Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.7.1 - Administration Guide

TitlePageProxy Copyright Table of Contents About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program About us

Reporting

Reporting is available only in Safeguard Privilege Manager for Windows Professional Edition or an active Professional Evaluation Edition. Once your trial evaluation license expires, reporting no longer collects data, and no longer generates reports.

Detailed information about this topic

You can build five types of reports on activities from client computers:

  • Blacklist Activity Report: Lists how frequently a rule is used.

  • Rule Deployment Report: Lists rules deployed on the client computer.

  • Instant Elevation Report: Lists processes that are elevated using Instant Elevation.

  • Rule Details Report: Lists rules that are configured.

  • Advanced Policy Settings Report: Lists Advanced Policy Settings, except those set to the Not Configured option.

    In addition to these out of the box reports, you can create custom reports using third-party tools to query the SQL-based Safeguard Privilege Manager for Windows reporting database. Use this database schema to create your own custom reports or data analysis:

A PAReporting database is created when you set up the server and is configured to work with the ScriptLogic PA Reporting Service, the data collection web service running on a Console host.

Before you generate reports, ensure the following components are set up

  1. The Server is configured and you can successfully join the data collection web service running on it.

  2. Client data collection settings are configured for the GPOs you will report on. You can generate reports on GPOs for which you have read/write access in Windows.

To learn how to create this type of report and manage the data, see Generating and using reports.

Elevation Activity Report

This report allows you to track which rules were used to elevate processes during a period of time on managed client computers. With this report, you can see when users have run privileged processes and on which computers.

Each privilege Elevation event reported contains these details:

  • Type: The privilege Elevation rule type.

  • Elevated Item: The path to the elevated application or command with the argument (if any).

  • Rule Name: The privilege Elevation rule name.

  • Rule GUID: The privilege Elevation rule globally unique identifier (GUID).

  • User (Domain\Name\OU): The user, domain name, and OU.

  • Computer (Domain\Name\OU\Class\OS): The computer, domain name, OU, class, and OS.

  • Elevation Time: The time of the privilege Elevation on the client computer.

To learn how to create this type of report and manage the data, see Generating and using reports.

Blacklist Activity Report

This report allows you to track which rules were used to Blacklist processes during a period of time on managed client computers. With this report, you can see when users have attempted to run blacklisted processes and on which computers.

Each Blacklist event reported contains these details:

  • Type: The privilege Elevation rule type.

  • Blacklisted Item: The path to the blacklisted application or command with the argument (if any).

  • Rule Name: The privilege Elevation rule name.

  • Rule GUID: The privilege Elevation rule globally unique identifier (GUID).

  • User (Domain\Name\OU): The user, domain name, and OU.

  • Computer (Domain\Name\OU\Class\OS): The computer, domain name, OU, class, and OS.

  • Blacklisted Time: The time of the blacklisted event on the client computer.

To learn how to create this type of report and manage the data, see Generating and using reports.

Rule Deployment Report

This report tracks the overall usage of privilege Elevation rules across a domain. The report lists each rule, showing how many clients it has been deployed to and how many times it is used.

Each record about a deployed rule contains these details:

  • Rule Name: The privilege Elevation rule name.

  • Rule GUID: The privilege Elevation rule globally unique identifier (GUID).

  • For a Summary report:

    • # Comp: The number of client computers on which the rule is deployed.

    • # Used: The number of times the rule has been enforced.

  • For a Details report:

    • User (Domain\Name\OU): The user, domain name, and OU.

    • Computer (Domain\Name\OU\Class\OS): The computer, domain name, OU, class, and OS.

    • Deployed Date: The date the rule was deployed on the client computer.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating