NetWrix Privileged Account Manager Version 4.1 User Guide

Similar documents
NetWrix Account Lockout Examiner Version 4.0 User Guide

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Administrator s Guide

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Quick Start Guide

Alerts Specification. NetWrix SCOM Management Pack for Active Directory Change Reporter Technical Article

Netwrix Auditor. Tips and Tricks: How To Create Custom Active Directory Alerts. Version: /22/2014

NETWRIX PASSWORD EXPIRATION NOTIFIER

NETWRIX PASSWORD EXPIRATION NOTIFIER

NETWRIX INACTIVE USER TRACKER

CONFIGURING TARGET ENVIRONMENT FOR AUDIT BY NETWRIX WINDOWS SERVER CHANGE REPORTER TECHNICAL ARTICLE

NETWRIX GROUP POLICY CHANGE REPORTER

NETWRIX WINDOWS SERVER CHANGE REPORTER

NETWRIX CHANGE REPORTER SUITE

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

HOW TO CONFIGURE REAL-TIME ALERTS FOR NETWRIX NON-OWNER MAILBOX ACCESS REPORTER FOR EXCHANGE

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

NetWrix SharePoint Change Reporter

NetWrix Group Policy Change Reporter

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Security Explorer 9.1. User Guide

Deploying a System Center 2012 R2 Configuration Manager Hierarchy

User Manual. Active Directory Change Tracker

Netwrix Auditor for SQL Server

Netwrix Auditor for Active Directory

CA Clarity Project & Portfolio Manager

Knowledge Portal 2.6. Installation and Configuration Guide

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Netwrix Auditor. Administration Guide. Version: /31/2017

Netwrix Auditor for Active Directory

Connector for Microsoft SharePoint Product Guide - On Premise. Version

Netwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

NETWRIX BULK PASSWORD RESET

Centrify Infrastructure Services

User Account Manager

Netwrix Auditor Add-on for Solarwinds Log & Event Manager

Monitoring SQL Servers. Microsoft: SQL Server Enhanced PowerPack version 101

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

HP Intelligent Management Center SOM Administrator Guide

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

HP Enterprise Integration module for SAP applications

StarWind Native SAN Configuring HA File Server for SMB NAS

Configuring Microsoft Windows Shared

Netwrix Auditor Add-on for Privileged User Monitoring

LepideAuditor. Current Permission Report

Important notice regarding accounts used for installation and configuration

Setting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

One Identity Active Roles 7.2. User's Guide

Quest Knowledge Portal Installation Guide

Management Console for SharePoint

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

Connector for Microsoft SharePoint Product Guide - On Demand. Version

Windows Server 2003 Network Administration Goals

Rapid Recovery License Portal Version User Guide

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

Quest Privilege Manager for Windows 4.1. Administrator Guide

Windows Server 2008 Active Directory Resource Kit

HPE ALM Excel Add-in. Microsoft Excel Add-in Guide. Software Version: Go to HELP CENTER ONLINE

Quest ChangeAuditor 5.1 FOR LDAP. User Guide

Copyright and Legal Disclaimers

Netwrix Auditor. Release Notes. Version: 9.6 6/15/2018

Published By Imanami Corporation 5099 Preston Ave. Livermore, CA 94551, United States. Copyright 2008 by Imanami Corporation.

EMC SourceOne for Microsoft SharePoint Version 6.7

Avaya Event Processor Release 2.2 Operations, Administration, and Maintenance Interface

Getting Started with n-command

One Identity Active Roles 7.2. Feature Guide

LDAP Configuration Guide

2011 Quest Software, Inc. ALL RIGHTS RESERVED.

HPE Intelligent Management Center v7.3

JAMS 7.X Getting Started Guide

Faculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 7 Permissions

One Identity Active Roles 7.2. Product Overview Guide

ELM Server Exchange Edition ArchiveWeb version 5.5

Vector Issue Tracker and License Manager - Administrator s Guide. Configuring and Maintaining Vector Issue Tracker and License Manager

Instant HR Auditor Installation Guide

T E KLYNX CENTRAL I N S T A L L A T I O N G U I D E

Centrify Infrastructure Services

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

Xcalibur Global Version Rev. 2 Administrator s Guide Document Version 1.0

Symantec ediscovery Platform

User Manual. ARK for SharePoint-2007

One Identity Manager Administration Guide for Connecting Oracle E-Business Suite

Nortel Quality Monitoring Search and Replay Guide

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

TIBCO Spotfire Deployment and Administration Manual

One Identity Active Roles 7.2. Skype for Business Server User Management Administrator Guide

Quest Migration Manager Upgrade Guide

INSTALLATION GUIDE Spring 2017

Oracle Banking Digital Experience

ES CONTENT MANAGEMENT - EVER TEAM

Quest Collaboration Services 3.6. Installation Guide

LepideAuditor for File Server. Installation and Configuration Guide

Orgnazition of This Part

Using SQL Reporting Services with isupport

Tzunami Deployer Confluence Exporter Guide

Quest Access Manager 1.6. Quick Start Guide

Setting Up Two Year Old Funding for Local Authorities

Transcription:

NetWrix Privileged Account Manager Version 4.1 User Guide

Table of Contents 1. Introduction... 1 1.1 About Security Roles... 1 2. Configuring Product... 2 2.1 Configuring Child Folders... 2 2.2 Configuring Password Maintenance Settings... 3 3. Using Account Manager... 4 3.1 Accessing Account Manager... 4 3.2 Adding New Managed Accounts... 5 3.2.1 Adding an Account... 5 3.2.2 Adding a Set of Accounts... 6 3.3 Obtaining an Account Password... 7 3.4 Viewing Audit Information... 8 3.4.1 Viewing Reports on Accessing Account Password... 8 3.4.2 Viewing Advanced SSRS Reports... 8 4. Contacting NetWrix... 9 5. Disclaimer... 9 Page ii

1. Introduction (also known as Account Manager or PAM) is an easy-to-deploy Web-based application that provides a secure facility for management of shared administrative accounts (referred to as managed accounts in this guide) in your organization. With the help of Account Manager you can: Provision, deprovision, and automatically update the account passwords; Synchronize account passwords and Windows Services\Scheduled Tasks running under those accounts; Audit access to all managed accounts. This document is intended to assist you to use the product. The set of activities you can perform with PAM depends on your security role. 1.1 About Security Roles The product uses the role-based security model that allows IT administrator to assign access permissions to users based on their roles rather than on their individual identities. A role is a category of users who share the same security privileges. There are four security roles in PAM: Security Role Description Predefined Members System Administrator Account Manager Account Operator Report Viewer Provides complete and unrestricted access to all features and permissions to configure all settings for the product. Allows adding, removing and managing of accounts and PAM folders. Allows obtaining current passwords for all managed accounts. Allows viewing the PAM reports. The Domain Administrator and Enterprise Administrator groups in the management server domain. Page 1

2. Configuring Product To configure all settings of the product, you must be a member of the System Administrator role (see Product Administrator Guide). This section describes only the product settings you can configure if you are a member of the Account Manager role. 2.1 Configuring Child Folders Account Manager allows you to store managed accounts into virtual folders. By default, the product provides the Accounts root folder (see the screenshot on page 4). Under Accounts, you can create any hierarchic structure of child folders. To each child folder or even any individual account, you can apply specific password maintenance policy or let the account inherit policy settings from the parent folder. The password maintenance policy comprises such settings as maximum duration of the account checkout, schedule of the password changes, etc. To create a child folder, open the product main window and under Accounts, select a parent folder. Perform the following steps: 1. In the details pane, go to the Operations on this folder list. 2. Select Add Child Folder, and click Go. 3. In the Add Child Folder dialog box, specify the child folder name and click OK. Page 2

2.2 Configuring Password Maintenance Settings To configure password maintenance settings applied to a folder, please go to the product main window. Under Accounts, select that folder, and then perform the following steps: 1. In the details pane, go to the Operations on this folder list. 2. Select Change Password Settings, and click Go. 3. In the Password Maintenance dialog box, specify the appropriate settings, and click OK. This dialog provides the following control elements: Inherit password maintenance settings from parent folder: Inherits all settings from parent folder. When selected, other settings in this dialog take no effect. Change password after check in: Causes PAM to change the account password each time it is checked in. Maximum password checkout duration: Specifies the duration (in minutes) of the password check out operation. The account is automatically checked in after this time period has elapsed. Automatically change password every: Specifies the password changes schedule. You can also configure password maintenance settings applied to an individual account using the following procedure: 1. In the product main window, go to Accounts, and select the folder where the account resides. 2. In the details pane, select the account under Details and open the Password Maintenance tab. 3. Click Edit, and then complete the Password Maintenance dialog box. Page 3

3. Using Account Manager This section discusses a basic scenario that includes the following steps: Accessing the product Web interface Adding new managed accounts Obtaining an account password Viewing audit reports 3.1 Accessing Account Manager You can access the product Web interface from any network client computer with a Silverlightcompatible operating system, and Microsoft Silverlight 4.0 and Internet Explorer 6.0 or later installed. To access the product Web interface: On a client computer, in Internet Explorer, open the page at http://%account Manager%, such as http://web.mycompany.com/pam You will be prompted to specify a user account used to access PAM. This account must belong to PAM security roles (see About Security Roles earlier in this paper). The product main window is in the following screenshot: To access the product functionality, use links in the left pane: Accounts: Provides all operations on managed accounts (available for System Administrator, Account Manager, and Account Operator). Security Roles: Assigns the PAM security roles to specific User accounts (available only for System Administrator). Audit Reports: Provides access to the product audit reports (available for all roles). Administration: Sets up the product administration settings (available only for System Administrator). Page 4

