Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.5 - Administration Guide

TitlePageProxy Copyright Table of Contents About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program About us

What is Safeguard Privilege Manager for Windows?

Giving users administrator rights creates security risks but must be weighed against constant help desk calls for basic operations like updating Adobe Reader, Java, or simply changing the time zone on desktops.

Safeguard Privilege Manager for Windows lets you grant selected privileges to users so they can update their own computers, reducing help desk calls while maintaining a secure network. By automating user privilege settings, Safeguard Privilege Manager for Windows keeps users working. This allows you to focus on higher priority tasks, for exceptional resource and time savings.

As a system administrator, you can use Safeguard Privilege Manager for Windows to elevate and manage user rights quickly and precisely with validation logic targeting technology. This provides administrators the ability to create rules that allow administrator-level access to specific applications for specifics users. You can also enable your end users to request elevated privileges for specific applications through Self-Service and Instant Elevation.

Editions

Components

Editions

Safeguard Privilege Manager for Windows is available in the following editions:

  • Privilege Manager Community Edition: This edition is free and does not require a license. You can collaborate, brainstorm new Elevation rules, share rules with other users, and provide bug reports and enhancement requests to One Identity.

  • Privilege Manager Professional Edition: This edition requires a paid license and includes additional security, discovery, and reporting capabilities, as well as technical support from One Identity.

  • Safeguard Privilege Manager for Windows Professional Evaluation: This edition is the free 30-day trial of Safeguard Privilege Manager for Windows Professional Edition. If you do not buy a license after 30 days, the software will revert to the lesser-featured Community Edition. As such, you cannot keep the features of the Professional Edition, but you can continue using the Community Edition.

    When reverting back to the Community edition, you will need to re-save all computer-based Group Policy object (GPO) rules as user-based. Computer-based rules will no longer work on the client-side once the trial expires.

Components

There are three software components included with Safeguard Privilege Manager for Windows:

Console

The Safeguard Privilege Manager for Windows Console, installed via PAConsole_Pro.msi, is a management application. It is installed on a domain computer (server or workstation) and is used to create and manage rules within the Group Policy. Any user who has permission to edit a GPO can use the Console to set privileges.

Server

The Safeguard Privilege Manager for Windows Server, installed through the Console, is a service which has several functions. It can deploy the Client, collect and report on data, and discover and process applications that require elevated privileges.

Client

The Safeguard Privilege Manager for Windows Client, installed through PAClient.msi, is a service that runs on each client computer. It applies the rules created in the Console by monitoring processes as they are launched on the Client and elevates or lowers the privileges for processes that are configured to be monitored. This is done by injecting an administrative token into the process or revoking it.

Microsoft Active Directory and Group Policy are used to distribute Safeguard Privilege Manager for Windows rules to client computers.

Privilege Manager can modify privileges only for a standard user account, not a guest account. Elevated privileges can be revoked even if the user is a local admin.

Installing Safeguard Privilege Manager for Windows

Detailed information about this topic

Deploying Safeguard Privilege Manager for Windows in your organization has three main steps:

For more information on these product components, see Components.

NOTE: Before you begin installation, make sure that you meet the minimum hardware, software, network and permission requirements of the product. For more information, see System Requirements in the Safeguard Privilege Manager for Windows Release Notes.

After installing these components, you can start using the product based on your Windows rights within the Group Policy Management Console. If you do not have sufficient rights to an object, you will receive an access denied prompt.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating