Before starting an installation it is recommended that you review the Administrator and Quick Start guides located HERE. These guides will have a more information about all aspects of the installation process.
Versions
Privilege Manager is available in the following editions:
- Privilege Manager Community: This edition is free and does not require a license. You can collaborate, brainstorm new elevation rules, share rules with other users, and provide bug reports and enhancement requests to Quest Software.
- Privilege Manager Professional: This edition requires a paid license and includes additional security, discovery, and reporting capabilities, as well as technical support from Quest Software.
- Privilege Manager Professional Evaluation: This edition is the free 30-day trial period for Privilege Manager Professional. If you do not buy a license after 30 days, the software will revert to the lesser featured Community edition. You won't have the Professional features, but you can keep the Community edition just for trying Privilege Manager.
Note: When reverting back to the Community edition, you will need to re-save all computer-based Group Policy object (GPO) rules as user-based. Computer-based rules will no longer work on the client-side once the trial expires.
Components
There are three software components included with Privilege Manager: the console, server and client.
- Console
The Privilege Manager console, installed via PAConsole_Pro.msi, is a management application. It is installed on a domain computer (server/workstation) and is used to create and manage rules within the Group Policy. Any user who has permission to edit a GPO can use the console to set privileges.
- Server
The Privilege Manager server, installed via the console, is a service which has several functions. It can deploy the client, collect and report on data, and discover and process applications that require elevated privileges.
- Client
The Privilege Manager client, installed via PAClient.msi, is a service that runs on each client computer. It applies the rules created in the console by monitoring processes as they are launched on the client and elevates or lowers the privileges for processes that are configured to be monitored. This is done by injecting an administrative token into the process or revoking it.
Microsoft Active Directory and Group Policy are used to distribute Privilege Manager rules to client computers. Privilege Manager can modify privileges only for a standard user account, not a guest account. Elevated privileges can be revoked even if the user is a local admin.
Installing the console
The console must be installed on a computer that is joined to the domain and run under a user account that has the rights to change at least one GPO. The console displays GPOs based on the security context of the user that is logged on.
1. Run the Privilege Manager setup file, PAConsole_Pro.msi.
2. The installer will check to see if your system is missing any of the required components. Please review the system requirements for Privilege Manager. A window will display and let you install any of the missing components.
- Click Yes to download and install a single missing component. A new notification window will display to install others, if necessary.
- Click Yes to all to download and install all the missing components with a single click.
- Click No to manually download the missing components. A dialog will follow, displaying the download links for the missing components. Install the components and then resume the installation.
a. Click the link and download the component.
b. Close the console setup notification window with the download link to .Net 4.0 Framework.
c. Install the component.
3. The initial dialog box is the installation Welcome. Click Next.
4. The License Agreement dialog box displays. Select I accept the terms in the License Agreement and click Next. Refer to the Privilege Manager Administrator Guide for more information on applying a license.
5. On the Destination Directory dialog box, select a destination folder. The installation path depends on the system architecture and defaults to: %PROGRAMFILES%\Quest or %ProgramFiles(x86)%\Quest. Click the Browse button to select a different installation path; however, accepting the default values is recommended. Click Next.
6. Click Install on the final installation dialog. Once the installation is complete, click Finish.