3.2 Adding New Managed Accounts By default, the list of managed accounts is empty. To start using the product, you must have at least one managed account. Managed accounts can reside into the Accounts folder of PAM or in any child folder of Accounts. You can add an individual account or import a set of accounts that meet specific criteria. To perform operations described in this section, you must be System Administrator or Account Manager. 3.2.1 Adding an Account PAM provides the Configure Managed Account wizard designed to add new managed domain or local accounts. You can add managed accounts to the Accounts folder (or to any of its child folders) in PAM main window. To start the Configure Managed Account wizard from the product main window, do one of the following: To add account to the Accounts folder, click New Managed Account. To add account to a child folder of Accounts, in the left pane, select that folder, and in the right pane, click Add Account, and then click Wizard. To complete the wizard, perform these steps: 1. On the Welcome page, click Next. 2. On the Specify Managed Account page, do the following, and click Next: From the Account Type list, select the account type (Windows Domain or Windows Local). In Account Name, specify the name in Domain\Login or Computer\Login format, respectively. You can add only existing accounts from the domain where the management server is installed. 3. For Windows Domain accounts, on the Specify Systems page, optionally, specify a list of computers on which windows services or scheduled tasks will run under this account. 4. On the Final Notice page, click Finish. Page 5

3.2.2 Adding a Set of Accounts The product provides the Account Discovery feature that allows you to import (add) a set of managed accounts meeting the specific criteria. For example, you can import domain accounts from a specific Organizational Unit or local accounts that reside on specific machines. To add a set of managed accounts, perform the following steps: 1. In the product main window, under Accounts, select the folder to which to add accounts. 2. In the details pane, from the Operations on This Folder list, select Discover New Accounts, and click Go. The Account Discovery dialog box opens. 3. To add domain accounts, do the following: 1) Select Import domain accounts from. 2) To import an explicitly specified set of accounts, select List or file, click Edit List, and then specify the accounts list in the Domain Accounts List dialog box. 3) To import accounts from an OU, select Organizational Unit, specify the OU distinguished or canonical name, and optionally, select the Filter by account names check box, and specify the name filter, such as Adm*. 4) Optionally, to specify computers on which windows services or scheduled tasks under managed accounts run, select the Discover Systems check box, and enter the semicolon separated list of IP addresses or ranges. 4. To add local accounts, do the following: 1) Select Import local accounts from. 2) To import an explicitly specified set of accounts, select List or file, click Edit List, and then specify the accounts list in the Local Accounts List dialog box. 3) To import accounts from specific computers, select Computers, and enter the semicolon separated list of IP addresses or ranges. 4) Optionally, select the Filter by account names check box, and specify the account name filter. Page 6

3.3 Obtaining an Account Password At any time you can obtain the current password of a specific managed account. To get the managed account password: 1. In the left pane, under Accounts, click the folder where the managed account resides, and then select it in the details pane, under Managed Accounts. 2. Under Details, open the Password Access tab, click Check out and let the product retrieve or generate the account password. 3. To view password, click Show. The product displays the password next to Current password. You can log on to the managed computers and perform administrative tasks using this password. Once you have completed administrative activities, click Check in to stop the managing account and allow other PAM users to access the account information. Note that the account password can be reset after you check it in (for details, see Configuring Password Maintenance Settings earlier in this guide). Page 7

3.4 Viewing Audit Information PAM provides two types of audit reports: reports on all attempts to access the password information for specific managed account, and a set of advanced reports powered by Microsoft SQL Server Reporting Services (hereafter SSRS). The SSRS reports on the following events are available: Automatic updates of password Use of password by specific account Use of password by specific requestor Automatic check-ins of password Rarely used accounts Unused accounts This section explains how to view the PAM reports. To view audit information, you must be at least a member of the Report Viewer security role. 3.4.1 Viewing Reports on Accessing Account Password To view reports on attempts to access the password information for specific managed account, perform the following steps: 1. In the left pane, under Accounts, click the folder where that account resides, and then select it in the details pane, under Managed Accounts. 2. Under Details, open the Audit Trail tab. A sample report for the EMTEST2008\JSmith account is shown below: 3.4.2 Viewing Advanced SSRS Reports To view SSRS-based reports, perform the following steps: 1. In the product main window, expand the Audit Reports node. 2. Under this node, click the link to view the report and click View report in the details pane. The report opens in a separate window. Page 8

4. Contacting NetWrix If you have any questions please feel free to contact the NetWrix support team. NetWrix provides unlimited phone and email support for customers who purchase the commercial version (including evaluation). In addition, on the NetWrix Support Forum, a limited support is provided for customers who use the freeware version. 5. Disclaimer The information in this publication is furnished for information use only, does not constitute a commitment from NetWrix Corporation of any features or functions discussed and is subject to change without notice. NetWrix Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. 2011 NetWrix Corporation. All rights reserved. www.netwrix.com Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback