Chat now with support
Chat mit Support

Safeguard Privilege Manager for Windows 4.5 - Administration Guide

TitlePageProxy Copyright Table of Contents About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program About us

Configuring Client data collection

Detailed information about this topic

Available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.

Run the Client Data Collection Settings Wizard so that you can compile reports, support discovery, and launch on-demand features.

Using the Client Data Collection Settings Wizard

Client data collection settings only apply on computers running a Client.

Before configuring Client data collection settings, you must configure a Server on your domain. For more information, see Configuring the Server.

To use the Client Data Collection Settings Wizard to set up, modify, or discard settings,

  1. Open the wizard by completing one of the following steps:

    • Open the Client Data Collection Settings Wizard from the Setup Tasks section. It will always show the default settings.

    • On the Advanced Policy Settings tab of the target GPO, double-click Client Data Collection Settings. The changes made within the wizard are saved here.

  2. Enable the Client Data Collection Settings on the State tab.

    • Choose Enabled, to ensure the settings apply to the selected GPO.

    • Choose Not Configured, to enable child GPOs to inherit settings from their parent.

  3. Define the Server on the Settings tab. This Server receives data from the Clients of the target GPO.

  4. Click Browse to locate a Server through Active Directory.

  5. Use the Test button to verify the selected Server's connection to the ScriptLogic PA Reporting Service. If the test fails, check to see if there are network or firewall problems.

  6. Click the Clear the server name link if you want to configure another Server. The displayed service remains installed.

    NOTE: To prevent data transfer issues between the Server and linked Clients, check that the port you have selected is open for incoming connections on the Server. Port 8003 is the default port for Server installation.

  7. Use the Advanced Settings on the Settings tab to set these data transfer parameters:

    • Maximum Sleep Time (in seconds) sets the stagger time period within which every Client sends its data to the data collection service. This value is set to 60 seconds by default.

    • Send Retries defines the number of retries that are made if an attempt to connect to the web service fails. This number is set to 1 by default.

    • Network Timeout (in seconds) sets how many seconds a Client should wait to stop sending data if it does not reach the target. This value is set to 600 seconds by default.

    • Maximum Records Per Transaction indicates how many portions of cached data the Client sends. This value is set to 0 by default, which indicates an unlimited number. To reduce the load on the Server side, you can increase the value to 1 or 2. This may be useful on large networks where each client computer generates many records and a Client may not be able to connect to the data collection service because it is too busy processing data collection transactions.

  8. Click Next to use Validation Logic to target the settings to specific client computers or user accounts within the GPO, or click Finish to save your settings and quit.

If an error message indicates that the target GPO is not selected:

  1. Click OK to close the message window.

  2. Open the GPO tab and select the desired GPO.

  3. Click Save on the GPO toolbar to save the new settings.

    Adjust the parameters that Clients use to send their data to the ScriptLogic PA Reporting data collection web service to your specific needs. The web service supports collecting data from a significant number of Clients running concurrently.

Configuring Instant Elevation

Detailed information about this topic

Available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.

To grant on-demand administrative privileges to a group of trusted users and audit their actions, use the Instant Elevation Wizard.

NOTE: In some cases, Instant Elevation and Blacklisting rules could be configured for the same target application. In this case, Blacklisting takes precedence over Instant Elevation and prevents the application from starting. For more information about creating Blacklisting rules, see Using the Create Rule Wizard.

Using the Instant Elevation Wizard

Prerequisites

Before you configure Instant Elevation settings, ensure the following components are set up:

  1. The Client is running on the computers you want to apply the settings to;

  2. The Server is configured and running with the port that you have selected allowed for incoming data (the default port is 8003); and

  3. Client data collection settings are enabled for the selected GPO.

Using the Instant Elevation Wizard to set up, modify, or discard privileges

To use the Instant Elevation Wizard to set up, modify, or discard privileges

  1. Open the wizard by completing one of the following steps:

    • Open the Instant Elevation Wizard from the Setup Tasks section. It will always show the default settings.

    • Double-click the Advanced Policy Settings > Instant Elevation Settings tab of the target GPO. The changes made with the wizard will be saved here.

  2. Enable the Instant Elevation Settings on the State tab.

    • Choose Enabled, to ensure the settings apply to the selected GPO.

    • Choose Not Configured, to enable child GPOs to inherit settings from their parent.

  3. Use the Groups tab to alter the settings. By default, users of the target GPO automatically inherit the administrator's settings (BUILTIN\Administrators).

  4. Complete the advanced options in the Privileges and Integrity tabs.

  5. Click Next to use Validation Logic to target the settings to specific client computers or user accounts within the GPO, or click Finish to save your settings and quit.

If an error message indicates that the target GPO is not selected:

  1. Click OK to close the message window.

  2. Open the GPO tab and select the desired GPO.

  3. Click Save on the GPO toolbar to save the new settings.

  4. Users can click Elevate! to launch privileged applications without interruptions. The button is available on the context menu of Windows Explorer objects that require elevated privileges to start up, including: .bat, .cmd, .exe, .js, .lnk, .msc, .msi, .msp, .pl, .ps1 or .vbs (.lnk is for shortcuts).

  5. Run an Instant Elevation Report to view the processes that are launched. For more information, see Instant Elevation Report.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen