Privilege Management
Sectona Windows Privilege Management allows System Administrators to group together Applications that will be elevated as required, provided they meet one or more of the following set of criteria.
Applications that originate from a trusted source, such as Software Distributor, Updater, Network Location, Installation Package Publisher or applications that belong to a specific Product or are installed by a specific User/Group, a designated user or user group (for example, a member of the IT staff who can resolve End-user requests), trusted to perform maintenance operations on End-user Computers.
Trusted Sources permit approved Applications to run and enable an organization to create a tightly monitored environment, in compliance with the Least Privilege principle. This is done by defining most End-users as Standard Users while temporarily elevating the permission level of specific processes, allowing them to "execute" approved Applications.
This section contains:
Managing EPM Libraries
Sectona EPM offers full visibility of your desktop/server environment by continuously monitoring regular Applications that can be executed in standard user context. EPM also provides detailed information with regard to which Applications require administrative rights. This information can help making decisions about the divisions of your organization that should be granted different rights on desktops. The justifications for elevating user privileges, either per Application or by granting administrative rights, can vary by individual user or a group of users. Even within the same division, a hierarchy of employees may exist and the rights can differ. The types of Application supported in WPM are:
Application EXE
WindowsInstaller MSI
ManagementConsole MSC
PowerShellScript PS1
Adding a library into EPM
To add a library in EPM, follow the steps given below:
Login to the system and select EPM from the product navigator.
Go to Manage → Privilege Management → Application Library.
Provide the required details:
Application Name: Provide the name of the application
Application Type: select the type of the application from the drop-down list
Description: Provide a suitable description
Application Status is set to Active by default.
Publisher Name: Specify the publisher name of the application
Digital Signatory: Specify the Digital Signature of the application
File Name: Specify the executable file name
File Directory: Specify the path of the executable file
Hash Values SHA256: Specify the Hash values if provided during the application
Click on Save.
Updating a library in EPM
If you want to update/change library details, you can click on the library's (3 dot) more options icon and select Edit then a form will appear. Make the necessary changes. Click on the Update button. This action will update your library.
Deactivating a library in EPM
To deactivate a library, follow the given steps:
Login to the system and select EPM from the product navigator.
Go to Manage → Privilege Management → Application Library.
Click on the (3 dot) more options icon of library you want to deactivate and select Edit.
Toggle the status slider to Active .
Click on Save.
You can again activate the library by checking the Active button and saving the configuration.
Deleting a library in EPM
To delete a library, follow the given steps:
Login to the system and select EPM from the product navigator.
Go to Policy→ Application Library
Click on the (3 dot) more options icon of library you want to delete and select Edit.
Click on the Delete button.
A pop-up will appear on the screen for confirmation, click Yes and this will delete the library from the EPM
Please note that you can't access deleted libraries as this active deletes the data permanently.
Managing AD Group Policies
Developing a clear understanding of the applications that are being executed on your desktops and servers is a significant factor, contributing to the success of establishing Application Control and Privilege Management within your environment. EPM silently monitors the activity of End-users related to unhandled Applications. Monitoring is a critical step before applying any restrictions, such as applying the Block policy or blocking execution, and before making decision about granting administrative rights to Applications.
The most efficient way to application control is to create policies for well-known trusted sources. This reduces the number of polices that you need to create
Adding an AD group policy
To add an AD group policy in EPM, follow the below steps:
Login to the system and select EPM from the product navigator.
Go to Manage→ Privilege Management → AD Group Policies → +Add AD Group Policy
Provide the required details:
Policy Name: Provide a unique name for the policy
Description: Provide a suitable description
Directory Store: Select the Directory Store from the drop-down list
Server Group(s): The respective Server group(s) will be fetched automatically and you have to select them from the drop down menu.
Learning Mode: If set to Active then EPM will not check the policy configuration and it will directly elevate the application under the local admin rights for selected AD group policy. If learning mode is set to Inactive then EPM will check the policy configuration and elevate the application only if there is a corresponding policy for the said application.
Make sure to tick the Active checkbox and click on Save.
Updating an AD group policy
If you want to update/change policy details, you can click on the action button and select the Edit option. A form will appear. Make the necessary changes. Click on the Update button. This action will update your policy.
You can monitor the changes made to AD Group Policy by clicking on the :Action_button: button of respective policy and selecting View Trail option.
Deactivating an AD group policy
To deactivate a AD group policy, follow the given steps:
Login to the system and select EPM from the product navigator.
Go to Manage→ Privilege Management → AD Group Policies → +Add AD Group Policy
Click on the (3 dot) more options icon of library you want to deactivate and select Edit.
Toggle the status bar.
Click on Save
Deleting an Application from AD group policy
To delete a policy, follow the given steps:
Login to the system and select EPM from the product navigator.
Go to Manage→ Privilege Management → AD Group Policies → +Add AD Group Policy
Click on the (3 dot) more options icon of library you want to delete and select Edit.
Click on the Delete button
A pop-up will appear on the screen for confirmation, click Yes and this will delete the policy from the EPM.
Please note that you can't access deleted policies as this active deletes the data permanently.