Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.4 - Administrator Guide

About this guide What is Privilege Manager? Installing Privilege Manager Configuring client data collection Configuring instant elevation Configuring self-service elevation Configuring temporary session elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI Customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

About this guide

Welcome to the KACE Privilege Manager for Windows Administrator Guide. This guide instructs system administrators on how to use Privilege Manager. Inside you will find in-depth instructions on how to prepare your environment for least privileged use, maintain a least privileged environment, run reports, and interface with Microsoft tools.

For more information, refer to these additional resources:

For system administrators:

  • Privilege Manager Quick Start Guide: Learn about the Privilege Manager system requirements and how to set up the Console, Server, and Client. Also read an overview of the product’s key features and the wizards that will help you use them.
  • Privilege Manager for Windows Console: Find more information on the Getting Started screen under the Additional Resources tab.

For end users with the Privilege Manager Client service installed on their computers:

  • Privilege Manager for Windows User Guide: Learn the basics of using Privilege Manager for Windows, including how to use Self-Service Elevation, Instant Elevation, and view rules.

What is Privilege Manager?

Giving users administrator rights creates security risks but must be weighed against constant help desk calls for basic operations like updating Adobe Reader, Java, or simply changing the time zone on desktops.

Privilege Manager lets you grant selected privileges to users so they can update their own computers, reducing help desk calls while maintaining a secure network. By automating user privilege settings, Privilege Manager keeps users working; this enables you to focus on higher priority tasks, for exceptional resource and time savings.

As a system administrator, you can use Privilege Manager to elevate and manage user rights quickly and precisely with validation logic targeting technology. Use privilege Elevation rules from the community, or create your own rules and allow administrator-level access to specific applications. You can also enable your end users to request elevated privileges for specific applications through Self-Service and Instant Elevation.

Editions

Privilege Manager is available in the following editions:

  • Privilege Manager Community: This edition is free and does not require a license. You can collaborate, brainstorm new Elevation rules, share rules with other users, and provide bug reports and enhancement requests to Quest Software.
  • Privilege Manager Professional: This edition requires a paid license and includes additional security, discovery, and reporting capabilities, as well as technical support from Quest Software.
  • Privilege Manager Professional Evaluation: This edition is the free 30-day trial period for Privilege Manager Professional. If you do not buy a license after 30 days, the software will revert to the lesser-featured Community edition. You won't have the Professional features, but you can keep the Community edition just for trying Privilege Manager.

When reverting back to the Community edition, you will need to re-save all computer-based Group Policy object (GPO) rules as user-based. Computer-based rules will no longer work on the client-side once the trial expires.

Components

There are three software components included with Privilege Manager: the Console, Server and Client.

Console

The Privilege Manager Console, installed via PAConsole_Pro.msi, is a management application. It is installed on a domain computer (serveror workstation) and is used to create and manage rules within the Group Policy. Any user who has permission to edit a GPO can use the Console to set privileges.

Server

The Privilege Manager Server, installed through the Console, is a service which has several functions. It can deploy the Client, collect and report on data, and discover and process applications that require elevated privileges.

Client

The Privilege Manager Client, installed through PAClient.msi, is a service that runs on each client computer. It applies the rules created in the Console by monitoring processes as they are launched on the Client and elevates or lowers the privileges for processes that are configured to be monitored. This is done by injecting an administrative token into the process or revoking it.

Microsoft Active Directory and Group Policy are used to distribute Privilege Manager rules to client computers.

Privilege Manager can modify privileges only for a standard user account, not a guest account. Elevated privileges can be revoked even if the user is a local admin.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating