Safeguard Privilege Manager for Windows 4.3 - Quick Start Guide

About this guide

Welcome to the KACE Privilege Manager for Windows Quick Start Guide. Privilege Manager lets system administrators grant selected privileges to users so they can update their own PCs, reducing help desk calls while maintaining a secure network. This guide instructs system administrators on how to set up the Privilege Manager console, server, and client. This guide also provides an overview of the product’s key features and the wizards that will help you use them.

For more information, refer to these additional resources:

For system administrators:

• Privilege Manager Administrator Guide: Learn how to use Privilege Manager. Find in-depth instructions on how to prepare your environment for least privileged use, maintain a least privileged environment, run reports, and interface with Microsoft tools.

• Privilege Manager for Windows Console: Find more information on the Getting Started screen under the Additional Resources tab.

For end users with the Privilege Manager client service installed on their computers:

• Privilege Manager for Windows User Guide: Learn the basics of using Privilege Manager for Windows, including how to use self-service elevation, instant elevation, and view rules.

System requirements

Console software and hardware system requirements

• .NET Framework 4.0
• Microsoft Group Policy Management Console
• PDF reader to open the Privilege Manager guides
• Screen resolution of 1024x768 or higher

Console and client operating system requirements

• Windows Server 2008
• Windows 7 Enterprise, Professional, or Ultimate Editions
• Windows Server 2008 R2
• Windows Server 2012
• Windows 8.1
• Windows Server 2012 R2
• Windows 10
• WIndows Server 2016

Network requirements

The Privilege Manager console and client must be installed on a computer within the Active Directory domain.

Required permissions

• Local administrator rights to start the console.
• Write permissions for Group Policy objects (GPOs) to be configured.

Reporting database requirements

When setting up the Privilege Manager for Windows server, Microsoft SQL Server (hosted either locally on the Privilege Manager for Windows machine or remotely) is required. Privilege Manager supports Microsoft SQL Server 2008 to Microsoft SQL Server 2017. Privilege Manager for Windows can optionally install SQL Server 2014 R2 Express.

Components

There are three software components included with Privilege Manager: the console, server and client.

Console

The Privilege Manager console, installed via PAConsole_Pro.msi, is a management application. It is installed on a domain computer (server/workstation) and is used to create and manage rules within the Group Policy. Any user who has permission to edit a GPO can use the console to set privileges.

Server

The Privilege Manager server, installed via the console, is a service which has several functions. It can deploy the client, collect and report on data, and discover and process applications that require elevated privileges.

Client

The Privilege Manager client, installed via PAClient.msi, is a service that runs on each client computer. It applies the rules created in the console by monitoring processes as they are launched on the client and elevates or lowers the privileges for processes that are configured to be monitored. This is done by injecting an administrative token into the process or revoking it.

Microsoft Active Directory and Group Policy are used to distribute Privilege Manager rules to client computers.

Privilege Manager can modify privileges only for a standard user account, not a guest account. Elevated privileges can be revoked even if the user is a local admin.

Preparing your environment for least privileged use

Prepare your environment for least privileged use by installing Privilege Manager for Windows, configuring reporting, discovery, and remediation settings, configuring approved privileged applications, and removing local admin rights.