Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

ScriptLogic Privilege Authority Quick Start Guide

Privilege Authority 2.5
Quick Start Guide
© 2011 ScriptLogic Corporation and its licensors.
All rights reserved. Protected by U.S. Patents 6,871,221; 7,293,087;
7,353,262; 7,469,278; 7,814,460 and 7,912,929 with other patents pending.
This publication is protected by copyright and all rights are reserved by ScriptLogic Corporation. It may not, in whole or part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form
without prior consent, in writing, from ScriptLogic Corporation. This publication
supports Privilege Authority. It is possible that it may contain technical or typographical errors. ScriptLogic Corporation provides this publication “as is,” without
warranty of any kind, either expressed or implied.
ScriptLogic Corporation
6000 Broken Sound Parkway NW
Boca Raton, Florida 33487-2742
1.561.886.2400
www.scriptlogic.com
Trademark Acknowledgements
Privilege Authority, ScriptLogic and the ScriptLogic logo are either registered
trademarks or trademarks of ScriptLogic Corporation in the United States and/or
other countries. The names of other companies and products mentioned herein
may be the trademarks of their respective owners.
2
DOCUMENTATION CONVENTIONS
Typeface Conventions
Bold
Indicates a button, menu selection, tab, dialog box title,
text to type, selections from drop-down lists, or prompts
on a dialog box.
CONTACTING SCRIPTLOGIC
ScriptLogic may be contacted about any questions, problems or concerns you might have
at:
ScriptLogic Corporation
6000 Broken Sound Parkway NW
Boca Raton, Florida 33487-2742
561.886.2400 Sales and General Inquiries
561.886.2450 Technical Support
561.886.2499 Fax
www.scriptlogic.com
SCRIPTLOGIC ON THE WEB
l
ScriptLogic can be found on the web at www.scriptlogic.com. Our web site offers
customers a variety of information:
l
Download product updates, patches and/or evaluation products.
l
Locate product information and technical details.
l
Find out about Product Pricing.
l
l
l
Search the Knowledge Base for Technical Notes containing an extensive collection of technical articles, troubleshooting tips and white papers.
Search Frequently Asked Questions, for the answers to the most common nontechnical issues.
Participate in Discussion Forums to discuss problems or ideas with other users
and ScriptLogic representatives.
3
Table of Contents
OVERVIEW
5
HOW DOES PRIVILEGE AUTHORITY WORK?
6
LICENSING AND UPGRADE TO PRIVILEGE AUTHORITY PROFESSIONAL
7
INSTALLATION
10
SYSTEM REQUIREMENTS
11
INSTALLATION PROCESS
13
PRIVILEGE AUTHORITY SERVER INSTALLATION
PRIVILEGE AUTHORITY CLIENT INSTALLATION
13
14
PRIVILEGE AUTHORITY USER INTERFACE
15
CREATING GPO RULES TO APPLY PRIVILEGES IN YOUR ENVIRONMENT
18
ALLOWING ITUNES TO INSTALL
USING GPO RULES CONFIGURED BY OTHER USERS (COMMUNITY RULES
EXCHANGE)
APPLYING COMMUNITY RULES TO YOUR DOMAIN
20
33
33
REGISTERING WITH THE COMMUNITY RULES EXCHANGE SERVER
36
INDEX
38
4
Overview
It is an accepted principle by network administrators that users in the domain be configured with a minimum permission set and not be added to any local groups such as the
Local Administrators or Power Users group on the workstation. Using this least privilege
configuration will enhance security and data protection while also reducing faults and support.
However, System Administrators, for a long time, have been running into situations where
users require administrative rights to run an application. At times it is to support legacy
applications that only work when run by someone with administrative rights; other times it
is because a user works remotely, or is travelling and needs greater control of their system; or it might be that Administrators want to give their users rights to install commonly
used software that often and automatically needs to be updated.
A common but misguided solution to this is to give these users administrator rights which
solves the problem at hand but often leads to many more.
