To complete the Privilege Manager installation, you need to install the Console, configure the Server, and install the Client. Then you can start using Privilege Manager based on your Windows rights within the Group Policy Management Console. If you do not have enough rights on an object, you are prompted that access is denied.
Please refer to the Privilege Manager for Windows Quick Start Guide for the list of System Requirements.
The Console must be installed on a computer that is joined to the domain and run under a user account that has the rights to change at least one GPO. The Console displays GPOs based on the security context of the user that is logged on.
Please refer to the Privilege Manager for Windows Quick Start Guide for instructions on using the Console Windows Installer file.
To start the Privilege Manager Console on the host:
Go to Start > All Programs > Quest > Privilege Manager > Privilege Manager, or
You can apply a license upon initial start-up or later. Otherwise, if your trial has expired, you’ll only be able to access the Community edition.
To apply a license when you start the Console for the first time:
Or,
To apply a license in the Console after initial start-up:
Click Help > About in the menu.
To view the GPOs that you have access to:
Switch from the Setup Tasks > Getting Started window to the Group Policy Settings > All GPOs window.
The GPOs you have access to appear.
|
Note: If you do not see the domain tree when the Group Policy Settings section is selected, check that the default domain is selected in the Setup Tasks > Select Target Domains window. |
The Privilege Manager Console is initially configured to allow you to manage the privilege Elevation settings for the domain to which the local computer belongs. In addition, the Console also allows you to manage other domains in your forest.
For Windows Privilege Manager to work across multiple domains within a single forest, the appropriate domain permissions must be configured and an Enterprise Admin Active Directory account must be used with the Privilege Manager Console. The Windows user account must be include the following:
For complete information about the database space requirements, see Database Planning.
|
NOTE: The recommendation for multiple domains in a single forest is for each domain within the forest to host a completely separate installation of Privilege Manager. |
To customize the number of your forest’s domains available in the Group Policy Settings pane:
In the Getting Started section of the navigation pane, select Setup Tasks and then click Select Target Domains in the right pane.
In the window that appears, specify the domain names, as applicable.
(Optional) Click the Select DC button to open the Select Domain Controller dialog box. Specify the exact domain controller that the Console will communicate with.
The list of the domains and GPOs change accordingly.
Note: You can create the GPO rules only on a domain where you have write permissions for the GPOs.
You may need to use this scenario if you need to manage Privilege Manager GPOs from an MS Windows 10 client that is not the same server as the Privilege Manager Console/Server.
Note: There is no GPO locking mechanism so ensure that the same GPO is not edited at the same time from different consoles. Changes can be lost when multiple saves occur.
To install a second Console, you must meet the following requirements:
To install a second Console:
Install the second Console on another machine.
Apply the same license that is used on the first Console.
Open the Console and go to Setup Tasks > Configure a server.
Click Browse to choose an existing Privilege Manager Server. In the box at the bottom, type the name of the Server.
To close the dialog, click OK, and then click Test to ensure a successful connection.
Click OK to finish.
Optional.If using Temporary Session Elevation passcodes:
Available only in Privilege Manager Professional and Professional Evaluation editions.
After installing the Console, a Server must be configured. Configuring the Server sets up the back-end services needed to automatically deploy the Client, as well as enable reporting, discovery and remediation.
Please refer to the Privilege Manager for Windows Quick Start Guide for instructions on using the Server Configuration Wizard.
You must configure the settings for the Server on the Console where it was installed. However, any administrator with the rights to a specific GPO can update its data collection settings. Also, the administrator running the Console can view reports of data collected by any Server by selecting Browse and the preferred Server from the Privilege Manager Server Configuration screen (under Setup Tasks > Configure a Server).
If you need to change the reporting database settings, i.e., connect to another instance, modify the authentication parameters, or set up a new data collection service:
If you do not want to use a Server, you can clear its settings and/or remove it from a host computer:
To remove a Server running remotely:
|
Note: If a domain administrator or the administrator of a nested organizational unit (OU) uninstalls the Server, they may render the reporting function unavailable on other Console computers or computers downstream from the parent OU. Also, if you have reinstalled the Server, reports generate starting from the last installation. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center