立即与支持人员聊天
与支持团队交流

Safeguard Privilege Manager for Windows 4.5 - Administration Guide

TitlePageProxy Copyright Table of Contents About this guide What is Safeguard Privilege Manager for Windows? Installing Safeguard Privilege Manager for Windows Configuring Client data collection Configuring Instant Elevation Configuring Self-Service Elevation Configuring Temporary Session Elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program About us

Granting/denying privileges (Privilege Elevation Rules only)

On the Privileges tab in the Create Rule Wizard you can grant or deny privileges for a process, based on the standard Windows policies in the User Rights Assignment list (Local Security Settings\Local Policies).

To grant or deny privileges for processes (including child processes) using the Privileges tab in the Create Rule Wizard:

  1. Select the privilege and click Grant or Deny. To select multiple privileges, hold down the CTRL (or SHIFT) key while selecting the items.

  2. To discard your choices, select the privilege and click Not Set.

Differentiating security levels (Privilege Elevation Rules only)

You can differentiate the security levels with which a process will run using the Integrity tab in the Create Rule Wizard. The integrity level is a feature of Windows operating systems.

This parameter can be applied to clients running any of the following operating systems:

  • Windows Server 2012 or newer.

  • Windows 8.1 or newer.

By default, this setting will not apply and is set to the High integrity level.

Managing rules

Detailed information about this topic

Once a rule is created, you can:

  • change its settings,

  • delete it,

  • import it, and

  • export it.

To delete, modify, or share a rule

  1. Open the Safeguard Privilege Manager for Windows Console.

  2. Use the applicable toolbar buttons.

To use the Edit Rule Wizard to configure a rule

  1. Select the Privilege Elevation Rules or Blacklist Rules tab based on the type of rule to be created.

  2. Double-click a rule's title or click Details on the toolbar to open the Edit Rule Wizard.

  3. Specify the data requested in each tab and click Next.

    1. Follow the prompts through the default tabs:

      • Description

      • Type

      • Groups

      • Validation Logic

        NOTE: This option is available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.

      The Privileges and Integrity tabs display as advanced options.

    2. Enter the required fields, marked with an asterisk '*' on the Description and Type tabs.

  4. To save nd apply the rule, click Finish. If you did not specify the required data, the wizard notifies you.

  5. Click the Save button on the menu bar of the Rule section. Or, if prompted, confirm that you want to save the rule.

More information for managing rules:
  • To delete or modify a GPO created with Safeguard Privilege Manager for Windows, use the Microsoft Group Policy Management Console (GPMC). You can also edit rules using the GPMC. For more information, see Using the Group Policy Management Editor.

  • If you are using Safeguard Privilege Manager for Windows Community Edition and open a rule with a Professional Edition feature to view or modify its settings, you will receive a notification. To open the Edit Rule window to display all the rule settings except for the Professional ones, click Yes.

    NOTE: Modifying the rule will discard its Professional features.

Import/Export Rules

Once rules are created for a GPO they can be exported in order to share the rules, copy the rules to another GPO or even for backup purposes.

To export rules

  1. Select a GPO in the domain tree.

  2. Right-click on the GPO name and select Export Rules.

  3. Enter the path and file name of the export file to be created. Click ... to select a path using File Explorer.

  4. In the pop-up window that displays a count of the Privilege Elevation Rules and Blacklist Rules for the GPO, complete the following steps, as applicable:

    • Select Export all Privilege Elevation Rules to include those rules in the export.

    • Select Export all Blacklist Rules to include those rules in the export.

  5. Click Export to begin the export process.

To import rules

  1. Select a GPO in the domain tree.

  2. Right-click on the GPO name and select Import Rules.

  3. Enter the path and file name of the file to be imported. Click ... to select a path using File Explorer.

  4. In the pop-up window that displays a count of the Privilege Elevation Rules and Blacklist Rules for the GPO, complete the following steps, as applicable:

    • Select Import all Privilege Elevation Rules to include those rules in the import.

    • Select Import all Blacklist Rules to include those rules in the import.

  5. Click Import to begin the import process.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级