Privilege Authority (PA) solves this issue by raising the privilege level for specific processes, allowing those that require elevated rights to run, while maintaining the least
restrictive privilege set for the user.
5
How Does Privilege Authority Work?
There are two software components included with Privilege Authority:
l
l
Privilege Authority Server is a management application. It is installed on a
server in the domain and used to create and manage rules within Group Policy.
Privilege Authority Client is a service that runs on the client machine. It applies
the rules created in the Privilege Authority Server application by monitoring
processes as they are launched on the client and raises or reduces the privileges of the processes that it is configured to monitor.
Microsoft Active Directory and Group Policy are used to distribute the Privilege Authority
rules to client machines.
Privilege Authority can modify the privileges only for a standard user account, not a guest
account.
The reporting functionality introduced since Privilege Authority 2.5 has added some new
components into Privilege Authority system: PA Reporting database and ScriptLogic PA
Reporting data collection web service. All the components can be installed and configured
with a special wizard of the PA Console. When installed, the PA Console starts to serve as
a central reporting server to collect and aggregate all the elevation activity data from the
client machines. For more information about reporting on the elevation activity, refer to
the Privilege Authority Administrator's Guide.
6
Licensing and Upgrade to Privilege
Authority Professional
Privilege Authority is available in 2 editions: Privilege Authority Community Edition and
Privilege Authority Professional.
Privilege Authority Community Edition is absolutely free, but in comparison with Privilege
Authority Professional, it lacks the following features:
l
l
l
l
l
building reports on the activities run within Privilege Authority see Privilege
Authority Administrator's Guide for more info on this feature;
creating GPO rules based on digital certificates;
targeting rules to a computer operating system version or operating system
class – server or workstation;
targeting rules, using Validation Logic, to specific computer's and user's names,
groups or organizational units, computer IP address range, or specific files or
registry keys existing on a client machine, etc.;
providing access to full one-year technical support.
Privilege Authority Professional must be purchased but has a 30-day trial period.
Following the common PA setup, the customer has access to the Community Edition only.
To start trying Privilege Authority Professional, please register:
Note:
Internet connection is required to perform registration.
If you fail registering due to any connection problems, you can download the
Privilege Authority Professional trial package on your own from the ScriptLogic website.
1. On the PA Server, go Start > All Programs > ScriptLogic Corporation >
Privilege Authority > Privilege Authority. Or, use the Privilege Authority
shortcut icon of the Start menu.
2. Click the Try PA Pro ! button in the left-hand tree pane.
Or, click Help > Begin Evaluation of Pro (see Figure 1.).
7
Figure 1.Choosing to use PA Professional in trial mode.
3. On the two-tabbed screen that will show, click the Try PA Pro! button, or
switch to the Register tab.
4. Provide some information about yourself by filling in the form that will be presented. (The obligatory fields as shown in Figure 2.) Click Register.
Figure 2.Registering for Privilege Authority Professional.
8
5. The notification will show to inform you that the rules containing features of
Privilege Authority 2.5 Professional will stop working on the client machine(s)
in 30 days after starting the evaluation.
6. Click OK within the notification window and the Privilege Authority Console
name will change to Privilege Authority Professional Evaluation.
Now you have access to all Privilege Authority Professional features for the 30-day trial
period. (See Figure 3.) Once the trial period ends, you’ll be reverted back to the Community Edition.
Figure 3.This rule is based on a digital certificate - the Privilege Authority Professional Evaluation
feature – and it will be applied until the day specified.
To apply the Privilege Authority Professional license file:
1. Click Help -> About -> Apply License File and then use the Browse button
to locate the license file.
2. Click the Apply License File button that will get activated soon after the file is
located.
9
Installation
This section details the Privilege Authority system requirements as well as the PA server
and client installation processes.
The Privilege Authority system upgrade is detailed in the Privilege Authority Administrator's Guide.
l
System Requirements
l
Privilege Authority Server Installation
l
Privilege Authority Client Installation
10
SYSTEM REQUIREMENTS
The Privilege Authority setup file comprises both the server and client applications. Once
both applications are installed, Privilege Authority will use Microsoft Group Policy to distribute rules between the client and server.
The server application requires Microsoft .NET Framework 3.5 for its installation and Microsoft Group Policy Management Console (GPMC) to run. The client can be installed on a Windows workstation or server.
The following is necessary for proper installation and operation of Privilege Authority.
PA Server Software System Requirements
l
l
l
.NET Framework 3.5
Microsoft Group Policy Management Console (required to run Privilege Authority)
Any PDF reader to open the Privilege Authority guides.
PA Server Operating System Requirements
l
Windows XP SP3 or higher
l
Windows Server 2003 SP1 or higher
l
Windows Vista
l
Windows Server 2008/2008 R2
l
Windows 7 Enterprise, Professional, or Ultimate Editions
PA Client Software System Requirements
l
No special requirements
PA Client Operating System Requirements
l
Windows XP SP3 or higher
l
Windows Server 2003 SP1 or higher
l
Windows Vista
l
Windows Server 2008/2008 R2
l
Windows 7
Network Requirements
Both PA Server and Clients should be deployed as a part of the Active Directory infrastructure.
11
PA Reporting Database Requirements (required to set up the Reporting feature)
Microsoft SQL Server 2008 (SQL Server 2008 Express can be installed by Privilege Authority during configuration of the PA Reporting feature - see Privilege Authority Administrator's Guide for more information.)
12
INSTALLATION PROCESS
Privilege Authority uses a client-server model. The main installation will setup the server
side (which is comprised of the Privilege Authority Console) and extract the Privilege
Authority Client MSI file. Deploy the Privilege Authority Client to each client using Group
Policy Management Console or any other software tools, e.g. ScriptLogic Desktop Authority.
Prior to the installation, refer to the System Requirements section to make sure your system meets the necessary requirements and prerequisites.
Privilege Authority should be deployed as a part of the Active Directory infrastructure on a
computer residing within the internal LAN network.
The following series of steps are required to install Privilege Authority:
Privilege Authority Server Installation
Privilege Authority Client Installation
Privilege Authority Server Installation
Privilege Authority Server must be installed on a domain member and run under the context of an account that has rights to change Group Policy. The installation wizard guides
you through a series of dialog boxes. Click Next on each dialog box to advance to the next
option.
1. Run the Privilege Authority setup executable.
2. Welcome is the initial dialog box. Click Next to continue.
3. The License Agreement dialog box appears. If you agree with the license
agreement, select the I accept the terms in the License Agreement
option and click Next to continue.
4. On the Destination Directory dialog box, select a path and destination folder.
The installation path depends on the system architecture and defaults to: %PROGRAMFILES%\ScriptLogic Corporation or %ProgramFiles(x86)%\ScriptLogic Corporation. Click the Browse button to
select a different installation path. Click Next to continue.
5. Click Install on the final installation dialog to proceed with the installation.
Once the file copying portion of the install is complete, click Finish.
Following the completion of the Privilege Authority Server installation, perform the Privilege Authority Client installation.
13
Privilege Authority Client Installation
Once Privilege Authority Server is installed, deploy the Privilege Authority client(s) to the
computers on the domain. For these purposes, you may use login scripts or software
deployment tools.
Refer to the Privilege Authority Administrator’s Guide to know how to install PA Clients on
your domain via Microsoft Group Policy Management Console.
Administrative privileges are required to run the PA Client setup locally.
To locate the PA Client file:
l
Open the Privilege Authority Console and then click Client > Open file location from the toolbar. The PA Client file will be displayed in the browse window.
Once the PA Client installation file is located, use the file to deploy the PA Client in your
environment.
Figure 4.Locating the Privilege Authority Client setup file.
Once the client is deployed to a computer (the CSEHost.exe process is running and the
Privilege Authority Client record shows in Add/Remove Programs), the new GPO rules
created via Privilege Authority will apply on the client computers.
