반품
-
제목
How to configure Temporary Session Elevation -
설명
Temporary Session Elevation (TSE) allows an administrator to generate elevation passcodes that can provide end users the ability to temporarily elevate the privileges of any process or application on his/her machine. The passcodes will work for both on-network and off-network machines, even if there is not an active internet connection. See below to configure TSE.Note: Available only in Privilege Manager Professional and Professional Evaluation editions. -
해결 방안
Before you configure temporary session elevation settings, ensure the following components are set up:1. The Privilege Manager client is running on the computers you want to apply the settings to;2. The server is configured and running with the port allowed that you have selected for incoming data (the default port is 8003); and3. Client Data Collection Settings is enabled for the selected GPO.4. The use of offline passcodes is enabled in the Deploy Client wizard. (Getting Started | Setup Tasks | Deploy Client Wizard) under the "Settings" tab check the box labeled "Enable clients to use offline passcodes to create temporary elevated sessions."
To use the Temporary Session Elevation Wizard to set up privileges:
1. Open the wizard:a. Open Passcode Manager from the Temporary Session Elevation section on the navigation pane of the console.
2. Create a new passcode:a. Click "New" to start the Instant Elevation TSE passcode generator.
3. Enable the Instant On Demand Privilege Elevation settings on the State tab.a. Choose "Enabled", otherwise the settings won't apply to the selected GPO.b. Choose "Not Configured" to have child GPOs inherit settings from their parent.
4. Use the Groups tab to alter the Security Token used.By default, users of the target GPO will automatically inherit the administrator's settings (BUILTIN\Administrators).
5. Complete Privileges, Integrity, and Validation Logic tabs.
6. Create a passcode using the "Passcode" tab.a. Enter a Title to describe the passcode.b. Enter a Maximum allowed usage. This is the number of times the passcode can be used before expiring.c. Enter a Duration. The duration is the amount of time the passcode will remain active once activated.d. Optionally, select the checkbox "End all elevated processes (and child processes) when Passcode duration expires." If selected, this will close all windows that were opened with a Temporary Session Elevation passcode.e. Click "Export to file" to save the passcode for end user use.
7. Click "Finish" to complete the wizard.
8. Deliver the exported passcode to the user.
Using temporary session elevationFrom user's perspective, once you receive the exported passcode from the system admin, you can use it following the steps described on the user's guide:Note: To view the processes that have been launched using a passcode use the Temporary Session Elevation Usage Report.Reporting | Temporary Session Elevation Usage
See the Quest Privilege Manager for Windows 4.1 Administration Guide for full details.