From 4f70e01374d2a4b9dc5a4ee193bbe9fd432eadbf Mon Sep 17 00:00:00 2001 From: Corbin Anderson Date: Tue, 15 Jul 2025 16:37:20 -0600 Subject: [PATCH 1/3] Updated Notes and acutions with script, updated in line bold for steps --- .../accesscertification/entitlements.md | 25 ++++++-- .../accesscertification/users.md | 15 ++++- .../AuditReporting/logfiles/logfileoptions.md | 5 +- .../4.2/admin/AuditReporting/reporting.md | 5 +- .../authentication/authenticationconnector.md | 5 +- .../openidconnectauthentication.md | 10 +++- .../openidconnectconfiguration.md | 10 +++- .../authentication/samlconfiguration.md | 10 +++- .../integrationaccessanalyzer.md | 10 +++- .../integrationbyov/byovconnectorconfig.md | 29 +++++++-- .../integrationconnectors.md | 5 +- .../serviceaccounts/entraidappregistration.md | 5 +- .../systemsettingspages/services.md | 10 +++- .../4.2/admin/dashboard/active/liveviewer.md | 5 +- .../admin/dashboard/active/startsession.md | 5 +- .../4.2/admin/dashboard/credentials.md | 5 +- .../dashboard/historical/replayviewer.md | 26 ++++---- .../interface/accesspolicy/accesspolicy_1.md | 11 ++-- .../activitytokencomplexity_1.md | 7 ++- .../connectionprofiles/connectionprofile.md | 16 +++-- .../connectionprofileapproval.md | 31 ++++++---- .../connectionprofiles/connectionprofiles.md | 5 +- .../credentialbasedpolic/activities.md | 2 +- .../credentials/addcredentials.md | 11 ++-- .../addactivitiesandactivitygroups.md | 8 +-- .../addresourcesandresourcegroups.md | 9 ++- .../admin/interface/activities/activities.md | 15 ++++- .../interface/activities/activity/activity.md | 6 +- .../activity/activityloginaccounttemplates.md | 39 ++++++------ .../activities/addaction/addaction.md | 23 ++++--- .../credentials/accountdependencies.md | 2 +- .../credentialgroups/addcredentials.md | 17 +++--- .../credentialgroups/credentialgroup.md | 6 +- .../credentialgroups/credentialgroups.md | 5 +- .../credentialpolicyoverrides_1.md | 11 ++-- .../interface/credentials/credentials.md | 5 +- .../passwordcomplexity/passwordcomplexity.md | 5 +- .../schedulepolicies/schedulepolicies.md | 5 +- .../schedulepolicies/schedulepolicy.md | 7 ++- .../schedulepolicies/schedulepolicy_1.md | 11 ++-- .../protectionpolicies/allowedmembers.md | 23 +++---- .../protectionpolicies/protectionpolicy.md | 6 +- .../resources/addresources.md | 8 +-- .../addandchange/addnewserviceaccount.md | 2 +- .../addresourcesonboard.md | 44 +++++++++----- .../addresourcesonboard/resourceimportcsv.md | 6 +- .../resources/addandchange/changeplatform.md | 9 ++- .../addandchange/changeserviceaccount.md | 9 ++- .../resources/addandchange/database.md | 7 ++- .../resources/addandchange/domain.md | 8 +-- .../addandchange/secretvault/secretvault.md | 9 ++- .../secretvault/secretvaultconfig.md | 20 ++++--- .../resources/addandchange/website.md | 2 +- .../configuresecurewinrmconnection.md | 5 +- .../detailspages/databases/databases.md | 5 +- .../detailspages/entraid/groupsentraid.md | 5 +- .../detailspages/entraid/usersentraid.md | 5 +- .../website/urlswebsite/addwebsiteurl.md | 7 ++- .../website/userswebsite/addamanageduser.md | 5 +- .../interface/resources/removeresource.md | 9 ++- .../resourcegroups/addresourcestogroup.md | 6 +- .../resources/resourcegroups/resourcegroup.md | 6 +- .../usersgroups/add/addusersandgroups.md | 8 +-- .../interface/usersgroups/add/application.md | 6 +- .../interface/usersgroups/add/localuser.md | 6 +- .../usersgroups/rolemanagement/customrole.md | 4 +- .../rolemanagement/rolemanagement.md | 5 +- .../addactivitiesandgroups.md | 8 +-- .../rolemanagementcustom/addpolicies.md | 2 +- .../addresourcesandgroups.md | 6 +- .../rolemanagementcustom/addroleusers.md | 4 +- .../rolemanagementcustom/changepermissions.md | 6 +- .../rolemanagementdefaul/addadministrators.md | 8 +-- .../rolemanagementdefaul/addreviewers.md | 8 +-- .../authenticationconnector.md | 5 +- .../policies/addaccounttopolicies.md | 10 ++-- .../usergroupapplication/resetmfa.md | 2 +- .../usergroupapplication.md | 5 +- .../4.2/admin/myactivities/createsession.md | 10 +++- .../4.2/admin/navigation/aboutpage.md | 5 +- .../4.2/admin/navigation/importlicense.md | 5 +- .../4.2/admin/troubleshooting.md | 25 ++++++-- .../active/startsession/rdcmanager.md | 10 +++- .../active/startsession/startsession.md | 5 +- .../4.2/enduser/myactivities/createsession.md | 5 +- docs/privilegesecure/4.2/enduser/overview.md | 5 +- .../4.2/install/components/components.md | 29 +++++++-- .../4.2/install/components/setuplauncher.md | 60 +++++++++++++++---- .../4.2/install/firstlaunch.md | 46 ++++++++++---- docs/privilegesecure/4.2/install/login.md | 20 +++++-- .../servicesonadditional/actionservice.md | 15 ++++- .../servicesonadditional/proxyservice.md | 55 ++++++++++++----- .../servicesonadditional/rdpmonitor.md | 15 ++++- .../servicesonadditional/schedulerservice.md | 10 +++- docs/privilegesecure/4.2/install/upgrade.md | 25 ++++++-- .../enduser/dashboard/approvals.md | 5 +- .../4.2/remoteaccessgateway/enduser/login.md | 5 +- .../enduser/myactivities/createsession.md | 5 +- .../enduser/sessiontimeout.md | 5 +- .../4.2/requirements/applicationserver.md | 5 +- .../4.2/requirements/awskey/awskey.md | 15 ++++- .../4.2/requirements/awskey/awskeyrotation.md | 5 +- .../4.2/requirements/client.md | 5 +- .../privilegesecure/4.2/requirements/ports.md | 5 +- .../active/startsession/startsession.md | 5 +- .../myactivities/createsession.md | 5 +- .../4.2/revieweruser/overview.md | 5 +- 107 files changed, 812 insertions(+), 344 deletions(-) diff --git a/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md b/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md index 1680b4a48a..b33349bc07 100644 --- a/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md +++ b/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md @@ -23,8 +23,11 @@ The Entitlements table has the following features: - Approved – Existing access is approved - Denied – Access is removed for that specific user/resource/permission - **NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set + :::note + The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that attribute so that it can be re-enabled in the future. + ::: + - User Name – Displays the name of the account - Resource – Name of the resource @@ -69,8 +72,11 @@ The Review Activity Details window has the following features: - Approved – Existing access is approved - Denied – Access is removed for that specific user/resource/permission - **NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set + :::note + The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that attribute so that it can be re-enabled in the future. + ::: + - Name – Displays the name of the account - Resource – Name of the resource @@ -86,18 +92,27 @@ The Review Activity Details window has the following features: **Step 5 –** To remove access, select the applicable row(s) and click Deny. -**NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that +:::note +The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that attribute so that it can be re-enabled in the future. +::: + **Step 6 –** When the entitlements have been reviewed, click Close. Changes are saved to the selected access certification task and shown on the Entitlements Tab for Access Certification. -**NOTE:** It is not necessary to review all entitlements at once. Changes are automatically saved to +:::note +It is not necessary to review all entitlements at once. Changes are automatically saved to the selected access certification task and can be returned to at any time (the Status will show as Incomplete). +::: -**CAUTION:** Committed changes cannot be undone. A new access certification task must be created. + +:::warning +Committed changes cannot be undone. A new access certification task must be created. Alternatively, it is possible to manually reassign users to an access policy. +::: + **Step 7 –** When all entitlements have been reviewed, the Commit button is enabled. Click Commit to save the changes to user access. diff --git a/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/users.md b/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/users.md index 0715aeb8ea..ad9bfcc173 100644 --- a/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/users.md +++ b/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/users.md @@ -31,7 +31,10 @@ The Users table has the following features: Follow the steps to add users and groups to the access certification task. -**NOTE:** It is not possible to add or remove users after they have been added. +:::note +It is not possible to add or remove users after they have been added. +::: + **Step 1 –** Navigate to the Audit and Reporting > Access Certification page. @@ -64,16 +67,22 @@ Users/Groups table and it is immediately moved to the Users & Groups to Add tabl **Step 6 –** (Optional) Click a row in the Users & Groups to Add table to move it back to the Available Users/Groups table. -**CAUTION:** It is not possible to add or remove users after they have been added to the access +:::warning +It is not possible to add or remove users after they have been added to the access certification task. +::: + **Step 7 –** Click Add to add the user(s) and group(s) to the access certification task. The new user(s) and group(s) are added to the certification task and are shown on the Users Tab for Access Certification. -**NOTE:** Only the assigned reviewer can interact with the entitlements once the access +:::note +Only the assigned reviewer can interact with the entitlements once the access certification task is created. +::: + The reviewer can now log in to see the access certification task(s) assigned to them and begin the review process. See the [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md) topic for diff --git a/docs/privilegesecure/4.2/admin/AuditReporting/logfiles/logfileoptions.md b/docs/privilegesecure/4.2/admin/AuditReporting/logfiles/logfileoptions.md index 4be28420f6..66b2e60e2e 100644 --- a/docs/privilegesecure/4.2/admin/AuditReporting/logfiles/logfileoptions.md +++ b/docs/privilegesecure/4.2/admin/AuditReporting/logfiles/logfileoptions.md @@ -32,8 +32,11 @@ The right of the page shows details of the selected service and has the followin - Verbose – Extremely detailed logging - **NOTE:** There are not many Verbose log messages in Privilege Secure so the difference + :::note + There are not many Verbose log messages in Privilege Secure so the difference between Verbose and Debug is minimal. + ::: + - Debug – More information for detailed analysis of system behavior. Customer support may ask for logs with this log level enabled for troubleshooting purposes diff --git a/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md b/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md index c21b94d7bb..e6823b3a78 100644 --- a/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md +++ b/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md @@ -133,8 +133,11 @@ following attributes for a given user account: - Name - Privilege -**NOTE:** The Subscriptions tab will not be enabled until saving the report. See the Subscriptions +:::note +The Subscriptions tab will not be enabled until saving the report. See the Subscriptions Tab topic for additional information. +::: + ## Customize an Existing Report diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/authenticationconnector.md b/docs/privilegesecure/4.2/admin/configuration/authentication/authenticationconnector.md index 674428412e..98d783a77d 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/authenticationconnector.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/authenticationconnector.md @@ -20,8 +20,11 @@ Follow the steps to add an authentication connector to the console. - Connector Description (Optional) – Enter a brief description to identify the service account - Connection Type – Indicates the type of authentication -**NOTE:** Once the Connection Type is selected, additional fields become available. The available +:::note +Once the Connection Type is selected, additional fields become available. The available fields will change depending on the selection. +::: + **Step 4 –** Enter the information from the applicable authentication connector provider. See the [Authentication Page](/docs/privilegesecure/4.2/admin/configuration/authentication/authentication.md) section for detailed descriptions of the fields. diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectauthentication.md b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectauthentication.md index 1daf98bca4..81679b051a 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectauthentication.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectauthentication.md @@ -15,8 +15,11 @@ The following sections provide configuration information to use OpenID with an O In order to use the OpenID login functionality with Privilege Secure an Okta user must match a user in an AD domain that Privilege Secure is aware of. -**NOTE:** The user will also need to be given access to Privilege Secure by assigning them a role +:::note +The user will also need to be given access to Privilege Secure by assigning them a role from the Config->Role Management screen. +::: + To create a new user click the Directory menu item and select People from the drop-down. You should see this screen. @@ -39,8 +42,11 @@ Username will be matched against – under the Login Format dropdown: - User Principal Name - Email Address -**NOTE:** Okta doesn’t allow sAMAccountName to be used as the Username so we can’t use that one +:::note +Okta doesn’t allow sAMAccountName to be used as the Username so we can’t use that one here. +::: + Users in sbpam.local are all set up with both UPN and Email Address – but they’re not the same. diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md index 8edc95b373..e8c0601817 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md @@ -45,8 +45,11 @@ Follow the steps to verify the OpenID Connect configuration: [protocol]//[hostname]:[port] -**CAUTION:** In the next step, verify that the Sign In page displays as expected, but do NOT sign in +:::warning +In the next step, verify that the Sign In page displays as expected, but do NOT sign in at this step. +::: + **Step 4 –** Click Test Connection to verify the connection configuration. This opens the Sign In page in the browser. Do NOT sign in. @@ -110,9 +113,12 @@ from the provider and will vary: the previous step. This represents the format of the value that will be used to sign in to the MFA during log in. - **NOTE:** These are not the credentials that will be used during the login process; only an + :::note + These are not the credentials that will be used during the login process; only an example of the format of those credentials. The actual credentials used are unique to each user and are setup during the MFA registration process for that user. + ::: + **Step 11 –** Select a field to use for the User Id Field and click Select. diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md b/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md index 39bcb86d6f..6d1eb6c915 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md @@ -45,8 +45,11 @@ Follow the steps to verify the SAML configuration: [protocol]//[hostname]:[port] -**CAUTION:** In the next step, verify that the Sign In page displays as expected, but do NOT sign in +:::warning +In the next step, verify that the Sign In page displays as expected, but do NOT sign in at this step. +::: + **Step 4 –** Click Test Connection to verify the connection configuration. This opens the Sign In page in the browser. Do NOT sign in. @@ -104,9 +107,12 @@ from the provider and will vary: the previous step. This represents the format of the value that will be used to sign in to the MFA during log in. - **NOTE:** These are not the credentials that will be used during the login process; only an + :::note + These are not the credentials that will be used during the login process; only an example of the format of those credentials. The actual credentials used are unique to each user and are setup during the MFA registration process for that user. + ::: + **Step 11 –** Select a field to use for the User Id Field and click Select. diff --git a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationaccessanalyzer.md b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationaccessanalyzer.md index 78dbedc635..0046579a2e 100644 --- a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationaccessanalyzer.md +++ b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationaccessanalyzer.md @@ -39,8 +39,11 @@ Select Tables and click Add to open the Select Database Objects window. - SA_ADInventory_ComputersView - SA ADInventory_UsersView - **NOTE:** Type in the Filter Objects by Name box to filter the list of objects by the characters + :::note + Type in the Filter Objects by Name box to filter the list of objects by the characters entered. + ::: + **Step 5 –** Click OK to return to the Application Access page. @@ -61,7 +64,10 @@ app token: **Step 8 –** Click Finish to close the wizard and click Save in the Access view accept the changes. -**NOTE:** Access Analyzer must be restarted after a new access role is configured. +:::note +Access Analyzer must be restarted after a new access role is configured. +::: + The next step is to use the Client ID and Client Secret to obtain an access token. This token is used to get data from the Access Analyzer endpoint. diff --git a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationbyov/byovconnectorconfig.md b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationbyov/byovconnectorconfig.md index b997339ec5..fca5f8d1fb 100644 --- a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationbyov/byovconnectorconfig.md +++ b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationbyov/byovconnectorconfig.md @@ -21,8 +21,11 @@ Begin by setting up an Integration Connector for using Netwrix Privilege Secure Ensure that the account you wish to use for your activity is managed by Privilege Secure or is contained within a Secret Vault resource in Privilege Secure. -**NOTE:** For managed accounts, ensure that the account has been rotated at least once since being +:::note +For managed accounts, ensure that the account has been rotated at least once since being managed. Otherwise, there will be no vaulted password in the Netwrix Privilege Secure database. +::: + ### Configure the Activity Connector @@ -191,7 +194,10 @@ next to the account name. **Step 3 –** Click on the **Manage** button that becomes available above the list, and select **Manual**. -**NOTE:** Ensure the user is not already managed or added into Privilege Secure. +:::note +Ensure the user is not already managed or added into Privilege Secure. +::: + See the [Credentials Dashboard](/docs/privilegesecure/4.2/admin/dashboard/credentials.md) topic for additional information on creating a managed account. @@ -215,8 +221,11 @@ account. **Step 3 –** Enter a password to match the AD password, then click **Save**. -**NOTE:** For versions before Privilege Secure 4.1, a support ticket will be needed as the Set +:::note +For versions before Privilege Secure 4.1, a support ticket will be needed as the Set Password feature is not available. +::: + See the [Manage Internal Service Accounts](/docs/privilegesecure/4.2/admin/interface/credentials/manageinternalserviceaccount.md) @@ -244,16 +253,22 @@ Follow the steps to create an activity. - Vault Connector — Displays a list of previously configured vault connectors. Select the vault connector created from the steps above. -**NOTE:** You may use accounts stored in a Vault and added as a resource once the integration is +:::note +You may use accounts stored in a Vault and added as a resource once the integration is created. Also, you may apply domain or other local accounts managed by Netwrix Privilege Secure, but the password must be rotated once prior to use with an activity. +::: + ![BYOV create an Activity](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectoractivity.webp) **Step 4 –** Click Save to create the Activity. -**NOTE:** Ensure the Login Account Template uses the format DOMAIN\samAccountName (e.g., +:::note +Ensure the Login Account Template uses the format DOMAIN\samAccountName (e.g., NWXTECH\dgrayson). +::: + See the [Add Activity](/docs/privilegesecure/4.2/admin/interface/activities/activity/activity.md) topic for additional information on creating an Activity. @@ -298,5 +313,7 @@ management. ![My Activities BYOV Connector](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectormyactivities.webp) -_Remember,_ Always verify configurations and permissions, especially when integrating with systems +:::tip +Remember, Always verify configurations and permissions, especially when integrating with systems like AD and using specific user accounts for critical operations. +::: diff --git a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationconnectors.md b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationconnectors.md index e70d28d594..6ed6ba94eb 100644 --- a/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationconnectors.md +++ b/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationconnectors.md @@ -39,7 +39,10 @@ The selected connector details display at the top of the main pane: Auditor). See the [Enterprise Auditor Integration](/docs/privilegesecure/4.2/admin/configuration/integrationconnector/integrationaccessanalyzer.md) topic for additional information. - **NOTE:** The remaining fields vary based on the type selected. + :::note + The remaining fields vary based on the type selected. + ::: + If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/entraidappregistration.md b/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/entraidappregistration.md index ca14d45c8a..489af611e7 100644 --- a/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/entraidappregistration.md +++ b/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/entraidappregistration.md @@ -65,9 +65,12 @@ displayed again. Add the App Registration to the User Administrators role. -**NOTE:** User Administrator is the least privileged model and cannot manage Global Administrator. +:::note +User Administrator is the least privileged model and cannot manage Global Administrator. To manage the Global Administrator role, assign the Global Administrator role to the App registration instead of User Administrator. +::: + **Step 1 –** Navigate to **Entra ID**. diff --git a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md index 83e537c245..5e9e946c29 100644 --- a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md +++ b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md @@ -15,11 +15,17 @@ wrong address, the services will show offline in the Services Node area. ![Service Settings page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicessettingspage.webp) -**NOTE:** Make sure that the web certificate is updated in IIS prior to setting a new value in +:::note +Make sure that the web certificate is updated in IIS prior to setting a new value in Netwrix Privilege Secure. It is important to ensure the Binding Hostname in IIS, the certificate Subject, and the NPS Rest URL value in the Services page exactly match. +::: + + +:::note + +::: -**NOTE:** The Services Settings page has the following features: diff --git a/docs/privilegesecure/4.2/admin/dashboard/active/liveviewer.md b/docs/privilegesecure/4.2/admin/dashboard/active/liveviewer.md index e0ff995cf2..6c431df828 100644 --- a/docs/privilegesecure/4.2/admin/dashboard/active/liveviewer.md +++ b/docs/privilegesecure/4.2/admin/dashboard/active/liveviewer.md @@ -58,11 +58,14 @@ Activity Details - Time line — Displays activity as it occurs in real-time during the session in the pane to the left of the player. By default this time line will include keystroke activity. - **NOTE:** If RDP Session Monitoring is enabled, then it will also include Windows metadata + :::note + If RDP Session Monitoring is enabled, then it will also include Windows metadata activity in the time line. This monitoring requires the Netwrix Privilege Secure Remote Desktop Monitor service to be installed on the target host. See the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md) topic for additional information. + ::: + ## Live Session Viewer for SSH Sessions diff --git a/docs/privilegesecure/4.2/admin/dashboard/active/startsession.md b/docs/privilegesecure/4.2/admin/dashboard/active/startsession.md index 47913ad37e..b8c8bc8485 100644 --- a/docs/privilegesecure/4.2/admin/dashboard/active/startsession.md +++ b/docs/privilegesecure/4.2/admin/dashboard/active/startsession.md @@ -40,7 +40,10 @@ profile that allow a session to be extended by the user, in increments. If Session Extension is enabled, the session extension option appears for users when the remaining time is 5 minutes or less. -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. +:::note +For NPS users with the Administrator role, session extension is always enabled. +::: + ![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) diff --git a/docs/privilegesecure/4.2/admin/dashboard/credentials.md b/docs/privilegesecure/4.2/admin/dashboard/credentials.md index 8e259b182f..2f050cd8f2 100644 --- a/docs/privilegesecure/4.2/admin/dashboard/credentials.md +++ b/docs/privilegesecure/4.2/admin/dashboard/credentials.md @@ -78,8 +78,11 @@ The table has the following columns: - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional + :::note + See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. + ::: + - Managed Type — Type of managed account: diff --git a/docs/privilegesecure/4.2/admin/dashboard/historical/replayviewer.md b/docs/privilegesecure/4.2/admin/dashboard/historical/replayviewer.md index 0941c691da..02f5f9ae24 100644 --- a/docs/privilegesecure/4.2/admin/dashboard/historical/replayviewer.md +++ b/docs/privilegesecure/4.2/admin/dashboard/historical/replayviewer.md @@ -31,13 +31,13 @@ The Replay Viewer window for RDP sessions is applicable to all resources except The Replay Viewer for RDP Sessions window has the following features: -Play options +**Play options** - Control buttons — Play, pause, rewind, or fast forward the recording - Playback bar — Click to jump to a specific place in the recording - Speed slider — Use the slider to adjust the playback speed -Recording Details +**Recording Details** - User— Displays the account used to log onto the resource @@ -51,35 +51,41 @@ Recording Details - Duration — Indicates how long the Activity ran for until it either reached its scheduled end time or was manually canceled by the user or an Privilege Secure administrator -Activity Details: +**Activity Details** - Time line — Displays recorded activity that occurred during the session in the pane to the left of the player. By default this time line will include keystroke activity. - **NOTE:** If RDP Session Monitoring is enabled, then it will also include Windows metadata + :::note + If RDP Session Monitoring is enabled, then it will also include Windows metadata activity in the time line. This monitoring requires the Netwrix Privilege Secure Remote Desktop Monitor service to be installed on the target host. See the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md) topic for additional information. + ::: + ## Replay Viewer for SSH Sessions The Replay Viewer for SSH sessions is applicable to Linux and Cisco resources. -**NOTE:** When a user enters input into a password prompt during an SSH session, the keystrokes will +:::note +When a user enters input into a password prompt during an SSH session, the keystrokes will be obscured in the Replay Viewer. +::: + ![replayviewerssh](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewerssh.webp) The Replay Viewer for SSH Sessions window has the following features: -Play options +**Play options** - Control buttons — Play, pause, rewind, or fast forward the recording - Playback bar — Click to jump to a specific place in the recording - Speed slider — Use the slider to adjust the playback speed -Recording Details +**Recording Details** - User— Displays the account used to log onto the resource @@ -93,7 +99,7 @@ Recording Details - Duration — Indicates how long the Activity ran for until it either reached its scheduled end time or was manually canceled by the user or an Privilege Secure administrator -Activity Details: +**Activity Details** - Time line — Displays recorded activity that occurred during the session in the pane to the left of the player. By default this time line will include keystroke activity. @@ -106,7 +112,7 @@ The Replay Viewer window for Website host sessions is applicable only to Website The Replay Viewer for Website Host Sessions window has the following features: -Play options +**Play options** - Control buttons — Play or pause the recording - Playback bar — Click to jump to a specific place in the recording @@ -115,7 +121,7 @@ Play options - Playback speed — Select Playback speed from the Options menu to adjust player speed - Picture in picture — Select Picture in picture from the Options menu to enable feature -Recording Details +**Recording Details** - User— Displays the account used to log onto the resource diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/accesspolicy_1.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/accesspolicy_1.md index e7b9ccfe48..1402588875 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/accesspolicy_1.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/accesspolicy_1.md @@ -8,13 +8,16 @@ sidebar_position: 10 Follow the steps to add access policies to the console. -_Remember,_ a connection profile is required to create an access policy. You can create one ahead of +:::tip +Remember, a connection profile is required to create an access policy. You can create one ahead of time on the [Connection Profiles Page](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) page or use the arrow button to create one during these steps. +::: -**Step 1 –** Navigate to the Policy > Access Policies page. -**Step 2 –** In the Access Policy list, click the Plus icon. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. + +**Step 2 –** In the Access Policy list, click the **Plus** icon. ![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) @@ -29,7 +32,7 @@ to create one during these steps. - Connection Profile – Displays the name of the connection profile associated to the access policy -**Step 4 –** Click Save to create the new access policy. +**Step 4 –** Click **Save** to create the new access policy. The new access policy has been created. The next step is to associate Users, Activities, and Resources/Credentials to the policy. See the following topics for additional information: diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md index 3d8e971981..a718f1d5ab 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md @@ -22,12 +22,15 @@ page. - Provide an optional description to state the purpose of the policy - Configure the complexity parameters (Must Start With, Must End With, and Length), as desired - _Remember,_ The maximum account name length value is 19 characters. + :::tip + Remember, The maximum account name length value is 19 characters. + ::: + - Specify the maximum number of consecutive characters and select characters to exclude, if needed - You can specify additional characters to exclude from the account name and configure granular rules for the characters to include (uppercase, lowercase, or numbers) -**Step 4 –** Click Save to create the new connection profile. +**Step 4 –** Click **Save** to create the new connection profile. The new activity token complexity policy is added to the Activity Token Complexity Policy list. diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md index 299886eb1b..0e72201c13 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md @@ -10,7 +10,7 @@ Follow the steps to add a connection profile to the console. See the [Connection Profiles Page](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for detailed descriptions of the fields. -**Step 1 –** Navigate to the Policy > **Access Policies** > Connection Profiles page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** > **Connection Profiles** page. **Step 2 –** In the Connection Profiles list, click the **Plus** icon. @@ -23,13 +23,19 @@ fields. - Configure the Proxy settings, which control what proxy server will be used to start the session. When customizing to use a specific proxy RDP (port 4489) and SSH (port 4422) proxy server, only one server can be listed. -- **NOTE:** If you want to use more than one proxy server, a load balancer must be used in front of - the servers. + + :::note + If you want to use more than one proxy server, a load balancer must be used in front of the servers. + ::: + - Session Control – Configure the Session Control settings to set up session duration and user login parameters for a connection profile. - **NOTE:** On this step, you will need to also select a default Activity Token Complexity policy + :::note + On this step, you will need to also select a default Activity Token Complexity policy for the connection profile + ::: + - Credential Management – Configure the Credential Management settings, which control parameters for the password used for this connection profile @@ -39,7 +45,7 @@ fields. connection profile - Approval Workflow –Configure the Approval Workflow settings -**Step 4 –** Click Save to create the new connection profile. +**Step 4 –** Click **Save** to create the new connection profile. **Step 5 –** The new connection profile is created. To add an Approval Workflow, see the [Add Approval Workflow](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md index 6ee559b74f..3e55aa5317 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md @@ -14,17 +14,17 @@ requested session. Follow the steps to add an approval workflow to the console. -**Step 1 –** Navigate to the Policy > **Access Policies** > Connection Profiles page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** > **Connection Profiles** page. **Step 2 –** Select the **Connection Profile** and click any field to edit. ![addapprovalworkflow](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addapprovalworkflow.webp) -**Step 3 –** In the Approval Workflow section, select Tiered and click Save. +**Step 3 –** In the Approval Workflow section, select **Tiered** and click **Save**. ![Add approval teir to workflow](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addapprovalteirtoworkflow.webp) -**Step 4 –** Once the policy has been created, click the Add Tier icon to add an Approval Tier. +**Step 4 –** Once the policy has been created, click the **Add Tier** icon to add an Approval Tier. ![Tier 1 Escalation Options](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/tier1escalationoptions.webp) @@ -52,11 +52,11 @@ Workflow Tier(s) (only visible when Approval Type is set to Tiered): - Escalation Account – The user that the request will be escalated to - Escalation Group – The group that the request will be escalated to -**Step 7 –** Click Okay to save the escalation settings. +**Step 7 –** Click **Okay** to save the escalation settings. ![Tier 1 Escalation Example](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/tier1escalationexample.webp) -**Step 8 –** Click the Add Approvers icon to open the Add Users and Groups as Approvers window. +**Step 8 –** Click the **Add Approvers** icon to open the Add Users and Groups as Approvers window. ![Add Users and Groups as Approvers](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addusersandgroupsasapprovers.webp) @@ -79,8 +79,11 @@ The Add Users and Groups as Approvers window has the following features: **Step 10 –** To add a user or group to the Approval Tier as an Approver, click a row in the Available Users/Groups table and it is immediately moved to the Users & Groups to Add table. -**_RECOMMENDED:_** It is usually desirable to add more approvers than required to approve the +:::info +It is usually desirable to add more approvers than required to approve the request, in order to ensure that approval is granted before the escalation timeout is reached. +::: + **Step 11 –** (Optional) Click a row in the Users & Groups to Add table to move it back to the Available Users/Groups table. @@ -106,16 +109,22 @@ Workflow Tier settings (only visible when Approval Type is set to Tiered): - Remove Approver icon – Removes the selected Approver (A confirmation window will display) - Approvals Required – The number of Approvers required to approve the request -_Remember,_ there must be enough Approvers in the list to meet the number of Approvals Required, +:::tip +Remember, there must be enough Approvers in the list to meet the number of Approvals Required, though it is usually desirable to have more than the minimum. +::: + -**Step 14 –** To add an additional Approval Tier, click the Add Tier icon and repeat from Step 4. +**Step 14 –** To add an additional Approval Tier, click the **Add Tier** icon and repeat from Step 4. -- Up to three Approval Tiers can be added. When the required number of approvals is reached in a +- Up to three Approval Tiers can be added. When the required numer of approvals is reached in a Tier, the Approvers in the next Tier are notified. Each Tier must approve the request in sequence. -**NOTE:** Connection profile approvals allow the same user that initiated the request to approve the +:::note +Connection profile approvals allow the same user that initiated the request to approve the session as well. +::: + The new Approval Workflow is added to the Connection Profile. See the Approvals Dashboard topic for -additional information on how to approve a requested session. +additional information on how to approve a requested sebssion. diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md index 6ae9a99c6b..9adf480cb8 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md @@ -78,8 +78,11 @@ The selected profile details display in the main pane: This setting is recommended if users are encountering authentication issues with direct connect SSH sessions. - **NOTE:** This will increase the session creation time for Linux based activities with + :::note + This will increase the session creation time for Linux based activities with managed domain users and activity token domain users. + ::: + - Require Notes for Sessions — Require the user to enter information in the Notes field when creating a session diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/activities.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/activities.md index 947fecb49e..582da8667c 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/activities.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/activities.md @@ -15,7 +15,7 @@ The Activities tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. -- Type— Provides options to filter results based on a chosen criterion: +- Type — Provides options to filter results based on a chosen criterion: - All — Displays all activity for users and groups - Activity — Displays user activity diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md index fe3cae9e58..5482b93a65 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md @@ -35,12 +35,11 @@ Both tables have the following columns: Follow the steps to add credentials to the selected access policy. -**Step 1 –** Navigate to the Policy > Access Policies page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. -**Step 2 –** In the Access Policy list, select the name of the access policy and select the -Credentials tab. +**Step 2 –** In the Access Policy list, select the name of the access policy and select the **Credentials** tab. -**Step 3 –** Click Add to open the Add Credentials window. +**Step 3 –** Click **Add** to open the Add Credentials window. The Add Credentials window has the following features: @@ -58,12 +57,12 @@ The Add Credentials window has the following features: - Operating System – Operating System of resource - Active Session Count – Number of active sessions -**Step 4 –** \_(Optional)\_Toggle between Credentials or Credential Groups. +**Step 4 –** (Optional) Toggle between Credentials or Credential Groups. **Step 5 –** To add a credential to the access policy, click a row in the Available Credentials table and it is immediately moved to the Credentials to Add table. -**Step 6 –** Click Add to add the credential(s) to the access policy. +**Step 6 –** Click **Add** to add the credential(s) to the access policy. The new credential(s) are added to the access policy and are shown in the [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md). diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md index bab15e64ea..b733542f64 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md @@ -32,12 +32,12 @@ Both tables have the following columns: Follow the steps to add activities to the selected access policy. -**Step 1 –** Navigate to the Policy > Access Policies page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. **Step 2 –** In the Access Policy list, select the name of the access policy and select the -Activities tab. +**Activities** tab. -**Step 3 –** Click Add to open the Add Activities and Groups window. +**Step 3 –** Click **Add** to open the Add Activities and Groups window. The Add Activities and Groups window has the following features: @@ -59,7 +59,7 @@ and it is immediately moved to the Activities & Groups to Add list. **Step 5 –** (Optional) Click a row in the Activities & Groups to Add list to move it back to the Available Activities list. -**Step 6 –** Click Add to add the activities and activity groups to the access policy. +**Step 6 –** Click **Add** to add the activities and activity groups to the access policy. The new activities and activity groups are added to the access policy and are shown in the [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md). diff --git a/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md b/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md index 79759eea88..cfd5e8f7ce 100644 --- a/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md +++ b/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md @@ -32,12 +32,11 @@ Both tables have the following columns: Follow the steps to add resources and resource groups to the selected access policy. -**Step 1 –** Navigate to the Policy > Access Policies page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. -**Step 2 –** In the Access Policy list, select the name of the access policy and select the -Resources tab +**Step 2 –** In the Access Policy list, select the name of the access policy and select the **Resources** tab -**Step 3 –** Click Add to open the Add Resources and Resource Groups window. +**Step 3 –** Click **Add** to open the Add Resources and Resource Groups window. The Add Resources and Resource Groups window has the following features: @@ -59,7 +58,7 @@ to Add table. **Step 6 –** (Optional) Click a row in the Resources and Resource Groups to Add table to move it back to the Available Resources / Resource Groups table. -**Step 7 –** Click Add to add the resource(s) and resource group(s) to the access policy. +**Step 7 –** Click **Add** to add the resource(s) and resource group(s) to the access policy. The new resource(s) and resource group(s) are added to the access policy and are shown in the [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md). diff --git a/docs/privilegesecure/4.2/admin/interface/activities/activities.md b/docs/privilegesecure/4.2/admin/interface/activities/activities.md index aadb811c5a..11d82f0f87 100644 --- a/docs/privilegesecure/4.2/admin/interface/activities/activities.md +++ b/docs/privilegesecure/4.2/admin/interface/activities/activities.md @@ -67,16 +67,22 @@ The selected activity details display at the top of the main pane: activity session. This option is only visible when the Login Account is set to Activity Token or Managed. It cannot be disabled for Activity Token. - **NOTE:** A built-in administrator account cannot be deleted or disabled at the end of a + :::note + A built-in administrator account cannot be deleted or disabled at the end of a session. + ::: + - Valut Connector — Displays the name of the assigned vault connector. This option is only visible when the Login Account is set to Vault. Additional fields may appear based on the selected vault. - **NOTE:** To view the password fetched from the vault, the Allow User to View Password checkbox + :::note + To view the password fetched from the vault, the Allow User to View Password checkbox must be selected in the connection profile associated with the access policy that gives the requester rights to the activity. See the [Connection Profiles Page](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for additional information. + ::: + - Application to Launch — Indicates the application that will be launched on the RDS server that the user is connected to by Privilege Secure. This option is only visible when the Activity Type is @@ -116,8 +122,11 @@ A Link icon shows actions that are linked. Deleting a linked action will delete action it is paired with. See the [Add Action Window](/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md) topic for additional information. -**NOTE:** It is not possible to edit the Action Type. Delete the existing action and then create a +:::note +It is not possible to edit the Action Type. Delete the existing action and then create a new action to get a new Action Type. +::: + ## Login Account Types diff --git a/docs/privilegesecure/4.2/admin/interface/activities/activity/activity.md b/docs/privilegesecure/4.2/admin/interface/activities/activity/activity.md index 1d8011e4e8..698fc45ef3 100644 --- a/docs/privilegesecure/4.2/admin/interface/activities/activity/activity.md +++ b/docs/privilegesecure/4.2/admin/interface/activities/activity/activity.md @@ -8,9 +8,9 @@ sidebar_position: 10 Follow the steps to add activities to the console. -**Step 1 –** Navigate to the Activities page. +**Step 1 –** Navigate to the **Activities** page. -**Step 2 –** In the Activities list, click the Add Activity icon. +**Step 2 –** In the Activities list, click the **Add Activity** icon. ![Add an Activity](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addactivity.webp) @@ -42,7 +42,7 @@ options include: user is connected to by Privilege Secure - Logon URL — Displays the primary logon page -**Step 5 –** Click Save to create the new activity. +**Step 5 –** Click **Save** to create the new activity. **Step 6 –** With the new activity selected, configure the following settings. See the [Add Action Window](/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md) topic for additional information: diff --git a/docs/privilegesecure/4.2/admin/interface/activities/activity/activityloginaccounttemplates.md b/docs/privilegesecure/4.2/admin/interface/activities/activity/activityloginaccounttemplates.md index bd6df3480d..43ec026362 100644 --- a/docs/privilegesecure/4.2/admin/interface/activities/activity/activityloginaccounttemplates.md +++ b/docs/privilegesecure/4.2/admin/interface/activities/activity/activityloginaccounttemplates.md @@ -35,10 +35,13 @@ There are three options for Login Account Templates in an Activity: yes, will result in a local account being created using name substitution so the user “sblab\jsmith” will be connected to a local account named “sblab_jsmith” -**NOTE:** The value of each mask can be customized on the +:::note +The value of each mask can be customized on the [Properties Tab](/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/properties.md) of the Application details page. See the [User, Group, & Application Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. +::: + ## Functions for Login Account Templates @@ -49,7 +52,7 @@ string. %first(string stringToManipulate, int numCharactersReturned)/first% -Parameters +**Parameters** stringToManipulate (string) @@ -60,16 +63,16 @@ numCharactersReturned (int) The number of characters, starting from the beginning of the string, to be returned based on supplied `stringToManipulate` parameter. -Notes +**Notes** `int numCharactersReturned` must be a positive number. If `int numCharactersReturned` exceeds string `stringToManipulate` then the entire string will be returned. -Examples +**Examples** -%first(jsmith,3)/first% +`%first(jsmith,3)/first%` The above example will return: "jsm" @@ -91,7 +94,7 @@ index to the end of the supplied string. If a negative number is supplied for `int startIndexOrNumCharactersReturned` then the return value is that many characters from the end of the supplied string. -Parameters +**Parameters** stringToManipulate (string) @@ -102,12 +105,12 @@ startIndexOrNumCharactersReturned (int) If non-negative, the return value is this index to the end of the supplied string. If negative, the return value is this many characters from the end of the supplied string. -Notes +**Notes** If `int startIndexOrNumCharactersReturned` is an index greater than the largest index in the supplied string, then an empty string is returned. -Examples +**Examples** `%substr(jsmith,2)/substr%` @@ -133,21 +136,21 @@ of the `substr()` function will be "mith" The `replace()` function accepts a string as input, and replaces all instances of an oldString with a newString. -Parameters +**Parameters** -stringToManipulate (string) +`stringToManipulate (string)` The string or Privilege Secure Login Account Template mask to be manipulated. -oldString (string) +`oldString (string)` The string to be replaced -newString (string) +`newString (string)` The string that will replace the newString -Examples +**Examples** `%replace(jsmith,smith,jones)/replace%` @@ -157,23 +160,23 @@ The above example will return "jjones" The `trim()` function removes the specified number of characters from the end of a string. -Parameters +**Parameters** -stringToManipulate (string) +`stringToManipulate (string)` The string or Privilege Secure Login Account Template mask to be manipulated. -numberOfCharacters (int) +`numberOfCharacters (int)` A non-negative integer should be supplied. That many characters will be trimmed from the end of the string. -Notes +**Notes** If `int numberOfCharacters` is an index greater than the length of the supplied string, then an empty string is returned. -Examples +**Examples** `%trim(jsmith-suffix,7)/trim%` diff --git a/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md b/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md index fc9b1b9458..ea1469342b 100644 --- a/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md +++ b/docs/privilegesecure/4.2/admin/interface/activities/addaction/addaction.md @@ -9,11 +9,11 @@ sidebar_position: 20 The Add Action window varies slightly based on the Action Type selected and the associated session part. Follow the instructions to add actions to the activity. -**Step 1 –** Navigate to the Activities page. +**Step 1 –** Navigate to the **Activities** page. **Step 2 –** In the Activities list, select the name of an activity. -**Step 3 –** In the Actions section, for each of the following, click the Add icon. +**Step 3 –** In the Actions section, for each of the following, click the **Add** icon. - Pre-Session (Grant) — List of actions that will run before the session begins. These actions may be paired with a corresponding Post-Session action. @@ -41,22 +41,31 @@ These actions may be paired with a corresponding Pre-Session action. See the [Action Types](/docs/privilegesecure/4.2/admin/interface/activities/addaction/activityactiontypes.md) section for detailed descriptions of the fields. -**NOTE:** The fields will change depending on the selected Action Type. +:::note +The fields will change depending on the selected Action Type. +::: -**Step 5 –** Click Okay to create the new action. + +**Step 5 –** Click **Okay** to create the new action. **Step 6 –** Continue to create as many actions for each stage of the session (Grant, Connect, Remove) as required. -**NOTE:** It is not possible to change the Action Type once the action is created. Delete the +:::note +It is not possible to change the Action Type once the action is created. Delete the existing action and then create a new action to get a new Action Type. +::: + **Step 7 –** If desired, it is possible to automatically run any Protection Policies associated with -the resource when the session completes. Simply add the _Invoke Protection Policies_ action to the +the resource when the session completes. Simply add the **Invoke Protection Policies** action to the Post-Session group. See the [Protection Policies Page](/docs/privilegesecure/4.2/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. -**NOTE:** It is not necessary to select a protection policy. All protection policies that apply to +:::note +It is not necessary to select a protection policy. All protection policies that apply to the session host are executed. +::: + The new actions are added to the activity. diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/accountdependencies.md b/docs/privilegesecure/4.2/admin/interface/credentials/accountdependencies.md index 0aad4e18c9..18e3b13fb5 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/accountdependencies.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/accountdependencies.md @@ -88,7 +88,7 @@ Service to find all service accounts with dependencies. **Step 3 –** Select the checkbox for the service account for the rotation. -**Step 4 –** Click Rotate Service Account to open the Account Dependencies window. +**Step 4 –** Click **Rotate Service Account** to open the Account Dependencies window. **Step 5 –** Click **Change Now** to initiate credential rotation. diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/addcredentials.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/addcredentials.md index 94388d24f3..4255e34d91 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/addcredentials.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/addcredentials.md @@ -40,8 +40,11 @@ Both tables have the following columns: - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional + :::note + See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. + ::: + - Managed Type — Type of managed account: @@ -76,11 +79,11 @@ Both tables have the following columns: Follow the steps to add credentials to a credential group. -**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. +**Step 1 –** Navigate to the **Policy** > **Credentials** > **Credential Groups** page. **Step 2 –** In the Credential Groups list, select the name of the credential group. -**Step 3 –** In the Credential Groups table, click Add Credentials. +**Step 3 –** In the Credential Groups table, click **Add Credentials**. **Step 4 –** Filter by **Internal**, **Standard**, or **Service**, and use the Search feature. @@ -90,7 +93,7 @@ table. **Step 6 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the Available Credentials table. -**Step 7 –** Click Add to add the credential(s) to the group. +**Step 7 –** Click **Add** to add the credential(s) to the group. The new credentials are added to the applicable group. @@ -102,11 +105,11 @@ one account can be added to a Credential Policy Override at a time. See the [Manage Internal Service Accounts](/docs/privilegesecure/4.2/admin/interface/credentials/manageinternalserviceaccount.md) topic for additional information. -**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. +**Step 1 –** Navigate to the **Policy** > **Credentials** > **Credential Groups** page. **Step 2 –** In the Credential Groups list, select the name of the credential policy override. -**Step 3 –** In the Credential Policy Override table, click Add Credentials. +**Step 3 –** In the Credential Policy Override table, click **Add Credentials**. **Step 4 –** To add a credential to the policy override, click the checkbox in the Available Credentials table. @@ -114,6 +117,6 @@ Credentials table. **Step 5 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the Available Credentials table. -**Step 6 –** Click Add to add the credential(s) to the policy override. +**Step 6 –** Click **Add** to add the credential(s) to the policy override. The new credentials are added to the applicable Credential Policy Override. diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroup.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroup.md index 9cea17476a..f2bb165c15 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroup.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroup.md @@ -8,9 +8,9 @@ sidebar_position: 10 Follow the steps to add credential groups to the Privilege Secure Console. -**Step 1 –** Navigate to the Policy > Credentials > Credential Groups page. +**Step 1 –** Navigate to the **Policy** > **Credentials** > **Credential Groups** page. -**Step 2 –** In the Credential Groups list, click the Plus icon. +**Step 2 –** In the Credential Groups list, click the **Plus** icon. ![Add credential group](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialgroup.webp) @@ -19,7 +19,7 @@ Follow the steps to add credential groups to the Privilege Secure Console. - Name — Displays the name of the credential - Description — Description of the policy -**Step 4 –** Click Save to create the new credential group. +**Step 4 –** Click **Save** to create the new credential group. ![Credential Group add credentials button](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialstogroup.webp) diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroups.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroups.md index 58cdbabfd2..fb071b021b 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroups.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentialgroups/credentialgroups.md @@ -67,8 +67,11 @@ The table has the following columns: - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional + :::note + See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. + ::: + - Managed Type — Type of managed account: diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md index caec3802bf..916930d605 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md @@ -8,9 +8,9 @@ sidebar_position: 10 Follow the steps to add Credential Policy Override to the Privilege Secure Console. -**Step 1 –** Navigate to the Policy > Credentials > Credential Policy Overrides page. +**Step 1 –** Navigate to the **Policy** > **Credentials** > **Credential Policy Overrides** page. -**Step 2 –** In the Credential Policy Overrides list, click the Plus icon. +**Step 2 –** In the Credential Policy Overrides list, click the **Plus** icon. ![Adding a credential policy override](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialpolicyoverride.webp) @@ -26,7 +26,7 @@ Follow the steps to add Credential Policy Override to the Privilege Secure Conso defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/admin/dashboard/credentials.md) topic for additional information on managed accounts. -**Step 4 –** Click Save to create the new credential policy override. +**Step 4 –** Click **Save** to create the new credential policy override. ![cpopageaddcredentials](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/cpopageaddcredentials.webp) @@ -40,10 +40,13 @@ topic for additional information. **Step 6 –** Select the checkbox for the credential and click **Add** to save the credential to the Credential Policy Override. -**NOTE:** In order for an account to be added to add credentials window, a credential must be +:::note +In order for an account to be added to add credentials window, a credential must be managed with a method of **Automatic**. Only one account can be added to a Credential Policy Override at a time. See the [Manage Internal Service Accounts](/docs/privilegesecure/4.2/admin/interface/credentials/manageinternalserviceaccount.md) topic for additional information. +::: + The account is added to the console and is shown in the Credential Policy Overrides list. diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentials.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentials.md index c357f32ece..fb7b404521 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentials.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentials.md @@ -79,8 +79,11 @@ The table has the following columns: - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional + :::note + See the [Rotation Methods](/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. + ::: + - Managed Type — Type of managed account: diff --git a/docs/privilegesecure/4.2/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md b/docs/privilegesecure/4.2/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md index 3c65cf034c..c67c767360 100644 --- a/docs/privilegesecure/4.2/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md +++ b/docs/privilegesecure/4.2/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md @@ -37,7 +37,10 @@ policies. This pane has the following features: - Trashcan icon — Deletes the password complexity policy. Icon appears when policy is hovered over. A confirmation window will display. -**NOTE:** The default password policy cannot be deleted. +:::note +The default password policy cannot be deleted. +::: + The selected password complexity policy details display in the main pane: diff --git a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicies.md b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicies.md index 6f78c3c764..a866f8e2eb 100644 --- a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicies.md +++ b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicies.md @@ -34,7 +34,10 @@ has the following features: - Trashcan icon — Deletes the schedule policy. Icon appears when profile is hovered over. A confirmation window will display. -**NOTE:** The default password policy cannot be deleted. +:::note +The default password policy cannot be deleted. +::: + The selected schedule policy details display in the main pane: diff --git a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy.md b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy.md index 23ab3a9029..8f52041f5e 100644 --- a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy.md +++ b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy.md @@ -8,7 +8,7 @@ sidebar_position: 10 Follow the steps to add a schedule policy to the console. -**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. +**Step 1 –** Navigate to the **Policy** > **Platforms** > **Schedule Policies** page. **Step 2 –** In the Schedule Polices list, click the **Plus** icon. @@ -16,7 +16,10 @@ Follow the steps to add a schedule policy to the console. **Step 3 –** Enter the following information: -**NOTE:** The fields will change depending on the selected frequency. +:::note +The fields will change depending on the selected frequency. +::: + - Select the desired frequency: diff --git a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md index 4c7007d449..8217ebc22b 100644 --- a/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md +++ b/docs/privilegesecure/4.2/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md @@ -8,22 +8,25 @@ sidebar_position: 20 Follow the steps to edit the scheduled tasks. -**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. +**Step 1 –** Navigate to the **Policy** > **Platforms** > **Schedule Policies** page. -**Step 2 –** Click the Edit icon to open the Schedule Policy Editor window. +**Step 2 –** Click the **Edit** icon to open the Schedule Policy Editor window. ![schedulepolicyeditor](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) **Step 3 –** From the Frequency radio buttons, set the frequency of how often the scheduled task is run: -**NOTE:** The fields will change depending on the selected frequency. +:::note +The fields will change depending on the selected frequency. +::: + - Every X Hours — Enter the number of hours between executions - Every X Days— Enter the time of day - Weekly — Select the day of the week from the drop-down menu and enter the time of day - Monthly — Enter a number representing the day of the month and then enter the time of day -**Step 4 –** Click Save to accept the changes. +**Step 4 –** Click **Save** to accept the changes. The task will run at the new scheduled frequency. diff --git a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/allowedmembers.md b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/allowedmembers.md index 0fa5beb7f8..fe6f1d3390 100644 --- a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/allowedmembers.md +++ b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/allowedmembers.md @@ -30,12 +30,12 @@ The table has the following columns: Follow the steps to add local groups to the selected protection policy. -**Step 1 –** Navigate to the Policy > Protection Policies page. +**Step 1 –** Navigate to the **Policy** > **Protection Policies** page. **Step 2 –** In the Protection Policy list, select the name of the protection policy and select the -Allowed Members tab. +**Allowed Members** tab. -**Step 3 –** Click Add Group to open the Add Protected Group and Member window. +**Step 3 –** Click **Add Group** to open the Add Protected Group and Member window. ![Add Protected Group and Member Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/addprotectedgroupandmember.webp) @@ -43,12 +43,15 @@ Allowed Members tab. - Group Name – Displays the name of the group. - **NOTE:** Privilege Secure cannot be used to create a group. The group must already exist on the + :::note + Privilege Secure cannot be used to create a group. The group must already exist on the resource. + ::: + - Group Member – The name of the group member -**Step 5 –** Click Save to add the group to the protection policy. +**Step 5 –** Click **Save** to add the group to the protection policy. The new group is added to the protection policy and is shown on the Allowed Members Tab for Protection Policies. When the resource is scanned, any group members not permitted by the protection @@ -58,20 +61,20 @@ policy will be removed from the local group on the resource. Follow the steps to edit the members of a local groups within the selected protection policy. -**Step 1 –** Navigate to the Policy > Protection Policies page. +**Step 1 –** Navigate to the **Policy** > **Protection Policies** page. **Step 2 –** In the Protection Policy list, select the name of the protection policy and select the -Allowed Members tab. +**Allowed Members** tab. -**Step 3 –** Click Edit Members to open the Add Protected Group and Member window. +**Step 3 –** Click **Edit Members** to open the Add Protected Group and Member window. ![Edit Protected Group Members Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/editprotectedgroupmembers.webp) -**Step 4 –** Click the Trashcan icon next to a member to remove them from a Protected Group. A +**Step 4 –** Click the **Trashcan** icon next to a member to remove them from a Protected Group. A confirmation window will appear. **Step 5 –** (Optional) Enter a Group Member in the provided field. -**Step 6 –** Click Add. +**Step 6 –** Click **Add**. Members of the Protected Group have been edited for this protection policy. diff --git a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/protectionpolicy.md b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/protectionpolicy.md index 4294cdabcb..dc31b6a281 100644 --- a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/protectionpolicy.md +++ b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/protectionpolicy.md @@ -8,9 +8,9 @@ sidebar_position: 10 Follow the steps to add a Protection policy to the console. -**Step 1 –** Navigate to the Policy > Protection Policies page. +**Step 1 –** Navigate to the **Policy** > **Protection Policies** page. -**Step 2 –** In the Protection Policy list, click the Plus icon. +**Step 2 –** In the Protection Policy list, click the **Plus** icon. ![Add Protection Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addprotectionpolicy.webp) @@ -19,7 +19,7 @@ Follow the steps to add a Protection policy to the console. - Name – Name of the protection policy - Description – (Optional) Brief description to identify the protection policy -**Step 4 –** Click Save to create the new protection policy. +**Step 4 –** Click **Save** to create the new protection policy. The new protection policy has been created. The next step is to associate Resources, Users, and Schedule to the policy. See the following topics for additional information: diff --git a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/resources/addresources.md b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/resources/addresources.md index c00992dada..09539eb84d 100644 --- a/docs/privilegesecure/4.2/admin/interface/protectionpolicies/resources/addresources.md +++ b/docs/privilegesecure/4.2/admin/interface/protectionpolicies/resources/addresources.md @@ -34,12 +34,12 @@ Both tables have the following columns: Follow the steps to add resources to the selected protection policy. -**Step 1 –** Navigate to the Policy > Protection Policies page. +**Step 1 –** Navigate to the **Policy** > **Protection Policies** page. **Step 2 –** In the Protection Policy list, select the name of the protection policy and select the -Resources tab. +**Resources** tab. -**Step 3 –** Click Add to open the Add Resources window. +**Step 3 –** Click **Add** to open the Add Resources window. The Add Resources window has the following features: @@ -60,7 +60,7 @@ table and it is immediately moved to the Resources to Add table. **Step 5 –** (Optional) Click a row in the Resources to Add table to move it back to the Available Resources table. -**Step 6 –** Click Add to add the resources to the protection policy. +**Step 6 –** Click **Add** to add the resources to the protection policy. The new resource(s) are added to the protection policy and are shown on the [Resources Tab for Protection Policies](/docs/privilegesecure/4.2/admin/interface/protectionpolicies/resources/resources.md). diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addnewserviceaccount.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addnewserviceaccount.md index 206a9638bc..8a04195589 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addnewserviceaccount.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addnewserviceaccount.md @@ -12,7 +12,7 @@ Follow the steps to add a new Service Account to a host resource: **Step 2 –** Select a Host resource you want to modify. -**Step 3 –** Click the Green Plus Button to add a new Service Account. +**Step 3 –** Click the **Green Plus** button to add a new Service Account. ![addnewserviceaccount](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.webp) diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md index 12451e6388..b1cb125234 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md @@ -43,22 +43,25 @@ Follow the steps to onboard resources by importing from Active Director. **Step 1 –** Navigate to either the Resources dashboard or the Resources page. -**Step 2 –** Click the Add button and select New Server. The Add Resources window will open to +**Step 2 –** Click the **Add** button and select New Server. The Add Resources window will open to onboard new servers. -**Step 3 –** Select the Import from AD radio button, which is the default option when the window +**Step 3 –** Select the **Import from AD** radio button, which is the default option when the window opens. This option lists Available Resources that have been discovered by Privilege Secure. **Step 4 –** Select the desired resources in the Available Resources table and it is immediately moved to the Resources to Add table. -**NOTE:** To remove a resource from the Resources to Add table, uncheck it from either table. +:::note +To remove a resource from the Resources to Add table, uncheck it from either table. +::: + **Step 5 –** When the Resources to Add table is populated as desired, open the Service Account drop-down menu. Select a previously added service account with credentials for the selected resources. -**Step 6 –** When the service account is assigned, click Add. The Add Resources window closes. +**Step 6 –** When the service account is assigned, click **Add**. The Add Resources window closes. The new resource(s) have been onboarded and can be added to Access Policies. @@ -94,24 +97,30 @@ The table has the following columns: Follow the steps to onboard resources by importing from a CSV file. -_Remember,_ the CSV file must contain either the DNS Host Name or IP Address for each resource. All +:::tip +Remember, the CSV file must contain either the DNS Host Name or IP Address for each resource. All other values are options. Also, the Platform and Credentials value must be an exact match to Platforms and Service Accounts already known to Privilege Secure. +::: + **Step 1 –** Navigate to either the Resources dashboard or the Resources page. -**Step 2 –** Click the Add button and select New Server. The Add Resources window will open to +**Step 2 –** Click the **Add** button and select New Server. The Add Resources window will open to onboard new servers. -**Step 3 –** Select the Import from CSV radio button. This option allows you to import a pre-created +**Step 3 –** Select the **Import from CSV** radio button. This option allows you to import a pre-created CSV file to onboard resources. -**NOTE:** If you did not create the CSV file prior to starting these steps, click Download CSV +:::note +If you did not create the CSV file prior to starting these steps, click Download CSV Template to download the `nps-resource-import-template.csv` file with required columns. +::: -**Step 4 –** Click Import CSV. The Open window opens. -**Step 5 –** Navigate to the desired CSV file and click Open. +**Step 4 –** Click **Import CSV**. The Open window opens. + +**Step 5 –** Navigate to the desired CSV file and click **Open**. **Step 6 –** The data is read into the table. There is a validation process taking place. If an issue arises, a red icon will indicate the problem. If a problem occurs, you can either fix the CSV @@ -124,7 +133,7 @@ a previously added service account with credentials for the selected resources. populate the Service Account value for resources without an assigned Credential from the import file. -**Step 9 –** When all resources have an assigned service account, click Add. The Add Resources +**Step 9 –** When all resources have an assigned service account, click **Add**. The Add Resources window closes. The new resource(s) have been onboarded and can be added to Access Policies. @@ -157,21 +166,24 @@ Follow the steps to onboard resources manually. **Step 1 –** Navigate to either the Resources dashboard or the Resources page. -**Step 2 –** Click the Add button and select New Server. The Add Resources window will open to +**Step 2 –** Click the **Add** button and select New Server. The Add Resources window will open to onboard new servers. -**Step 3 –** Select the Add Manually radio button. +**Step 3 –** Select the **Add Manually** radio button. **Step 4 –** In the Resource Name / IP Address field, type either the DNS Host Name or IP Address of -the resource. Click Add. +the resource. Click **Add**. **Step 5 –** Repeat Step 4 for each resource to be onboarded. -**NOTE:** To remove a resource, select it in the table and click Remove. +:::note +To remove a resource, select it in the table and click Remove. +::: + **Step 6 –** When the table is populated as desired, open the Service Account drop-down menu. Select a previously added service account with credentials for the resources. -**Step 7 –** When service account is assigned, click Add. The Add Resources window closes. +**Step 7 –** When service account is assigned, click **Add**. The Add Resources window closes. The new resource(s) have been onboarded and can be added to Access Policies. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md index 139de1c593..46f3e121f1 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md @@ -27,12 +27,12 @@ There is a template available. Follow the steps to download the template. **Step 1 –** Navigate to either the Resources dashboard or the Resources page. -**Step 2 –** Click the Add button and select New Server. The Add Resources window will open to +**Step 2 –** Click the **Add** button and select New Server. The Add Resources window will open to onboard new servers. -**Step 3 –** Select the Import from CSV radio button. +**Step 3 –** Select the **Import from CSV** radio button. -**Step 4 –** Click Download CSV Template. +**Step 4 –** Click **Download CSV Template**. The `nps-resource-import-template.csv` file is downloaded to your browser's default download folder. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeplatform.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeplatform.md index f2fd8fbe1c..7769e8f69a 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeplatform.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeplatform.md @@ -8,11 +8,11 @@ sidebar_position: 70 Follow the steps to change the platform type for a host resource. -**Step 1 –** Navigate to the Resources page. +**Step 1 –** Navigate to the **Resources** page. **Step 2 –** Select the resource(s) to modify. -**Step 3 –** Click Change Platform to open the Change Platform window. +**Step 3 –** Click **Change Platform** to open the Change Platform window. ![Change Resource Platform Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.webp) @@ -22,8 +22,11 @@ Follow the steps to change the platform type for a host resource. **Step 5 –** When a platform is entered, the Okay button is enabled. Click **Okay** to update the platform type for the selected resource(s). -**CAUTION:** The resources remain selected. Before proceeding, make sure that only the correct +:::warning +The resources remain selected. Before proceeding, make sure that only the correct resources are selected to avoid accidentally changing the settings. +::: + **Step 6 –** Deselect the resources to avoid accidentally changing the settings. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeserviceaccount.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeserviceaccount.md index 4ae8ef71f6..408c439761 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeserviceaccount.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/changeserviceaccount.md @@ -8,11 +8,11 @@ sidebar_position: 90 Follow the steps to change the service account for a host resource. -**Step 1 –** Navigate to the Resources page. +**Step 1 –** Navigate to the **Resources** page. **Step 2 –** Select the resource(s) to modify. -**Step 3 –** Click Change Service Account to open the Change Service Account window. +**Step 3 –** Click **Change Service Account** to open the Change Service Account window. ![Change Resource Service Account Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.webp) @@ -26,8 +26,11 @@ credentials for the resource. **Step 5 –** When a service account is entered, the Okay button is enabled. Click **Okay** to use this service account for the selected resource(s). -**CAUTION:** The resources remain selected. Before proceeding, make sure that only the correct +:::warning +The resources remain selected. Before proceeding, make sure that only the correct resources are selected to avoid accidentally changing the settings. +::: + **Step 6 –** Deselect the resources to avoid accidentally changing the settings. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/database.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/database.md index 393417ef5f..5708329060 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/database.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/database.md @@ -12,7 +12,7 @@ include: - Microsoft SQL - Oracle -**Step 1 –** Navigate to the Resources page. +**Step 1 –** Navigate to the **Resources** page. **Step 2 –** Click **Add** > **New Database**. @@ -33,7 +33,10 @@ include: **Step 8 –** Enter the fully qualified domain name (FDQN) for the server. -**NOTE:** The domain is used as the default domain for database activities. +:::note +The domain is used as the default domain for database activities. +::: + **Step 9 –** From the drop-down menu, select a previously added service account with credentials for the database. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/domain.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/domain.md index 8853d749b6..ffa8e2916a 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/domain.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/domain.md @@ -8,9 +8,9 @@ sidebar_position: 20 Follow the steps to add a domain to the console. -**Step 1 –** Navigate to the Policy > Resources page. +**Step 1 –** Navigate to the **Policy** > **Resources** page. -**Step 2 –** Click the Plus icon and select Domain from the drop-down list. +**Step 2 –** Click the **Plus** icon and select Domain from the drop-down list. ![Add Domian Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/adddomain.webp) @@ -28,9 +28,9 @@ Follow the steps to add a domain to the console. - Use TLS – Check to enable a secure connection to the domain - Enter the desired frequency for the domain sync. -**Step 4 –** Click Test to verify the connection to the domain. +**Step 4 –** Click **Test** to verify the connection to the domain. -**Step 5 –** When the connection is verified, the Save button is enabled. Click Save to add the +**Step 5 –** When the connection is verified, the Save button is enabled. Click **Save** to add the domain to the console. The new domain has been on-boarded. See the [Domain Details Page](/docs/privilegesecure/4.2/admin/interface/resources/detailspages/domain/domain.md) topic diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvault.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvault.md index 057b9bdb41..48364db100 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvault.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvault.md @@ -8,9 +8,9 @@ sidebar_position: 50 Follow the steps below to add a new secret vault to the console. -**Step 1 –** Navigate to the Policy > Resources page. +**Step 1 –** Navigate to the **Policy** > **Resources** page. -**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. +**Step 2 –** Click the **Plus** icon and select New Secret Vault from the drop-down list. ![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) @@ -25,7 +25,10 @@ Follow the steps below to add a new secret vault to the console. A secret vault has been onboarded. See the [Secret Vault Details Page](/docs/privilegesecure/4.2/admin/interface/resources/detailspages/secretvault/secretvault.md) topic for additional information. -**CAUTION:** Next, you will have to manually enter and update credentials for each applicable user. +:::warning +Next, you will have to manually enter and update credentials for each applicable user. Credentials are assigned through the Credential-based Access Policy for password release. See the [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) topic for additional information. + +::: diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md index 84273818bb..fb7c703e46 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md @@ -13,9 +13,9 @@ Secret Vaults can be used to provide Privilege Secure users with access to vault Follow the steps below to add a new Secret Vault. -**Step 1 –** Navigate to the Policy > Resources page. +**Step 1 –** Navigate to the **Policy** > **Resources** page. -**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. +**Step 2 –** Click the **Plus** icon and select New Secret Vault from the drop-down list. ![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) @@ -43,7 +43,10 @@ A secret vault has been created, and a secret added to the vault. See the [Secret Vault Details Page](/docs/privilegesecure/4.2/admin/interface/resources/detailspages/secretvault/secretvault.md) topic for additional information. -**NOTE:** Vaulted credentials must be manually entered and updated. +:::note +Vaulted credentials must be manually entered and updated. +::: + See the [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) @@ -53,13 +56,16 @@ topic for additional information. Follow these steps to add a credential-based access policy to Privilege Secure. -_Remember,_ a connection profile is required to create an access policy. You can create one ahead of +:::tip +Remember, a connection profile is required to create an access policy. You can create one ahead of time on the [Connection Profiles Page](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) page or use the arrow button to create one during these steps. +::: + -**Step 1 –** Navigate to the Policy > Access Policies page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. -**Step 2 –** In the Access Policy list, click the Plus icon. +**Step 2 –** In the Access Policy list, click the **Plus** icon. ![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) @@ -70,7 +76,7 @@ arrow button to create one during these steps. - Type – Classification of the access policy. Select **Credential Based**. - Connection Profile – Displays the name of the connection profile associated to the access policy -**Step 4 –** Click Save to create the new access policy. +**Step 4 –** Click **Save** to create the new access policy. **Step 5 –** On the new access policy, select the **Users** tab. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/website.md b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/website.md index 41dd0247f7..6483b987e8 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/addandchange/website.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/addandchange/website.md @@ -10,7 +10,7 @@ Follow the steps to add a Website Resource to the Privilege Secure Console. **Step 1 –** Navigate to the **Policy** > **Resources** page. -**Step 2 –** Click the Plus icon and select New Website from the drop-down list. +**Step 2 –** Click the **Plus** icon and select New Website from the drop-down list. ![Add New Website Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addnewwebsite.webp) diff --git a/docs/privilegesecure/4.2/admin/interface/resources/configuresecurewinrmconnection.md b/docs/privilegesecure/4.2/admin/interface/resources/configuresecurewinrmconnection.md index add98a48b3..3e324f89e8 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/configuresecurewinrmconnection.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/configuresecurewinrmconnection.md @@ -27,9 +27,12 @@ Follow the steps to configure secure WinRM connection for the selected host: - Select a certificate – Provide a certificate thumbprint. -**NOTE:** This option is applicable to the host and NPS certificates. If you selected a new +:::note +This option is applicable to the host and NPS certificates. If you selected a new self-signed certificate option, it will be generated automatically and imported to Netwrix Privilege Secure. +::: + **Step 5 –** Click **Submit**. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/databases/databases.md b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/databases/databases.md index 04ac3c1518..dc33db9e1a 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/databases/databases.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/databases/databases.md @@ -22,7 +22,10 @@ The Database Details page shows the following information: - Port — The port for the server - Domain — Displays the fully qualified domain name (FQDN) - **NOTE:** The domain is used as the default domain for database activities. + :::note + The domain is used as the default domain for database activities. + ::: + - Service Account — Displays the service account associated with the resource. See the [Service Accounts Page](/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/serviceaccounts.md) topic for additional diff --git a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/groupsentraid.md b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/groupsentraid.md index 219ee91a6d..2f8b381e92 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/groupsentraid.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/groupsentraid.md @@ -9,9 +9,12 @@ sidebar_position: 30 The Groups tab for Microsoft Entra ID (formerly Azure AD) shows information about the groups on the selected resource. -**NOTE:** Groups in hybrid environments will be associated with the on-premises Active Directory +:::note +Groups in hybrid environments will be associated with the on-premises Active Directory domain resource (if the on-premises domain has been synced by Privilege Secure). This view will show cloud-only EntraID groups. +::: + ![Groups Tab Entra ID](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsazuread.webp) diff --git a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/usersentraid.md b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/usersentraid.md index 9a8ab88118..4f2ace60d0 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/usersentraid.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/entraid/usersentraid.md @@ -9,9 +9,12 @@ sidebar_position: 20 The Users tab for Microsoft Entra ID (formerly Azure AD) shows information about the users on the selected resource. -**NOTE:** Users in hybrid environments will be associated with the on-premises Active Directory +:::note +Users in hybrid environments will be associated with the on-premises Active Directory domain resource (if the on-premises domain has been synced by Privilege Secure). This view will show cloud-only EntraID users. +::: + ![Users Tab Entra ID](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersazuread.webp) diff --git a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md index 678e637bc3..a82f88c4b6 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md @@ -8,7 +8,10 @@ sidebar_position: 10 Follow the steps to add or edit a Website URL used by a resource. -**NOTE:** Only applicable to Microsoft Entra ID and Website resources. +:::note +Only applicable to Microsoft Entra ID and Website resources. +::: + **Step 1 –** Navigate to the **Resources** page. @@ -33,6 +36,6 @@ Follow the steps to add or edit a Website URL used by a resource. - Regex — Match based upon valid regex string - Host — Match based upon host name (FQDN) -**Step 5 –** Click Save to accept changes. +**Step 5 –** Click **Save** to accept changes. The URL is added to the resource and shown on the URLs tab. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md index 81bbbb7d1d..1c6c92c975 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md @@ -12,7 +12,10 @@ the Activity. See the [Activities Page](/docs/privilegesecure/4.2/admin/interfac Follow the steps to add or edit a managed user account for the resource. -**NOTE:** Only applicable to Website resources. +:::note +Only applicable to Website resources. +::: + **Step 1 –** Navigate to the **Resources** page. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/removeresource.md b/docs/privilegesecure/4.2/admin/interface/resources/removeresource.md index 6d0d64443e..2eef0f5e1d 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/removeresource.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/removeresource.md @@ -10,19 +10,22 @@ Use the Remove Resources window to remove a selected resource from the database. Follow the steps to remove a resource. -**Step 1 –** Navigate to the Resources page. +**Step 1 –** Navigate to the **Resources** page. **Step 2 –** Select the resource(s) to modify. -**Step 3 –** Click Remove to open the Remove Resource window. +**Step 3 –** Click **Remove** to open the Remove Resource window. ![Remove Resource Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.webp) **Step 4 –** Select the **Remove from Database** checkbox to remove the selected resource(s) from the database. -**NOTE:** Selecting this checkbox will remove all records of the resource(s) from the database. It +:::note +Selecting this checkbox will remove all records of the resource(s) from the database. It will not prevent the resource from being synced or added again. +::: + **Step 5 –** Click **Remove** to confirm that you want to remove the selected resource(s). diff --git a/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/addresourcestogroup.md b/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/addresourcestogroup.md index 686e350632..e3bbbab0e3 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/addresourcestogroup.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/addresourcestogroup.md @@ -8,11 +8,11 @@ sidebar_position: 20 Follow the steps to add resources to a resource group. -**Step 1 –** Navigate to the Resources > Resource Groups page. +**Step 1 –** Navigate to the **Resources** > **Resource Groups** page. **Step 2 –** In the Resource Groups list, select the name of the resource group. -**Step 3 –** In the Resource Groups table, click Add. +**Step 3 –** In the Resource Groups table, click **Add**. ![addresources](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresources.webp) @@ -35,6 +35,6 @@ and it is immediately moved to the Resources to Add list. **Step 5 –** (Optional) Click a row in the Resources to Add list to move it back to the All Resources list. -**Step 6 –** Click Add to add the resources to the resource group. +**Step 6 –** Click **Add** to add the resources to the resource group. The resources are added to the resource group. diff --git a/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/resourcegroup.md b/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/resourcegroup.md index 97ce3c200c..6d80af8873 100644 --- a/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/resourcegroup.md +++ b/docs/privilegesecure/4.2/admin/interface/resources/resourcegroups/resourcegroup.md @@ -8,9 +8,9 @@ sidebar_position: 10 Follow the steps to add resource groups to the console. -**Step 1 –** Navigate to the Policy > Resources > Resource Groups page. +**Step 1 –** Navigate to the **Policy** > **Resources** > **Resource Groups** page. -**Step 2 –** In the Resource Groups list, click the Plus icon. +**Step 2 –** In the Resource Groups list, click the **Plus** icon. ![Add Resource Group](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addresourcegroup.webp) @@ -40,7 +40,7 @@ Follow the steps to add resource groups to the console. - Per Individual Resource — Set whether the Local Administrator accounts will be managed on a per resource basis -**Step 4 –** Click Save to create the new resource group. +**Step 4 –** Click **Save** to create the new resource group. **Step 5 –** With the new resource group selected, configure the following settings: diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/addusersandgroups.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/addusersandgroups.md index 289f4fa0ac..395d6845c3 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/addusersandgroups.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/addusersandgroups.md @@ -50,14 +50,14 @@ The tables in both sections have the following columns: Follow the steps to add users and groups to the console from AD. -**Step 1 –** Navigate to the Policy > Users and Groups page. +**Step 1 –** Navigate to the **Policy** > **Users and Groups** page. -**Step 2 –** Click Add to open the Add Users and Groups window. +**Step 2 –** Click **Add** to open the Add Users and Groups window. **Step 3 –** Filter by Users or Groups, or use the Search feature. -**Step 4 –** Select the checkbox for the desired users in the Available Accounts table. +**Step 4 –** Select the **checkbox** for the desired users in the Available Accounts table. -**Step 5 –** Click Add to add one or more accounts. +**Step 5 –** Click **Add** to add one or more accounts. The selected accounts are now added to the Privilege Secure console. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/application.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/application.md index 5c6478c5cf..a6ea3540b9 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/application.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/application.md @@ -16,9 +16,9 @@ combination of certificate serial number and API key. Follow the steps to add an Application to an Access Policy. -**Step 1 –** Navigate to the Users & Groups page. +**Step 1 –** Navigate to the **Users & Groups** page. -**Step 2 –** Click Add Application. +**Step 2 –** Click **Add Application**. **Step 3 –** Enter a new Application Name in the provided field. This will be displayed to represent the application. @@ -30,6 +30,6 @@ certificate to the Trusted Root Certification Authorities on the Privilege Secur **Step 5 –** Enter the API Key. This is the unique key used as part of Application authentication. -**Step 6 –** Click the Save button when finished. +**Step 6 –** Click the **Save** button when finished. The new Applicationhas been added to the the Users & Groups page. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/localuser.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/localuser.md index f4d620cb4f..4da2e6fcc2 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/add/localuser.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/add/localuser.md @@ -15,9 +15,9 @@ the same manner as domain users. Follow these steps to add a New Local Users. -**Step 1 –** Navigate to the Policy > Users & Groups page. +**Step 1 –** Navigate to the **Policy** > **Users & Groups** page. -**Step 2 –** Click the Add button and select New Local User from the drop-down list. +**Step 2 –** Click the **Add** button and select New Local User from the drop-down list. **Step 3 –** In the New Local User textbox, enter the name that will be assigned to the local user account. @@ -27,6 +27,6 @@ account. **Step 5 –** The Change Password Next Login option is selected by default. Optionally uncheck it to maintain the password entered in step 4. -**Step 6 –** Click the Save button when finished. +**Step 6 –** Click the **Save** button when finished. Once saved, users can view the new Local User on the [Users & Groups Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/usersgroups.md). diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/customrole.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/customrole.md index 8506c1f117..4be9b3c8ca 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/customrole.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/customrole.md @@ -22,13 +22,13 @@ Follow the steps below to add a role to the Users & Groups Role Management modu **Step 1 –** Navigate to the **Users & Groups** > **Role Management** page. -**Step 2 –** Click the Add Role button. +**Step 2 –** Click the **Add Role** button. **Step 3 –** Enter a Role Name. **Step 4 –** (Optional) Add a description. -**Step 5 –** Click the Save button. +**Step 5 –** Click the **Save** button. Once saved, the next step is to assign Permissions and users to this role. See the [Custom Role Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) topic for additional diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md index 51d54cddb0..7b05105b66 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md @@ -23,8 +23,11 @@ following features: - Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A confirmation window will display. -**NOTE:** The default Administrator, User, and Reviewer roles cannot be copied, deleted, or +:::note +The default Administrator, User, and Reviewer roles cannot be copied, deleted, or modified. Only custom roles can be copied, deleted, or modified. +::: + The details that display the main pane vary based on the type of role selected. See the [Default Role Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/rolemanagementdefault.md) and the diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md index ff5c27e48c..8ada9d80f4 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md @@ -29,12 +29,12 @@ Both tables have the following columns: Follow the steps to add activities to the selected access policy. -**Step 1 –** Navigate to the Policy > Access Policies page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page. **Step 2 –** In the Access Policy list, select the name of the access policy and select the -Activities tab. +**Activities** tab. -**Step 3 –** Click Add to open the Add Activities and Activity Groups window. +**Step 3 –** Click **Add** to open the Add Activities and Activity Groups window. The Add Activities and Activity Groups window has the following features: @@ -56,7 +56,7 @@ and it is immediately moved to the Activities & Groups to Add list. **Step 5 –** (Optional) Click a row in the Activities & Groups to Add list to move it back to the Available Activities list. -**Step 6 –** Click Add to add the activities and activity groups to the access policy. +**Step 6 –** Click **Add** to add the activities and activity groups to the access policy. The new activities and activity groups are added to the access policy and are shown in the [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md). diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md index b5a3793a71..0d70d41616 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md @@ -40,6 +40,6 @@ Follow the steps to add a policy to a custom role. **Step 5 –** Select the checkbox for the desired Policies in the Available Policies table. -**Step 6 –** Click Add to add one or more policies to the custom role. +**Step 6 –** Click **Add** to add one or more policies to the custom role. The new policies are added to the applicable custom role. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md index 9747e9654d..4e81de352d 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md @@ -35,15 +35,15 @@ Both tables have the following columns: Follow the steps to add resources and resource groups to the selected access policy or custom role. -**Step 1 –** Navigate to the Policy > Access Policies page or Users & Groups > Role Management page. +**Step 1 –** Navigate to the **Policy** > **Access Policies** page or **Users & Groups** > **Role Management** page. **Step 2 –** Select the name of the access policy or custom role and select the Resources tab. -**Step 3 –** Click Add to open the Add Resources window. +**Step 3 –** Click **Add** to open the Add Resources window. **Step 4 –** Select the checkbox for the desired resources in the Available Resources And Resource Groups table. -**Step 5 –** Click Add to add one or more Resources or Resource Groups. +**Step 5 –** Click **Add** to add one or more Resources or Resource Groups. The new resource(s) and resource group(s) are added to the custom role. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md index 500d3405aa..76319fb29d 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md @@ -46,8 +46,8 @@ Follow the steps below to add a role user to a custom role. **Step 4 –** Select the checkbox for the desired users in the Available Role Users table. -**Step 5 –** Click Add to add one or more user roles. +**Step 5 –** Click **Add** to add one or more user roles. -**Step 6 –** Click Add to add the role user(s) to the role. +**Step 6 –** Click **Add** to add the role user(s) to the role. The selected users are now granted the permissions associated with the selected custom role. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md index 99f3ead93d..c4cbf57679 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md @@ -8,17 +8,17 @@ sidebar_position: 10 Follow the steps to add or remove permission assignments from a custom role. -**Step 1 –** Navigate to the Policy > **Users & Groups** > **Role Management** page. +**Step 1 –** Navigate to the **Policy** > **Users & Groups** > **Role Management** page. **Step 2 –** Click a custom role item from the left-hand menu. ![Custome Role Edit Permissions](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/customroleeditpermissions.webp) **Step 3 –** From the left-hand menu, check the boxes of one or more permissions to add to this -custom role. Click the add selections Green Arrow. +custom role. Click the add selections **Green Arrow**. **Step 4 –** (Optional) From the right-hand menu, check the boxes of one or more permissions to -remove from this custom role. Click the remove selections Red Arrow. +remove from this custom role. Click the remove selections **Red Arrow**. Selected permissions have been added or removed from the custom role. See the [Custom Role Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) topic for additional diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md index bdd14b6bb1..f3df9c4995 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md @@ -38,14 +38,14 @@ Follow the steps to grant users the Administrator role. See the [Role Management Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md) section for a list of roles and their functions. -**Step 1 –** Navigate to the **Users & Groups** > Role Management page. +**Step 1 –** Navigate to the **Users & Groups** > **Role Management** page. -**Step 2 –** In the Role list, select the Administrators role. +**Step 2 –** In the Role list, select the **Administrators** role. -**Step 3 –** Click Add User to open the Add Administrators window. +**Step 3 –** Click **Add User** to open the Add Administrators window. **Step 4 –** Select the checkbox for the desired accounts in the Available Accounts table.. -**Step 5 –** Click Add to add the accounts to the role. +**Step 5 –** Click **Add** to add the accounts to the role. The selected users are now Privilege Secure Administrators. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md index dbc974c437..3791d19c6b 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md @@ -38,14 +38,14 @@ Follow the steps to grant users the Reviewer role. See the [Role Management Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/rolemanagement/rolemanagement.md) section for a list of roles and their functions. -**Step 1 –** Navigate to the **Users & Groups** > Role Management page. +**Step 1 –** Navigate to the **Users & Groups** > **Role Management** page. -**Step 2 –** In the Role list, select the Reviewers role. +**Step 2 –** In the Role list, select the **Reviewers** role. -**Step 3 –** Click Add User to open the Add Reviewers window. +**Step 3 –** Click **Add User** to open the Add Reviewers window. **Step 4 –** Select the checkbox for the desired account from the Available Accounts table. -**Step 5 –** Click Add to add the account to the role. +**Step 5 –** Click **Add** to add the account to the role. The selected users are now Privilege Secure Reviewers. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md index e024df1370..7f5caecea7 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md @@ -28,8 +28,11 @@ Select the method of authentication for the user or group: name and password. Intended for users who access Privilege Secure over a VPN where MFA has already been leveraged. - **CAUTION:** Disabling multi-factor authentication can create a significant security + :::warning + Disabling multi-factor authentication can create a significant security vulnerability. + ::: + The following information determines which MFA method has priority: diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md index 79233396c8..e9e4145db4 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md @@ -32,18 +32,18 @@ Both tables have the following columns: Follow the steps below to add a policy to the present account. -**Step 1 –** Navigate to the Users & Groups page. +**Step 1 –** Navigate to the **Users & Groups** page. **Step 2 –** In the Users & Groups list, click the name of the desired account to open the User page. -**Step 3 –** Select the Policies tab. +**Step 3 –** Select the **Policies** tab. -**Step 4 –** Click Add to open the Add Account to Policies window. +**Step 4 –** Click **Add** to open the Add Account to Policies window. -**Step 5 –** Select a policy in the Available Policies table and click the right arrow to move it to +**Step 5 –** Select a policy in the Available Policies table and click the **right arrow** to move it to the Policies to Add table. -**Step 6 –** Click Okay to add policies to the role. +**Step 6 –** Click **Okay** to add policies to the role. The new policy is added to the applicable account. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/resetmfa.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/resetmfa.md index a218330ba2..487d33c878 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/resetmfa.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/resetmfa.md @@ -14,7 +14,7 @@ information. Follow the steps below to reset a user's MFA. -**Step 1 –** Navigate to the Policy > **Users & Groups** page. +**Step 1 –** Navigate to the **Policy** > **Users & Groups** page. **Step 2 –** Select the desired user or group account. diff --git a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md index 0152e5db70..f8cdadb9c1 100644 --- a/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md +++ b/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md @@ -26,8 +26,11 @@ The page has the following features: the user's MFA will generate a new TOTP secret for the user to register an authenticator. See [Reset User MFA](/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/resetmfa.md) topic for additional information. - **NOTE:** This button will not be visible if the present user has their Authentication Connector + :::note + This button will not be visible if the present user has their Authentication Connector set to Not Required + ::: + The content within the tabs change based on the type of object. See the following topics for additional information: diff --git a/docs/privilegesecure/4.2/admin/myactivities/createsession.md b/docs/privilegesecure/4.2/admin/myactivities/createsession.md index 5d380d9dc5..4974effaef 100644 --- a/docs/privilegesecure/4.2/admin/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/admin/myactivities/createsession.md @@ -20,8 +20,9 @@ Follow the steps to create an activity session. - If the Activity is assigned to more than one resource, the Activity card will display the number of resources; selecting **Create Session** from the session ribbon will open the Configure Session window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. +:::warning +If your license is expired and you can still log in, you will not be able to create activity sessions. +::: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) @@ -38,8 +39,11 @@ Follow the steps to create an activity session. ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) -**NOTE:** If an approval is required, the Waiting for approval message will display until it has +:::note +If an approval is required, the Waiting for approval message will display until it has been granted. +::: + ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) diff --git a/docs/privilegesecure/4.2/admin/navigation/aboutpage.md b/docs/privilegesecure/4.2/admin/navigation/aboutpage.md index 1552afacac..6c4475868c 100644 --- a/docs/privilegesecure/4.2/admin/navigation/aboutpage.md +++ b/docs/privilegesecure/4.2/admin/navigation/aboutpage.md @@ -27,8 +27,11 @@ At the top of the About page, the following license information is displayed: - Customer Info – Name of the licensed customer - Licenses Applied – Number of licenses in use - **NOTE:** Licensing is done according to user count. Any user who has provisioned access will + :::note + Licensing is done according to user count. Any user who has provisioned access will consume a license after their first login. This is true for all users, regardless of role. + ::: + ![About page showing additional Customer Info details](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/aboutcustomerdetails.webp) diff --git a/docs/privilegesecure/4.2/admin/navigation/importlicense.md b/docs/privilegesecure/4.2/admin/navigation/importlicense.md index 8d7fb130d4..3c3107d68e 100644 --- a/docs/privilegesecure/4.2/admin/navigation/importlicense.md +++ b/docs/privilegesecure/4.2/admin/navigation/importlicense.md @@ -20,8 +20,11 @@ login. Licensing is done according to user count. Any user who has provisioned access will consume a license after their first login. This is true for all users, regardless of role. -**CAUTION:** If your license is expired, and you can still log in, you will not be able to create +:::warning +If your license is expired, and you can still log in, you will not be able to create activity sessions or add new users. +::: + Follow the steps to import the license key file. diff --git a/docs/privilegesecure/4.2/admin/troubleshooting.md b/docs/privilegesecure/4.2/admin/troubleshooting.md index e28bb5187e..c4e352e094 100644 --- a/docs/privilegesecure/4.2/admin/troubleshooting.md +++ b/docs/privilegesecure/4.2/admin/troubleshooting.md @@ -29,9 +29,12 @@ Follow the steps to install the Enablement Toolkit. **Step 1 –** Once the Privilege Secure Installer file has been downloaded, unzip and open the Enablement Toolkit.exe from the **Privilege Secure Installer Package** > **Extras Folder**. -**NOTE:** The Enablement Toolkit application should be run as a local Administrator. If the user +:::note +The Enablement Toolkit application should be run as a local Administrator. If the user account running the toolkit is not a local administrator, Windows will request administrator credentials. +::: + ![SbPAM Enablement Toolkit - EULA Agreement window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/sbpamenablementtoolkit_-_1_-_eula_agreement.webp) @@ -64,8 +67,11 @@ following fields for all operations: - Operation Menu – The operation menu drop-down list contains the following operations: - **NOTE:** See the Enablement Toolkit Operations topic for additional information about each + :::note + See the Enablement Toolkit Operations topic for additional information about each operation. + ::: + - Enumerate Active Directory Objects - Verify Domain Group Membership for Credential @@ -92,10 +98,13 @@ Follow the steps to execute an operation. ![Stealthbits Enablement Toolkit - Help Menu](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/sbpamenablementtoolkit_-_3_-_help_window.webp) -**NOTE:** The Help menu displays key information regarding the selected operation. The Help menu for +:::note +The Help menu displays key information regarding the selected operation. The Help menu for the Enumerate Active Directory Objects operation displays the operation name, required fields, notes, and a brief description of the selected operation. It is recommended to view the Help menu for each operation you intend to execute. +::: + **Step 3 –** Configure the fields for the selected operation. @@ -165,7 +174,10 @@ ensure the unknown publisher warning disappears completely. **Step 2 –** Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Remote Desktop Services** > **Remote Desktop Connection Client**. -**NOTE:** Do not expand the Remote Desktop Connection Client folder. +:::note +Do not expand the Remote Desktop Connection Client folder. +::: + ![Troubleshooting - GPO Settings](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/troubleshootinggposettings.webp) @@ -186,9 +198,12 @@ certificate thumbprints** field. The RDP file has been certified and will be trusted by Windows computers that are part of this policy. -**NOTE:** IIS_IUSRS account must have read permissions to the certificate used by Privilege Secure +:::note +IIS_IUSRS account must have read permissions to the certificate used by Privilege Secure in certlm.msc. Otherwise, in the PAM-WebService log the "Could not sign RDP file with certificate for RDP Session: Keyset does not exist" error will appear and the RDP file won't be signed. +::: + ## Update InsecureSkipVerify and RestURL diff --git a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md index 88b256ee20..bf74025d36 100644 --- a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md +++ b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md @@ -11,8 +11,11 @@ third-party Remote Desktop Connection Management software. Passing a DirectConne proxy server will launch an RDP connection. This topic explains the formatting for the connection string, with specific examples given for some popular Remote Desktop Connection Management programs. -**NOTE:** If a SAML or OIDC authentication connector is enabled for the requesting user, +:::note +If a SAML or OIDC authentication connector is enabled for the requesting user, DirectConnect functionality cannot be used. +::: + To configure the remote connection client, use a connection string with the following parameters, separated by “+” to the appropriate port on the proxy: @@ -163,7 +166,10 @@ User Name Format: `\` -**NOTE:** The user name starts with \_\_ (back slash). +:::note +The user name starts with \_\_ (back slash). +::: + User Name Example: diff --git a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/startsession.md b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/startsession.md index ab06c0c8fb..ce23c1cc28 100644 --- a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/startsession.md +++ b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/startsession.md @@ -43,7 +43,10 @@ profile that allow a session to be extended by the user, in increments. If Session Extension is enabled, the session extension option appears for users when the remaining time is 5 minutes or less. -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. +:::note +For NPS users with the Administrator role, session extension is always enabled. +::: + ![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) diff --git a/docs/privilegesecure/4.2/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/enduser/myactivities/createsession.md index 5d380d9dc5..7a67501381 100644 --- a/docs/privilegesecure/4.2/enduser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/enduser/myactivities/createsession.md @@ -38,8 +38,11 @@ Follow the steps to create an activity session. ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) -**NOTE:** If an approval is required, the Waiting for approval message will display until it has +:::note +If an approval is required, the Waiting for approval message will display until it has been granted. +::: + ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) diff --git a/docs/privilegesecure/4.2/enduser/overview.md b/docs/privilegesecure/4.2/enduser/overview.md index 319eb413f9..c5d2071727 100644 --- a/docs/privilegesecure/4.2/enduser/overview.md +++ b/docs/privilegesecure/4.2/enduser/overview.md @@ -41,9 +41,12 @@ Follow the steps to log in to the Privilege Secure. **Step 1 –** Open Privilege Secure in a browser window. The Login screen will show the Authentication Connector that is set as the default. -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +:::note +Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP, etc) for all user accounts unless otherwise configured by an Administrator. If required, first time users must register with an MFA to use with their login credentials. +::: + ![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) diff --git a/docs/privilegesecure/4.2/install/components/components.md b/docs/privilegesecure/4.2/install/components/components.md index c42f9cc4eb..e5bfe879c0 100644 --- a/docs/privilegesecure/4.2/install/components/components.md +++ b/docs/privilegesecure/4.2/install/components/components.md @@ -16,8 +16,11 @@ The `NPS.zip` file that can be downloaded from the Netwrix Customer portal conta the missing components. - PostgreSQL Setup – Installs the PostgreSQL database on the application server. - **CAUTION:** The PostgreSQL database must be installed before installing the application. It + :::warning + The PostgreSQL database must be installed before installing the application. It can be installed separately or through the Netwrix Setup Launcher. + ::: + - Privilege Secure Setup – Installs the application @@ -43,10 +46,13 @@ The `NPS.zip` file that can be downloaded from the Netwrix Customer portal conta - NPS Scheduler Service - Web Service - **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the + :::note + Use this installer if you are not using the Netwrix Setup Launcher. Run the installer as an administrator and follow the [Install Application](setuplauncher.md#install-application) instructions, starting with Step 2. + ::: + - NPS.HaMgr.exe – Installs the High Availability Management tool. If high availability setup is desired, please coordinate with [Netwrix Support](https://www.netwrix.com/support.html) and @@ -72,7 +78,10 @@ The `NPS.zip` file that can be downloaded from the Netwrix Customer portal conta - SbPAMPowershellModules.msi – Installs the Netwrix Privilege Secure PowerShell modules. These modules allow for custom PowerShell scripting tasks to be run against the application API. - **NOTE:** PowerShell 7.1 is a prerequisite to install these modules. + :::note + PowerShell 7.1 is a prerequisite to install these modules. + ::: + - sbpam-url.exe – Installs the sbpam-url URL handler. This will automatically launch SSH sessions from the browser in your preferred SSH client program. See the @@ -84,12 +93,18 @@ The `NPS.zip` file that can be downloaded from the Netwrix Customer portal conta - postgresql-x64-16 service - PostgreSQL directory and database - **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the + :::note + Use this installer if you are not using the Netwrix Setup Launcher. Run the installer as an administrator and follow the [Install PostgreSQL Database](setuplauncher.md#install-postgresql-database) instructions, starting with Step 2. + ::: + + +:::info +Antivirus software should be disabled during the component installation. +::: -**_RECOMMENDED:_** Antivirus software should be disabled during the component installation. The Netwrix Setup Launcher checks for prerequisites and installs both the database and application on the sames server. See the [Netwrix Setup Launcher](/docs/privilegesecure/4.2/install/components/setuplauncher.md) topic for instructions. If @@ -104,7 +119,9 @@ There is also a Browser Extension that can be installed for Privilege Secure use [Browser Extension App](/docs/privilegesecure/4.2/enduser/browserextension/browserextension.md) topic for additional information. -_Remember,_ Privilege Secure licensing is done according to user count. Any user who is provisioned +:::tip +Remember, Privilege Secure licensing is done according to user count. Any user who is provisioned access to Privilege Secure will consume a license after their first login. This is true for all users, regardless of role (Administrator, Reviewer, User, or Custom Role). See [Import the License File](/docs/privilegesecure/4.2/admin/navigation/importlicense.md) topic for additional information. +::: diff --git a/docs/privilegesecure/4.2/install/components/setuplauncher.md b/docs/privilegesecure/4.2/install/components/setuplauncher.md index f2619a4863..54718a9bcb 100644 --- a/docs/privilegesecure/4.2/install/components/setuplauncher.md +++ b/docs/privilegesecure/4.2/install/components/setuplauncher.md @@ -6,35 +6,50 @@ sidebar_position: 10 # Netwrix Setup Launcher -**CAUTION:** The PostgreSQL database must be installed before installing the application. It can be +:::warning +The PostgreSQL database must be installed before installing the application. It can be installed separately or through the Netwrix Setup Launcher. Also note that the application will require a server reboot at the end of the installation. +::: + The Netwrix Setup Launcher checks for and installs missing prerequisites in addition to installing the database and application. ![Netwrix Setup Launcher showing the Prequisites Setup with a green checkmark](/img/product_docs/privilegesecure/4.2/accessmanagement/install/launcherstep2.webp) -**_RECOMMENDED:_** Antivirus software should be disabled on this computer during the installation. +:::info +Antivirus software should be disabled on this computer during the installation. +::: + Right-click on the NPS_Setup.exe file and select Run as administrator. The Netwrix Setup Launcher will open. The launcher runs a prerequisites setup check. The green checkmark indicates the prerequisites have been met and you are ready to install the database. -**CAUTION:** The Advanced checkbox provides the option to switch databases to Microsoft SQLServer. +:::warning +The Advanced checkbox provides the option to switch databases to Microsoft SQLServer. This is not a recommended configuration and requires additional support from Netwrix. +::: + ## Install PostgreSQL Database -**_RECOMMENDED:_** Antivirus software should be disabled on this computer during the installation. +:::info +Antivirus software should be disabled on this computer during the installation. +::: + Follow the steps to install the PostgreSQL database. **Step 1 –** In the Netwrix Setup Launcher, click **Install PostgreSQL 16**. The PostgeSQL v16 Setup wizard opens. -**NOTE:** If PostgreSQL v16 is already installed, a green checkmark is displayed to the left of the +:::note +If PostgreSQL v16 is already installed, a green checkmark is displayed to the left of the Install PostgreSQL 16 button and you can install the Privilege Secure application. +::: + ![Stealthbits PostgreSQL v12 Setup Wizard on the Install page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/install.webp) @@ -45,7 +60,10 @@ Install PostgreSQL 16 button and you can install the Privilege Secure applicatio **Step 3 –** On the End User License Agreement page, check the **I accept the license agreement** box and click **Next**. -_Remember,_ it is a best practice to read the agreement before accepting it. +:::tip +Remember, it is a best practice to read the agreement before accepting it. +::: + ![Stealthbits PostgreSQL v12 Setup Wizard on the Install and Data Folder page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/installfolder.webp) @@ -56,21 +74,30 @@ C:\Program Files\Stealthbits\Postgres16 - To change the default location, click **Browse** and set a new location. - When the location is set, click **Next**. -**NOTE:** The installation process begins and the Setup wizard displays the its Progress. This may +:::note +The installation process begins and the Setup wizard displays the its Progress. This may take a few moments. +::: + ![Stealthbits PostgreSQL v12 Setup Wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed.webp) **Step 5 –** When installation is complete, click **Exit**. The Stealthbits PostgeSQL v16 Setup wizard closes. -**NOTE:** A reboot may be required. +:::note +A reboot may be required. +::: + The PostgreSQL database is successfully installed. It is time to install the application. ## Install Application -**_RECOMMENDED:_** Antivirus software should be disabled on this computer during the installation. +:::info +Antivirus software should be disabled on this computer during the installation. +::: + Follow the steps to install Privilege Secure application. @@ -79,14 +106,20 @@ Follow the steps to install Privilege Secure application. **Step 1 –** If you are using the Netwrix Setup Launcher, it displays a green checkmark for the PostgreSQL Setup. Click Netwrix Privilege Secure Setup. -**NOTE:** This window remains open in the background while the database is installed. +:::note +This window remains open in the background while the database is installed. +::: + ![Netwrix Privilege Secure Setup wizard on the License Agreement page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement_1.webp) **Step 2 –** On the End User License Agreement page, check the **I agree to the license terms and conditions** box and click **Options**. -_Remember,_ it is a best practice to read the agreement before accepting it. +:::tip +Remember, it is a best practice to read the agreement before accepting it. +::: + ![Netwrix Privilege Secure Setup wizard on the Setup Options page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/setupoptions.webp) @@ -99,8 +132,11 @@ C:\Program Files\Stealthbits\PAM **Step 4 –** You will return to the End User License Agreement page. Click **Install**. -**NOTE:** The installation process begins and the wizard displays the its Progress. This may take a +:::note +The installation process begins and the wizard displays the its Progress. This may take a few moments. +::: + ![Netwrix Privilege Secure Setup wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed_1.webp) diff --git a/docs/privilegesecure/4.2/install/firstlaunch.md b/docs/privilegesecure/4.2/install/firstlaunch.md index 79178d2142..9237777830 100644 --- a/docs/privilegesecure/4.2/install/firstlaunch.md +++ b/docs/privilegesecure/4.2/install/firstlaunch.md @@ -12,9 +12,12 @@ Once the database and application are installed, the next step is to walk throug The Netwrix Setup Launcher can be closed, if it was used during installation. -**_RECOMMENDED:_** The first user, your primary Administrator, will be setup through the wizard. It +:::info +The first user, your primary Administrator, will be setup through the wizard. It is recommended that you have a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP, etc.) ready to setup for this account through the wizard. +::: + There are two methods for launching the Setup Wizard: @@ -31,19 +34,28 @@ You will need to following information for your environment to complete the wiza - Domain account and its password to be the primary application Administrator - **_RECOMMENDED:_** Use a non-privileged account and use the application to access privileged + :::info + Use a non-privileged account and use the application to access privileged accounts. + ::: + - Multi-factor authenticator (MFA) app on your phone to register this application Administrator account - **NOTE:** This step can be skipped during the wizard, and an MFA can be added at a later time, + :::note + This step can be skipped during the wizard, and an MFA can be added at a later time, but that is not recommended. + ::: + - Active Directory service account and its password - **NOTE:** This service account must have membership in the Domain Admins group for the domain + :::note + This service account must have membership in the Domain Admins group for the domain where the primary application Administrator account resides. + ::: + Follow the steps to walk through the Setup Wizard. @@ -72,11 +84,14 @@ MFA provider. - Enter the verification code in the textbox. - Click **Next**, while the code is still active. - **NOTE:** MFA for this account can be done at a later time through the User details page. If + :::note + MFA for this account can be done at a later time through the User details page. If that is desired, click Setup Later and skip to Step 6 of these instructions. The initial account will be set to Not Required MFA. See the [User, Group, & Application Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. + ::: + ![Setup Wizard on the Step 2 page displaying the recovery codes](/img/product_docs/privilegesecure/4.2/accessmanagement/install/authenticatorcodes.webp) @@ -92,18 +107,24 @@ administrator privileges. Enter the following information and then click **Next* - Username – Enter the account. The domain will auto-populate from the Step 1 page. - Password – Enter the account's password. The eye icon can be used to view the entry. -**NOTE:** This service account will be used to run domain synchronization. If you do not have an +:::note +This service account will be used to run domain synchronization. If you do not have an account with domain administrator privileges ready when walking through the Setup Wizard, you can click the Exit Wizard link. See the Exit Wizard Early topic for additional information. +::: + ![Setup Wizard on the Step 4 page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/sync.webp) **Step 7 –** On the Step 4 page, click **Sync**. The Active Directory domain synchronization begins and is tracked by the status bar. When synchronization is complete, the Step 5 page opens. -**NOTE:** Problems with service registration may occur if accessing the wizard from a remote +:::note +Problems with service registration may occur if accessing the wizard from a remote IP address. If this does occur during domain synchronization, you will be redirected to a dedicated error page, which allows you to ignore certificate errors during the initial configuration. +::: + ![Setup Wizard on the Step 5 page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/resource.webp) @@ -112,8 +133,11 @@ create your first access policy to grant Domain Admin Access with an Activity To resource. The selected resource displays a green checkmark at the beginning of the row. Click **Add resource**. -**NOTE:** Available resources were discovered on the domain during the synchronization completed on +:::note +Available resources were discovered on the domain during the synchronization completed on the Step 3 page. You can use the Search resources box to filter the list. +::: + ![Check resources window](/img/product_docs/privilegesecure/4.2/accessmanagement/install/checkresource.webp) @@ -136,21 +160,21 @@ the Setup Wizard will not create the Activity Token for Domain Admin Access acti to complete the following to create your first access policy, depending on what page of the wizard you exited from: -Exit From Step 3 Page – Domain Service Account +**Exit From Step 3 Page – Domain Service Account** Navigate to the domain details page and add a new service account. See the [Domain Details Page](/docs/privilegesecure/4.2/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. Complete the onboarding process misses on the Step 4 and Step 5 pages. -Exit From Step 4 Page – Active Directory Sync +**Exit From Step 4 Page – Active Directory Sync** Navigate to the domain details page and click Synchronize Now. See the [Domain Details Page](/docs/privilegesecure/4.2/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. Complete the onboarding process misses on the Step 4 and Step 5 pages. -Exit From Step 5 Page – Onboard First Resource and Create Access Policy +**Exit From Step 5 Page – Onboard First Resource and Create Access Policy** Navigate to the Resources page and add a new server. See the [Add Resources Window](/docs/privilegesecure/4.2/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md) topic for additional diff --git a/docs/privilegesecure/4.2/install/login.md b/docs/privilegesecure/4.2/install/login.md index f9e7584e35..f86d4b0934 100644 --- a/docs/privilegesecure/4.2/install/login.md +++ b/docs/privilegesecure/4.2/install/login.md @@ -17,8 +17,11 @@ into a supported browser address bar. For example, if Privilege Secure is instal https://ExampleServer01:6500 -**NOTE:** This is the default port. If a custom port is configured, the address to the Privilege +:::note +This is the default port. If a custom port is configured, the address to the Privilege Secure Console is: +::: + `https://ExampleServer01:[PortNumber]` @@ -30,17 +33,23 @@ Users can still log in with an expired license. If a license is expired, and the not exceed the license count, users will still be able to log in. If a license is expired, and the login attempt does exceed the license count, Privilege Secure will prevent the login. -**CAUTION:** If your license is expired, and you can still log in, you will not be able to create +:::warning +If your license is expired, and you can still log in, you will not be able to create activity sessions or new users. +::: + Follow the steps to log in to the Privilege Secure Console. **Step 1 –** Open Privilege Secure in a browser window. The Login screen will show the Authentication Connector that is set as the default. -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +:::note +Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP, etc) for all user accounts unless otherwise configured in the Initial Set Up Wizard. If required, first time users must register with an MFA to use with their login credentials. +::: + ![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) @@ -63,11 +72,14 @@ enter the user credentials. ![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) -**NOTE:** After five incorrect login attempts, the user will be locked out of the account for five +:::note +After five incorrect login attempts, the user will be locked out of the account for five minutes. Additional incorrect login attempts will extend this time by five minutes for each failed login. See the [User, Group, & Application Details Page](/docs/privilegesecure/4.2/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information on how to unlock an account. +::: + The Privilege Secure Console is ready to use. Note that the option to view the recovery codes is no longer available after the initial login. From here, create Sessions and Access Policies, manage diff --git a/docs/privilegesecure/4.2/install/servicesonadditional/actionservice.md b/docs/privilegesecure/4.2/install/servicesonadditional/actionservice.md index 8865dac68e..646e07dfcf 100644 --- a/docs/privilegesecure/4.2/install/servicesonadditional/actionservice.md +++ b/docs/privilegesecure/4.2/install/servicesonadditional/actionservice.md @@ -14,16 +14,22 @@ The NPS Proxy Service installer is in the Extras folder of the ZIP file download Customer portal. See the [Install Components & Methods](/docs/privilegesecure/4.2/install/components/components.md) topic for additional information. -**NOTE:** Before you begin, the NPS Proxy Service must be registered with a corresponding +:::note +Before you begin, the NPS Proxy Service must be registered with a corresponding application server on the server you will be installing the Action Service prior to installation. The Proxy Service is installed as part of the Action Service installation package. See the [Proxy Service Install](/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md) topic for installation instructions. +::: + Follow the steps to install the NPS Action Service on another server. -_Remember,_ You must configure the Antivirus exclusions according to the +:::tip +Remember, You must configure the Antivirus exclusions according to the [Exclusions for Antivirus (AV) & Endpoint Software](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000000Hi8CAE.html) knowledge base article. +::: + **Step 1 –** Make sure that you have configured the Antivirus exclusions according to the following Netwrix knowledge base article: @@ -77,8 +83,11 @@ cd C:\Program Files\Stealthbits\PAM\KeyTools **Step 3 –** Take note of the password for the export file. -**CAUTION:** This temporary password protects the NPS-AM encryption keys during copying. Do not save +:::warning +This temporary password protects the NPS-AM encryption keys during copying. Do not save it to digital media or transmit it with the encryption key package. +::: + **Step 4 –** Copy the export file to "C:\Program Files\Stealthbits\PAM\KeyTools" on the secondary server. diff --git a/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md b/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md index bacfc0a08e..9d2de04a39 100644 --- a/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md +++ b/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md @@ -24,9 +24,12 @@ information. Follow the steps to install the NPS Proxy Service on another server that will run services for the application. -_Remember,_ You must configure the Antivirus exclusions according to the +:::tip +Remember, You must configure the Antivirus exclusions according to the [Exclusions for Antivirus (AV) & Endpoint Software](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000000Hi8CAE.html) knowledge base article. +::: + **Step 1 –** Copy the `NPS.ProxyService.exe` file to the desktop of the remote server. @@ -38,7 +41,10 @@ Secure Proxy Service Setup wizard opens. **Step 3 –** On the End User License Agreement page, check the I agree to the license terms and conditions box and click Options. -_Remember,_ it is a best practice to read the agreement before accepting it. +:::tip +Remember, it is a best practice to read the agreement before accepting it. +::: + ![Netwrix Privileged Secure Proxy Service Setup wizard on the Setup Options page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/setupoptions.webp) @@ -51,8 +57,11 @@ _Remember,_ it is a best practice to read the agreement before accepting it. **Step 5 –** You will return to the End User License Agreement page. Click Install. -**NOTE:** The installation process begins and the wizard displays the its Progress. This may take a +:::note +The installation process begins and the wizard displays the its Progress. This may take a few moments. +::: + ![Netwrix Privileged Secure Proxy Service Setup wizard on the Successfully Completed page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed_2.webp) @@ -66,41 +75,50 @@ to run automatically in the Services app (`services.msc`). When the NPS Proxy Service is installed on a remote machine, it must be registered with the proxy server. -Example Values +**Example Values** When referring to the NPS Application server, we will use the following example values in our configuration. Replace these values with values that are specific for your environment. -NPS Application Server +**NPS Application Server** - DNS FQDN: nps-app.example.com - IP Address: 192.168.99.1 -NPS Remote Proxy Server +**NPS Remote Proxy Server** - DNS FQDN: nps-remote.example.com - IP Address: 192.168.99.2 -NPS Application Server +**NPS Application Server** Follow the steps to register the NPS Proxy Service. -**NOTE:** All commands are executed on the NPS Application Server as administrator. +:::note +All commands are executed on the NPS Application Server as administrator. +::: + **Step 1 –** Validate the existence of the `sbpam_node.json` file in the installation directory of both servers. The default location is: `C:\ProgramData\Stealthbits\PAM\ProxyService` -**NOTE:** If you are going to use the DNS FQDN to connect from your remote server, you will need to +:::note +If you are going to use the DNS FQDN to connect from your remote server, you will need to make sure that the FQDN is listed in the `sbpam_node.json` file. +::: + **Step 2 –** Open the JSON file as an administrator (via administrator command prompt) on both servers. The JSON file can be located at `C:\ProgramData\Stealthbits\PAM\ProxyService\sbpam_node.json` -**CAUTION:** If this is not the first remote service, do not change the name of your NPS Application +:::warning +If this is not the first remote service, do not change the name of your NPS Application Server. If you do, you will need to re-register all the remote proxy servers. +::: + **Step 3 –** Ensure that the `"advertise"` value of the JSON file on each server has the NPS Proxy Server information, if changes are made, ensure they are saved: @@ -121,8 +139,11 @@ For example: } ``` -**NOTE:** This file references the `IP`, `FQDN`, and `hostname` of the server you are on, not all +:::note +This file references the `IP`, `FQDN`, and `hostname` of the server you are on, not all servers. +::: + **Step 4 –** If edits were made, remove the `sbpam-node.crt` file from the following location on both servers using the command below as an administrator: @@ -131,8 +152,11 @@ both servers using the command below as an administrator: del C:\ProgramData\Stealthbits\PAM\tls\certs\sbpam-node.crt ``` -**NOTE:** If you are adding the proxy to an existing mesh, only delete the `sbpam-node.crt file` on +:::note +If you are adding the proxy to an existing mesh, only delete the `sbpam-node.crt file` on the new proxy service server. +::: + **Step 5 –** On the NPS Application Server, run the following command: @@ -143,11 +167,14 @@ the new proxy service server. **Step 6 –** Copy the returned hash value and save it for later, you will need this value when you register your remote service.. -Remote NPS Proxy Server +**Remote NPS Proxy Server** Follow the steps to register the Remote NPS Proxy Service. -**NOTE:** All commands are executed on the Remote NPS Proxy Server as an administrator. +:::note +All commands are executed on the Remote NPS Proxy Server as an administrator. +::: + **Step 1 –** Validate the existence of the `sbpam_node.json` file in the installation directory. The default location is `C:\ProgramData\Stealthbits\PAM\ProxyService`. diff --git a/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md b/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md index 69ed439a24..9e253e96e2 100644 --- a/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md +++ b/docs/privilegesecure/4.2/install/servicesonadditional/rdpmonitor.md @@ -20,15 +20,21 @@ Follow the steps to install the Remote Desktop Monitor service. **Step 1 –** Copy the **NPS.TSMon.exe** file to the target host. -_Remember,_ this file is in the Extras folder of the Privilege Secure installation download +:::tip +Remember, this file is in the Extras folder of the Privilege Secure installation download extracted ZIP file. +::: + **Step 2 –** Run the EXE file. The Netwrix Privilege Secure Terminal Services Monitor Setup window opens. **Step 3 –** Check the I agree to the license terms and conditions box. -_Remember,_ it is a best practice to read the terms before agreeing to them. +:::tip +Remember, it is a best practice to read the terms before agreeing to them. +::: + **Step 4 –** Click Install. @@ -40,7 +46,10 @@ Monitor service is installed and enabled with Automatic Startup Type and Log On The service is now listening for terminal services connections. -**NOTE:** It is necessary for the Record Proxy Sessions option to be enabled on the connection +:::note +It is necessary for the Record Proxy Sessions option to be enabled on the connection profile for the associated access policy. See the [Connection Profiles Page](/docs/privilegesecure/4.2/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for additional information. + +::: diff --git a/docs/privilegesecure/4.2/install/servicesonadditional/schedulerservice.md b/docs/privilegesecure/4.2/install/servicesonadditional/schedulerservice.md index 7fbd51ef3b..ab1417be99 100644 --- a/docs/privilegesecure/4.2/install/servicesonadditional/schedulerservice.md +++ b/docs/privilegesecure/4.2/install/servicesonadditional/schedulerservice.md @@ -12,9 +12,12 @@ locations within an organization. The Scheduler Service installer is in the zip Privilege Secure Console installer. It is also available for download from the Stealthbits website if required. -**NOTE:** Before you begin, the Proxy Service must be installed on any server running services for +:::note +Before you begin, the Proxy Service must be installed on any server running services for Privilege Secure. See the [Proxy Service Install](/docs/privilegesecure/4.2/install/servicesonadditional/proxyservice.md) topic for installation instructions. +::: + Follow the steps to install the Scheduler Service. @@ -71,8 +74,11 @@ cd C:\Program Files\Stealthbits\PAM\KeyTools **Step 3 –** Take note of the password for the export file. -**CAUTION:** This temporary password protects the NPS-AM encryption keys during copying. Do not save +:::warning +This temporary password protects the NPS-AM encryption keys during copying. Do not save it to digital media or transmit it with the encryption key package. +::: + **Step 4 –** Copy the export file to "C:\Program Files\Stealthbits\PAM\KeyTools" on the secondary server. diff --git a/docs/privilegesecure/4.2/install/upgrade.md b/docs/privilegesecure/4.2/install/upgrade.md index 8c90001d43..9e594f28f0 100644 --- a/docs/privilegesecure/4.2/install/upgrade.md +++ b/docs/privilegesecure/4.2/install/upgrade.md @@ -8,11 +8,14 @@ sidebar_position: 50 This chapter describes the basic steps needed to upgrade Netwrix Privilege Secure. -**NOTE:** As part of the upgrade process, the Privilege Secure installer will complete a mandatory +:::note +As part of the upgrade process, the Privilege Secure installer will complete a mandatory encryption key rotation. Customers who are running Privilege Secure in high-availability mode or use distributed Action Service or Proxy components should refer to the[ Upgrading to Privilege Secure (fomerly SbPAM) 3.6 or Higher - High Availability and Remote Services Configurations](https://kb.netwrix.com/8422) knowledge base article before beginning an upgrade. +::: + ## Considerations @@ -30,25 +33,37 @@ knowledge base article before beginning an upgrade. - Microsoft SQL — The Advanced checkbox provides the option to switch the database to Microsoft SQL Server. - **CAUTION:** This is an advanced configuration and requires additional support from Netwrix. + :::warning + This is an advanced configuration and requires additional support from Netwrix. + ::: + ## Upgrade Procedure Follow the steps to upgrade Netwrix Privilege Secure from an existing version. -**NOTE:** Prior to upgrading Privilege Secure, the installer will scan for the current version +:::note +Prior to upgrading Privilege Secure, the installer will scan for the current version PostgreSQL and prompt you to upgrade if needed. +::: + -**CAUTION:** During an upgrade, the process updates both the application and the database. This +:::warning +During an upgrade, the process updates both the application and the database. This process can take a significant amount of time, depending on the volume of data stored in the database. Canceling, exiting, or otherwise halting the installer during this step may result in irreparable damage to the Privilege Secure database and loss of data. +::: + **Step 1 –** Install the new version of Privilege Secure by running the NPS_Setup.exe as an administrator. -**NOTE:** A server restart will be required after the installer in complete. A notification in the +:::note +A server restart will be required after the installer in complete. A notification in the installer will display after the upgrade procedure is complete. +::: + **Step 2 –** Clear the browser cache after the upgrade procedure. This helps to prevent conflicts when logging in to the new version of Privilege Secure. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md index 4bf231268c..1f7a5ce663 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md @@ -10,8 +10,11 @@ The Approvals Dashboard displays requested sessions that require approval. Users designated as approvers will see the pending sessions queued here. The session must be approved before the requestor can log in to the session. -**NOTE:** For security reasons, Remote Access Gateway can only be used by approvers to view pending +:::note +For security reasons, Remote Access Gateway can only be used by approvers to view pending approvals. Submitting an approval must be done through Netwrix Privilege Secure. +::: + ![Approvals Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvalsdashboarduser.webp) diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md index 3909b343f2..a9761ae17b 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md @@ -16,9 +16,12 @@ Follow the steps to log in to the Privilege Secure. **Step 1 –** Open the Remote Access Gateway in a browser window. The Login screen will show the Authentication method that is set as the default. -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +:::note +Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP, etc) for all user accounts unless otherwise configured by an Administrator. If required, first time users must register with an MFA to use with their login credentials. +::: + **Step 2 –** Either click the default **Authentication Connector** button, or click **Log In with a Different Account** to display all of the authentication connectors that are registered diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md index 5d380d9dc5..7a67501381 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md @@ -38,8 +38,11 @@ Follow the steps to create an activity session. ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) -**NOTE:** If an approval is required, the Waiting for approval message will display until it has +:::note +If an approval is required, the Waiting for approval message will display until it has been granted. +::: + ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md index d2b320fbfd..ee37f2df05 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md @@ -9,7 +9,10 @@ sidebar_position: 20 For security reasons, the Remote Access Gateway automatically logs out the user after 20 minutes of inactivity. A Session Timeout warning message appears after 15 minutes. -**NOTE:** The session timeout setting may differ if it has been customized by your administrator. +:::note +The session timeout setting may differ if it has been customized by your administrator. +::: + ![Session Timeout ](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp) diff --git a/docs/privilegesecure/4.2/requirements/applicationserver.md b/docs/privilegesecure/4.2/requirements/applicationserver.md index 9991b297a5..ddf9fb3b61 100644 --- a/docs/privilegesecure/4.2/requirements/applicationserver.md +++ b/docs/privilegesecure/4.2/requirements/applicationserver.md @@ -10,7 +10,10 @@ The requirements for the (Privilege Secure) application server are: - Windows Server 2016 R2 through Windows Server 2022 - **_RECOMMENDED:_** Windows Server 2022, non-domain-joined for security + :::info + Windows Server 2022, non-domain-joined for security + ::: + - US English language installation - Hardened / dedicated to Netwrix Privilege Secure (recommended) diff --git a/docs/privilegesecure/4.2/requirements/awskey/awskey.md b/docs/privilegesecure/4.2/requirements/awskey/awskey.md index 420e15eb52..9f15914899 100644 --- a/docs/privilegesecure/4.2/requirements/awskey/awskey.md +++ b/docs/privilegesecure/4.2/requirements/awskey/awskey.md @@ -51,7 +51,10 @@ the ‘KMS’ service. **Step 7 –** Under the Resources dropdown menu, select the **Any in this account** checkbox. -**NOTE:** This can be limited to a specific key when the key has been created. +:::note +This can be limited to a specific key when the key has been created. +::: + ![Review and Create the Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/requirements/reviewandcreate.webp) @@ -111,7 +114,10 @@ functionality. **Step 12 –** Click **Done** when finished. -**CAUTION:** Do not delete the AWS user Access Key without rotating the NPS key first. +:::warning +Do not delete the AWS user Access Key without rotating the NPS key first. +::: + The best practice for use of access keys is to rotate them regularly. Follow these steps when rotating access keys. @@ -148,8 +154,11 @@ continue. **Step 6 –** Add a Key Administrator if required. -**NOTE:** The NPS Key user created earlier does not require administrative permissions at this +:::note +The NPS Key user created earlier does not require administrative permissions at this level. +::: + ![Add Key User](/img/product_docs/privilegesecure/4.2/accessmanagement/requirements/addkeyuser.webp) diff --git a/docs/privilegesecure/4.2/requirements/awskey/awskeyrotation.md b/docs/privilegesecure/4.2/requirements/awskey/awskeyrotation.md index 32c69d28b4..f389d89b21 100644 --- a/docs/privilegesecure/4.2/requirements/awskey/awskeyrotation.md +++ b/docs/privilegesecure/4.2/requirements/awskey/awskeyrotation.md @@ -41,11 +41,14 @@ values in the Privilege Secure system. The tool will take a few minutes to run (especially on larger systems) and the log window will show the results of the rotation. -**NOTE:** If the AWS KMS key is rotated, there is no need to rotate the NPS key. Encrypted values +:::note +If the AWS KMS key is rotated, there is no need to rotate the NPS key. Encrypted values will continue to be decrypted and any new encryption will use the updated AWS KMS key. If the AWS user Access Key is rotated it will be necessary to rotate the NPS key to update it to use the new Ids. Best practice for use of access keys is to rotate them regularly. **Do not** delete the AWS user Access Key without rotating the NPS key first. +::: + - **Step 1 –** Create a new access key. - **Step 2 –** Rotate the NPS protect key to use the new access key. diff --git a/docs/privilegesecure/4.2/requirements/client.md b/docs/privilegesecure/4.2/requirements/client.md index ec230101ea..1a9f7a3ab1 100644 --- a/docs/privilegesecure/4.2/requirements/client.md +++ b/docs/privilegesecure/4.2/requirements/client.md @@ -14,5 +14,8 @@ permits it. The supported browsers for Privilege Secure are: - Apple® Safari® - Mozilla® Firefox® -**NOTE:** The browser compatibility mode must be turned off to access the Privilege Secure web +:::note +The browser compatibility mode must be turned off to access the Privilege Secure web service. + +::: diff --git a/docs/privilegesecure/4.2/requirements/ports.md b/docs/privilegesecure/4.2/requirements/ports.md index d3c6e33564..74039376af 100644 --- a/docs/privilegesecure/4.2/requirements/ports.md +++ b/docs/privilegesecure/4.2/requirements/ports.md @@ -44,7 +44,10 @@ The requirements for the (Privilege Secure) application server are: | **9389** | TCP | Privilege Secure server | ![single_direction_arrow](/img/product_docs/privilegesecure/4.2/accessmanagement/requirements/single_direction_arrow.webp) | Domain Controller | Active Directory Web Services Make sure that you have configured the Antivirus exclusions according to the following Netwrix knowledge base article: [SbPAM: Exclusions for Antivirus (AV) & Endpoint Software](https://kb.netwrix.com/5938) | | **88** | UDP | Privilege Secure server | ![arrow](/img/product_docs/privilegesecure/4.2/accessmanagement/requirements/arrow.webp) | Domain Controller | Kerberos | -**NOTE:** Privilege Secure must be able to reach the following URLs via HTTPS (port 443) +:::note +Privilege Secure must be able to reach the following URLs via HTTPS (port 443) +::: + - https://login.microsoftonline.com - https://graph.microsoft.com diff --git a/docs/privilegesecure/4.2/revieweruser/dashboard/active/startsession/startsession.md b/docs/privilegesecure/4.2/revieweruser/dashboard/active/startsession/startsession.md index ccc36e9aa8..dde390a8d8 100644 --- a/docs/privilegesecure/4.2/revieweruser/dashboard/active/startsession/startsession.md +++ b/docs/privilegesecure/4.2/revieweruser/dashboard/active/startsession/startsession.md @@ -40,7 +40,10 @@ profile that allow a session to be extended by the user, in increments. If Session Extension is enabled, the session extension option appears for users when the remaining time is 5 minutes or less. -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. +:::note +For NPS users with the Administrator role, session extension is always enabled. +::: + ![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) diff --git a/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md b/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md index 5d380d9dc5..7a67501381 100644 --- a/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md @@ -38,8 +38,11 @@ Follow the steps to create an activity session. ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) -**NOTE:** If an approval is required, the Waiting for approval message will display until it has +:::note +If an approval is required, the Waiting for approval message will display until it has been granted. +::: + ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) diff --git a/docs/privilegesecure/4.2/revieweruser/overview.md b/docs/privilegesecure/4.2/revieweruser/overview.md index 337fa128a6..297555ac24 100644 --- a/docs/privilegesecure/4.2/revieweruser/overview.md +++ b/docs/privilegesecure/4.2/revieweruser/overview.md @@ -38,9 +38,12 @@ Follow the steps to log in to the Privilege Secure. **Step 1 –** Open Privilege Secure in a browser window. The Login screen will show the Authentication Connector that is set as the default. -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +:::note +Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP, etc) for all Reviewer accounts unless otherwise configured by an Administrator. If required, first time Reviewers must register with an MFA to use with their login credentials. +::: + ![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) From f4f8fad85f667a577b635ec843fcc44925f5bc78 Mon Sep 17 00:00:00 2001 From: Corbin Anderson Date: Wed, 16 Jul 2025 12:23:52 -0600 Subject: [PATCH 2/3] Final updates to bold sub heading and notes/cautions --- .../4.2/admin/AuditReporting/reporting.md | 18 ++-- .../openidconnectconfiguration.md | 4 +- .../authentication/samlconfiguration.md | 2 +- .../serviceaccounts/serviceaccounts.md | 2 +- .../systemsettingspages/emailconfiguration.md | 2 +- .../systemsettingspages/services.md | 6 -- .../addaction/activityactiontypes.md | 97 ++++++++++--------- .../4.2/admin/troubleshooting.md | 4 +- .../browserextension/interface/interface.md | 2 +- .../active/startsession/rdcmanager.md | 30 +++--- .../4.2/enduser/myactivities/createsession.md | 5 +- .../enduser/myactivities/createsession.md | 5 +- .../myactivities/createsession.md | 5 +- 13 files changed, 92 insertions(+), 90 deletions(-) diff --git a/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md b/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md index e6823b3a78..b916615d81 100644 --- a/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md +++ b/docs/privilegesecure/4.2/admin/AuditReporting/reporting.md @@ -28,12 +28,12 @@ report name. The report tree will then be filtered down to the matching reports. The Reports tree contains the following folders. -Favorites Folder +**Favorites Folder** This folder in the report tree contains reports that have been marked with a star for easy access. Clicking the star on a favorite report will remove it from the Favorites folder. -Predefined Reports +**Predefined Reports** This folder contains predefined reports covering common reporting uses cases. Included are: @@ -41,7 +41,7 @@ This folder contains predefined reports covering common reporting uses cases. In - All Activity Sessions - Password Rotations -Predefined Platform-Based Reports +**Predefined Platform-Based Reports** This folder contains predefined reports that are filtered to specific platforms. Included are: @@ -54,7 +54,7 @@ This folder contains predefined reports that are filtered to specific platforms. - All Website Sessions - All Windows Sessions -My Reports +**My Reports** This folder contains all reports created using the “+” icon next to the Search Reports field or created by modifying and saving an existing predefined or platform based report. @@ -90,7 +90,7 @@ The Filters tab has the following configuration options: The Source drop-down list contains the following data sources for reports. -Activity Sessions +**Activity Sessions** This data source contains activity session information, and allows the report to be filtered on the following attributes for a given activity session: @@ -102,7 +102,7 @@ following attributes for a given activity session: - Target Host - User -Resource Sync +**Resource Sync** This data source contains resource sync information, and allows the report to be filtered on the following attributes for a given synced resource: @@ -112,7 +112,7 @@ following attributes for a given synced resource: - IP Address - Operating System -Password Rotation +**Password Rotation** This data source contains password rotation information, and allows the report to be filtered on the following attributes for a given password rotation event: @@ -122,7 +122,7 @@ following attributes for a given password rotation event: - Change Reason - User -Password Age +**Password Age** This data source contains password age information, and allows the report to be filtered on the following attributes for a given user account: @@ -159,7 +159,7 @@ The Filters tab has the following configuration options: "All Linux Sessions-24-05-07-164307". - Save – Saves any modifications to the report. If this is a predefined or platform based report, it will save as a new report under My Reports -- Delete **(available for custom reports only)** – Deletes the custom report +- Delete (available for custom reports only) – Deletes the custom report - Source Drop-down List – Contains data sources that allow the report to look at different data sets related to Privilege Secure administration. See the Data Sources topic for additional information. - Timeframe Drop-down List – Contains several predefined timeframes, ranging from “Last Hour” to diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md index e8c0601817..e30db742c6 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/openidconnectconfigu/openidconnectconfiguration.md @@ -56,9 +56,11 @@ page in the browser. Do NOT sign in. - If the Sign In page does not display as expected, review the values configured for the OpenID Connect connector and modify them where needed. Then, verify the Sign In page again. -- **NOTE:** When configuring OpenID Connect for Okta, it may be necessary to ensure that the Grant +:::note + When configuring OpenID Connect for Okta, it may be necessary to ensure that the Grant type in Okta is set to Implicit (hybrid) and the sub-settings Allow ID Token with implicit grant type and Allow Access Token with implicit grant type are both enabled. + ::: **Step 5 –** Click the browser’s back arrow to return to the Configure Client wizard page. diff --git a/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md b/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md index 6d1eb6c915..f6dbf7fdc1 100644 --- a/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md +++ b/docs/privilegesecure/4.2/admin/configuration/authentication/samlconfiguration.md @@ -19,7 +19,7 @@ It contains four pages: - Configure Id Mapping - Test Logout -## Configure OpenID Connect Authentication Connector +## Configure SAML Authentication Connector Follow the steps to verify the SAML configuration: diff --git a/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/serviceaccounts.md b/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/serviceaccounts.md index 6106521322..821b848dc0 100644 --- a/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/serviceaccounts.md +++ b/docs/privilegesecure/4.2/admin/configuration/serviceaccounts/serviceaccounts.md @@ -76,6 +76,6 @@ The selected service account details display at the top of the main pane: If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to commit the modifications. Click **Cancel** to discard the modifications. -Th "Service Account is Managed by Privilege Secure when the account has been configured to be +The Service Account is Managed by Privilege Secure when the account has been configured to be managed by the application. See the [Credentials Page](/docs/privilegesecure/4.2/admin/interface/credentials/credentials.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/emailconfiguration.md b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/emailconfiguration.md index f5142ae895..108eb1a76e 100644 --- a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/emailconfiguration.md +++ b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/emailconfiguration.md @@ -19,6 +19,6 @@ features: This field determines the link format in all emails and notifications sent by Privilege Secure. -Example Email +**Example Email** ![Emailed link](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/emailedlink.webp) diff --git a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md index 5e9e946c29..6a11eb6f6a 100644 --- a/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md +++ b/docs/privilegesecure/4.2/admin/configuration/systemsettingspages/services.md @@ -21,12 +21,6 @@ Netwrix Privilege Secure. It is important to ensure the Binding Hostname in IIS, Subject, and the NPS Rest URL value in the Services page exactly match. ::: - -:::note - -::: - - The Services Settings page has the following features: - NPS Rest URL — The full qualified domain name (FQDN) of the new IIS web certificate diff --git a/docs/privilegesecure/4.2/admin/interface/activities/addaction/activityactiontypes.md b/docs/privilegesecure/4.2/admin/interface/activities/addaction/activityactiontypes.md index 924bc18fec..e8458c61fe 100644 --- a/docs/privilegesecure/4.2/admin/interface/activities/addaction/activityactiontypes.md +++ b/docs/privilegesecure/4.2/admin/interface/activities/addaction/activityactiontypes.md @@ -10,56 +10,59 @@ The following tables list all available actions that can be added to an activity ## Pre-Session (Grant) Actions -| Action Type | Action Description | Related Fields | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Add ADUC Permissions | Add AD rights to the login account | - AD Object Type — Select which type of object to manage in the Organizational Unit, a User or Computer. - AD Organizational Unit — Enter a pre-existing Organizational Unit the login account will have delegated permissions for. - AD Rights to be Added — Select which right will be delegated to the login account for managing the previously specified Organizational Unit - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add Microsoft Entra ID Role | Add login account to an Microsoft Entra ID role | - Microsoft Entra ID Role (Allows Custom Entries) — Enter which Microsoft Entra ID Directory Role will be added to the login account, or select from the Role options in the dropdown. - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add Sudoers Rule | Create a new rule file in sudoers.d directory to grant user additional permissions | - Run As — Enter which account(s) the logged-in user can run commands as - Commands — Enter the commands the user can run as a comma-separated list, or, enter **ALL** for all commands on the target resource. Make sure to use absolute paths in the command list. For example: `/usr/bin/yum`, `/usr/bin/docker`, `/usr/bin/rpm` - Prompt for Password — If enabled, the logged-in user will need to enter their password to run elevated commands - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add to Microsoft Entra ID Group | Add login account to a Microsoft Entra ID Security Group | - Microsoft Entra ID Security Group (Allows Custom Entries) — Enter which Microsoft Entra ID Security Group will be added to the login account - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add User to Domain Group | Add login account to a domain group | - Domain — Enter an Active Directory domain - Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add User to Local Group | Add login account to a local group | - Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add Requester to Database Server | Add login account to the database server | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Add User to Database Role | Add login account the Database Role. | - Database – (Optional) If a database is specified, the role gets applied to the specific database. If the database field is left blank, the role gets applied to the database instance. - Role – The user is added to this role - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Create Windows File Share | Creates a temporary, encrypted SMB share on the activity's target Windows resource. This action creates a hidden lock file at the root of the share's map path. This is used by the console to identify a folder as being created/owned by the console. Users should **not** attempt to modify or delete this lock file. | - Windows File Share Name — The name of the File Share that will be created on the activity's target Windows resource - Windows File Share Map Path — A folder will be created in this location (local path) as a map for the session's Windows File Share - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Enable RDP on Host | Allows the user to enable RDP on the Host during the pre-session. This action comes paired with the Disable RDP on Host post-session action type. | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Monitor File for Changes | Monitors the specified file for modifications. If no changes are detected, an _Info_ event is logged to the action log. If changes are detected (or the file goes missing after the pre-session hash), a _Warning_ is logged to the action and event logs. | - File to Monitor — Enter the full local path to the file to be monitored - Fail Pre-Session on Missing File — Fail session provisioning if the file to monitor cannot be found - Fail Post-Session on Mismatch — Fail session during Activity post-session if monitored file checksum does not match - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run AD Replication for User | Runs AD replication for the target user within the AD site of the target resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run Custom PowerShell Script | Execute custom PowerShell script during Activity | - Definition — Enter a custom Powershell script here - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Scan Host for Local Groups | Scan local groups on the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Set Cisco User Privilege | Set Cisco user Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights | - Privilege — User Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | +| Action Type | Action Description | Related Fields | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Add ADUC Permissions | Add AD rights to the login account |
  • AD Object Type — Select which type of object to manage in the Organizational Unit, a User or Computer.
  • AD Organizational Unit — Enter a pre-existing Organizational Unit the login account will have delegated permissions for.
  • AD Rights to be Added — Select which right will be delegated to the login account for managing the previously specified Organizational Unit
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add Microsoft Entra ID Role | Add login account to an Microsoft Entra ID role |
  • Microsoft Entra ID Role (Allows Custom Entries) — Enter which Microsoft Entra ID Directory Role will be added to the login account, or select from the Role options in the dropdown.
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add Sudoers Rule | Create a new rule file in sudoers.d directory to grant user additional permissions |
  • Run As — Enter which account(s) the logged-in user can run commands as
  • Commands — Enter the commands the user can run as a comma-separated list, or, enter **ALL** for all commands on the target resource. Make sure to use absolute paths in the command list. For example: `/usr/bin/yum`, `/usr/bin/docker`, `/usr/bin/rpm`
  • Prompt for Password — If enabled, the logged-in user will need to enter their password to run elevated commands
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add to Microsoft Entra ID Group | Add login account to a Microsoft Entra ID Security Group |
  • Microsoft Entra ID Security Group (Allows Custom Entries) — Enter which Microsoft Entra ID Security Group will be added to the login account
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add User to Domain Group | Add login account to a domain group |
  • Domain — Enter an Active Directory domain
  • Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add User to Local Group | Add login account to a local group |
  • Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add Requester to Database Server | Add login account to the database server |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Add User to Database Role | Add login account the Database Role. |
  • Database – (Optional) If a database is specified, the role gets applied to the specific database. If the database field is left blank, the role gets applied to the database instance.
  • Role – The user is added to this role
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Create Windows File Share | Creates a temporary, encrypted SMB share on the activity's target Windows resource. This action creates a hidden lock file at the root of the share's map path. This is used by the console to identify a folder as being created/owned by the console. Users should **not** attempt to modify or delete this lock file. |
  • Windows File Share Name — The name of the File Share that will be created on the activity's target Windows resource
  • Windows File Share Map Path — A folder will be created in this location (local path) as a map for the session's Windows File Share
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Enable RDP on Host | Allows the user to enable RDP on the Host during the pre-session. This action comes paired with the Disable RDP on Host post-session action type. |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Monitor File for Changes | Monitors the specified file for modifications. If no changes are detected, an _Info_ event is logged to the action log. If changes are detected (or the file goes missing after the pre-session hash), a _Warning_ is logged to the action and event logs. |
  • File to Monitor — Enter the full local path to the file to be monitored
  • Fail Pre-Session on Missing File — Fail session provisioning if the file to monitor cannot be found
  • Fail Post-Session on Mismatch — Fail session during Activity post-session if monitored file checksum does not match
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run AD Replication for User | Runs AD replication for the target user within the AD site of the target resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run Custom PowerShell Script | Execute custom PowerShell script during Activity |
  • Definition — Enter a custom Powershell script here
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Scan Host for Local Groups | Scan local groups on the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Set Cisco User Privilege | Set Cisco user Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights |
  • Privilege — User Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| + ## Session (Connect) Actions -| Action Type | Action Description | Related Fields | -| ------------------------------- | ------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Monitor for User Log in | Monitor the target resource for a login by the user | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run Custom PowerShell Script | Execute custom PowerShell script during Activity | - Definition — Enter a custom Powershell script here - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Scan Host for Local Groups | Scan local groups on the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | +| Action Type | Action Description | Related Fields | +| ------------------------------- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Monitor for User Log in | Monitor the target resource for a login by the user |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run Custom PowerShell Script | Execute custom PowerShell script during Activity |
  • Definition — Enter a custom Powershell script here
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Scan Host for Local Groups | Scan local groups on the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| + ## Post-Session (Remove) Actions -| Action Type | Action Description | Related Fields | -| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Disable RDP on Host | Disable RDP on target resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Invoke Protection Policy | Validate membership of protected groups and remove unauthorized accounts | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Logoff User | Log user off on Activity session close | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Monitor File for Changes | Monitors the specified file for modifications. If no changes are detected, an _Info_ event is logged to the action log. If changes are detected (or the file goes missing after the pre-session hash), a _Warning_ is logged to the action and event logs. | - File to Monitor — Enter the full local path to the file to be monitored - Fail Pre-Session on Missing File — Fail session provisioning if the file to monitor cannot be found - Fail Post-Session on Mismatch — Fail session during Activity post-session if monitored file checksum does not match - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Remove ADUC Permission | Remove AD rights from the login account | - AD Object Type — Select which type of object to manage in the Organizational Unit, a User or Computer. - AD Organizational Unit — Enter a pre-existing Organizational Unit the login account will have delegated permissions for. - AD Rights to be Added — Select which right will be delegated to the login account for managing the previously specified Organizational Unit - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove from Microsoft Entra ID Role | Remove Microsoft Entra ID role from the login account | - Microsoft Entra ID Role (Allows Custom Entries) — Enter which Microsoft Entra ID Directory Role will be added to the login account, or select from the Role options in the dropdown. - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove Requester from Database Server | Remove the login user from the database | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove User from Database Role | Remove the "Remove User from Database Role" login user from the given database role | - Database – (Optional) If a database is specified, the role gets removed from the specific database. If the database field is left blank, the role gets removed from the login user in the database instance. - Role – The user is removed from this role - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove Sudoers rule | Remove previously created file in Sudoers directory | - Run As — Enter which account(s) the logged-in user can run commands as - Commands — Enter the commands the user can run as a comma-separated list, or, enter **ALL** for all commands on the target resource. Make sure to use absolute paths in the command list. For example: `/usr/bin/yum`, `/usr/bin/docker`, `/usr/bin/rpm` - Prompt for Password — If enabled, the logged-in user will need to enter their password to run elevated commands - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove User from Domain Group | Remove login account from domain group | - Domain — Enter an Active Directory domain - Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Remove User from Local Group | Remove login account from local group | - Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action - Paired Action's Name — (Optional) Edit the name of the paired action | -| Run Custom PowerShell Script | Execute custom PowerShell script during Activity | - Definition — Enter a custom Powershell script here - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Scan Host for Local Groups | Scan local groups on the resource | - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | -| Set Cisco User Privilege | Set Cisco user Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights | - Privilege — User Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights - Continue on Error — If an error occurs, continue to the next step rather than halting the action - Action Name — (Optional) Edit the name of the action | +| Action Type | Action Description | Related Fields | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Disable RDP on Host | Disable RDP on target resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Invoke Protection Policy | Validate membership of protected groups and remove unauthorized accounts |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Logoff User | Log user off on Activity session close |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Monitor File for Changes | Monitors the specified file for modifications. If no changes are detected, an _Info_ event is logged to the action log. If changes are detected (or the file goes missing after the pre-session hash), a _Warning_ is logged to the action and event logs. |
  • File to Monitor — Enter the full local path to the file to be monitored
  • Fail Pre-Session on Missing File — Fail session provisioning if the file to monitor cannot be found
  • Fail Post-Session on Mismatch — Fail session during Activity post-session if monitored file checksum does not match
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Purge Kerberos Tickets for Host | Purge all Kerberos tickets from the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Purge Kerberos Tickets for User | Purge Kerberos Tickets for the login account |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Remove ADUC Permission | Remove AD rights from the login account |
  • AD Object Type — Select which type of object to manage in the Organizational Unit, a User or Computer.
  • AD Organizational Unit — Enter a pre-existing Organizational Unit the login account will have delegated permissions for.
  • AD Rights to be Added — Select which right will be delegated to the login account for managing the previously specified Organizational Unit
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove from Microsoft Entra ID Role | Remove Microsoft Entra ID role from the login account |
  • Microsoft Entra ID Role (Allows Custom Entries) — Enter which Microsoft Entra ID Directory Role will be added to the login account, or select from the Role options in the dropdown.
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove Requester from Database Server | Remove the login user from the database |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove User from Database Role | Remove the "Remove User from Database Role" login user from the given database role |
  • Database – (Optional) If a database is specified, the role gets removed from the specific database. If the database field is left blank, the role gets removed from the login user in the database instance.
  • Role – The user is removed from this role
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove Sudoers rule | Remove previously created file in Sudoers directory |
  • Run As — Enter which account(s) the logged-in user can run commands as
  • Commands — Enter the commands the user can run as a comma-separated list, or, enter **ALL** for all commands on the target resource. Make sure to use absolute paths in the command list. For example: `/usr/bin/yum`, `/usr/bin/docker`, `/usr/bin/rpm`
  • Prompt for Password — If enabled, the logged-in user will need to enter their password to run elevated commands
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove User from Domain Group | Remove login account from domain group |
  • Domain — Enter an Active Directory domain
  • Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Remove User from Local Group | Remove login account from local group |
  • Group (Allows Custom Entries) — Enter a pre-existing Group the login account will be added to in the specified Domain
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
  • Paired Action's Name — (Optional) Edit the name of the paired action
| +| Run Custom PowerShell Script | Execute custom PowerShell script during Activity |
  • Definition — Enter a custom Powershell script here
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Run Replication | Run replication (via repadmin /syncall) on closest domain controller to the target resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Scan Host for Local Groups | Scan local groups on the resource |
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| +| Set Cisco User Privilege | Set Cisco user Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights |
  • Privilege — User Privilege level for account access (1-15) 1 = lowest rights 15 = highest rights
  • Continue on Error — If an error occurs, continue to the next step rather than halting the action
  • Action Name — (Optional) Edit the name of the action
| + diff --git a/docs/privilegesecure/4.2/admin/troubleshooting.md b/docs/privilegesecure/4.2/admin/troubleshooting.md index c4e352e094..73e919a6a6 100644 --- a/docs/privilegesecure/4.2/admin/troubleshooting.md +++ b/docs/privilegesecure/4.2/admin/troubleshooting.md @@ -136,7 +136,7 @@ To avoid this warning you can set the certificate thumbprint value to identify a certificate for Netwrix Privilege Secure. Signing the RDP file with this trusted certificate will resolve the trust problem with RDP files. -Obtain a Certificate Thumbprint +**Obtain a Certificate Thumbprint** To obtain the certificate thumbprint, open the Certificates snap-in. From there, the certificate thumbprint can be found in the local computer's certificates store on the Netwrix Privilege Secure @@ -164,7 +164,7 @@ additional information. The Netwrix Privilege Secure session has been authenticated. Update the GPO to include the SHA1 thumbprint of the signed certificate to ensure the unknown publisher warning disappears completely. -Update Group Policy settings in Windows +**Update Group Policy settings in Windows** Follow the steps below to update the GPO to include the SHA1 thumbprint of the signed certificate to ensure the unknown publisher warning disappears completely. diff --git a/docs/privilegesecure/4.2/enduser/browserextension/interface/interface.md b/docs/privilegesecure/4.2/enduser/browserextension/interface/interface.md index 9fccfdd82d..034271f9c3 100644 --- a/docs/privilegesecure/4.2/enduser/browserextension/interface/interface.md +++ b/docs/privilegesecure/4.2/enduser/browserextension/interface/interface.md @@ -28,7 +28,7 @@ additional information. The Activities tab has the following features: -- - / - buttons (top right) — Expand or collapse all Resource Activities +- Plus and Minus buttons (top right) — Expand or collapse all Resource Activities - Resources list — Shows all resources mapped to the user via an access policy. Click a Resource to expand it and show associated Activities. diff --git a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md index bf74025d36..431aec90f5 100644 --- a/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md +++ b/docs/privilegesecure/4.2/enduser/dashboard/active/startsession/rdcmanager.md @@ -24,8 +24,8 @@ separated by “+” to the appropriate port on the proxy: domain\username, user@domain, user@domain.suffix - Activity – The activity to perform - Resource – The DNS host name of the resource to run the activity on -- **Access Policy (optional)** – The Access Policy to invoke (if more than one) -- **Notes (optional)** – User notes about the session +- Access Policy (optional) – The Access Policy to invoke (if more than one) +- Notes (optional) – User notes about the session Connection String Format: @@ -33,19 +33,19 @@ Connection String Format: Connection String Example: -Netwrix\JonSmith+Local Admin+SQL1.netwrix.com +`Netwrix\JonSmith+Local Admin+SQL1.netwrix.com` -JonSmith@netwrix.com+Local_Admin+SQL1.netwrix.com +`JonSmith@netwrix.com+Local_Admin+SQL1.netwrix.com` Note that some clients require you to use the _“_”\_ (underscore) character as a replacement for a space in Activity names that are made up of multiple words, for example: -Netwrix\JonSmith+Add_to_Local_Administrators+SQL1 +`Netwrix\JonSmith+Add_to_Local_Administrators+SQL1` If you wish to add notes, make sure to add the appropriate number of “+” delimiters if you are not defining an access policy: -Netwrix\JonSmith+Local Admin+SQL1.netwrix.com++Server Maintenance +`Netwrix\JonSmith+Local Admin+SQL1.netwrix.com++Server Maintenance` ## PuTTY (SSH) @@ -59,7 +59,7 @@ Host Name Format: Host Name Example: -- Netwrix\JonSmith+rootAccess+centos1.lab.local@sbpamhost +- `Netwrix\JonSmith+rootAccess+centos1.lab.local@sbpamhost` Port: @@ -78,7 +78,7 @@ Remote Host Format: Resource Host Example: -Netwrix\JonSmith+rootAccess+centos1.lab.local@sbpamhost +`Netwrix\JonSmith+rootAccess+centos1.lab.local@sbpamhost` Port: @@ -102,7 +102,7 @@ Remote Host: Example: -sbpamhost +`sbpamhost` Username: @@ -110,7 +110,7 @@ Username: Example: -Netwrix\JonSmith+LocalAdmin+sql1 +`Netwrix\JonSmith+LocalAdmin+sql1` Port: @@ -134,7 +134,7 @@ Computer: **Example:** -Sbpamhost:4489 +`Sbpamhost:4489` User Name Format: @@ -142,7 +142,7 @@ User Name Format: User Name Example: -- Netwrix\JonSmith+LocalAdmin+sql1 +- `Netwrix\JonSmith+LocalAdmin+sql1` If there is no password prompt when executing an RDP shortcut, change the GPO setting. See the Configure Remote Desktop Connection to Prompt for Password topic for additional information. @@ -160,7 +160,7 @@ Server name: Server name example: -Sbpamhost:4489 +`Sbpamhost:4489` User Name Format: @@ -173,11 +173,11 @@ The user name starts with \_\_ (back slash). User Name Example: -\Netwrix\JonSmith+LocalAdmin+sql1 +`\Netwrix\JonSmith+LocalAdmin+sql1` Server Name/Port: -localhost:4489 +`localhost:4489` If there is no password prompt when executing an RDP shortcut, change the GPO setting. See the Configure Remote Desktop Connection to Prompt for Password topic for additional information. diff --git a/docs/privilegesecure/4.2/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/enduser/myactivities/createsession.md index 7a67501381..c431c07607 100644 --- a/docs/privilegesecure/4.2/enduser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/enduser/myactivities/createsession.md @@ -20,8 +20,9 @@ Follow the steps to create an activity session. - If the Activity is assigned to more than one resource, the Activity card will display the number of resources; selecting **Create Session** from the session ribbon will open the Configure Session window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. +:::warning +If your license is expired and you can still log in, you will not be able to create activity sessions. +::: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md index 7a67501381..c431c07607 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/myactivities/createsession.md @@ -20,8 +20,9 @@ Follow the steps to create an activity session. - If the Activity is assigned to more than one resource, the Activity card will display the number of resources; selecting **Create Session** from the session ribbon will open the Configure Session window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. +:::warning +If your license is expired and you can still log in, you will not be able to create activity sessions. +::: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) diff --git a/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md b/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md index 7a67501381..c431c07607 100644 --- a/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md +++ b/docs/privilegesecure/4.2/revieweruser/myactivities/createsession.md @@ -20,8 +20,9 @@ Follow the steps to create an activity session. - If the Activity is assigned to more than one resource, the Activity card will display the number of resources; selecting **Create Session** from the session ribbon will open the Configure Session window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. +:::warning +If your license is expired and you can still log in, you will not be able to create activity sessions. +::: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) From 807fb99d43097394e082e4cc53ec445529aa75bf Mon Sep 17 00:00:00 2001 From: Corbin Anderson Date: Wed, 16 Jul 2025 13:00:11 -0600 Subject: [PATCH 3/3] Final updates to tables --- .../credentials/credentialrotationmethod.md | 18 ++++++++-------- .../4.2/admin/troubleshooting.md | 21 ++++++++++--------- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md b/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md index 1349e3dd6c..73b44ce209 100644 --- a/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md +++ b/docs/privilegesecure/4.2/admin/interface/credentials/credentialrotationmethod.md @@ -8,12 +8,12 @@ sidebar_position: 10 The following table summarizes the methods of credential rotation for each type of account. -| Managed Type | Dependencies | Managed / Unmanaged | Method | Button | Description | -| ------------ | ------------ | -------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Standard | None | Managed | Automatic | Schedule Rotation | Local or domain user account managed by Privilege Secure, including managed users created by activity sessions. Credentials are stored by Privilege Secure. Credential rotation is performed according to the change policy for that platform type or click **Schedule Rotation** to force credential rotation. | -| Unmanaged | Manual | N/A | Local or domain user account where the credential must be manually updated on both the resource and in Privilege Secure. | | | -| Blank | N/A | Local or domain user account that is not managed by Privilege Secure and no credentials have ever been stored. | | | | -| Internal | None | Managed | Automatic | Schedule Rotation | “Internal” Privilege Secure service account with no dependencies (windows services or scheduled tasks). Credentials are stored by Privilege Secure. Credential rotation is performed according to the change policy for that platform type or click **Schedule Rotation** to force credential rotation. | -| Unmanaged | Manual | N/A | “Internal” Privilege Secure service account with no dependencies (windows services or scheduled tasks) where the credential must be manually updated on both the resource and in Privilege Secure. | | | -| Service | One or more | Managed | Manual | Rotate Service Account | Local or domain service account with one or more dependencies (windows services or scheduled tasks). Also includes “Internal” Privilege Secure service account with one or more dependencies. Credentials are stored by Privilege Secure but credential rotation must be initiated manually due to dependencies. Click **Rotate Service Account** for credential rotation. | -| Unmanaged | Blank | Rotate Service Account | Local or domain service account with one or more dependencies (windows services or scheduled tasks) that is not managed by Privilege Secure and no credentials have ever been stored. Click **Rotate Service Account** for credential rotation - account will change to a “Managed” “Manual” account (see above). | | | +| Managed Type | Dependencies | Managed / Unmanaged | Method | Button | Description | +|------------- |------------- |--------------------- |---------- |------------------------ |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Standard | None | Managed | Automatic | Schedule Rotation | Local or domain user account managed by Privilege Secure, including managed users created by activity sessions. Credentials are stored by Privilege Secure. Credential rotation is performed according to the change policy for that platform type or click Schedule Rotation to force credential rotation. | +| Standard | None | Unmanaged | Manual | N/A | Local or domain user account where the credential must be manually updated on both the resource and in Privilege Secure. | +| Standard | None | Blank | N/A | N/A | Local or domain user account that is not managed by Privilege Secure and no credentials have ever been stored.| +| Internal | None | Managed | Automatic | Schedule Rotation | “Internal” Privilege Secure service account with no dependencies (windows services or scheduled tasks). Credentials are stored by Privilege Secure. Credential rotation is performed according to the change policy for that platform type or click Schedule Rotation to force credential rotation. | +| Internal | None | Unmanaged | Manual | N/A | “Internal” Privilege Secure service account with no dependencies (windows services or scheduled tasks) where the credential must be manually updated on both the resource and in Privilege Secure. | +| Service | One or more | Managed | Manual | Rotate Service Account | Local or domain service account with one or more dependencies (windows services or scheduled tasks). Also includes “Internal” Privilege Secure service account with one or more dependencies. Credentials are stored by Privilege Secure but credential rotation must be initiated manually due to dependencies. Click Rotate Service Account for credential rotation. | +| Service | One or more | Unmanaged | Blank | Rotate Service Account | Local or domain service account with one or more dependencies (windows services or scheduled tasks) that is not managed by Privilege Secure and no credentials have ever been stored. Click Rotate Service Account for credential rotation - account will change to a “Managed” “Manual” account (see above). | diff --git a/docs/privilegesecure/4.2/admin/troubleshooting.md b/docs/privilegesecure/4.2/admin/troubleshooting.md index 73e919a6a6..a12a02feba 100644 --- a/docs/privilegesecure/4.2/admin/troubleshooting.md +++ b/docs/privilegesecure/4.2/admin/troubleshooting.md @@ -118,16 +118,17 @@ This table lists available in the Enablement Toolkit with descriptions, notes, a of operations. This menu can be accessed by clicking **Help** > **Help (Selected Operation)** or by pressing **F1**. -| Operation | Description | Required Fields | Notes | -| ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | ---------------------------------------------------------------------------------------- | -| Enumerate Active Directory Objects | Enumerates domain or domain controller specified in the Domain field for counts of users, group members, and computers. The target domain / domain controller can be specified by IP or DNS Name | - Domain - Username - Password | Enable the Use TLS checkbox for LDAPS lookups instead of LDAP. | -| Verify Domain Group Membership for Credential | Verifies that a domain group exists and that the user specified in the Domain / User field is a member of that group. The Domain / User field is the `\\` to be queried for the domain group in the Group field. The Username and Password fields are used for authentication to the domain, which can be any domain user. The target domain / domain controller can be specified by either IP, DNS Name, or domain name. | - Domain / User - Group - Username - Password | Enable the Use TLS checkbox for LDAPS lookups instead of LDAP. | -| Verify Local Windows Group Membership for User Account | Verifies that a local Windows group exists and that the user specified in the User / Host field is a member of that group. The User / Host field is the `@` to be queried for the local Windows group in the Group field. This needs to be in the format: `` The Username (ex. domain\user) and Password fields are used for authe ntication to the Windows host as a local administrator. Both Domain and local accounts can be used for authentication as long as the account is a local administrator. | - User / Host - Group - Username - Password | A domain user must be used for authentication if verifying domain user group membership. | -| Verify WinRM Status for Host | Checks the following criteria related to WinRM (PSRemoting) connectivity to the Host: - Port scan for port 5985 - Verify WinRM is enabled - Verify supplied credentials can authenticate - Verify Invoke-Command runs with supplied credentials The Host field is the host to be tested. The Username and Password fields are used for authentication. If only the Host field is used, the only the port scan and WinRM are tested. If Host, Username, and Password fields are used, then all tests will run. | - Host | Only port 5985 is used for testing WinRM (PSRemoting). Port 5986 is not tested. | -| Port Scan for Host | Scans the Host for will-known ports: - SSH (Port 22) - RDP (Port 3389) - WinRM (Port 5985) - WinRM (Port 5986) | - Host | A ping test is also performed and is reported in the output's heading. | -| Verify SSH Connectivity for Host | Verifies SSH connectivity and authentication to the target Host. The well-known SSH port (port 22) is used by default but can be customized. The Username and Password fields are used to authenticate the SSH session. The ability to run sudo commands, specify which sudo commands the user has access to, and whether or not the user's sudo commands use the "NOPASSWD" directive are also checked. | - Host - Port - Username - Password | N/A | -| Set Privilege Secure AppSettingUser Config Files | Sets the hostname in each Privilege Secure appsetting.user.json configuration file. This hostname should match the CN of the server's IIS-bound certificate for the Privilege Secure web application. The syntax used in the filed should be the full URL, for example: https://hostname.domain.com:6500 | - Host | Should be run on each Privilege Secure server with an IIS-bound certificate installed. | -| Export Privilege Secure Diagnostics | Exports logs, various configuration files, and version information for the Privilege Secure server. A date range can be selected for the logs to reduce operation runtime. Upon execution, the user will be prompted to pick a location where the diagnostics will be zipped and saved. | - Date Range | Only exports diagnostics for the Privilege Secure server running this application. | +| Operation | Description | Required Fields | Notes | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | +| Enumerate Active Directory Objects | Enumerates domain or domain controller specified in the Domain field for counts of users, group members, and computers. The target domain / domain controller can be specified by IP or DNS Name |
  • Domain
  • Username
  • Password
| Enable the Use TLS checkbox for LDAPS lookups instead of LDAP. | +| Verify Domain Group Membership for Credential | Verifies that a domain group exists and that the user specified in the Domain / User field is a member of that group. The Domain / User field is the `\\` to be queried for the domain group in the Group field. The Username and Password fields are used for authentication to the domain, which can be any domain user. The target domain / domain controller can be specified by either IP, DNS Name, or domain name. |
  • Domain / User
  • Group
  • Username
  • Password
| Enable the Use TLS checkbox for LDAPS lookups instead of LDAP. | +| Verify Local Windows Group Membership for User Account | Verifies that a local Windows group exists and that the user specified in the User / Host field is a member of that group. The User / Host field is the `@` to be queried for the local Windows group in the Group field. This needs to be in the format: `` The Username (ex. domain\user) and Password fields are used for authe ntication to the Windows host as a local administrator. Both Domain and local accounts can be used for authentication as long as the account is a local administrator. |
  • User / Host
  • Group
  • Username
  • Password
| A domain user must be used for authentication if verifying domain user group membership. | +| Verify WinRM Status for Host | Checks the following criteria related to WinRM (PSRemoting) connectivity to the Host:
  • Port scan for port 5985
  • Verify WinRM is enabled
  • Verify supplied credentials can authenticate
  • Verify Invoke-Command runs with supplied credentials The Host field is the host to be tested. The Username and Password fields are used for authentication. If only the Host field is used, the only the port scan and WinRM are tested. If Host, Username, and Password fields are used, then all tests will run.
|
  • Host
| Only port 5985 is used for testing WinRM (PSRemoting). Port 5986 is not tested. | +| Port Scan for Host | Scans the Host for will-known ports:
  • SSH (Port 22)
  • RDP (Port 3389)
  • WinRM (Port 5985)
  • WinRM (Port 5986)
|
  • Host
| A ping test is also performed and is reported in the output's heading. | +| Verify SSH Connectivity for Host | Verifies SSH connectivity and authentication to the target Host. The well-known SSH port (port 22) is used by default but can be customized. The Username and Password fields are used to authenticate the SSH session. The ability to run sudo commands, specify which sudo commands the user has access to, and whether or not the user's sudo commands use the "NOPASSWD" directive are also checked. |
  • Host
  • Port
  • Username
  • Password
| N/A | +| Set Privilege Secure AppSettingUser Config Files | Sets the hostname in each Privilege Secure appsetting.user.json configuration file. This hostname should match the CN of the server's IIS-bound certificate for the Privilege Secure web application. The syntax used in the filed should be the full URL, for example: https://hostname.domain.com:6500 |
  • Host
| Should be run on each Privilege Secure server with an IIS-bound certificate installed. | +| Export Privilege Secure Diagnostics | Exports logs, various configuration files, and version information for the Privilege Secure server. A date range can be selected for the logs to reduce operation runtime. Upon execution, the user will be prompted to pick a location where the diagnostics will be zipped and saved. |
  • Date Range
| Only exports diagnostics for the Privilege Secure server running this application. | + ## Sign RDP Files to Prevent Publisher Warning