14
Privilege Authority User Interface
Once the PA Server and Client components are installed, you can start using Privilege
Authority to work with GPO rules in your environment.
Privilege Authority Console provides a user interface to create, manage, apply the GPO
rules as well as analyze activities performed within the PA system.
To start the Privilege Authority Console:
l
On the PA Server, go Start > All Programs > ScriptLogic Corporation >
Privilege Authority > Privilege Authority. Or, you can use the Privilege
Authority
shortcut icon of the Start menu.
Figure 5.Opening the PA Console.
The Privilege Authority Console workspace is comprised of the following sections.
15
Figure 6.The main view of the PA Console shows your domain node and (if applicable) the list of
GPO(s) with PA rule(s) under it.
The left-hand sidebar allows you to navigate to the Local GPO Rules, Community GPO
Rules, or the Reporting sections of the PA Console:
l
The Local Rules section displays all the GPOs available within your primary
domain in the two sub-sections:
n GPOs with Rules shows the GPOs with rules created via Privilege
Authority;
n
All GPOs shows all the GPOs available in your domain. The GPOs
with rules created via Privilege Authority are marked with a special
icon.
When Local Rules items are selected on the sidebar, the window will display
the info in the following two panes (see Figure 6.):
l
n
The GPO Pane used to create/manage group policy objects;
n
The Rules Pane used to create and manage GPO rules.
The Community section displays the rules available on the Community Rules
Exchange server in the three sub-sections (see Figure 7.):
n All Rules - shows all the rules available on the Community Rules
Exchange server;
n
n
Verified Rules - contains the rules that have been tested by ScriptLogic to confirm that they will function as intended in a default Windows environment;
My Shared Rules - shows the rules you have uploaded to the
Community Rules Exchange server.
When an item from the Community section is selected on the sidebar, the window to the right provides for the possibility to work with the rules from the Community Rules Exchange server.
16
Figure 7.Privilege Authority Console shows the Community rules.
The Reporting section provides access to the three types of reports:
n Elevation Activity
l
n
Deployed Privileges
n
Rule Configuration.
The functionality of the Reporting section is covered in the Privilege Authority
Administrator's Guide.
What's next:
l
Creating GPO Rules to Apply Privileges in your Environment
l
The section will detail the types of rules that can be created with PA as well
as provide the step-by-step instruction on how to create them.
Using GPO Rules Configured by Other Users (Community Rules Exchange).
This section will show how to take advantage of the integration with the
Community Rules Exchange server - a resource that stores rules created by
other system administrators. You can either download these rules or upload
those ones you have created yourself.
17
Creating GPO Rules to Apply Privileges
in your Environment
This section demonstrates how to implement a typical task within Privilege Authority and
will detail the types of rules PA can create and how to create them.
There are 4 types of rules that you can create with Privilege Authority:
l
l
l
l
a file rule, where the path of the executable is specified;
a folder path, in which case, the rule will be applied to all processes run from
the path;
an ActiveX rule where a URL is specified;
(available only within the Professional edition) a digital certificate to specify
the name of the publisher or a file containing the certificate.
Creating rules with Privilege Authority is easy. To create a rule:
1. From within the Local Rules section, select the domain and GPO to which
assign a rule. (Use the New GPO button to create a special GPO first if necessary.)
Figure 8.Creating a new GPO in the Privilege Authority Console.
2. (If necessary) Re-assign the GPO to another domain or Active Directory OU.
18
Figure 9.Link the GPO.
3. Use the New Rule button to open the wizard and define a new Privilege
Authority rule within a selected GPO.
Figure 10.Selecting to add a rule to existing GPO.
Or, use GPO rules other system administrators have configured and shared in
their environments.
4. Save the rule if prompted.
Figure 11.The special icon indicates that GPO is assigned with a rule.
5. The next time Group Policy is refreshed on the client, the rules are applied to
processes when they are launched.
What's next:
19
l
Allowing ITunes to Install
l
Using GPO Rules Configured by Other Users (Community Rules Exchange)
l
Refer to the Privilege Authority Administrator's Guide to know how you can use
the PA Console to test or modify the rule.
Allowing ITunes to Install
In this section we will create a rule that will allow users to install an application that is
downloaded from the Internet, in this case the ITunesSetup.exe file. This application
requires administrative privileges to be installed. (See Figure 12.)
Figure 12.Error shows when installing an application without proper permissions.
To create a GPO rule via Privilege Authority:
Note
Make sure you have logged into the Privilege Authority server under the
account of the domain administrator and the account is provided with the
“WRITE” permissions to the SYSVOL share (\\DomainName\sysvol).
Step 1. Start the Privilege Authority Console.
On the PA Server host, go Start > All Programs > ScriptLogic Corporation >
Privilege Authority > Privilege Authority. Later on, you can use the Privilege
Authority
shortcut icon of the Start menu.
20
Figure 13.Opening the PA Console.
Step 2. Choose/Create the GPO to assign a rule to.
Navigate to the All GPOs node in the left-hand pane of the PA Console, select the
domain and then choose between the available GPO or create the new GPO to which
assign a rule.
To create a new group policy object, click the
New GPO button, name the new
GPO and click OK. The newly created GPO will be added to the All GPOs list. (See
Figure 14.)
Figure 14. Creating a new GPO in the Privilege Authority Console.
Step 3. Link the GPO with an OU or the domain.
By default, the GPO is linked to the domain under which it is located. To link the
GPO to a specific OU or another domain, with the GPO highlighted in the left-hand
panel, click the
Link button above it. A dialog will be displayed allowing you to
browse for an OU or to add the GPO to the domain. (See Figure 15.)
21
Figure 15. Add the GPO to the domain.
Note
You can link the GPO to an OU that contains users. The GPO rule linked to an
OU will apply only if the user stored within this OU is currently logged in to
the client machine.
Step 4. Create a local PA rule or use the Community rule.
Now choose whether you'll use the PA rule configuration wizard to create your own
rule. Or, instead of creating your own rule, you may use the GPO rules other system administrators have configured and uploaded to the Community Rules
Exchange server. Use the link to view the required steps to perform.
To create your own rule from scratch:
1. Within the All GPOs node, select the GPO from the list under the
desired domain that your local computer is a part of.
2. Click the
New Rule button and a wizard will be displayed (see
Figure 16.). Walk through the wizard by clicking Next to specify all
the necessary data to configure the rule as described in Step 5.
Figure 16.Selecting to add a rule to existing GPO.
Step 5. Use the PA rule configuration wizard to define the rule.
22
By default the following steps are available: Description, Type, Groups, Platforms, and Rules (with Platforms and Rules available only in PA Professional).
The Privileges and Integrity steps show as advanced options. (See Figure 17.)
Only the fields marked * on the Description and Type tabs of the wizard are mandatory, all the others are optional. If you happen to miss specifying any of the
required data, the wizard will warn you on this right after you click Finish.
Figure 17.The Privilege Authority wizard’s main window.
1. Within the first screen of the wizard, enter a name for the rule so
you can identify it.
You may also choose to share your rule with the community by
marking your choice in the corresponding box (see Figure 18.).
You can share the rule at any time later, when you have tested
the rule.
If you choose to share the rule, you will be presented with the
Privilege Authority Community Forum registration dialog shown
on Figure 37.of the Registering with the Community Rules
Exchange Server section.
23
Figure 18.Specify a title and optionally share the rule with the community.
24
Figure 19.Registering to upload to the Community Exchange server.
Click Next to continue.
2. The Type screen presents several rule types (the number of types
varies depending on the Privilege Authority edition) between which
you may choose. Let’s select the first option, By Path to the
executable, and specify the path to an EXE or MSI. You can either
enter a full or partial path, e.g. *\filename.extension. Use the following formats: \\ComputerName\SharedFolder\Resource
or DriveLetter:\Filename.
For this example enter *\ITunesSetup.exe.
Note
When saving the rule, consider that PA converts the specified path into existing environment variables.
You may optionally fill in other fields provided. Switch to the next
tab (or click the Next button at the bottom of the dialog) and enter
the necessary data.
25
The rule types and their settings configuration are detailed in the
Privilege Authority Administrator’s Guide.
Figure 20.Specify the GPO rule type and fill in the required fields.
3. (Optional) The next screen is where you select a Group whose
rights are to be applied to the process. A Group can be added or
removed from a process by using the
button. In this case
select the
button which will add the Administrators Group to
the list (this is the group stored within the BUILTIN\Administrators Active Directory OU). (See Figure 21.)
Note
Security Groups from Domain AD having "Built-In local"
Group Scope property can be added to a security token
of the process on the client machine only if there is the
same group with the same SID among local security
built-in groups.
Note
When removing a group from the security token, ensure
that the user account under which the process is
launched is a member of more than one primary group.
Otherwise, rule won't apply as intended.
26
Figure 21.Add the Administrators group to the security token of the
process.
4. (Available only for Privilege Authority Professional) (Optional)
Define on which machine type, all servers and/or all workstations, and/or on which operating system(s) the process may
start. (See Figure 22.)
Figure 22.Specify the platforms to apply the new rule on.
5. (Available only for Privilege Authority Professional) (Optional)
27
The Rules tab allows you to specify additional validation logic
rules to apply to the process.
In this very example, let's target the rule to the computers
belonging to the OUs that end with "DEPARTMENT" and are in subnet 192.168.0.X except for the IP address 192.168.0.1.
Figure 23.Specify additional parameters to the rule.
1. On the Rules tab of the Create Rule Wizard, click
Add to open the Add Validation Logic Rule window.
(See Figure 23.
2. Within the Add Validation Logic Rule window,
select the OU (Computer) rule type.
3. To specify our rule's value, in the Name field
type:
*department
The "*" wildcard stands for 0 or any number of any
characters at the beginning of the OU name. The
"?" wildcard standing for a single character is also
supported.)
And then click the
button.
28
Figure 24.Building the rule that will apply to the OUs
which names end with "department".
4. Switch to the IPv4 Range rule type and set the beginning and the end part of the IP address range to
192.168.0.2 and 192.168.0.255 respectively.
5. Click OK. The window will show to list the set of rule's
values. By default the values are combined with the
OR Boolean logic.
6. But in our case, we'll make the rule use the
AND operator by selecting the corresponding option at
the bottom of the Validation Logic Rules window
(see Figure 25.).
Figure 25.Adding multiple validation rules.
6. Click Finish to save the rule.
29
Note
More options to create the rule are described in the Privilege Authority Administrator's Guide.
7. (If applicable) If you have previously chosen to share the rule
with the community confirm or edit in the dialog that will open.
Figure 26.Setting the details to share the rule.
Step 6. Save the rule.
Upon quitting the wizard, click the
Save button on the menu bar of the Rule
section. If asked, confirm the saving of the rule. (See Figure 27.)
Figure 27.Save the rule.
Once the rule is created, the GPO’s icon will change to the
icon to notify that the
GPO contains a rule and will be listed within the GPOs with Rules node. (See Figure 28.)
30
Figure 28.The special icon indicates that GPO is assigned with a rule.
The ItunesSetup.exe file installation should be allowed once the Group Policy is updated on
the client. (See Figure 29.)
Figure 29.The installation has been allowed via Privilege Authority.
l
To delete/modify/test (the latter requires Privilege Authority Client installed on
the PA Server host) or share the selected rule with the community, use the corresponding toolbar buttons (see Figure 30.).
For more info on these operations, please refer to the Privilege Authority Administrator’s Guide.
31
Figure 30.Use the toolbar to manage a GPO rule.
l
To delete the GPO created with Privilege Authority, use Microsoft Group Policy
Management Console.
32
USING GPO RULES CONFIGURED BY OTHER USERS (COMMUNITY RULES EXCHANGE)
The ScriptLogic team has created and supports a special GPO rules database stored on the
Community Rules Exchange server. By using the Community Rules Exchange feature, you
can make use of the GPO rules other system administrators have shared on the server as
well as upload your own rules.
