    6. Select the /PAREPORTING Instance Name. option.

    7. Continue the installation according to the previous procedure on upgrading prior versions.

Uninstalling

You must have administrative privileges to uninstall the Console and Client from a local computer.

To uninstall Privilege Manager components

  1. Use the Windows Control Panel tool. The uninstaller completely removes all of the data.

  2. Once Privilege Manager for Windows is removed, its rules no longer apply.

For more information, see Removing the Server.

Repair

Safeguard Privilege Manager for Windows does not support repairing through the .msi installer.

To repair Safeguard Privilege Manager for Windows, reinstall the product.

For more information, see Installing Safeguard Privilege Manager for Windows.

NOTE: To ensure you can successfully reinstall the product later, uninstall it by following the steps of Uninstalling.

Configuring Self-Service Elevation

Topics:

Available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.

To enable users to request permissions to use privileged applications, use the Self-Service Elevation Request Settings Wizard. Whenever a user attempts to run an application which requires administrative permissions for which they do not have rights, they are asked if they would like to send a request to their administrator for permission to run it.

You can select how users access the request form and set up Self-Service notifications to email you, the help desk, and your manager of each request. Then, you can process the request within the Self-Service Elevation Requests section of the Console and email your decision to the user, using the Console Email Configuration screen.

NOTE: In some cases, Self-Service Elevation and Blacklist rules could be configured for the same target application. In this case, Blacklisting takes precedence over Instant Elevation and prevents the application from starting. For more information about creating Blacklisting rules, see Using the Create Rule Wizard.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen