Safeguard Privilege Manager for Windows 4.4

Using the Self-Service Elevation Request Settings Wizard Selecting how users access the request form Customizing self-service request email messages Using self-service notifications Using the Self-Service Elevation Request Processing Wizard Using the Console Email Configuration screen

Configuring temporary session elevation Configuring privileged application discovery Deploying rules

Using the Create GPO with Default Rules Wizard Using the Group Policy Management Editor Using the Create Rule Wizard

Getting started Creating file rules Creating folder path rules Creating ActiveX rules Creating rules for Windows Installer files Creating rules for script files Using Active Directory user groups Using validation logic Granting/denying privileges Differentiating security levels

Managing rules Testing rules

Removing local admin rights Reporting

Elevation Activity Report Blacklist Activity Report Rule Deployment Report Instant Elevation Report Temporary Session Elevation Request Report Temporary Session Elevation Requests Report Rule Details Report Advanced Policy Settings Report Generating and using reports Using the Applied Filters Wizard Using the Scheduled Reports Details Wizard Using the Resultant Set of Policy Wizard

Client-side UI Customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

Privilege Manager Client Installation

Once the Privilege Manager Console is installed, deploy the Privilege Manager Client to the computers on your domain in one of the following ways:

Use Privilege Manager’s Client Deployment Settings wizard to deploy PM Clients to your computers in one pass.
You can also use login scripts or other software deployment techniques for mass-deployment.
The Privilege Manager Client can be installed locally on each client using PAClient.msi, however, running this installation requires administrative privileges.

To locate the PM Client MSI setup file:

Open the Privilege Manager Console and then click Additional Resources > Open Client installation folder. The PM Client file appears in the browser window.

To determine if the PM Client has been successfully deployed onto a computer, ensure that:

The CSEHost.exe process is running;
The Privilege Manager Client record is shown in Add/Remove Programs;
A special icon with a right-click menu is available in the system tray on the PM Client computer.
The new GPO rules created via Privilege Manager will be applied to the client computers following the group policy update.

Using the Client Deployment Settings Wizard

(Available only for Privilege Manager Professional)

Note: A PM Server must be configured on your domain before you can use the Client Deployment Settings wizard.

Use the Client Deployment Settings wizard to:

Easily add software installation settings to an existing GPO (the settings are computer-based);
Run mass-deployment or uninstallation of the PM Client software;
Use granular Validation Logic rules to target the settings to special computers within the GPO.

With the Client Deployment Settings, you define:

The operation to perform with the PM Client software: install, remove, or stop the GPO software settings from applying to the Client computer;
What shared repository the host should use;
How to target the settings to a GPO that already exists or is newly created on the fly;
Additional granular targeting to specific computers within the selected GPO.

Once configured, the Client Deployment Settings will be updated and take effect on the client the next time the Group Policy is refreshed on each client.

To set up or edit Client deployment settings

Step 1. Open the Client Deployment Settings Wizard.

From the Privilege Manager Console, launch the Client Deployment Settings Wizard within the Setup Tasks section to add the settings to any available GPO.

Or,

Double-click Client Deployment Settings on the Advanced Policy Settings tab of the target GPO to change the settings for the currently selected GPO.

Note: The Client Deployment Settings wizard run from the Setup Tasks section always shows the default settings. The changes made within the wizard are saved to the Client Deployment Settings wizard of the target GPO on the Advanced Policy Settings tab.

Choose what to perform with the Client.

Choose whether to install or remove the PM Client software, or stop the GPO settings from applying.

Option	Explanation
Not Configured	(For child GPOs) Configure the Client Deployment Settings to inherit from the parent GPO.
Install Client	Install or upgrade PM Client software.
Remove Client	Remove PM Client software (for PM Client versions 3.0 and higher).
Unregister	Stop PM Client software installation GPO settings from applying.

Click Next.

Settings tab: Define the PM Server.

Use the Browse button to select the PM Server from a populated list.
Click OK.
Use the Test button to determine if the local machine can successfully connect to the PM Server. Click Next.

Quit the wizard or customize the GPO setting.

Click Next to modify the default settings or click Finish to save the default settings for the target GPO and quit.

(Optional) Perform this additional configuration:

Use the Validation Logic tab to target the settings to specific PM Client computers within the GPO. Click Next.

Note: The Client Deployment Settings can be targeted only to certain computers and not to user accounts or groups.

(If applicable) Save the modified GPO settings.

Click Save on the GPO toolbar to save the newly defined GPO settings.

The GPO settings will apply on the next GPO update on the computers linked to the GPO.
Double-click Client Deployment Settings on the Advanced Policy Settings tab of the desired GPO to view the currently configured Client Deployment Settings.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Safeguard Privilege Manager for Windows 4.4 - Administrator Guide

Privilege Manager Client Installation

Using the Client Deployment Settings Wizard