You can also access this Rules Exchange database to get a sample list of GPO settings that
may be used in an environment and know how they can be defined with Privilege Authority.
This feature is available within any of the Privilege Authority editions.
l
Once you open the Privilege Authority Console, click All Rules located under
the Community section. The list of rules will show (provided that PA Console
could successfully connect to the Rules Exchange server over the Internet).
(See Figure 31.)
Figure 31.The Community Rules list.
Use the Community rules to:
l
l
l
apply the Community rules in your domain
share your rules with the community (see the Privilege Authority Administrator’s Guide) edit, comment and rate the Community rules (see the Privilege Authority 2.0
Administrator’s Guide).
Applying Community Rules to your Domain
To make use of a certain rule within the Community list or just to see how the GPO settings can be configured with Privilege Authority:
1. Within the All Rules section of the Community node of the Privilege Authority
Console, select the rule, and then click the
rule settings will open. ( Figure 32.)
Import icon. A dialog with the
33
Figure 32.Opening the community rule dialog.
If you are using the Privilege Authority Community Edition and try to import a rule
with any of the Privilege Authority Professional features, a special notification will
show (see Figure 33.). By clicking Yes, you’ll open the Import Rule Wizard window that will show all the rule settings except for the Professional ones.
Figure 33.Importing a rule with a Pro feature running PA Community Edition.
Note
If the list of rules does not populate automatically, try the following: click
Help -> Proxy Settings, and specify the proxy server data in the window that
will open. (See Figure 34.)
Figure 34.Specifying the proxy server settings.
2. (Optional) You may switch between the available tabs of the dialog to view its
settings or adjust the GPO rule to your needs.
34
3. Click the GPO tab to assign the rule to an already existing GPO in your environment. (Follow the link if you'd like to create a custom GPO to link the rule
to.) (See Figure 35.)
Figure 35.Selecting a GPO to apply the rule to.
4. Click Finish to add the rule to your domain’s GPO settings.
The rule will now display in the list of rules of the corresponding GPO under the Local
Rules node. (See Figure 36.)
Figure 36.A community rule has been set to apply to a GPO in your domain.
The rule will apply, once the Group Policy is updated on the client machine.
Refer to Privilege Authority Administrator’s Guide for other operations with the Community rules.
35
REGISTERING WITH THE COMMUNITY RULES EXCHANGE SERVER
When you upload your rules to the Community Rules Exchange Server, view the My
Shared Rules node content, or want to place a comment on a Community rule, you first
have to be authorized by the server. To do this, fill in the Register or Sign-In form (see
Figure 37.):
l
l
If you are already registered on the forum, enter your email and password in
the corresponding fields of the Login section and click Login.
If you are not yet registered with the community, click on the Register on the
web link. You will be directed to the Privilege Authority Community Forum registration page. Fill in every field of the form that will be shown. Click Register.
You may also use the Register tab of the dialog, to fill in the registration form.
When registering into the community server, please note that the password restriction policy must compile with the current password policy of the Rules Exchange Server, e.g. currently it must consist of at least 7 characters.
Figure 37.Registering to upload to the Privilege Authority Community Exchange server.
36
Tip
To prevent connection problems when registering over the internet, consider
specifying your proxy server settings in the PA Console before you proceed
with registration.
To log in at the server as a different user:
l
Click Help -> Logout of Rules Exchange. Now, when required, you’ll be
asked to provide your login details.
37
Index
C
Community Rule
17, 33
downloading
33
L
Logging into Rules Exchange
36
P
PA Client Installation
14
PA Console
opening
15
PA rule
creating
PA Server installation
17
13
38
Related documents
Resistance to Acknowledging Privilege or “Isms”
Resistance to Acknowledging Privilege or “Isms”
Special Topics in History
Special Topics in History
BP 2015 Student Member(s)
BP 2015 Student Member(s)
Download