Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.4 - Administrator Guide

About this guide What is Privilege Manager? Installing Privilege Manager Configuring client data collection Configuring instant elevation Configuring self-service elevation Configuring temporary session elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI Customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

Privilege Manager Client Installation

Once the Privilege Manager Console is installed, deploy the Privilege Manager Client to the computers on your domain in one of the following ways:

  • Use Privilege Manager’s Client Deployment Settings wizard to deploy PM Clients to your computers in one pass.
  • You can also use login scripts or other software deployment techniques for mass-deployment.
  • The Privilege Manager Client can be installed locally on each client using PAClient.msi, however, running this installation requires administrative privileges.

To locate the PM Client MSI setup file:

  • Open the Privilege Manager Console and then click Additional Resources > Open Client installation folder. The PM Client file appears in the browser window.

To determine if the PM Client has been successfully deployed onto a computer, ensure that:

  1. The CSEHost.exe process is running;
  2. The Privilege Manager Client record is shown in Add/Remove Programs;
  3. A special icon with a right-click menu is available in the system tray on the PM Client computer.

  4. The new GPO rules created via Privilege Manager will be applied to the client computers following the group policy update.

Using the Client Deployment Settings Wizard

(Available only for Privilege Manager Professional)

Note: A PM Server must be configured on your domain before you can use the Client Deployment Settings wizard.

Use the Client Deployment Settings wizard to:

  • Easily add software installation settings to an existing GPO (the settings are computer-based);
  • Run mass-deployment or uninstallation of the PM Client software;
  • Use granular Validation Logic rules to target the settings to special computers within the GPO.

With the Client Deployment Settings, you define:

  • The operation to perform with the PM Client software: install, remove, or stop the GPO software settings from applying to the Client computer;
  • What shared repository the host should use;
  • How to target the settings to a GPO that already exists or is newly created on the fly;
  • Additional granular targeting to specific computers within the selected GPO.

Once configured, the Client Deployment Settings will be updated and take effect on the client the next time the Group Policy is refreshed on each client.

To set up or edit Client deployment settings

Step 1. Open the Client Deployment Settings Wizard.

From the Privilege Manager Console, launch the Client Deployment Settings Wizard within the Setup Tasks section to add the settings to any available GPO.

Or,

Double-click Client Deployment Settings on the Advanced Policy Settings tab of the target GPO to change the settings for the currently selected GPO.

Note: The Client Deployment Settings wizard run from the Setup Tasks section always shows the default settings. The changes made within the wizard are saved to the Client Deployment Settings wizard of the target GPO on the Advanced Policy Settings tab.

Choose what to perform with the Client.

Choose whether to install or remove the PM Client software, or stop the GPO settings from applying.

Option Explanation
Not Configured (For child GPOs) Configure the Client Deployment Settings to inherit from the parent GPO.
Install Client

Install or upgrade PM Client software.

Remove Client Remove PM Client software (for PM Client versions 3.0 and higher).
Unregister Stop PM Client software installation GPO settings from applying.

Click Next.

Settings tab: Define the PM Server.

  1. Use the Browse button to select the PM Server from a populated list.
  2. Click OK.

  3. Use the Test button to determine if the local machine can successfully connect to the PM Server. Click Next.

Quit the wizard or customize the GPO setting.

Click Next to modify the default settings or click Finish to save the default settings for the target GPO and quit.

(Optional) Perform this additional configuration:

  • Use the Validation Logic tab to target the settings to specific PM Client computers within the GPO. Click Next.

    Note: The Client Deployment Settings can be targeted only to certain computers and not to user accounts or groups.

(If applicable) Save the modified GPO settings.

Click Save on the GPO toolbar to save the newly defined GPO settings.

  • The GPO settings will apply on the next GPO update on the computers linked to the GPO.
  • Double-click Client Deployment Settings on the Advanced Policy Settings tab of the desired GPO to view the currently configured Client Deployment Settings.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating